Hola, entendí que tenía que abrir un nuevo tema por eso lo hice, pero bueno continuemos, ya hice todo lo que me indicaste pero sigo teniendo los problemas que comento en el mensaje anterior.

Para dar una solución temporal desinstale el Spybot para que no detecte los cambios, pero esa no es la solución verdad, pero lo del IE no encuentro como solucionarlo.

Gracias.

Hola

No pasa nada porque hayas usado otro tema, los uní y listo.



Lo que no está bien, es que no respondas las preguntas porque así no podemos avanzar en la resolución del problema.

¿has borrado los archivos que te dije?

¿ejecutaste las herramientas que te mendioné? ¿encontraron algo? ¿lo eliminaron? ¿se les quedó algo por reparar?

Si no la shas ejecutado, hazlo lo antes posible.

Ejecuta un par de los análisis antivirus en línea que te propongo; si usas el de panda, desactiva la opción de buscar spyware; si encuentan algo que no puedan eliminar, péganos ese reporte.

Bueno, seguimos pendientes.

Felicidad

Nuevamente Hola, si he respondido las preguntas, ya hice lo que me indicaste, utilice las herramientas indicadas y no encuentran nada.

También te comente que desintale el spybot para que no detetara los cambios, pero si lo pongo otra vez manda los mensajes que ya mencione.

Ojala me pudas decir como quitar esos mensajes para volver a activar el spybot.

Hola

Bueno, mándanos un nuevo reporte para que veamos como va la cosa y si algo nuevo ha salido a la luz.

Lo que no me queda claro, es que si has borrado los archivos y ya no están en tu sistema el spybot te siga dando los mismo mensajes. ¿has revisado que no estén aun por ahí esos archivos?. Lo comento porque puede que alguna cosa los esté haciendo reaparecer.

Si nos puedieras mandar un nuevo reporte del hiajck y uno creado con el Cwshredder, podremos ver la situación con más puntos de vista.

Bueno, estaremos pendientes de lo que nos digas.

Felicidad

Hola, mil disulpas por contestar hasta el día de hoy, bueno empecemos, contestando tú pregunta, sí, ya borre los archivos que me indicaron, de hecho los busque y no aparecen y también los busque con el regedit y no aparecen, entonces no entiendo porque el spybot sigue mandando los mensajes.

Te envío los nuevamente el log como me indicaste, uno con el hijackthis y el que el reporte que generó el Cwshredder.


*********************
Logfile of HijackThis v1.99.1
Scan saved at 06:53:52 a.m., on 08/05/2002
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\ARCHIVOS DE PROGRAMA\TREND MICRO\PC-CILLIN 2002\PCCIOMON.EXE
C:\ARCHIVOS DE PROGRAMA\TREND MICRO\PC-CILLIN 2002\PCCPFW.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\SISTRAY.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\KHOOKER.EXE
C:\WINDOWS\PCTVOICE.EXE
C:\ARCHIVOS DE PROGRAMA\ARCHIVOS COMUNES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
C:\ARCHIVOS DE PROGRAMA\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\ARCHIVOS DE PROGRAMA\A4TECH\KEYBOARD\IKEYMAIN.EXE
C:\ARCHIVOS DE PROGRAMA\A4TECH\MOUSE\AMOUMAIN.EXE
C:\ARCHIVOS DE PROGRAMA\TREND MICRO\PC-CILLIN 2002\PCCGUIDE.EXE
C:\ARCHIVOS DE PROGRAMA\TREND MICRO\PC-CILLIN 2002\PCCCLIENT.EXE
C:\ARCHIVOS DE PROGRAMA\TREND MICRO\PC-CILLIN 2002\POP3TRAP.EXE
C:\ARCHIVOS DE PROGRAMA\YAHOO!\MESSENGER\YPAGER.EXE
C:\ARCHIVOS DE PROGRAMA\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://mx.rd.yahoo.com/slv/ycheck/as/*http://search.yahoo.com/search?p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = https://
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\ARCHIVOS DE PROGRAMA\YAHOO!\MESSENGER\YCOMP.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ARCHIVOS DE PROGRAMA\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\ARCHIVOS DE PROGRAMA\YAHOO!\MESSENGER\YCOMP.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SiSAudio] C:\WINDOWS\SYSTEM\MP_S3.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\SYSTEM\SISTRAY.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\SYSTEM\khooker.exe
O4 - HKLM\..\Run: [PCTVOICE] pctvoice.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Archivos de programa\Archivos comunes\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Archivos de programa\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [iKeyWorks] C:\ARCHIV~1\A4TECH\KEYBOARD\IKEYMAIN.EXE
O4 - HKLM\..\Run: [WheelMouse] C:\ARCHIV~1\A4TECH\MOUSE\AMOUMAIN.EXE
O4 - HKLM\..\Run: [pccguide.exe] "C:\Archivos de programa\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCIOMON.exe] "C:\Archivos de programa\Trend Micro\PC-cillin 2002\PCCIOMON.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Archivos de programa\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Archivos de programa\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [PCCIOMON.exe] "C:\Archivos de programa\Trend Micro\PC-cillin 2002\PCCIOMON.exe"
O4 - HKLM\..\RunServices: [PCCPFW] C:\Archivos de programa\Trend Micro\PC-cillin 2002\PCCPFW.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] C:\ARCHIV~1\YAHOO!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\ARCHIVOS DE PROGRAMA\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\ARCHIVOS DE PROGRAMA\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\ARCHIV~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O19 - User stylesheet: (file missing)

****************************************

es que sigue es el de Cwshredder

*** Run Keys ****

RUN: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
RUN: [TaskMonitor] C:\WINDOWS\taskmon.exe
RUN: [SystemTray] SysTray.Exe
RUN: [SiSAudio] C:\WINDOWS\SYSTEM\MP_S3.exe
RUN: [SiS Tray] C:\WINDOWS\SYSTEM\SISTRAY.EXE
RUN: [SiS KHooker] C:\WINDOWS\SYSTEM\khooker.exe
RUN: [PCTVOICE] pctvoice.exe
RUN: [CreateCD50] "C:\Archivos de programa\Archivos comunes\Adaptec Shared\CreateCD\CreateCD50.exe" -r
RUN: [AdaptecDirectCD] "C:\Archivos de programa\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
RUN: [iKeyWorks] C:\ARCHIV~1\A4TECH\KEYBOARD\IKEYMAIN.EXE
RUN: [WheelMouse] C:\ARCHIV~1\A4TECH\MOUSE\AMOUMAIN.EXE
RUN: [pccguide.exe] "C:\Archivos de programa\Trend Micro\PC-cillin 2002\pccguide.exe"
RUN: [PCCIOMON.exe] "C:\Archivos de programa\Trend Micro\PC-cillin 2002\PCCIOMON.exe"
RUN: [PCCClient.exe] "C:\Archivos de programa\Trend Micro\PC-cillin 2002\PCCClient.exe"
RUN: [Pop3trap.exe] "C:\Archivos de programa\Trend Micro\PC-cillin 2002\Pop3trap.exe"
RUN: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
RUN: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
RUN: [Yahoo! Pager] C:\ARCHIV~1\YAHOO!\MESSEN~1\ypager.exe -quiet
RUN: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background


**** Browser Helper Objects ****

BHO: [Yahoo! Companion BHO] C:\ARCHIVOS DE PROGRAMA\YAHOO!\MESSENGER\YCOMP.DLL
BHO: [AcroIEHlprObj Class] C:\ARCHIVOS DE PROGRAMA\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX


**** IE Toolbars ****

TOOLBAR: [&Yahoo! Companion] C:\ARCHIVOS DE PROGRAMA\YAHOO!\MESSENGER\YCOMP.DLL
TOOLBAR: [&Radio] C:\WINDOWS\SYSTEM\MSDXM.OCX


**** IE Extensions ****

IEExt: [Yahoo! Messenger] C:\ARCHIVOS DE PROGRAMA\YAHOO!\MESSENGER\YPAGER.EXE
IEExt: [@shdoclc.dll,-866] C:\ARCHIVOS DE PROGRAMA\YAHOO!\MESSENGER\YPAGER.EXE


**** Hosts File Entries ****



**** IE Settings ****

IEProxy: 127.0.0.1:8080
IEBypass: https://
Default Page: http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
Default Search: http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Local Page: C:\WINDOWS\SYSTEM\blank.htm
Search Page: http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch


**** IE Context Menu (Right click) ****



**** Layered Service Providers ****

LSP: MS.w95.spi.tcp
LSP: MS.w95.spi.udp
LSP: MS.w95.spi.rsvptcp
LSP: MS.w95.spi.rsvpudp


**** Blocked Control Panel Items ****

BLOCKED: []


**** Downloaded Program Files ****

Microsoft XML Parser for Java [file://C:\WINDOWS\Java\classes\xmldso4.cab]
DirectAnimation Java Classes [file://C:\WINDOWS\SYSTEM\dajava.cab]
DirectAnimation Java Classes [file://C:\WINDOWS\SYSTEM\dajava.cab]
DirectAnimation Java Classes [file://C:\WINDOWS\SYSTEM\dajava.cab]
DirectAnimation Java Classes [file://C:\WINDOWS\SYSTEM\dajava.cab]
DirectAnimation Java Classes [file://C:\WINDOWS\SYSTEM\dajava.cab]


**** Windows Services ****



**** Custom IE Search Items ****

SEARCH: [CustomizeSearch] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
SEARCH: [SearchAssistant] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
SEARCH: [CustomizeSearch] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


**** Complete IE Options ****

IEOPT: [Anchor Underline] yes
IEOPT: [Cache_Update_Frequency] Once_Per_Session
IEOPT: [Display Inline Images] yes
IEOPT: [Do404Search]
IEOPT: [Save_Session_History_On_Exit] no
IEOPT: [Show_FullURL] no
IEOPT: [Show_StatusBar] yes
IEOPT: [Show_ToolBar] yes
IEOPT: [Show_URLinStatusBar] yes
IEOPT: [Show_URLToolBar] yes
IEOPT: [Start Page] http://www.microsoft.com/isapi/redir.dll?prd,ie&pver,5.5&ar,msnhome
IEOPT: [Use_DlgBox_Colors] yes
IEOPT: [Search Page] http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IEOPT: [LastCheckedHi]
IEOPT: [FullScreen] no
IEOPT: [Window_Placement] ,
IEOPT: [Use FormSuggest] yes
IEOPT: [NotifyDownloadComplete] yes
IEOPT: [Error Dlg Displayed On Every Error] no
IEOPT: [Error Dlg Details Pane Open] yes
IEOPT: [Expand Alt Text] no
IEOPT: [Move System Caret] no
IEOPT: [NscSingleExpand]
IEOPT: [NoUpdateCheck]
IEOPT: [Disable Script Debugger] yes
IEOPT: [FavIntelliMenus] no
IEOPT: [NoJITSetup]
IEOPT: [Page_Transitions]
IEOPT: [ShowGoButton] yes
IEOPT: [Friendly http errors] yes
IEOPT: [SmoothScroll]
IEOPT: [AllowWindowReuse]
IEOPT: [Print_Background] no
IEOPT: [Play_Animations] yes
IEOPT: [Show image placeholders]
IEOPT: [Display Inline Videos] yes
IEOPT: [Play_Background_Sounds] yes
IEOPT: [HistoryViewType]
IEOPT: [AddToFavoritesExpanded]
IEOPT: [HomeSet] ya
IEOPT: [HistoryTopNSitesView]
IEOPT: [Default_Search_URL] http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IEOPT: [Default_Page_URL] http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IEOPT: [Use Search Asst] no
IEOPT: [Use Search Assistant] yes
IEOPT: [Force Offscreen Composition]
IEOPT: [NoWebJITSetup]
IEOPT: [Enable_MyPics_Hoverbar] yes
IEOPT: [Enable AutoImageResize] yes
IEOPT: [FormSuggest PW Ask] no
IEOPT: [Local Page] C:\WINDOWS\SYSTEM\blank.htm
IEOPT: [Enable Browser Extensions] yes
IEOPT: [Check_Associations] Yes
IEOPT: [AutoSearch]
IEOPT: [Default_Page_URL] http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
IEOPT: [Default_Search_URL] http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IEOPT: [Search Page] http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IEOPT: [Enable_Disk_Cache] yes
IEOPT: [Cache_Percent_of_Disk]
IEOPT: [Delete_Temp_Files_On_Exit] yes
IEOPT: [Anchor_Visitation_Horizon]
IEOPT: [Use_Async_DNS] yes
IEOPT: [Placeholder_Width]
IEOPT: [Placeholder_Height]
IEOPT: [Start Page] http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SU B_PVER}&ar=home
IEOPT: [Wizard_Version] 6.00.2800.1106
IEOPT: [FullScreen] no
IEOPT: [Use_DlgBox_Colors] yes
IEOPT: [Use Search Assistant] yes
IEOPT: [Local Page] C:\WINDOWS\SYSTEM\blank.htm

Cuando le di SCAN, lo reporto limpio, el mensaje exacto fue (Done, CoolWebsearch was not found on this system.

Te recuerdo que tengo desinstalado el Spybot para que no me mande mensajes.

Muchisimas gracias, ojalá se pueda hacer algo.

Hola

El reporte que nos mandas no se corresponde con las cosas a las que les estabamos haciendo seguimiento.

¿es ese tu reporte?

¿has formateado?

¿es otra máquina?

Por favor, aquí somos magos, no adivinos, si cambian las condiciones y no nos dices nada, las cosas son más difíciles al parecer más erráticas.

Si es tu máquina, o has formateado, o has desinstalado el explorer 6 y sus parches o has editado el registro en unos 200 sitios para que realmente parezca una versión anterior.

Dinos si es tu máquina, cuéntanos que has hecho y entonces analizaremos los reportes.

Sea como sea, esa máquina requiere que le actualices el explorer y seguramente el resto del sistema, así que visita cuanto antes el windowsupdate.

Hola, el reporte que envie es de la misma maquina, no la he formateado, lo primero que hice fue utilizar el Hijackthis como me indicaron y eliminar manualmente los archivos indicados, despues utilice el Regseeker y el Disk Cleaner, también el Spyboy y el AD-ware, como seguia sin funcionar el IE, se los comente en una ocasión, lo reinstale, y empezo a funcionar pero no se eliminaron los mensajes que mandaba el Spybot y entonces desinstale el Spybot, y por último instale el Cwshredder le di Scan y obtuve el reporte que les mande y saque otro log con el Hijackthis.

Eso es todo lo que he hecho. y la maquina si instalo el spybot residente, cada que inicia la maquina manda los mensjes que antes les envié.

No puedo formatear la maquina porque tengo una aplicación instalada que no puedo recuperar, es decir no tengo los CD's para volverla instalar, tendría que pagar a la empresa que la vende nuevamente una instalación, por eso he tratado de evitar al maximó el formateo, ahorita la maquina funciona aparentemente bien, no me ha indicado problemas, pero no tengo ningun antispyware habilitado porque si lo hago empieza amandar mensajes. lo raro es que cuando hago un scaneo para detectar algun archivo de los que me manda en los mensajes no los encuentra. entonces no sé en donde se esten habilitando o porque el spybot los lee en alguna parte.

Muchas gracias de antemano, disculpen las molestias, espero haber explicado bien cual es la situación.

Hola, vamos a probar con una herramienta que es un rastreador de malware con el motor de kaspersky que se llama MWAV.exe . Esta herramienta no elimina en su versión gratuita pero genera un log donde te dirá los archivos infectados. Este log es muy largo por lo que te pido que sólo copies los archivos reconocidos como infectados.

Salu2

Hola

Bueno, tomaré eso como bueno.

Ejecuta la herramienta que elpiedra te comenta y si con eso no damos con ello, no te preocupes que aun quedan bastantes cartuchos para poder averiguar que se esconde por ahí.

Mientras tengas paciencia, seguiremos en ello.

Suerte

Felicidad

Hola nuevamente, ya aplique la herramiente que eElpiedra recomendo (Mwav.exe) y el resultado fue el siguiente:

Virus Log Information
File System Found infected by "Alexa Spyware/Adware" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\dxsound.exe infected by "Trojan-Proxy.Win32.Migmaf.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\msiau.dll infected by "Trojan-Proxy.Win32.Symbab.aa" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\csrss.dll infected by "Trojan.Win32.Liewar.e" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\winlogon.dll infected by "Trojan.Win32.Liewar.e" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\smssa.dll infected by "Trojan.Win32.Liewar.e" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\uvchost.dll infected by "Trojan.Win32.Liewar.e" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\taskmgr.dll infected by "Trojan.Win32.Liewar.e" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\TEMP\~vis0000\rebootnt.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\WINDOWS\TEMP\~vis0001\rebootnt.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\WINDOWS\TEMP\~vis0000\rebootnt.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\WINDOWS\TEMP\~vis0001\rebootnt.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\WINDOWS\dxsound.exe infected by "Trojan-Proxy.Win32.Migmaf.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\msiau.dll infected by "Trojan-Proxy.Win32.Symbab.aa" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\csrss.dll infected by "Trojan.Win32.Liewar.e" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\winlogon.dll infected by "Trojan.Win32.Liewar.e" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\smssa.dll infected by "Trojan.Win32.Liewar.e" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\uvchost.dll infected by "Trojan.Win32.Liewar.e" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\taskmgr.dll infected by "Trojan.Win32.Liewar.e" Virus. Action Taken: No Action Taken.

++++++++++++++++++++
Este es un resultado encontrado en el logMwav cuando revisaba esta sección:

Tue May 07 00:07:11 2002 => ***** Scanning Service Files *****
Tue May 07 00:07:11 2002 => Scanning HKLM\SYSTEM\CurrentControlSet\Services
Tue May 07 00:07:11 2002 => Scanning File C:\WINDOWS\system32\drivers\rt.sys
Tue May 07 00:07:11 2002 => Scanning File C:\WINDOWS\System32\Drivers\wdmfs.sys
Tue May 07 00:07:11 2002 => ERROR!!! Invalid Entry \SystemRoot\System\atmarpc.sys. Removing SYSTEM\CurrentControlSet\Services\ATMARPC...
Tue May 07 00:07:11 2002 => Scanning File C:\WINDOWS\system32\drivers\wdmaud.sys

-------------------------
Tue May 07 00:07:12 2002 => Scanning File C:\WINDOWS\SYSTEM\vserver.vxd
Tue May 07 00:13:08 2002 => System found infected with Alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken.
Tue May 07 00:13:08 2002 => File System Found infected by "Alexa Spyware/Adware" Virus. Action Taken: No Action Taken.
----------------------------
En la sección
Tue May 07 00:13:12 2002 => ***** Scanning System32 Folders *****

Tue May 07 00:13:46 2002 => Scanning File C:\WINDOWS\dxsound.exe
Tue May 07 00:13:47 2002 => File C:\WINDOWS\dxsound.exe infected by "Trojan-Proxy.Win32.Migmaf.b" Virus. Action Taken: No Action Taken.

Tue May 07 00:13:47 2002 => Scanning File C:\WINDOWS\Active Setup Log.txt [**]

Tue May 07 00:13:48 2002 => Scanning File C:\WINDOWS\msiau.dll
Tue May 07 00:13:49 2002 => File C:\WINDOWS\msiau.dll infected by "Trojan-Proxy.Win32.Symbab.aa" Virus. Action Taken: No Action Taken.

Tue May 07 00:13:49 2002 => Scanning File C:\WINDOWS\csrss.dll
Tue May 07 00:13:49 2002 => File C:\WINDOWS\csrss.dll infected by "Trojan.Win32.Liewar.e" Virus. Action Taken: No Action Taken.

Tue May 07 00:13:49 2002 => Scanning File C:\WINDOWS\winlogon.dll
Tue May 07 00:13:49 2002 => File C:\WINDOWS\winlogon.dll infected by "Trojan.Win32.Liewar.e" Virus. Action Taken: No Action Taken.

Tue May 07 00:13:49 2002 => Scanning File C:\WINDOWS\smssa.dll
Tue May 07 00:13:50 2002 => File C:\WINDOWS\smssa.dll infected by "Trojan.Win32.Liewar.e" Virus. Action Taken: No Action Taken.

Tue May 07 00:13:50 2002 => Scanning File C:\WINDOWS\uvchost.dll
Tue May 07 00:13:50 2002 => File C:\WINDOWS\uvchost.dll infected by "Trojan.Win32.Liewar.e" Virus. Action Taken: No Action Taken.

Tue May 07 00:13:50 2002 => Scanning File C:\WINDOWS\taskmgr.dll
Tue May 07 00:13:50 2002 => File C:\WINDOWS\taskmgr.dll infected by "Trojan.Win32.Liewar.e" Virus. Action Taken: No Action Taken.

Tue May 07 00:19:21 2002 => File C:\WINDOWS\TEMP\~vis0000\rebootnt.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Tue May 07 00:19:22 2002 => File C:\WINDOWS\TEMP\~vis0001\rebootnt.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Tue May 07 00:20:13 2002 => *** File C:\WINDOWS\TEMP\casinonet.exe having Size Restriction ***. Filesize 3199 kb > 3072 kb...
Tue May 07 00:20:13 2002 => Scanning File C:\WINDOWS\TEMP\casinonet.exe [**]

Tue May 07 00:20:20 2002 => *** File C:\WINDOWS\TEMP\mdac_typ.exe having Size Restriction ***. Filesize 5267 kb > 3072 kb...
Tue May 07 00:20:20 2002 => Scanning File C:\WINDOWS\TEMP\mdac_typ.exe [**]

Tue May 07 00:20:25 2002 => *** File C:\WINDOWS\TEMP\af8c9c.msi having Size Restriction ***. Filesize 5260 kb > 3072 kb...
Tue May 07 00:20:25 2002 => Scanning File C:\WINDOWS\TEMP\af8c9c.msi [**]


Tue May 07 00:20:34 2002 => *** File C:\WINDOWS\TEMP\ymsgrmx.exe having Size Restriction ***. Filesize 4234 kb > 3072 kb...
Tue May 07 00:20:34 2002 => Scanning File C:\WINDOWS\TEMP\ymsgrmx.exe [**]


ue May 07 00:20:57 2002 => *** File C:\WINDOWS\OPTIONS\INSTALL\DRIVER5.CAB having Size Restriction ***. Filesize 5983 kb > 3072 kb...
Tue May 07 00:20:57 2002 => Scanning File C:\WINDOWS\OPTIONS\INSTALL\DRIVER5.CAB [**]
Tue May 07 00:20:57 2002 => *** File C:\WINDOWS\OPTIONS\INSTALL\DRIVER6.CAB having Size Restriction ***. Filesize 8000 kb > 3072 kb...
Tue May 07 00:20:57 2002 => Scanning File C:\WINDOWS\OPTIONS\INSTALL\DRIVER6.CAB [**]
Tue

Tue May 07 00:20:58 2002 => *** File C:\WINDOWS\OPTIONS\INSTALL\WIN_10.CAB having Size Restriction ***. Filesize 8000 kb > 3072 kb...
Tue May 07 00:20:58 2002 => Scanning File C:\WINDOWS\OPTIONS\INSTALL\WIN_10.CAB [**]
Tue May 07 00:20:58 2002 => *** File C:\WINDOWS\OPTIONS\INSTALL\WIN_11.CAB having Size Restriction ***. Filesize 8000 kb > 3072 kb...
Tue May 07 00:20:58 2002 => Scanning File C:\WINDOWS\OPTIONS\INSTALL\WIN_11.CAB [**]
Tue May 07 00:20:58 2002 => *** File C:\WINDOWS\OPTIONS\INSTALL\WIN_12.CAB having Size Restriction ***. Filesize 8000 kb > 3072 kb...
Tue May 07 00:20:58 2002 => Scanning File C:\WINDOWS\OPTIONS\INSTALL\WIN_12.CAB [**]
Tue May 07 00:20:58 2002 => *** File C:\WINDOWS\OPTIONS\INSTALL\WIN_13.CAB having Size Restriction ***. Filesize 8000 kb > 3072 kb...
Tue May 07 00:20:58 2002 => Scanning File C:\WINDOWS\OPTIONS\INSTALL\WIN_13.CAB [**]
Tue May 07 00:20:58 2002 => *** File C:\WINDOWS\OPTIONS\INSTALL\WIN_14.CAB having Size Restriction ***. Filesize 8000 kb > 3072 kb...
Tue May 07 00:20:58 2002 => Scanning File C:\WINDOWS\OPTIONS\INSTALL\WIN_14.CAB [**]
Tue May 07 00:20:58 2002 => *** File C:\WINDOWS\OPTIONS\INSTALL\WIN_15.CAB having Size Restriction ***. Filesize 8000 kb > 3072 kb...
Tue May 07 00:20:58 2002 => Scanning File C:\WINDOWS\OPTIONS\INSTALL\WIN_15.CAB [**]
Tue May 07 00:20:58 2002 => *** File C:\WINDOWS\OPTIONS\INSTALL\WIN_16.CAB having Size Restriction ***. Filesize 8000 kb > 3072 kb...
Tue May 07 00:20:58 2002 => Scanning File C:\WINDOWS\OPTIONS\INSTALL\WIN_16.CAB [**]
Tue May 07 00:20:58 2002 => *** File C:\WINDOWS\OPTIONS\INSTALL\WIN_17.CAB having Size Restriction ***. Filesize 8000 kb > 3072 kb...
Tue May 07 00:20:58 2002 => Scanning File C:\WINDOWS\OPTIONS\INSTALL\WIN_17.CAB [**]
Tue May 07 00:20:58 2002 => *** File C:\WINDOWS\OPTIONS\INSTALL\WIN_18.CAB having Size Restriction ***. Filesize 8000 kb > 3072 kb...
Tue May 07 00:20:58 2002 => Scanning File C:\WINDOWS\OPTIONS\INSTALL\WIN_18.CAB [**]
Tue May 07 00:20:58 2002 => *** File C:\WINDOWS\OPTIONS\INSTALL\WIN_19.CAB having Size Restriction ***. Filesize 8000 kb > 3072 kb...
Tue May 07 00:20:58 2002 => Scanning File C:\WINDOWS\OPTIONS\INSTALL\WIN_19.CAB [**]
Tue May 07 00:20:58 2002 => *** File C:\WINDOWS\OPTIONS\INSTALL\WIN_20.CAB having Size Restriction ***. Filesize 8000 kb > 3072 kb...
Tue May 07 00:20:58 2002 => Scanning File C:\WINDOWS\OPTIONS\INSTALL\WIN_20.CAB [**]
Tue May 07 00:20:58 2002 => *** File C:\WINDOWS\OPTIONS\INSTALL\WIN_21.CAB having Size Restriction ***. Filesize 8000 kb > 3072 kb...
Tue May 07 00:20:58 2002 => Scanning File C:\WINDOWS\OPTIONS\INSTALL\WIN_21.CAB [**]
Tue May 07 00:20:58 2002 => *** File C:\WINDOWS\OPTIONS\INSTALL\WIN_22.CAB having Size Restriction ***. Filesize 3893 kb > 3072 kb...
Tue May 07 00:20:58 2002 => Scanning File C:\WINDOWS\OPTIONS\INSTALL\WIN_22.CAB [**]
Tue May 07 00:20:58 2002 => *** File C:\WINDOWS\OPTIONS\INSTALL\WIN_8.CAB having Size Restriction ***. Filesize 6151 kb > 3072 kb...
Tue May 07 00:20:58 2002 => Scanning File C:\WINDOWS\OPTIONS\INSTALL\WIN_8.CAB [**]
Tue May 07 00:20:58 2002 => *** File C:\WINDOWS\OPTIONS\INSTALL\WIN_9.CAB having Size Restriction ***. Filesize 8000 kb > 3072 kb...
Tue May 07 00:20:58 2002 => Scanning File C:\WINDOWS\OPTIONS\INSTALL\WIN_9.CAB [**]

ue May 07 00:28:34 2002 => *** File C:\WINDOWS\HELP\NOIWIN.HLP having Size Restriction ***. Filesize 3669 kb > 3072 kb...
Tue May 07 00:28:34 2002 => Scanning File C:\WINDOWS\HELP\NOIWIN.HLP [**]

e May 07 00:29:04 2002 => *** File C:\WINDOWS\JAVA\Packages\I7RTVDJJ.ZIP having Size Restriction ***. Filesize 5615 kb > 3072 kb...
Tue May 07 00:29:04 2002 => Scanning File C:\WINDOWS\JAVA\Packages\I7RTVDJJ.ZIP [**]
Tue May 07 00:29:04 2002 => *** File C:\WINDOWS\JAVA\Packages\L3ZJB1ND.ZIP having Size Restriction ***. Filesize 4213 kb > 3072 kb...
Tue May 07 00:29:04 2002 => Scanning File C:\WINDOWS\JAVA\Packages\L3ZJB1ND.ZIP [**]

ue May 07 00:29:52 2002 => *** File C:\WINDOWS\TEMP\pft4190~TMP\Reader\AcroRd32.exe having Size Restriction ***. Filesize 3780 kb > 3072 kb...
Tue May 07 00:29:52 2002 => Scanning File C:\WINDOWS\TEMP\pft4190~TMP\Reader\AcroRd32.exe [**]

Tue May 07 00:30:11 2002 => *** File C:\WINDOWS\TEMP\pft6105~TMP\Reader\AcroRd32.exe having Size Restriction ***. Filesize 3780 kb > 3072 kb...
Tue May 07 00:30:11 2002 => Scanning File C:\WINDOWS\TEMP\pft6105~TMP\Reader\AcroRd32.exe [**]

Tue May 07 00:30:53 2002 => File C:\WINDOWS\TEMP\~vis0000\rebootnt.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Tue May 07 00:30:55 2002 => File C:\WINDOWS\TEMP\~vis0001\rebootnt.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Tue May 07 00:31:46 2002 => *** File C:\WINDOWS\TEMP\casinonet.exe having Size Restriction ***. Filesize 3199 kb > 3072 kb...
Tue May 07 00:31:46 2002 => Scanning File C:\WINDOWS\TEMP\casinonet.exe [**]

Tue May 07 00:31:53 2002 => *** File C:\WINDOWS\TEMP\mdac_typ.exe having Size Restriction ***. Filesize 5267 kb > 3072 kb...
Tue May 07 00:31:53 2002 => Scanning File C:\WINDOWS\TEMP\mdac_typ.exe [**]

Tue May 07 00:31:59 2002 => *** File C:\WINDOWS\TEMP\af8c9c.msi having Size Restriction ***. Filesize 5260 kb > 3072 kb...
Tue May 07 00:31:59 2002 => Scanning File C:\WINDOWS\TEMP\af8c9c.msi [**]

Tue May 07 00:32:07 2002 => *** File C:\WINDOWS\TEMP\ymsgrmx.exe having Size Restriction ***. Filesize 4234 kb > 3072 kb...
Tue May 07 00:32:07 2002 => Scanning File C:\WINDOWS\TEMP\ymsgrmx.exe [**]

Tue May 07 00:32:09 2002 => Scanning Folder: C:\WINDOWS\TEMP\{536F7C74-844B-4683-B0C5-EA39E19A6FE3}\*.*
Tue May 07 00:32:09 2002 => Scanning File C:\WINDOWS\TEMP\MSI8436a.LOG [**]

Tue May 07 00:32:09 2002 => Scanning File C:\WINDOWS\TEMP\Norton SystemWorks 2004 Professional 3-13-2004 12h42m1s.log [**]
Tue May 07 00:32:09 2002 => Scanning File C:\WINDOWS\TEMP\symcprop.dat [**]

ue May 07 00:32:57 2002 => *** File C:\WINDOWS\Escritorio\tenencia.exe having Size Restriction ***. Filesize 3476 kb > 3072 kb...
Tue May 07 00:32:57 2002 => Scanning File C:\WINDOWS\Escritorio\tenencia.exe [**]

Tue May 07 00:33:01 2002 => *** File C:\WINDOWS\Escritorio\ymsgrmx.exe having Size Restriction ***. Filesize 3102 kb > 3072 kb...
Tue May 07 00:33:01 2002 => Scanning File C:\WINDOWS\Escritorio\ymsgrmx.exe [**]

Tue May 07 00:33:01 2002 => *** File C:\WINDOWS\Escritorio\mwav_28abr05\MWAV.EXE having Size Restriction ***. Filesize 6755 kb > 3072 kb...
Tue May 07 00:33:01 2002 => Scanning File C:\WINDOWS\Escritorio\mwav_28abr05\MWAV.EXE [**]

Tue May 07 00:33:02 2002 => *** File C:\WINDOWS\All Users\Application Data\MSN Messenger 6.2.0137\MsnMsgs.Msi having Size Restriction ***. Filesize 5260 kb > 3072 kb...
Tue May 07 00:33:02 2002 => Scanning File C:\WINDOWS\All Users\Application Data\MSN Messenger 6.2.0137\MsnMsgs.Msi [**]

Tue May 07 00:33:02 2002 => Result: ERROR!!! File C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\AlexaRelated.zip is Not Scanned
Tue May 07 00:33:02 2002 => C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\AlexaRelated.zip not Scanned. Possibly password protected...
Tue May 07 00:33:02 2002 => Scanning File C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ToolbarCC.zip
Tue May 07 00:33:02 2002 => Result: ERROR!!! File C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ToolbarCC.zip is Not Scanned
Tue May 07 00:33:02 2002 => C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ToolbarCC.zip not Scanned. Possibly password protected...
Tue May 07 00:33:02 2002 => Scanning File C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearch.zip
Tue May 07 00:33:02 2002 => Result: ERROR!!! File C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearch.zip is Not Scanned
Tue May 07 00:33:02 2002 => C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearch.zip not Scanned. Possibly password protected...
Tue May 07 00:33:02 2002 => Scanning File C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearch1.zip
Tue May 07 00:33:02 2002 => Result: ERROR!!! File C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearch1.zip is Not Scanned
Tue May 07 00:33:02 2002 => C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearch1.zip not Scanned. Possibly password protected...
Tue May 07 00:33:02 2002 => Scanning File C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit.zip
Tue May 07 00:33:03 2002 => Result: ERROR!!! File C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit.zip is Not Scanned
Tue May 07 00:33:03 2002 => C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit.zip not Scanned. Possibly password protected...
Tue May 07 00:33:03 2002 => Scanning File C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAffIedll.zip
Tue May 07 00:33:03 2002 => Result: ERROR!!! File C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAffIedll.zip is Not Scanned
Tue May 07 00:33:03 2002 => C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAffIedll.zip not Scanned. Possibly password protected...
Tue May 07 00:33:03 2002 => Scanning File C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\VLoading.zip
Tue May 07 00:33:03 2002 => Result: ERROR!!! File C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\VLoading.zip is Not Scanned
Tue May 07 00:33:03 2002 => C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\VLoading.zip not Scanned. Possibly password protected...
Tue May 07 00:33:03 2002 => Scanning File C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\VLoading1.zip
Tue May 07 00:33:03 2002 => Result: ERROR!!! File C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\VLoading1.zip is Not Scanned
Tue May 07 00:33:03 2002 => C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\VLoading1.zip not Scanned. Possibly password protected...
Tue May 07 00:33:03 2002 => Scanning File C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\Possiblehijacker.zip
Tue May 07 00:33:03 2002 => Result: ERROR!!! File C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\Possiblehijacker.zip is Not Scanned
Tue May 07 00:33:03 2002 => C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\Possiblehijacker.zip not Scanned. Possibly password protected...
Tue May 07 00:33:03 2002 => Scanning File C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\Possiblehijacker1.zip
Tue May 07 00:33:03 2002 => Result: ERROR!!! File C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\Possiblehijacker1.zip is Not Scanned
Tue May 07 00:33:03 2002 => C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\Possiblehijacker1.zip not Scanned. Possibly password protected...
Tue May 07 00:33:03 2002 => Scanning File C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit1.zip
Tue May 07 00:33:03 2002 => Result: ERROR!!! File C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit1.zip is Not Scanned
Tue May 07 00:33:03 2002 => C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit1.zip not Scanned. Possibly password protected...
Tue May 07 00:33:03 2002 => Scanning File C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit2.zip
Tue May 07 00:33:04 2002 => Result: ERROR!!! File C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit2.zip is Not Scanned
Tue May 07 00:33:04 2002 => C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit2.zip not Scanned. Possibly password protected...
Tue May 07 00:33:04 2002 => Scanning File C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit3.zip
Tue May 07 00:33:04 2002 => Result: ERROR!!! File C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit3.zip is Not Scanned
Tue May 07 00:33:04 2002 => C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit3.zip not Scanned. Possibly password protected...
Tue May 07 00:33:04 2002 => Scanning File C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit4.zip
Tue May 07 00:33:04 2002 => Result: ERROR!!! File C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit4.zip is Not Scanned
Tue May 07 00:33:04 2002 => C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit4.zip not Scanned. Possibly password protected...
Tue May 07 00:33:04 2002 => Scanning File C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW.zip
Tue May 07 00:33:04 2002 => Result: ERROR!!! File C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW.zip is Not Scanned
Tue May 07 00:33:04 2002 => C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW.zip not Scanned. Possibly password protected...
Tue May 07 00:33:04 2002 => Scanning File C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW1.zip
Tue May 07 00:33:04 2002 => Result: ERROR!!! File C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW1.zip is Not Scanned
Tue May 07 00:33:04 2002 => C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW1.zip not Scanned. Possibly password protected...
Tue May 07 00:33:04 2002 => Scanning File C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchSvcinit.zip
Tue May 07 00:33:04 2002 => Result: ERROR!!! File C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchSvcinit.zip is Not Scanned
Tue May 07 00:33:04 2002 => C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchSvcinit.zip not Scanned. Possibly password protected...
Tue May 07 00:33:04 2002 => Scanning File C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\SYSWEBTELECOM.zip
Tue May 07 00:33:04 2002 => Result: ERROR!!! File C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\SYSWEBTELECOM.zip is Not Scanned
Tue May 07 00:33:04 2002 => C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\SYSWEBTELECOM.zip not Scanned. Possibly password protected...
Tue May 07 00

Tue May 07 00:35:41 2002 => File C:\WINDOWS\dxsound.exe infected by "Trojan-Proxy.Win32.Migmaf.b" Virus. Action Taken: No Action Taken.

Tue May 07 00:35:42 2002 => *** File C:\WINDOWS\Downloaded Installations\{DCD77953-1FCC-465A-A457-7AE805A97710}\Microsoft AntiSpyware.msi having Size Restriction ***. Filesize 5657 kb > 3072 kb...

Tue May 07 00:35:43 2002 => File C:\WINDOWS\msiau.dll infected by "Trojan-Proxy.Win32.Symbab.aa" Virus. Action Taken: No Action Taken.

Tue May 07 00:35:43 2002 => Scanning File C:\WINDOWS\csrss.dll
Tue May 07 00:35:43 2002 => File C:\WINDOWS\csrss.dll infected by "Trojan.Win32.Liewar.e" Virus. Action Taken: No Action Taken.

Tue May 07 00:35:43 2002 => Scanning File C:\WINDOWS\winlogon.dll
Tue May 07 00:35:43 2002 => File C:\WINDOWS\winlogon.dll infected by "Trojan.Win32.Liewar.e" Virus. Action Taken: No Action Taken.

Tue May 07 00:35:43 2002 => Scanning File C:\WINDOWS\smssa.dll
Tue May 07 00:35:44 2002 => File C:\WINDOWS\smssa.dll infected by "Trojan.Win32.Liewar.e" Virus. Action Taken: No Action Taken.

Tue May 07 00:35:44 2002 => Scanning File C:\WINDOWS\uvchost.dll
Tue May 07 00:35:44 2002 => File C:\WINDOWS\uvchost.dll infected by "Trojan.Win32.Liewar.e" Virus. Action Taken: No Action Taken.

Tue May 07 00:35:44 2002 => Scanning File C:\WINDOWS\taskmgr.dll
Tue May 07 00:35:44 2002 => File C:\WINDOWS\taskmgr.dll infected by "Trojan.Win32.Liewar.e" Virus. Action Taken: No Action Taken.

Tue May 07 00:35:46 2002 => ***** Scanning complete. *****

Tue May 07 00:35:46 2002 => Total Objects Scanned: 12300
Tue May 07 00:35:46 2002 => Total Virus(es) Found: 19
Tue May 07 00:35:46 2002 => Total Disinfected Files: 0
Tue May 07 00:35:46 2002 => Total Files Renamed: 0
Tue May 07 00:35:46 2002 => Total Deleted Objects: 0
Tue May 07 00:35:46 2002 => Total Errors: 19
Tue May 07 00:35:46 2002 => Time Elapsed: 00:28:13
Tue May 07 00:35:46 2002 => Virus Database Date: 2005/04/27
Tue May 07 00:35:46 2002 => Virus Database Count: 127505

Tue May 07 00:35:46 2002 => Scan Completed.

Note que se encontraron archivos que se supone ya había borrado, y creo que aparecieron otra vez ahora que empezo a funcionar IE.

ojalá se pueda hacer algo.