Foro de InfoSpyware - Foro de Hijackthis - Foro de Virus

Hola amigos!

Los molesto con lo siguiente: a raiz de aparecer en la PC archivos desconocidos y sin extension, postié este problema en http://www.forospyware.com/t187414.html

luego, al escanear por infecciones aparecieron otros problemas, que trato de resumir:

1. los dos archivos llamados 9Ha03376 y KFa01944, de 158 y 211 MB no fueron señalados por ningún antivirus o antispyware. ewido al escanear los lee como directorios y dentro hay archivos .dwg de autocad (leer el otro post). no he intentado borrarlos por precaución. no pude subirlos a Virus Total por su tamaño

2. Trend Micro AV online detectó el virus CRCK_SIBEL.A (no se en qué ubicación) y no pudo eliminarlo

3. HJT si detecta algunas anormalidades (a lo poco que sé gracias a Uds). Aqui va el log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:58:20, on 04/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\ARCHIV~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Archivos comunes\Ahead\Lib\NMBgMonitor.exe
C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolba rNotifier.exe
C:\Archivos de programa\Microsoft Encarta\Encarta 2007 Biblioteca Premium DVD\EDICT.EXE
C:\Archivos de programa\Media Key\MagicKey.exe
C:\ARCHIV~1\AVG\AVG8\avgwdsvc.exe
C:\Archivos de programa\Media Key\OSD.EXE
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\ARCHIV~1\AVG\AVG8\avgrsx.exe
C:\ARCHIV~1\AVG\AVG8\avgemc.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Archivos de programa\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Complemento del Asistente para Internet de Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARCHIV~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\3.0.1225.986 8\swg.dll
O3 - Toolbar: Asistente para Internet de Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARCHIV~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Archivos de programa\Archivos comunes\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARCHIV~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Archivos de programa\Archivos comunes\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolba rNotifier.exe
O4 - HKCU\..\Run: [E07EXLRD_148109] "C:\Archivos de programa\Microsoft Encarta\Encarta 2007 Biblioteca Premium DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlpo_01] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlpo_01] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'Default user')
O4 - Global Startup: Acelerador de inicio de AutoCAD.lnk = C:\Archivos de programa\Archivos comunes\Autodesk Shared\acstart16.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Archivos de programa\Archivos comunes\Autodesk Shared\acstart16.exe
O4 - Global Startup: Inicio rápido de Adobe Reader.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Media Key.lnk = C:\Archivos de programa\Media Key\MagicKey.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barra de búsqueda de Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/spanish/kavwebscan_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://dgc.cba.gov.ar/SS3/WebUI/plugins/mgaxctrl.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Archivos de programa\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Archivos de programa\Archivos comunes\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARCHIV~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARCHIV~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8399 bytes

4. Aparte de lo anterior, la PC funciona normal

Desde ya muy agradecido y saludos a todos!

Hola solop.

Tu log de HijackThis esta libre de Malwares por lo que sugiero realizar lo siguiente:

Descarga, actualiza y ejecuta el programa:

• Malwarebytes' Anti-Malware
  *Nota* Es importante que envíes a "Cuarentena" todo lo que este detecte antes de copiar y pegarnos su reporte.

Descarga CCleaner y ejecútalo usando primero su opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos, y luego usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad).


- Descarga la herramienta ComboFix.exe y guárdala en el escritorio.

• Desactiva temporalmente el Antivirus y/o Antispyware.
• Cierra todas las ventanas abiertas.
• Hacele doble clic al archivo ComboFix.exe y seguí las instrucciones.
• Cuando termine, generara un registro en C:\ComboFix.txt.
  • *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
  • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.

• Reinicia y pega el reporte de C:\ComboFix.txt en este mismo mensaje.

Salu2

Hola ElPiedra! antes que nada gracias por tu tiempo

te comento que MalwareBytes no detecta nada raro en mi PC. ejecuté también ccleaner, limpió todo ok.

luego desactivé los AV para ejecutar ComboFix, pero aquí cometí un error por que de alguna forma me quedó activo Spybot S&D residente y me di cuenta cuando comenzó a pedir autorización para los cambios que hacia CF. Yo acepté todos los cambios pero no se si esto pueda haber afectado la ejecución del CF. mis disculpas por no seguir al pie de la letra las instrucciones

aqui pego el log de CF y a continuacion las lineas del log de Spybot con los cambios que tuve que aceptar

ComboFix 08-08-04.01 - Usuario 2008-08-05 10:00:30.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.3082.18.493 [GMT -3:00]
Se ejecuta desde: C:\Documents and Settings\Usuario\Escritorio\ComboFix.exe
* Creado un nuevo punto de restauración
* Resident AV is active


ADVERTENCIA - ESTE EQUIPO NO TIENE INSTALADA LA CONSOLA DE RECUPERACION!
.

(((((((((((((((((( Archivos creados desde 2008-07-05 - 2008-08-05 )))))))))))))))))))))))))))))))))
.

2008-08-04 20:17 . 2008-08-04 20:17 0 --a------ C:\WINDOWS\nsreg.dat
2008-08-04 12:25 . 2008-08-04 12:28 <DIR> d-------- C:\Archivos de programa\Regseeker
2008-08-04 09:21 . 2008-06-14 14:59 272,512 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-08-04 09:21 . 2008-06-14 14:59 272,512 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-01 21:20 . 2007-08-01 22:47 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-08-01 16:37 . 2008-08-01 16:37 <DIR> d-------- C:\Archivos de programa\Trend Micro
2008-08-01 13:08 . 2008-08-01 13:08 <DIR> d-------- C:\Documents and Settings\Usuario\Datos de programa\Malwarebytes
2008-08-01 13:08 . 2008-08-01 13:08 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Malwarebytes
2008-08-01 13:08 . 2008-08-01 13:08 <DIR> d-------- C:\Archivos de programa\Malwarebytes' Anti-Malware
2008-08-01 13:08 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-01 13:08 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-01 11:44 . 2008-08-01 12:39 <DIR> d-------- C:\Documents and Settings\Usuario\.housecall6.6
2008-07-31 10:55 . 2008-07-31 10:55 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-07-31 10:21 . 2008-08-01 18:42 <DIR> d-a------ C:\Documents and Settings\All Users\Datos de programa\TEMP
2008-07-31 08:52 . 2008-08-01 19:01 <DIR> d-------- C:\Archivos de programa\CCleaner
2008-07-31 08:50 . 2008-07-31 08:50 <DIR> d-------- C:\Archivos de programa\SpywareBlaster
2008-07-31 08:46 . 2008-07-31 08:46 <DIR> d-------- C:\Documents and Settings\Usuario\Datos de programa\SUPERAntiSpyware.com
2008-07-31 08:46 . 2008-07-31 08:46 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\SUPERAntiSpyware.com
2008-07-31 08:46 . 2008-07-31 08:46 <DIR> d-------- C:\Archivos de programa\SUPERAntiSpyware
2008-07-31 08:44 . 2008-07-31 09:57 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy
2008-07-31 08:44 . 2008-07-31 08:44 <DIR> d-------- C:\Archivos de programa\Spybot - Search & Destroy
2008-07-31 08:44 . 2008-07-31 08:44 <DIR> d-------- C:\Archivos de programa\Archivos comunes\Wise Installation Wizard
2008-07-30 18:17 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-07-30 18:16 . 2008-07-30 18:16 <DIR> d-------- C:\Archivos de programa\Panda Security
2008-07-16 11:31 . 2008-07-16 11:31 <DIR> d-------- C:\Archivos de programa\Archivos comunes\Adobe

.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2008-08-01 11:56 --------- d-----w C:\Archivos de programa\Archivos comunes\InstallShield
2008-08-01 11:54 --------- d--h--w C:\Archivos de programa\InstallShield Installation Information
2008-07-31 22:33 --------- d-----w C:\Archivos de programa\eMule
2008-07-31 12:03 --------- d-----w C:\Archivos de programa\Archivos comunes\Symantec Shared
2008-07-31 12:01 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Symantec
2008-07-16 14:29 --------- d-----w C:\Documents and Settings\Usuario\Datos de programa\AdobeUM
2008-07-03 15:52 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-03 15:52 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-03 15:52 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-06-20 17:36 248,320 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:44 360,960 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:32 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-05-07 04:56 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll
2007-11-06 22:06 5 ----a-w C:\Archivos de programa\VI.DAT
2007-11-06 22:05 25 ----a-w C:\Archivos de programa\CANI
2007-11-06 21:59 8,628 ---ha-w C:\Archivos de programa\CI.GID
2007-11-06 20:22 0 ----a-w C:\Archivos de programa\UL.DAT
2007-11-06 20:21 23,711 ----a-w C:\Archivos de programa\ST4UNST.000
2007-11-06 20:19 55,357 ----a-w C:\Archivos de programa\ST4UNST.LOG
2005-12-20 16:27 1,186,816 ----a-w C:\Archivos de programa\CI.EXE
2005-12-20 12:15 7,086,080 ----a-w C:\Archivos de programa\PP.EXE
2005-12-20 12:12 9,504 ----a-w C:\Archivos de programa\B3YUN90
2005-12-20 12:12 720 ----a-w C:\Archivos de programa\GNYUN90
2005-12-20 12:12 5,664 ----a-w C:\Archivos de programa\DEYUN90
2005-12-20 12:12 3,865 ----a-w C:\Archivos de programa\B1YUN90
2005-12-20 12:12 3,108 ----a-w C:\Archivos de programa\GBYUN90
2005-12-20 12:12 21,120 ----a-w C:\Archivos de programa\ESYUN90
2005-12-20 12:12 2,807 ----a-w C:\Archivos de programa\GEYUN90
2005-12-20 12:12 1,344 ----a-w C:\Archivos de programa\REYUN90
2005-12-16 15:29 4,255 ----a-w C:\Archivos de programa\YUN90.PIL
2005-12-16 15:29 13,200 ----a-w C:\Archivos de programa\H
2005-12-16 15:27 1,980 ----a-w C:\Archivos de programa\FBYUN90
2005-12-16 15:24 160 ----a-w C:\Archivos de programa\SSYUN90
2005-12-16 15:24 125 ----a-w C:\Archivos de programa\CGYUN90
2005-12-16 15:21 444 ----a-w C:\Archivos de programa\S1YUN90
2005-12-16 15:21 1,440 ----a-w C:\Archivos de programa\S3YUN90
2005-12-16 15:15 636 ----a-w C:\Archivos de programa\FOYUN90
2005-12-16 15:15 503 ----a-w C:\Archivos de programa\CBYUN90
2005-12-16 15:11 344 ----a-w C:\Archivos de programa\YUN90.BC3
2005-12-16 15:11 2,763 ----a-w C:\Archivos de programa\S3YUN90.ARM
2005-12-16 15:01 93 ----a-w C:\Archivos de programa\cgCERCHA
2005-12-16 15:01 60 ----a-w C:\Archivos de programa\ssCERCHA
2005-12-16 15:01 212 ----a-w C:\Archivos de programa\cbCERCHA
2005-12-16 14:51 11,544 ----a-w C:\Archivos de programa\S1YUN90.PER
2005-12-16 14:45 69 ----a-w C:\Archivos de programa\R1RETI01
2005-12-16 14:45 498 ----a-w C:\Archivos de programa\OORETI01
2004-06-10 12:15 17,138 ----a-w C:\Archivos de programa\TECSING4.BMP
2004-06-04 21:32 1,579,436 ----a-w C:\Archivos de programa\EDIF5X.PDF
2004-06-04 21:11 101,888 ----a-w C:\Archivos de programa\ADENDA59.DOC
2004-05-27 21:00 136,704 ----a-w C:\Archivos de programa\MEMORIA.DOC
2004-05-21 15:08 1,001,147 ----a-w C:\Archivos de programa\CPE.DXF
2004-05-11 20:39 1,088 ----a-w C:\Archivos de programa\SETUP.LST
2004-05-11 16:47 917 ----a-w C:\Archivos de programa\M2.gif
2004-05-11 16:47 1,086 ----a-w C:\Archivos de programa\M1.gif
2004-05-11 16:28 173 ----a-w C:\Archivos de programa\pi.dat
2004-03-04 13:07 93 ----a-w C:\Archivos de programa\R1YUN90
2004-03-04 13:07 360 ----a-w C:\Archivos de programa\R2YUN90
2003-09-19 12:52 9,071 ----a-w C:\Archivos de programa\SCYUN90
2003-09-19 12:52 2,130 ----a-w C:\Archivos de programa\SGYUN90
2002-12-09 16:23 221 ----a-w C:\Archivos de programa\av.dat
2002-11-13 17:24 1,195,008 ----a-w C:\Archivos de programa\ADENDA58.DOC
2002-11-12 17:16 1,167 ----a-w C:\Archivos de programa\H.DAT
2002-11-12 16:20 6,144 ----a-w C:\Archivos de programa\LEAME.WRI
2002-11-12 15:28 1,478 ----a-w C:\Archivos de programa\H507.BMP
2002-11-12 15:28 1,478 ----a-w C:\Archivos de programa\H506.BMP
2002-11-12 15:28 1,478 ----a-w C:\Archivos de programa\H505.BMP
2002-11-12 15:27 1,478 ----a-w C:\Archivos de programa\H503.BMP
2002-11-12 15:27 1,478 ----a-w C:\Archivos de programa\H502.BMP
2002-11-12 15:27 1,478 ----a-w C:\Archivos de programa\H501.BMP
2002-11-12 15:26 1,478 ----a-w C:\Archivos de programa\H504.BMP
2002-11-12 15:24 1,478 ----a-w C:\Archivos de programa\H414.BMP
2002-11-12 15:24 1,478 ----a-w C:\Archivos de programa\H413.BMP
2002-11-12 15:23 1,478 ----a-w C:\Archivos de programa\H412.BMP
2002-11-12 15:23 1,478 ----a-w C:\Archivos de programa\H406.BMP
2002-11-12 15:22 1,478 ----a-w C:\Archivos de programa\H405.BMP
2002-11-12 15:22 1,478 ----a-w C:\Archivos de programa\H404.BMP
2002-11-12 15:21 1,478 ----a-w C:\Archivos de programa\H403.BMP
2002-11-12 15:21 1,478 ----a-w C:\Archivos de programa\H402.BMP
2002-11-12 13:36 3 ----a-w C:\Archivos de programa\ha.dat
2002-11-08 13:46 1,478 ----a-w C:\Archivos de programa\H318.BMP
2002-11-08 13:39 358 ----a-w C:\Archivos de programa\H12.BMP
2002-11-08 13:37 1,254 ----a-w C:\Archivos de programa\H11.BMP
2002-11-06 20:26 1,478 ----a-w C:\Archivos de programa\H35.BMP
2002-11-06 20:25 1,478 ----a-w C:\Archivos de programa\H32.BMP
2002-11-06 20:25 1,478 ----a-w C:\Archivos de programa\H31.BMP
2002-11-06 16:36 358 ----a-w C:\Archivos de programa\H01.BMP
2002-11-06 16:36 1,478 ----a-w C:\Archivos de programa\H03.BMP
2002-11-06 16:32 1,254 ----a-w C:\Archivos de programa\H04.BMP
2002-11-06 16:30 1,254 ----a-w C:\Archivos de programa\H02.BMP
2002-11-06 16:25 1,478 ----a-w C:\Archivos de programa\H07.BMP
2002-11-06 15:06 1,478 ----a-w C:\Archivos de programa\H33.BMP
2002-11-06 15:02 1,478 ----a-w C:\Archivos de programa\H4502.BMP
2002-11-06 14:52 1,478 ----a-w C:\Archivos de programa\H317.BMP
2002-11-06 14:46 1,478 ----a-w C:\Archivos de programa\H316.BMP
2002-11-06 14:43 1,478 ----a-w C:\Archivos de programa\H315.BMP
2002-11-06 14:41 1,478 ----a-w C:\Archivos de programa\H314.BMP
2002-11-06 14:40 1,478 ----a-w C:\Archivos de programa\H313.BMP
2002-11-06 14:36 1,478 ----a-w C:\Archivos de programa\H311.BMP
2002-11-06 14:19 1,478 ----a-w C:\Archivos de programa\H37.BMP
.

((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 10:42 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Archivos de programa\Archivos comunes\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 17:03 94208]
"swg"="C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolba rNotifier.exe" [2007-10-24 19:33 68856]
"E07EXLRD_148109"="C:\Archivos de programa\Microsoft Encarta\Encarta 2007 Biblioteca Premium DVD\EDICT.EXE" [2006-06-12 17:01 351000]
"SpybotSD TeaTimer"="C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]
"SUPERAntiSpyware"="C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 13:26 7700480]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray. dll" [2007-04-19 13:26 86016]
"NeroFilterCheck"="C:\Archivos de programa\Archivos comunes\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"AVG8_TRAY"="C:\ARCHIV~1\AVG\AVG8\avgtray.exe" [2008-07-03 12:52 1232152]
"nwiz"="nwiz.exe" [2007-04-19 13:26 1626112 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 14:49 16377344 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 10:42 15360]

C:\Documents and Settings\All Users\Men£ Inicio\Programas\Inicio\
Acelerador de inicio de AutoCAD.lnk - C:\Archivos de programa\Archivos comunes\Autodesk Shared\acstart16.exe [2005-03-05 21:18:22 10872]
AutoCAD Startup Accelerator.lnk - C:\Archivos de programa\Archivos comunes\Autodesk Shared\acstart16.exe [2005-03-05 21:18:22 10872]
Inicio r*pido de Adobe Reader.lnk - C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
Media Key.lnk - C:\Archivos de programa\Media Key\MagicKey.exe [2008-06-03 10:07:01 159744]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Archivos de programa\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Archivos de programa\\MSN Messenger\\msnmsgr.exe"=
"C:\\Archivos de programa\\MSN Messenger\\livecall.exe"=
"C:\\Archivos de programa\\eMule\\emule.exe"=
"C:\\Archivos de programa\\AVG\\AVG8\\avgupd.exe"=
"C:\\Archivos de programa\\AVG\\AVG8\\avgemc.exe"=
"C:\\CYPE Ingenieros\\Versión 2004.1\\programas\\CYPE. Arquitectura, Ingeniería y Construcción.exe"=
"C:\\CYPE Ingenieros\\Versión 2004.1\\programas\\CYPECAD.exe"=
"C:\\CYPE Ingenieros\\Versión 2004.1\\programas\\calcce.exe"=

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboo t.sys [2008-06-19 17:24]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-03 12:52]
R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys [2002-07-11 12:00]
R1 UsbFltr;WayTechUSBFilterDriver;C:\WINDOWS\system32 \drivers\UsbFltr.sys [2006-04-28 17:40]
R2 avg8emc;AVG8 E-mail Scanner;C:\ARCHIV~1\AVG\AVG8\avgemc.exe [2008-07-03 12:52]
R2 avg8wd;AVG8 WatchDog;C:\ARCHIV~1\AVG\AVG8\avgwdsvc.exe [2008-07-03 12:52]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-03 12:52]
R2 lsmem;lsmem;C:\WINDOWS\system32\drivers\lsmem.sys [1997-11-14 18:37]
R2 SSIPDDP;SSIPDDP Parallel port device driver;C:\WINDOWS\system32\DRIVERS\SSIPDDP.SYS [2000-05-17 16:24]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Usuario\Datos de programa\Mozilla\Firefox\Profiles\xyov3e4e.default \
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com.ar/
FF -: plugin - C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll


************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-05 10:02:08
Windows 5.1.2600 Service Pack 2 NTFS

escaneando procesos ocultos ...

escaneando entradas ocultas de autostart ...

escaneando archivos ocultos ...

el escaneo se completo con exito
archivos ocultos: 0

************************************************** ************************
.
Tiempo completado: 2008-08-05 10:05:15
ComboFix-quarantined-files.txt 2008-08-05 13:04:53

Pre-Run: 96,204,386,304 bytes libres
Post-Run: 96,197,255,168 bytes libres

213 --- E O F --- 2008-08-04 23:25:15


Lineas del log de Spybot

05/08/2008 10:05:19 Permitido (based on lassh blacklist) value "Alcmtr" (new data: "") eliminado in System Startup global entry!
05/08/2008 10:17:09 Permitido (based on user decision) value "Search Page" (new data: "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch") cambiado in Browser page!
05/08/2008 10:17:18 Permitido (based on user decision) value "Search Bar" (new data: "") eliminado in Browser page!
05/08/2008 10:17:18 Permitido (based on user decision) value "SearchAssistant" (new data: "") eliminado in Browser page!
05/08/2008 10:17:19 Permitido (based on user decision) value "SearchAssistant" (new data: "http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm") cambiado in Browser page!
05/08/2008 10:17:20 Permitido (based on user decision) value "AutoRun" (new data: "") eliminado in Command processor!
05/08/2008 10:17:21 Permitido (based on user decision) value "load" (new data: "") eliminado in NT startup!
05/08/2008 10:17:22 Permitido (based on user decision) value "scrnsave.exe" (new data: "") eliminado in Desktop settings!

Hola, descarga y ejecutar el programa ResetTeaTimer.bat

Reinicia y nos contas los resultados haciendo un escaneo con tu SpyBot.

Salu2

hola!

seguí tus instrucciones. desactive todos los AV y ventanas abiertas. ejecute reset teatimer.bat. al ejecutar indicó que Spybot y TeaTimer se apagarían (continuaban ejecutándose?).termino la ejecucion del reset. reinicié. el cursor permanecía indicando ocupado (reloj) y tuve que reiniciar nuevamente, indicó que explorer.exe no respondía. al reiniciar nuevamente todo OK. tuve que instalar "Ventajas de Soft original Windows". actualicé Spybot y realicé un escaneo completo = OK

preguntas: 1. ¿puede ser el virus un falso positivo de Trend Micro?
2. ¿debería intentar eliminar los dos archivos desconocidos?

saludos

Hola, tendrías que dejarnos un reporte del antivirus que te detecto la infección para ver un poco mas.

Salu2

Hola!

aqui dejo el log everything0.log de trend micro (hay otros dos execution0.log y engine0.log, no se cuál les sirve)

la ubicación del CRCK_SIBEL.A no sale en ningún log pero si la pude ver en la pantalla de trend micro y es: C:\Archivos de programa\eMule\Incoming\Grabar\Sibelius 4 Español Completisimo.rar! de 30.8 MB

Trend Micro online scaner encuentra 1 infección de CRCK y 100 infecciones de Memwatch pero al ejecutar Limpiar infecciones queda en esa pantalla sin informar ningun resultado.

2008-08-08 08:56:17.937 FINEST Overall info OS version = WinXP
2008-08-08 08:56:17.953 FINEST Overall info AX build = 6.51.0.1028
2008-08-08 08:56:21.796 FINEST Report Dump checking for unsent reports
2008-08-08 08:56:21.796 FINEST Report Dump processing report 2008-08-01-12-39-46.temp
2008-08-08 08:56:21.796 FINEST Report Dump processing report 2008-08-07-20-08-11.temp
2008-08-08 08:56:46.187 FINEST scanEngineMalware updateItem remote version = 5.3200.1011, code = 4
2008-08-08 08:56:49.140 FINEST scanEngineGrayware updateItem remote version = 5.0.1060, code = 4
2008-08-08 08:56:56.125 FINEST scanEngineStorage:MAIN updateItem remote version = 8.7000.1003, code = 0
2008-08-08 08:56:59.046 FINEST scanEngineStorage:SYSTEM updateItem remote version = 5.3200.1011, code = 0
2008-08-08 08:56:59.062 FINEST engineInfo scan::SCAN_STORAGE
2008-08-08 08:57:00.656 FINEST patternVSAPI updateItem remote version = 5.219.0
2008-08-08 08:57:03.578 FINEST patternVSAPI updateItem(GRAYWARE) remote version = 0.623.0
2008-08-08 08:57:05.078 INFO ProcessSystemCallback Version 6.51-1028
2008-08-08 08:57:05.078 FINEST ProcessSystemCallback File scanner start initialization
2008-08-08 08:57:05.296 FINEST ProcessSystemCallback File Scanner version 870001004
2008-08-08 08:57:06.515 FINEST engineInfo scan::SCAN_STORAGE::init for tmaptn.###
2008-08-08 08:58:05.765 FINEST engineInfo Filename to check: C:\ , amount = 48754, size=59346672921
2008-08-08 08:58:05.765 FINEST ProcessSystemCallback Drive (C)
2008-08-08 08:58:05.765 FINEST ProcessSystemCallback Path (C) is processable
2008-08-08 08:58:05.765 FINEST engineInfo will check BootSector//Partition on C:
2008-08-08 09:03:55.906 SEVERE ProcessSystemCallback File scanner error=-94,
2008-08-08 0937.796 SEVERE ProcessSystemCallback File scanner error=-94,
2008-08-08 09:11:03.546 WARNING ProcessCallback reportInfection: threatName=CRCK_SIBEL.A, threatType=2, patternType=1,canClean=0, canRemove=1 return=0
2008-08-08 09:11:07.062 FINEST ProcessSystemCallback File scanner reportInfection CRCK_SIBEL.A, type=2, canClean=0, canRemove=1
2008-08-08 09:12:32.468 SEVERE ProcessSystemCallback File scanner error=-94,
2008-08-08 09:13:35.468 SEVERE ProcessSystemCallback File scanner error=-94,
2008-08-08 09:17:40.000 SEVERE ProcessSystemCallback File scanner error=-94,
2008-08-08 09:17:40.015 SEVERE ProcessSystemCallback File scanner error=-94,
2008-08-08 09:17:40.296 SEVERE ProcessSystemCallback File scanner error=-94,
2008-08-08 09:17:40.296 SEVERE ProcessSystemCallback File scanner error=-94,
2008-08-08 09:17:40.437 SEVERE ProcessSystemCallback File scanner error=-94,
2008-08-08 09:17:40.437 SEVERE ProcessSystemCallback File scanner error=-94,
2008-08-08 09:17:40.468 SEVERE ProcessSystemCallback File scanner error=-94,
2008-08-08 09:17:40.468 SEVERE ProcessSystemCallback File scanner error=-94,
2008-08-08 09:18:12.890 SEVERE ProcessSystemCallback File scanner error=-94,
2008-08-08 09:18:12.890 SEVERE ProcessSystemCallback File scanner error=-94,
2008-08-08 09:24:36.968 SEVERE ProcessSystemCallback File scanner error=-94,
2008-08-08 09:24:36.984 SEVERE ProcessSystemCallback File scanner error=-94,
2008-08-08 09:24:56.796 SEVERE ProcessSystemCallback File scanner error=-94,
2008-08-08 09:30:07.343 SEVERE ProcessSystemCallback File scanner error=-94,
2008-08-08 09:30:07.375 SEVERE ProcessSystemCallback File scanner error=-94,
2008-08-08 09:30:07.437 SEVERE ProcessSystemCallback File scanner error=-94,
2008-08-08 09:30:07.437 SEVERE ProcessSystemCallback File scanner error=-94,
2008-08-08 09:30:07.500 SEVERE ProcessSystemCallback File scanner error=-94,
2008-08-08 09:30:07.500 SEVERE ProcessSystemCallback File scanner error=-94,
2008-08-08 09:30:07.515 SEVERE ProcessSystemCallback File scanner error=-94,
2008-08-08 09:30:07.546 SEVERE ProcessSystemCallback File scanner error=-94,
2008-08-08 09:30:07.640 SEVERE ProcessSystemCallback File scanner error=-94,
2008-08-08 09:30:07.640 SEVERE ProcessSystemCallback File scanner error=-94,
2008-08-08 09:33:13.484 FINEST scanEngineMalware updateItem remote version = 5.3200.1011, code = 4
2008-08-08 09:33:16.390 FINEST scanEngineGrayware updateItem remote version = 5.0.1060, code = 4
2008-08-08 09:33:16.406 FINEST engineInfo scan::SCAN_SYSTEM_GRAYWARE
2008-08-08 09:33:17.890 FINEST patternGrayware updateItem remote version = 0.623.0
2008-08-08 09:33:19.437 FINEST ProcessSystemCallback System scanner start initialization
2008-08-08 09:33:19.593 FINEST ProcessSystemCallback System scanner initialized
2008-08-08 09:33:19.750 WARNING ProcessSystemCallback Failed to start trueAPI driver.
2008-08-08 09:33:19.750 WARNING ProcessSystemCallback Failed to intialize TrueAPI driver.
2008-08-08 09:33:20.546 INFO ProcessSystemCallback Spyware scanner initialized (threadid=1b0)
2008-08-08 09:33:23.703 FINEST ProcessSystemCallback Spyware scanner loaded pattern file
2008-08-08 09:33:23.703 FINEST ProcessSystemCallback Spyware scanner activate SPYWARE pattern
2008-08-08 09:33:23.703 FINEST ProcessSystemCallback Spyware scanner pattern version 62300
2008-08-08 09:33:23.703 FINEST engineInfo threats count = 0
2008-08-08 09:33:23.703 FINEST engineInfo pattern location = C:\Documents and Settings\Usuario\.housecall6.6\Pattern\TMADCE.ptn
2008-08-08 09:33:23.734 FINEST ProcessSystemCallback Spyware scanner processSystem patternType=3 isclean=0 inactive=0
2008-08-08 09:33:23.765 FINEST ProcessSystemCallback Found threat infection: (ID Started Scanning) on 'Programs in Memory'
2008-08-08 09:33:24.187 FINEST ProcessSystemCallback Found threat infection: (ID Started Scanning) on 'Internet Cookies'
2008-08-08 09:33:24.359 FINEST ProcessSystemCallback Found threat infection: (ID Started Scanning) on 'Windows Registry'
2008-08-08 09:33:27.218 FINEST ProcessSystemCallback Found threat infection: (ID Started Scanning) on 'Internet URL Shortcuts'
2008-08-08 09:33:32.343 FINEST ProcessSystemCallback Found threat infection: (ID Started Scanning) on 'Files and Directories'
2008-08-08 09:36:26.203 FINEST ProcessSystemCallback Found threat infection: (ID Started Scanning) on 'Program Startup Areas'
2008-08-08 09:36:27.000 FINEST ProcessSystemCallback Found threat infection: (ID Started Scanning) on 'Hosts File'
2008-08-08 09:36:27.671 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121783) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:36:27.687 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:36:32.375 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:36:32.703 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121782) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:36:32.703 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:36:32.703 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:36:33.328 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121781) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:36:33.328 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:36:33.343 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:36:33.718 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121780) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:36:33.718 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:36:33.718 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:36:34.171 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121779) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:36:34.171 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:36:34.171 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:36:34.546 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121542) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:36:34.546 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:36:34.562 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:36:34.890 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121541) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:36:34.890 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:36:34.890 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:36:35.515 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121547) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:36:35.515 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:36:35.515 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:36:35.859 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121550) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:36:35.859 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:36:35.875 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:36:36.250 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121549) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:36:36.250 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:36:36.265 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:36:36.703 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121961) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:36:36.734 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:36:36.734 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:36:37.078 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121954) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:36:37.078 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:36:37.078 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:36:37.468 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121737) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:36:37.468 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:36:37.484 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:36:38.078 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121736) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:36:38.078 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:36:38.093 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:36:38.437 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121552) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:36:38.437 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:36:38.453 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:36:38.875 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121551) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:36:38.890 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:36:38.890 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:36:39.250 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121533) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:36:39.250 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:36:39.250 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:36:39.609 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121906) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:36:39.609 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:36:39.625 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:36:39.984 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121905) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:36:39.984 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:36:39.984 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:36:40.328 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121849) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:36:40.328 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:36:40.343 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:36:40.671 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121738) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:36:40.671 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:36:40.687 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:36:41.015 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121554) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:36:41.015 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:36:41.031 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:36:41.359 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121553) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:36:41.359 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:36:41.359 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:36:41.703 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121560) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:36:41.703 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:36:41.718 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:36:42.046 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121563) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:36:42.046 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:36:42.046 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:36:42.390 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121561) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:36:42.406 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:36:42.406 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:36:42.781 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121566) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:36:42.781 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:36:42.781 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:36:43.218 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121850) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:36:43.218 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:36:43.234 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:36:43.578 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121569) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:36:43.578 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:36:43.578 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:36:43.921 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121848) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:36:43.921 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:36:43.921 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:36:44.296 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121810) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:36:44.296 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:36:44.296 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:36:44.625 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121809) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:36:44.625 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:36:44.640 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:36:44.968 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121739) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:36:44.968 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:36:44.984 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:36:45.312 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121538) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:36:45.312 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:36:45.312 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:36:45.640 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121536) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:36:45.640 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:36:45.656 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:36:46.062 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121957) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:36:46.062 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:36:46.062 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:36:46.484 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121579) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:36:46.484 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:36:46.484 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:36:46.843 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121531) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:36:46.843 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:36:46.843 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:36:47.203 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121582) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:36:47.203 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:36:47.203 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:36:47.546 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121718) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:36:47.546 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:36:47.562 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:36:47.921 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121586) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:36:47.921 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:36:47.921 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:36:48.250 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121589) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:36:48.265 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:36:48.265 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:36:48.859 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121796) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:36:48.859 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:36:48.859 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:36:49.328 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121599) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:36:49.328 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:36:49.343 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:36:49.781 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121596) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:36:49.812 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:36:49.812 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:36:50.187 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121604) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:36:50.187 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:36:50.203 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:36:50.546 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121753) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:36:50.546 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:36:50.546 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:36:50.890 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121752) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:36:50.890 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:36:50.890 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:36:51.281 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121606) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:36:51.281 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:36:51.281 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:36:51.640 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121610) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:36:51.640 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:36:51.640 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:36:52.234 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121608) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:36:52.234 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:36:52.250 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:36:52.593 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121614) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:36:52.593 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:36:52.640 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:36:53.046 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121612) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:36:53.046 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:36:53.046 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:36:53.531 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121616) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:36:53.531 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:36:53.531 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:36:53.875 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121618) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:36:53.875 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:36:53.875 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:36:54.218 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121622) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:36:54.218 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:36:54.218 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:36:54.562 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121624) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:36:54.562 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:36:54.562 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:36:55.031 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121630) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:36:55.031 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:36:55.046 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:36:55.656 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121804) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:36:55.656 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:36:55.687 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:36:56.109 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121802) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:36:56.125 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:36:56.171 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:36:56.531 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121634) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:36:56.531 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:36:56.546 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:36:56.890 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121785) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:36:56.890 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:36:56.890 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:36:57.218 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121675) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:36:57.218 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:36:57.218 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:36:57.906 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121637) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:36:57.906 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:36:57.937 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:36:58.359 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121896) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:36:58.359 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:36:58.390 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:36:58.843 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121642) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:36:58.859 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:36:58.859 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:36:59.265 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121764) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:36:59.265 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:36:59.265 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:36:59.906 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121646) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:36:59.906 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:36:59.921 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:37:00.343 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121690) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:37:00.375 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:37:00.375 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:37:00.703 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121691) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:37:00.703 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:37:00.718 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:37:01.046 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121745) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:37:01.046 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:37:01.062 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:37:01.390 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121649) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:37:01.390 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:37:01.390 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:37:01.734 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121767) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:37:01.734 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:37:01.734 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:37:02.093 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121747) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:37:02.125 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:37:02.171 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:37:02.562 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121770) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:37:02.578 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:37:02.640 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:37:02.984 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121769) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:37:02.984 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:37:02.984 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:37:03.593 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121787) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:37:03.593 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:37:03.609 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:37:03.953 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121789) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:37:03.953 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:37:03.968 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:37:04.375 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121655) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:37:04.390 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:37:04.453 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:37:04.796 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121657) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:37:04.796 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:37:04.796 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:37:05.187 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121658) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:37:05.187 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:37:05.203 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:37:05.609 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121662) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:37:05.609 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:37:05.609 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:37:06.203 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121664) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:37:06.203 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:37:06.250 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:37:06.609 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121668) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:37:06.609 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:37:06.640 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:37:07.031 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121709) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:37:07.031 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:37:07.046 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:37:07.421 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121773) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:37:07.437 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:37:07.437 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:37:08.031 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121960) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:37:08.031 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:37:08.046 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:37:08.453 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121855) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:37:08.468 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:37:08.531 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:37:08.875 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121854) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:37:08.875 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:37:08.875 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:37:09.234 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121677) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:37:09.234 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:37:09.234 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:37:09.609 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121676) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:37:09.609 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:37:09.609 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:37:10.265 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121774) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:37:10.265 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:37:10.281 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:37:10.671 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121792) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:37:10.671 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:37:10.734 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:37:11.093 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121791) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:37:11.093 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:37:11.109 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:37:11.531 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121890) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:37:11.531 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:37:11.531 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:37:12.203 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121794) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:37:12.203 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:37:12.234 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:37:12.640 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121689) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:37:12.640 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:37:12.687 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:37:13.078 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121807) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:37:13.078 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:37:13.078 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:37:13.421 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121920) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:37:13.437 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:37:13.437 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:37:13.765 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher (ID 121921) on 'C:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1'
2008-08-08 09:37:13.765 WARNING ProcessSystemCallback reportInfection threatName = 2008-08-08 09:37:13.765 FINEST ProcessSystemCallback Found threat infection: Adware_MemWatcher
2008-08-08 09:37:14.875 FINEST ProcessSystemCallback Found threat infection: (ID Started Scanning) on 'Web Browser Security Settings'
2008-08-08 09:37:16.546 FINEST ProcessSystemCallback Spyware scanner processed threat scan
2008-08-08 09:37:16.656 FINEST engineInfo scan::SCAN_SOFTWARE_VULNERABILITY
2008-08-08 09:37:18.250 FINEST patternVul updateItem remote version = 0.85.0
2008-08-08 09:37:19.734 FINEST ProcessSystemCallback System scanner version 532001011
2008-08-08 09:37:19.750 FINEST ProcessSystemCallback System scanner loaded pattern file Pattern\TMVAmain.ptn
2008-08-08 09:37:19.750 FINEST ProcessSystemCallback System scanner loaded pattern file Pattern\TMVAmain.ptn
2008-08-08 09:37:19.781 FINEST ProcessSystemCallback System scanner Pattern type=4, Version=8500
2008-08-08 09:37:19.781 FINEST engineInfo threats count = 0
2008-08-08 09:37:19.781 FINEST engineInfo pattern location = C:\Documents and Settings\Usuario\.housecall6.6\Pattern\TMVAmain.pt n
2008-08-08 09:37:19.781 FINEST ProcessSystemCallback System scanner loaded pattern file Pattern\TMVAmain.ptn
2008-08-08 09:37:19.781 FINEST ProcessSystemCallback getProcessableThreats
2008-08-08 09:37:19.781 FINEST ProcessSystemCallback System scanner processable threats=0
2008-08-08 09:37:19.781 FINEST ProcessSystemCallback System scanner set process mode. Clean=0, threat count=0
2008-08-08 09:37:21.250 FINEST ProcessSystemCallback Sytem Scanner start threat process transfer
2008-08-08 09:37:22.828 FINEST ProcessSystemCallback System Scanner stop threat process transfer. Number of threats=256
2008-08-08 09:37:24.312 FINE Report Dump Using the report key -1 for the current ticket-session
2008-08-08 09:37:24.312 FINEST Report Dump making report C:\Documents and Settings\Usuario\.housecall6.6\log\2008-08-08-09-37-24.temp
2008-08-08 09:37:28.265 FINEST Report Dump currect datetime = 2008-08-08 12\:37\:35 GMT
2008-08-08 09:37:28.265 FINEST Report Dump totally have 4 scanning
2008-08-08 09:41:47.859 FINEST engineInfo clean::SYSTEM_MALWARE
2008-08-08 09:41:49.421 FINEST patternTSC updateItem remote version = 0.950.0
2008-08-08 09:41:51.296 FINEST ProcessSystemCallback System scanner loaded pattern file Pattern\tsc.ptn
2008-08-08 09:41:51.296 FINEST ProcessSystemCallback System scanner loaded pattern file Pattern\tsc.ptn
2008-08-08 09:41:51.328 FINEST ProcessSystemCallback System scanner Pattern type=2, Version=95000
2008-08-08 09:41:51.328 FINEST ProcessSystemCallback System scanner deactivate VA pattern
2008-08-08 09:41:51.328 FINEST ProcessSystemCallback System scanner activate SYSTEM MALWARE pattern
2008-08-08 09:41:51.328 FINEST ProcessSystemCallback Spyware scanner deactivate SPYWARE pattern
2008-08-08 09:41:51.328 FINEST ProcessSystemCallback System scanner loaded pattern file Pattern\tsc.ptn
2008-08-08 09:41:51.328 FINEST ProcessSystemCallback getProcessableThreats
2008-08-08 09:41:51.328 FINEST ProcessSystemCallback System scanner processable threats=0
2008-08-08 09:41:51.328 FINEST ProcessSystemCallback System scanner set process mode. Clean=1, threat count=0
2008-08-08 09:41:52.390 FINEST ProcessSystemCallback Sytem Scanner start threat process transfer
2008-08-08 09:41:57.656 FINEST ProcessSystemCallback System Scanner stop threat process transfer. Number of threats=3000
2008-08-08 09:41:57.796 FINEST engineInfo clean::SYSTEM_GRAYWARE
2008-08-08 09:41:57.812 FINEST ProcessSystemCallback Spyware scanner loaded pattern file
2008-08-08 09:41:57.812 FINEST ProcessSystemCallback Spyware scanner activate SPYWARE pattern
2008-08-08 09:41:57.812 FINEST ProcessSystemCallback Spyware scanner loaded pattern version 62300
2008-08-08 09:41:57.812 FINEST ProcessSystemCallback System scanner deactivate VA pattern
2008-08-08 09:41:57.812 FINEST ProcessSystemCallback System scanner deactivate SYSTEM MALWARE pattern
2008-08-08 09:41:57.812 FINEST ProcessSystemCallback Spyware scanner activate SPYWARE pattern
2008-08-08 09:41:57.828 FINEST ProcessSystemCallback Spyware scanner processSystem patternType=3 isclean=1 inactive=0
2008-08-08 09:41:57.828 FINEST ProcessSystemCallback getProcessableThreats
2008-08-08 09:41:57.828 FINEST Marking for DCE 1 of 101, marking CRCK_SIBEL.A, action=8
2008-08-08 09:41:57.859 FINEST ProcessSystemCallback System scanner start backup for threat= CRCK_SIBEL.A
2008-08-08 09:41:57.859 FINEST ProcessSystemCallback Spyware scanner start backup
2008-08-08 09:42:31.640 FINEST Marking for DCE 2 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:42:31.640 FINEST ProcessSystemCallback System scanner start backup for threat= ADWARE_MEMWATCHER
2008-08-08 09:42:31.640 FINEST ProcessSystemCallback Spyware scanner start backup
2008-08-08 09:43:05.468 FINEST Marking for DCE 3 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.468 FINEST Marking for DCE 4 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.468 FINEST Marking for DCE 5 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.468 FINEST Marking for DCE 6 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.468 FINEST Marking for DCE 7 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.468 FINEST Marking for DCE 8 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.468 FINEST Marking for DCE 9 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.468 FINEST Marking for DCE 10 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.468 FINEST Marking for DCE 11 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.468 FINEST Marking for DCE 12 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.468 FINEST Marking for DCE 13 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.468 FINEST Marking for DCE 14 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.468 FINEST Marking for DCE 15 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.468 FINEST Marking for DCE 16 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.484 FINEST Marking for DCE 17 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.484 FINEST Marking for DCE 18 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.484 FINEST Marking for DCE 19 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.484 FINEST Marking for DCE 20 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.484 FINEST Marking for DCE 21 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.484 FINEST Marking for DCE 22 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.484 FINEST Marking for DCE 23 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.484 FINEST Marking for DCE 24 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.484 FINEST Marking for DCE 25 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.484 FINEST Marking for DCE 26 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.484 FINEST Marking for DCE 27 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.484 FINEST Marking for DCE 28 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.484 FINEST Marking for DCE 29 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.484 FINEST Marking for DCE 30 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.484 FINEST Marking for DCE 31 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.484 FINEST Marking for DCE 32 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.484 FINEST Marking for DCE 33 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.484 FINEST Marking for DCE 34 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.484 FINEST Marking for DCE 35 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.484 FINEST Marking for DCE 36 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.484 FINEST Marking for DCE 37 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.484 FINEST Marking for DCE 38 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.484 FINEST Marking for DCE 39 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.484 FINEST Marking for DCE 40 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.484 FINEST Marking for DCE 41 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.484 FINEST Marking for DCE 42 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.484 FINEST Marking for DCE 43 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.484 FINEST Marking for DCE 44 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.484 FINEST Marking for DCE 45 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.484 FINEST Marking for DCE 46 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.484 FINEST Marking for DCE 47 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.484 FINEST Marking for DCE 48 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.484 FINEST Marking for DCE 49 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.484 FINEST Marking for DCE 50 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.484 FINEST Marking for DCE 51 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.484 FINEST Marking for DCE 52 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.484 FINEST Marking for DCE 53 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.484 FINEST Marking for DCE 54 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.484 FINEST Marking for DCE 55 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.484 FINEST Marking for DCE 56 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.484 FINEST Marking for DCE 57 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.484 FINEST Marking for DCE 58 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.484 FINEST Marking for DCE 59 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.484 FINEST Marking for DCE 60 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.484 FINEST Marking for DCE 61 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.484 FINEST Marking for DCE 62 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.484 FINEST Marking for DCE 63 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.484 FINEST Marking for DCE 64 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.484 FINEST Marking for DCE 65 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.484 FINEST Marking for DCE 66 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.484 FINEST Marking for DCE 67 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.484 FINEST Marking for DCE 68 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.500 FINEST Marking for DCE 69 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.500 FINEST Marking for DCE 70 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.500 FINEST Marking for DCE 71 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.500 FINEST Marking for DCE 72 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.500 FINEST Marking for DCE 73 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.500 FINEST Marking for DCE 74 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.500 FINEST Marking for DCE 75 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.500 FINEST Marking for DCE 76 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.500 FINEST Marking for DCE 77 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.500 FINEST Marking for DCE 78 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.500 FINEST Marking for DCE 79 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.500 FINEST Marking for DCE 80 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.500 FINEST Marking for DCE 81 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.500 FINEST Marking for DCE 82 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.500 FINEST Marking for DCE 83 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.500 FINEST Marking for DCE 84 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.500 FINEST Marking for DCE 85 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.500 FINEST Marking for DCE 86 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.500 FINEST Marking for DCE 87 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.500 FINEST Marking for DCE 88 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.500 FINEST Marking for DCE 89 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.500 FINEST Marking for DCE 90 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.500 FINEST Marking for DCE 91 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.500 FINEST Marking for DCE 92 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.500 FINEST Marking for DCE 93 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.500 FINEST Marking for DCE 94 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.500 FINEST Marking for DCE 95 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.500 FINEST Marking for DCE 96 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.500 FINEST Marking for DCE 97 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.500 FINEST Marking for DCE 98 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.500 FINEST Marking for DCE 99 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.500 FINEST Marking for DCE 100 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.500 FINEST Marking for DCE 101 of 101, marking ADWARE_MEMWATCHER, action=8
2008-08-08 09:43:05.500 FINEST ProcessSystemCallback Spyware scanner processable threats 101
2008-08-08 09:44:15.375 FINEST ProcessSystemCallback Spyware scanner mark processable threat for clean
2008-08-08 09:44:48.453 FINEST ProcessSystemCallback Spyware scanner mark processable threat for clean
2008-08-08 09:45:21.328 FINEST ProcessSystemCallback Spyware scanner mark processable threat for clean
2008-08-08 09:45:54.484 FINEST ProcessSystemCallback Spyware scanner mark processable threat for clean
2008-08-08 09:46:27.843 FINEST ProcessSystemCallback Spyware scanner mark processable threat for clean
2008-08-08 09:47:01.187 FINEST ProcessSystemCallback Spyware scanner mark processable threat for clean
2008-08-08 09:47:35.156 FINEST ProcessSystemCallback Spyware scanner mark processable threat for clean
2008-08-08 09:48:08.687 FINEST ProcessSystemCallback Spyware scanner mark processable threat for clean
2008-08-08 09:48:42.750 FINEST ProcessSystemCallback Spyware scanner mark processable threat for clean
2008-08-08 09:49:20.140 FINEST ProcessSystemCallback Spyware scanner mark processable threat for clean
2008-08-08 09:49:57.046 FINEST ProcessSystemCallback Spyware scanner mark processable threat for clean
2008-08-08 09:50:32.031 FINEST ProcessSystemCallback Spyware scanner mark processable threat for clean
2008-08-08 09:51:05.828 FINEST ProcessSystemCallback Spyware scanner mark processable threat for clean
2008-08-08 09:51:39.281 FINEST ProcessSystemCallback Spyware scanner mark processable threat for clean
2008-08-08 09:52:12.578 FINEST ProcessSystemCallback Spyware scanner mark processable threat for clean
2008-08-08 09:52:46.093 FINEST ProcessSystemCallback Spyware scanner mark processable threat for clean
2008-08-08 09:53:19.515 FINEST ProcessSystemCallback Spyware scanner mark processable threat for clean
2008-08-08 09:53:55.078 FINEST ProcessSystemCallback Spyware scanner mark processable threat for clean
2008-08-08 09:54:33.968 FINEST ProcessSystemCallback Spyware scanner mark processable threat for clean
2008-08-08 09:55:11.484 FINEST ProcessSystemCallback Spyware scanner mark processable threat for clean
2008-08-08 09:55:48.109 FINEST ProcessSystemCallback Spyware scanner mark processable threat for clean
2008-08-08 09:56:21.359 FINEST ProcessSystemCallback Spyware scanner mark processable threat for clean
2008-08-08 09:56:55.578 FINEST ProcessSystemCallback Spyware scanner mark processable threat for clean
2008-08-08 09:57:40.171 FINEST ProcessSystemCallback Spyware scanner mark processable threat for clean
2008-08-08 09:58:44.031 FINEST ProcessSystemCallback Spyware scanner mark processable threat for clean
2008-08-08 09:59:17.703 FINEST ProcessSystemCallback Spyware scanner mark processable threat for clean
2008-08-08 09:59:51.125 FINEST ProcessSystemCallback Spyware scanner mark processable threat for clean
2008-08-08 10:00:27.203 FINEST ProcessSystemCallback Spyware scanner mark processable threat for clean
2008-08-08 10:01:09.593 FINEST ProcessSystemCallback Spyware scanner mark processable threat for clean
2008-08-08 10:02:03.281 FINEST ProcessSystemCallback Spyware scanner mark processable threat for clean
2008-08-08 10:02:39.671 FINEST ProcessSystemCallback Spyware scanner mark processable threat for clean
2008-08-08 10:03:13.546 FINEST ProcessSystemCallback Spyware scanner mark processable threat for clean
2008-08-08 10:03:48.453 FINEST ProcessSystemCallback Spyware scanner mark processable threat for clean
2008-08-08 10:04:26.703 FINEST ProcessSystemCallback Spyware scanner mark processable threat for clean
2008-08-08 10:05:09.500 FINEST ProcessSystemCallback Spyware scanner mark processable threat for clean
2008-08-08 10:05:42.953 FINEST ProcessSystemCallback Spyware scanner mark processable threat for clean
2008-08-08 10:06:16.343 FINEST ProcessSystemCallback Spyware scanner mark processable threat for clean
2008-08-08 10:06:50.171 FINEST ProcessSystemCallback Spyware scanner mark processable threat for clean
2008-08-08 10:07:23.484 FINEST ProcessSystemCallback Spyware scanner mark processable threat for clean
2008-08-08 10:07:59.187 FINEST ProcessSystemCallback Spyware scanner mark processable threat for clean
2008-08-08 10:08:32.593 FINEST ProcessSystemCallback Spyware scanner mark processable threat for clean
2008-08-08 10:09:09.546 FINEST ProcessSystemCallback Spyware scanner mark processable threat for clean
2008-08-08 10:09:42.890 FINEST ProcessSystemCallback Spyware scanner mark processable threat for clean
2008-08-08 1017.281 FINEST ProcessSystemCallback Spyware scanner mark processable threat for clean
2008-08-08 1050.312 FINEST ProcessSystemCallback Spyware scanner mark processable threat for clean
2008-08-08 10:11:23.609 FINEST ProcessSystemCallback Spyware scanner mark processable threat for clean
2008-08-08 10:11:58.593 FINEST ProcessSystemCallback Spyware scanner mark processable threat for clean
2008-08-08 10:12:36.984 FINEST ProcessSystemCallback Spyware scanner mark processable threat for clean
2008-08-08 10:13:11.421 FINEST ProcessSystemCallback Spyware scanner mark processable threat for clean

gracias y saludos.

hola amigos del foro!

les comento que los archivos dudosos que tenía decidí eliminarlos, con el fileassasin para más precaución, y al momento no he tenido problemas, por lo que podemos dar el tema por cerrado.

gracias por vuestra ayuda

saludos