Foro de InfoSpyware - Foro de Hijackthis - Foro de Virus

bueno, pase todo segun las instrucciones hasta el final, menos el antivirus online porque no se puede, se corta al final. Le pase muchas veces el spybot y elimino todo, creo, ademas pase avira y encontro otras 2 cositas al eliminar archivos peligrosos, ademas mejoro mucho al eliminar el msn, elimine todos los restos del msn , hasta el instalador, al pasar antivirus y spybot se eliminaron algunos emoticones, quizas ahi habia problemas, elimine todo lo posiblemente peligroso, luego reinstale msn y funciona mejor, ademas pase miles de veces regseeker : Elimine archivos que molestaban en inicio que no se miraban antes, parece que estaban ocultos (se miraron cuando cambie la configuracion de ver carpetas en herramientas de explorer), pase todo de nuevo 2 veces (tambien antivirus online pero no llega hasta el final, encuentra 3 cositas de riesgo pero no pude mirar que era) pase todo lo que pude para asegurarme de hacerlo a fondo y porque perdi la paciencia en el antivirus online.

esto es hijackthis:

Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe
C:\Archivos de programa\Comodo\Firewall\CPF.exe
C:\Archivos de programa\Avira\AntiVir Desktop\avgnt.exe
C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe
C:\Archivos de programa\Comodo\Firewall\cmdagent.exe
C:\Archivos de programa\Archivos comunes\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Archivos de programa\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [avgnt] "C:\Archivos de programa\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1234739822925
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Archivos de programa\Comodo\Firewall\cmdagent.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Archivos de programa\Archivos comunes\LightScribe\LSSrvc.exe

--
End of file - 2496 bytes

Borro algo mas?

ahh con el regseeeker borro algo mas, puse para buscar porn y casino, encontre miles de paginas registradas, las borre todas, eso ayudo a tranquilizar mi firewall. puedo eliminar los domains? todos?
salia p3p en mi registro, puedo borrarlo? que es?
Otra cosa importante, esta en red con otra computadora, le instale el spy bot y tenia 3 robots peligrosos, los elimine y esta de maravilla, la mia aun esta lento el inicio pero vale la pena si esta seguro.

Gracias, y espero alguna sugerencia para mejorar el inicio, cuando entro en msn debo aceptar muchas ips para que se conecte mi msn, pero mi firewall no dice "comportamiento peligroso" como antes.

logs:


Avira AntiVir Personal
Report file date: jueves, 09 de julio de 2009 09:14

Scanning for 1493927 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Save mode
Username : Administrador
Computer name : INTEL

Version information:
BUILD.DAT : 9.0.0.403 17961 Bytes 03/06/2009 17:05:00
AVSCAN.EXE : 9.0.3.6 466689 Bytes 11/05/2009 15:14:47
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 16:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 17:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 16:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 18:30:36
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24/06/2009 20:48:44
ANTIVIR2.VDF : 7.1.4.198 778752 Bytes 08/07/2009 14:02:53
ANTIVIR3.VDF : 7.1.4.211 223232 Bytes 09/07/2009 13:15:36
Engineversion : 8.2.0.204
AEVDF.DLL : 8.1.1.1 106868 Bytes 30/04/2009 17:52:04
AESCRIPT.DLL : 8.1.2.13 426362 Bytes 03/07/2009 12:19:36
AESCN.DLL : 8.1.2.3 127347 Bytes 14/05/2009 17:02:01
AERDL.DLL : 8.1.2.2 438642 Bytes 03/07/2009 12:19:31
AEPACK.DLL : 8.1.3.18 401783 Bytes 27/05/2009 22:07:20
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 17/06/2009 20:02:54
AEHEUR.DLL : 8.1.0.137 1823095 Bytes 26/06/2009 20:05:20
AEHELP.DLL : 8.1.3.6 205174 Bytes 11/06/2009 19:48:02
AEGEN.DLL : 8.1.1.48 348532 Bytes 03/07/2009 12:19:19
AEEMU.DLL : 8.1.0.9 393588 Bytes 09/10/2008 20:32:40
AECORE.DLL : 8.1.6.12 180599 Bytes 27/05/2009 22:07:20
AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 20:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 14:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 05/12/2008 16:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 20:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 16:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 21:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 16:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 21:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 14:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 16:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15/05/2009 21:39:58
RCTEXT.DLL : 9.0.37.0 86785 Bytes 17/04/2009 16:19:48

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\archivos de programa\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: jueves, 09 de julio de 2009 09:14

Starting search for hidden objects.
The driver could not be initialized.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
11 processes with 11 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '36' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
Begin scan in 'D:\'
D:\477177e2f4fb6cf3a324de8dad4ff10b\spmsg.dll
[WARNING] The file could not be opened!
D:\477177e2f4fb6cf3a324de8dad4ff10b\spuninst.exe
[WARNING] The file could not be opened!
D:\477177e2f4fb6cf3a324de8dad4ff10b\spupdsvc.exe
[WARNING] The file could not be opened!
D:\abb9803c0217c4641c180b34\spmsg.dll
[WARNING] The file could not be opened!
D:\abb9803c0217c4641c180b34\spuninst.exe
[WARNING] The file could not be opened!
D:\abb9803c0217c4641c180b34\_sfx_.dll
[WARNING] The file could not be opened!


End of the scan: jueves, 09 de julio de 2009 12:25
Used time: 350 Hour(s)

The scan has been done completely.

3651 Scanned directories
214070 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
7 Files cannot be scanned
214063 Files not concerned
1130 Archives were scanned
7 Warnings
1 Notes

---------------------------------------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.38
Database version: 2297
Windows 5.1.2600 Service Pack 2

04/07/2009 11:55:59
mbam-log-2009-07-04 (11-55-53).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|)
Objects scanned: 112444
Time elapsed: 51 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\TheSpyBot (Rogue.TheSpyBot) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\aspch (Rogue.AntiSpyCheck) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

---------------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:39:14, on 09/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Malwarebytes' Anti-Malware\mbam.exe
C:\Archivos de programa\RegSeeker\RegSeeker.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Archivos de programa\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [avgnt] "C:\Archivos de programa\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1234739822925
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Archivos de programa\Comodo\Firewall\cmdagent.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Archivos de programa\Archivos comunes\LightScribe\LSSrvc.exe

--
End of file - 3344 bytes


Los hice hoy para ver que sucede, mire que hay algo en "D" ademas encontre esto:

CurrentVersion/Internet Settings/Lockdown_Zones/Passport

CurrentVersion/Internet Settings/ZoneMap/domains EscDomains (con muchas paginas no deseadas, incluidas spybot pero en otras versiones.

WinTrust


No puedo borrar las paginas esas y no me funciona el escaneo online, avanza sumamente lento y al final se corta la conexion con internet y no termino de hacer nada.

Cambie el msn y funciona mejor. El inicio es sumamente lento

Hay una cosa ahi que la señale con rojo, debe ser las paginas que borre de "domains" porque eran peligrosas...otra cosa, mi correo , bandeja de entrada, esta mas tranquila de intrusos, hace dias que no recibo ninguna herecia ni me ofrecen viagra, nada de cosas misteriosas.

Gracias , espero mires mi mensaje.

mmm todo limpio bueno nada paligroso realmente. otra cosa los p3p quiero pensar que te refiere a P2P (per to per) es lo que utilizan los pregramas de compartimiento de archivos persona a persona como ares emule e donkey kazza lime wire etc. avast antivirus tiene una especial proteccion enfocadaaesos programas para el msn no deben ser mas de 4 ip a lo mucho otra cosa aqui no debes de pegar tus logs de hiyaket this, no entendi si lo que esta lento es tu msn al entrar o tu pc al inicias por lo general con el firewall se ase un poko mas lenta la conexion al msn a mi me susede con zone alarm

por ultimo me queda hacerte esta recomendacion la cual podras hacer a menudo para matener limpio tu msn



MSNCleaner

desactiva restaurar el sistema , reinicia en modo seguro, desactiva tus antivirus y el spybot y

MSNCleaner

• Descomprimir el archivo MSNCleaner.zip
• Ejecutar el archivo MSNCleaner.exe
• Hacer Clic en el botón Analizar, Si se detecta algún archivo nocivo, se activará el botón Eliminar
• Seleccionar las opciones "Eliminar archivos temporales" y "Restaurar el archivo Hosts"
• Hacer Clic en el botón Eliminar

al finalizar reinicia y actualiza spybot eh imuniza

Hola:
Todos los dias antes de salir de mi coneccion a internet paso el ccleaner, el spybot lo paso por lo menos 1 vez al dia para cuidarme, de eso no hay problema, el asunto es lo que encontre con regseeker:

HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Internet Settings\ZoneMap\EscDomains
(tiene en regedit muchas paginas porn, casinos y ect, hasta tiene spybot que no creo que sea las reales)

CurrentVersion/Internet Settings/Lockdown_Zones/Passport


HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Internet Settings\ZoneMap\EscDomains\x-pornmoviez.com
(enlace a cerca de 30 paginas porno que supuestamente son musica, porque figuran como musica en regseeker, es decir archivos mp3)

todos tienen que ver con P3P , he visto archivos relacionados con nero en mi registro y con windows multimedia, quizas por eso no funciona mi quemador como deberia, ademas del enlace a update de mi nero tiene P3P y esta en ini.

Ademas encontre estos ini dentro de windows:

MegaManager.INI
msdfmap.ini

baje 2 libros y 1 pelicula de internet, quizas es por ahi la cosa, pero lo que sea que hay me ingresa cerca de 30 paginas porn, casinos y otras mas, las borro todos los dias con regseeker y regresan, luego al limpiar el registro aparece esto para eliminar:

C:\WINDOWS\Downloaded Program Files\CONFLICT.1\as2stubie.dll

system/controlset002/enum/root/LEGACY_EASDRV

software/microsoft/windows/currentVersion/Explorer/FileExts/.xls/openwithlist

Debe haber algo y debe estar en windows porque hasta ahora no lo puedo encontrar, pero la cantidad de paginas web que estan en registro y que borro todos los dias deben venir de alguna parte.

que explorador usas para internet yo te recomandaria mozilla firefox

ademas que es mas rapido y seguro podras colocarle algunos ad onns como lo son

adblock plus 1.0.2 que te quita esos molestos baner y ventanas que salen derrepente con publisidad

betterprivacy 1.29 que inpide esas molestas cookies se instalen en tu ordenador y te den seguimiento atraves de las paginas de internet


no script 1.9.5 impide scripts considerados globalmente peligrosos


wot 20090414 este es como una especie de marcador que te indica que paginas estan consideradas como peligrosas

pasa ccleaner antes de pasar el spybot y el reg secker

Bueno, uso internet explorer y no uso el otro porque no me atrevo, pero voy a tomar en cuenta tu sugerencia y lo bajo en un rato.

Al parecer tengo el bagle, encontre muchos archivos legacy y encontre informacion en internet acerca de eso, pero no estoy segura. Lo que si se es que hasta ahora lo que sea que tenga esta en windows y los antivirus que tengo actualmente no lo reconocen, todos los dias debo borrar los archivos que te mencione pero quiero borrarlos para siempre, que no regresen mas, esto y cerca de 30 páginas (mas que no borran directamente en el registro 1x1) hay mas iguales:

HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Internet Settings\ZoneMap\EscDomains\x-pornmoviez.com


ademas encontre esto:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\ LEGACY_EASDRV (bagle?)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\W S2IFSL\SROSA
(bagle?)

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\ dmio
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:PBZBQB Sverjnyy Ceb.yax

antes tenia eset , pense que estaba borrado y aun tengo esto:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\ ESET_EPFWNDISMP

HEEEEEEEEEEEEEEEELLLLLLLLLLLLLLLLLLP

Existen especiales para eliminar el bagle, cu7al es seguro, no quiero ponerle mas cosas que traigan problemas mayores.

gracias

mm al hacer los escaners on line estas sgura d aber desactivado la opcion de restaurar el sistema ????? de haberlo echo asi no dberian volver a aparecer de echo lo mas seguro es que se encuentren en system restore y por ello a cada reinicio de computador buelven a aparecer entes de borrarlos desactiva restaurar el sistema y despues eliminalos en lista de cosas para limpiar de virus te dice como desactivar esa opcion,

esto es: inmudebug.log que encontre en C de casualidad:

TInternetExplorerSecureDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\EscDomains\zippy-lookup.com
TInternetExplorerSecureDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\EscDomains\zippy-lookup.com\www
TInternetExplorerSecureDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\EscDomains\ziqqi.com
TInternetExplorerSecureDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\EscDomains\ziqqi.com\www
TInternetExplorerSecureDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\EscDomains\gov.cn\zjkjw
TInternetExplorerSecureDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\EscDomains\gov.cn\www.zjkjw
TInternetExplorerSecureDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\EscDomains\znext.com
TInternetExplorerSecureDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\EscDomains\znext.com\www
TInternetExplorerSecureDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\EscDomains\zone-media.com
TInternetExplorerSecureDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\EscDomains\zone-media.com\www
TInternetExplorerSecureDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\EscDomains\zonealarm-download-now.com
TInternetExplorerSecureDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\EscDomains\zonealarm-download-now.com\www
TInternetExplorerSecureDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\EscDomains\zonealarm-stop.com
TInternetExplorerSecureDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\EscDomains\zonealarm-stop.com\www
TInternetExplorerSecureDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\EscDomains\zoneoffreeporn.com
TInternetExplorerSecureDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\EscDomains\zoofil.com
TInternetExplorerSecureDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\EscDomains\zoomegasite.com
TInternetExplorerSecureDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\EscDomains\zpwebsource.com
TInternetExplorerSecureDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\EscDomains\zpwebsource.com\www
TInternetExplorerSecureDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\EscDomains\zqavanjpn.biz
TInternetExplorerSecureDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\EscDomains\zqavanjpn.biz\www
TInternetExplorerSecureDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\EscDomains\zsupereva.it
TInternetExplorerSecureDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\EscDomains\zsupereva.it\www
TInternetExplorerSecureDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\EscDomains\zsvcompany.com
TInternetExplorerSecureDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\EscDomains\zsvcompany.com\www
TInternetExplorerSecureDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\EscDomains\zuoyouweinan.com
TInternetExplorerSecureDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\EscDomains\zuoyouweinan.com\www
TInternetExplorerSecureDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\EscDomains\zurrusco.com
TInternetExplorerSecureDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\EscDomains\zurrusco.com\www
TInternetExplorerSecureDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\EscDomains\zvimigdal.com
TInternetExplorerSecureDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\EscDomains\zxcsolution.com
TInternetExplorerSecureDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\EscDomains\zxcsolution.com\www
TInternetExplorerSecureDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\EscDomains\zxlinks.com
TInternetExplorerSecureDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\EscDomains\zxlinks.com\www
TInternetExplorerSecureDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\EscDomains\zyban-zocor-levitra.com
TInternetExplorerDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\Domains\animepornmag.com\www
TInternetExplorerDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\Domains\asianpornmag.com\www
TInternetExplorerDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\Domains\babespornmag.com\www
TInternetExplorerDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\Domains\bdsmpornmag.com\www
TInternetExplorerDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\Domains\best-porncollection.com\www
TInternetExplorerDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\Domains\dailypornmag.com\www
TInternetExplorerDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\Domains\pornpic.org\document-not-found
TInternetExplorerDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\Domains\ebony-pornmag.com\www
TInternetExplorerDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\Domains\ebonypornmag.com\www
TInternetExplorerDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\Domains\filetretporn.com\www
TInternetExplorerDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\Domains\free-porn-movies.info\www
TInternetExplorerDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\Domains\galleriesforporn.com\www
TInternetExplorerDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\Domains\gallsforporn.com\www
TInternetExplorerDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\Domains\gayspornmag.com\www
TInternetExplorerDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\Domains\getfreepornvideo.com\www
TInternetExplorerDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\Domains\getpornmag.com\www
TInternetExplorerDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\Domains\getpornvideoz.com\www
TInternetExplorerDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\Domains\givemepornvids.com\www
TInternetExplorerDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\Domains\hardcorepornmag.com\www
TInternetExplorerDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\Domains\ichwillpornos.com\www
TInternetExplorerDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\Domains\lesbianpornmag.com\www
TInternetExplorerDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\Domains\lesbianspornmag.com\www
TInternetExplorerDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\Domains\maturepornmag.com\www
TInternetExplorerDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\Domains\maturespornmag.com\www
TInternetExplorerDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\Domains\mega-porns.de\www
TInternetExplorerDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\Domains\porn4porn.net\militarygod s
TInternetExplorerDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\Domains\mymysticporn.com\www
TInternetExplorerDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\Domains\mypornmagpass.com\www
TInternetExplorerDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\Domains\newpornmovs.com\www
TInternetExplorerDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\Domains\nylonporn.com\www
TInternetExplorerDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\Domains\nylonpornmag.com\www
TInternetExplorerDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\Domains\onlybestpornmovies.com\ww w
TInternetExplorerDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\Domains\onporn.info\www
TInternetExplorerDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\Domains\porn-party.net\www
TInternetExplorerDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\Domains\porn-youtube-08.org\www
TInternetExplorerDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\Domains\pornclipstube.com\www
TInternetExplorerDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\Domains\pornissex.com\www
TInternetExplorerDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\Domains\pornmagpass.com\www
TInternetExplorerDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\Domains\pornmoviesindex.com\www
TInternetExplorerDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\Domains\porno-codec.com\www
TInternetExplorerDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\Domains\porno.pl\www
TInternetExplorerDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\Domains\porno18codec.com\www
TInternetExplorerDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\Domains\pornocodec-2008.com\www
TInternetExplorerDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\Domains\pornohome.net\www
TInternetExplorerDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\Domains\pornoszumir.net\www
TInternetExplorerDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\Domains\pornstarspornmag.com\www
TInternetExplorerDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\Domains\pornwizardry.com\www
TInternetExplorerDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\Domains\pornxxxfilm.com\www
TInternetExplorerDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\Domains\pornxxxvideoz.com\www
TInternetExplorerDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\Domains\pornyoutube-18.com\www
TInternetExplorerDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\Domains\rzvonporn.com\www
TInternetExplorerDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\Domains\seekporn.org\www
TInternetExplorerDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\Domains\free4porno.net\sex
TInternetExplorerDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\Domains\sexpicsporn.com\www
TInternetExplorerDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\Domains\shemalepornmag.com\www
TInternetExplorerDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\Domains\shemalespornmag.com\www
TInternetExplorerDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\Domains\spicypornvideos.com\www
TInternetExplorerDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\Domains\streampornvideos.com\www
TInternetExplorerDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\Domains\superporncity.com\www
TInternetExplorerDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\Domains\teenspornmag.com\www
TInternetExplorerDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\Domains\filetretporn.com\uncj
TInternetExplorerDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\Domains\filetretporn.com\www.uncj
TInternetExplorerDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\Domains\uniformpornmag.com\www
TInternetExplorerDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\Domains\sexpornonline.com\wspzone
TInternetExplorerDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\Domains\x-porngalleries.com\www
TInternetExplorerDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\Domains\x-pornmoviez.com\www
TInternetExplorerDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\Domains\x-pornmovz.com\www
TInternetExplorerDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\Domains\xxxpornmovs.com\www
TInternetExplorerSecureDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\EscDomains\animepornmag.com\www
TInternetExplorerSecureDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\EscDomains\asianpornmag.com\www
TInternetExplorerSecureDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\EscDomains\babespornmag.com\www
TInternetExplorerSecureDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\EscDomains\bdsmpornmag.com\www
TInternetExplorerSecureDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\EscDomains\best-porncollection.com\www
TInternetExplorerSecureDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\EscDomains\dailypornmag.com\www
TInternetExplorerSecureDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\EscDomains\pornpic.org\document-not-found
TInternetExplorerSecureDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\EscDomains\ebony-pornmag.com\www
TInternetExplorerSecureDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\EscDomains\ebonypornmag.com\www
TInternetExplorerSecureDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\EscDomains\filetretporn.com\www
TInternetExplorerSecureDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\EscDomains\free-porn-movies.info\www
TInternetExplorerSecureDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\EscDomains\galleriesforporn.com\w ww
TInternetExplorerSecureDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\EscDomains\gallsforporn.com\www
TInternetExplorerSecureDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\EscDomains\gayspornmag.com\www
TInternetExplorerSecureDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\EscDomains\getfreepornvideo.com\w ww
TInternetExplorerSecureDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\EscDomains\getpornmag.com\www
TInternetExplorerSecureDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\EscDomains\getpornvideoz.com\www
TInternetExplorerSecureDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\EscDomains\givemepornvids.com\www
TInternetExplorerSecureDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\EscDomains\hardcorepornmag.com\ww w
TInternetExplorerSecureDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\EscDomains\ichwillpornos.com\www
TInternetExplorerSecureDomainImmunizer:Could not open for immunization: \S-1-5-21-1645522239-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\ZoneMap\EscDomains\lesbianpornmag.com\www


ETC,ETC,ETC, esta incompleto porque parece que no entran todas las paginas en este mensaje.

Para pasar antivirus online desactive restaurar sistema, ademas desactive firewall y antivirus residente, demoro cerca de 12 horas y se corto en algun momento de la noche.

Borre con regseeker los archivos que tenia bajo el nombre srosa, hoy voy a intentar borrar de esos archivos. Ademas encontre en el foro esto: FS-FixBagle.zip y lo aplique despues de pasar muchas veces el regseeker y salio esto:

Microsoft Windows XP Professional (5.1.2600 32-bit) | Service Pack 2
Procesador Intel Celeron
Internet Explorer 6.0.2900.2180
Usuario : sandra | Administradores

-> Firewall : Activo
-> Antivirus : AntiVir Desktop 9.0.1.30 [ Activo | Actualizar ]
-> FireWall : COMODO Firewall Pro[ Desactivado ]2.3.035

A:\ Unidad de disco de 3 1/2 pulgadas 1.39 Mo (1.37 Mo free) FAT
C:\ Disco fijo local 18.55 Go (6.16 Go free) NTFS
D:\ Disco fijo local 19.6 Go (19.28 Go free) NTFS
E:\ Disco CD-ROM


Inicio : 17:35:10 - DIA/MES/AÑO : 11/07/2009


-------------------|BAGLE PROCESOS



-------------------|BAGLE ARCHIVOS

-----> CARPETA PREFETCH

WINUPGRO.EXE-32576603.pf - Eliminado


-------------------|BAGLE CARPETAS



-------------------|BAGLE REGISTRO



-------------------|ROGUE SOFTWARE



-------------------|VERIFICAR

[01/06/2009 11:51 a.m.] - [23635392Bytes.] "C:\WINDOWS\system32\MRT.exe"


-------------------|CLAVES RUN

REGEDIT 4


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"COMODO Firewall Pro"="\"C:\\Archivos de programa\\Comodo\\Firewall\\CPF.exe\" /background"
"avgnt"="\"C:\\Archivos de programa\\Avira\\AntiVir Desktop\\avgnt.exe\" /min"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\Disabled]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
@=""


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"SpybotSD TeaTimer"="C:\\Archivos de programa\\Spybot - Search & Destroy\\TeaTimer.exe"



-------------------|CATCHME REPORT

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-11 17:51:38
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0


-------------------|FIN / EOF / END


Ese lo aplique sin modo seguro, luego me fije en las instrucciones y lo aplique de nuevo:

Microsoft Windows XP Professional (5.1.2600 32-bit) | Service Pack 2
Procesador Intel Celeron
Internet Explorer 6.0.2900.2180
Usuario : sandra | Administradores

-> Firewall : Activo
-> Antivirus : AntiVir Desktop 9.0.1.30 [ Activo | Actualizar ]
-> FireWall : COMODO Firewall Pro[ Desactivado ]2.3.035

A:\ Unidad de disco de 3 1/2 pulgadas 1.39 Mo (1.37 Mo free) FAT
C:\ Disco fijo local 18.55 Go (6.14 Go free) NTFS
D:\ Disco fijo local 19.6 Go (19.28 Go free) NTFS
E:\ Disco CD-ROM


Inicio : 18:21:13 - DIA/MES/AÑO : 11/07/2009


-------------------|BAGLE PROCESOS



-------------------|BAGLE ARCHIVOS

-----> CARPETA PREFETCH

WINUPGRO.EXE-0F493702.pf - Eliminado
WINUPGRO.EXE-32576603.pf - Eliminado


-------------------|BAGLE CARPETAS



-------------------|BAGLE REGISTRO



-------------------|ROGUE SOFTWARE



-------------------|VERIFICAR



-------------------|CLAVES RUN

REGEDIT 4


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"COMODO Firewall Pro"="\"C:\\Archivos de programa\\Comodo\\Firewall\\CPF.exe\" /background"
"avgnt"="\"C:\\Archivos de programa\\Avira\\AntiVir Desktop\\avgnt.exe\" /min"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\Disabled]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
@=""


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"SpybotSD TeaTimer"="C:\\Archivos de programa\\Spybot - Search & Destroy\\TeaTimer.exe"



-------------------|CATCHME REPORT

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-11 18:37:04
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0


-------------------|FIN / EOF / END

es importante que en estas desinfecciones desabilites restaurar el sistema
descarga y ejecuta el siguiente programa

despues el delpsguard manual

el primero es un antiroockit por si es que tienes alguno que este evitando que logremos encontrar algun troyan y el segundo pues nos ayudara a eliminar el malware peligroso de tu pc no desesperes tu pc esta limpia solotiene molestas cuckies y rastros de paginas

gracias, lo voy a hacer.
Esto es lo ultimo que borre con regseeker de SROSA:

REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\PCI\V EN_1039&DEV_7018&SUBSYS_70181039&REV_02\3&61aaa01& 0&0C\srosa]

Ademas esta esto:

REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\WS2IFSL\.www]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\W S2IFSL\.www]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\STORA GE\.www]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\W S2IFSL\.www]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\STORA GE\.www]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU]
"6"=hex:86,00,31,00,00,00,00,00,6B,37,03,B5,10,00, 4D,55,4E,44,4F,50,7E,31,2E,43,4F,4D,\
00,00,6A,00,03,00,04,00,EF,BE,6B,37,03,B5,6B,37,03 ,B5,14,00,00,00,4D,00,75,\
00,6E,00,64,00,6F,00,2E,00,50,00,72,00,69,00,6D,00 ,69,00,74,00,69,00,76,00,\
6F,00,2E,00,31,00,78,00,30,00,34,00,2E,00,77,00,77 ,00,77,00,2E,00,6C,00,6F,\
00,6B,00,6F,00,74,00,6F,00,72,00,72,00,65,00,6E,00 ,74,00,73,00,2E,00,63,00,\
6F,00,6D,00,00,00,1C,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\0]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\0\0]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\0\0\0]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\0\0\0\0]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\0\0\0\1]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\0\0\0\2]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\0\0\0\3]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\0\0\0\4]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\0\0\0\5]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\0\0\0\5\0]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\0\0\0\5\1]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\0\0\0\5\2]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\0\0\0\5\3]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\0\0\0\5\4]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\0\1]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\0\1\0]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\0\1\0\0]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\0\1\0\1]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\0\1\1]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\0\1\1\0]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\0\1\1\0\0]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\1]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\1]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Internet Settings\ZoneMap\EscDomains\pcantispyware.com\www. www]
"*"=dword:00000004

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Internet Settings\ZoneMap\EscDomains\p0rt2.com\www.www2]
"*"=dword:00000004

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Internet Settings\ZoneMap\EscDomains\logih.com\www.www7]
"*"=dword:00000004

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Internet Settings\ZoneMap\Domains\pcantispyware.com\www.www]
"*"=dword:00000004

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Internet Settings\ZoneMap\Domains\p0rt2.com\www.www2]
"*"=dword:00000004

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Internet Settings\ZoneMap\Domains\logih.com\www.www7]
"*"=dword:00000004


Es muy extraño que sean cookies normales, yo nunca entre en esas paginas y esta computadora la uso solo yo y muy rara vez la presto.


ahora en la noche hago lo que dices y pongo aca el log