Foro de InfoSpyware - Foro de Hijackthis - Foro de Virus

Hola, estoy desesperado...

No puedo eliminar el TR/Crypt.XPACK.Gen
He buceado por el foro y ninguna solución me sirve: siempre vuelve a aparecer cuando reinicio.
Tampoco me ha funcionado COMBOFIX ni GMER. ¿Alguien puede darme una solución?

Uso el AVIRA como antivirus

Gracias

Utilizastes ComboFix sin la supervision de algun Miembro del Staff?

Realizemos lo siguiente...

Inicia por Modo Seguro con Funciones de Red

Apaga Restaurar Sistema.

Descarga, instala y ejecuta

• Malwarebytes Anti-Malware - Descargar | InfoSpyware
  
  Cita:

  Actualizar antes de ejecutar Quitas todo lo que encuentre Pegas el reporte

• Dr.Web CureIt! 5 | InfoSpyware
  
  Cita:

  Primero reliza un Scan Exprees luego un Scan Completo Elimina o cura todo lo que encuentre!!!

• Panda Active Scan. Cualquier duda consulta su manual (en este link)
  
  Cita:

  Cuando halla terminado Panda Active Scan Realizo a travez de Internet Explorer Click en el boton de exportar a documento de texto Pegas ese reporte en tu respuesta

jelopez a Foro Spyware


Edito siguies con el compa Nilrac.
Saludos.

El ComboFix lo use sin soporte del staff. Leyendo el log decía que había actividad rootkit en fichero ATAPI y que con la consola usase fixmbr. No tuve exito porque al reiniciar el PC de nuevo estaba el trojano.

El log del combofix es:

ComboFix 09-11-04.02 - jelopez 04/11/2009 23:12.2.2 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.34.3082.18.1023.804 [GMT 1:00]
Running from: c:\documents and settings\jelopez\Escritorio\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\jelopez\Datos de programa\.#
c:\documents and settings\jelopez\Datos de programa\.#\MBX@ADC@3D35C0.###
c:\documents and settings\jelopez\Datos de programa\.#\MBX@ADC@3D35F0.###
c:\documents and settings\jelopez\Datos de programa\.#\MBX@FE4@3D35C0.###
c:\documents and settings\jelopez\Datos de programa\.#\MBX@FE4@3D35F0.###

.
((((((((((((((((((((((((( Files Created from 2009-10-04 to 2009-11-04 )))))))))))))))))))))))))))))))
.

2009-11-04 19:41 . 2009-11-04 21:05 -------- d-----w- c:\temp\CCLEANER
2009-11-03 19:43 . 2009-11-03 19:43 -------- d-----w- c:\archivos de programa\Archivos comunes\Windows Live
2009-11-03 19:05 . 2009-11-03 19:05 -------- d-----r- c:\documents and settings\LocalService\Favoritos
2009-11-03 19:04 . 2009-11-03 19:04 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-10-29 20:38 . 2009-10-29 20:38 -------- d-sh--w- c:\documents and settings\jelopez\IECompatCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-11-04 22:05 . 2008-09-05 15:22 -------- d-----w- c:\documents and settings\jelopez\Datos de programa\DNA
2009-11-04 21:58 . 2008-09-05 15:22 -------- d-----w- c:\archivos de programa\DNA
2009-11-04 21:05 . 2008-08-31 18:13 -------- d-----w- c:\archivos de programa\Mozilla Thunderbird
2009-11-04 19:59 . 2008-09-01 20:25 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Google Updater
2009-10-28 21:30 . 2003-07-23 18:24 545234 ----a-w- c:\windows\system32\perfh00A.dat
2009-10-28 21:30 . 2003-07-23 18:23 104202 ----a-w- c:\windows\system32\perfc00A.dat
2009-10-25 20:28 . 2008-09-05 15:22 -------- d-----w- c:\documents and settings\jelopez\Datos de programa\BitTorrent
2009-10-13 21:10 . 2009-06-29 19:15 -------- d-----w- c:\documents and settings\jelopez\Datos de programa\dvdcss
2009-09-15 20:13 . 2009-09-15 20:13 -------- d-----w- c:\documents and settings\jelopez\Datos de programa\ImgBurn
2009-09-15 20:02 . 2009-09-15 20:02 -------- d-----w- c:\archivos de programa\ImgBurn
2009-09-11 14:18 . 2003-07-23 18:20 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-07 19:13 . 2008-12-13 18:33 -------- d-----w- c:\documents and settings\miguel\Datos de programa\Nokia
2009-09-04 21:04 . 2003-07-23 18:18 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-03 19:20 . 2009-09-03 19:20 152576 ----a-w- c:\documents and settings\jelopez\Datos de programa\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-29 07:56 . 2006-06-23 11:28 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:01 . 2003-07-23 18:29 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-10 10:09 . 2009-05-20 20:27 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
.

------- Sigcheck -------

[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\atapi.sys
[-] 2008-04-13 18:40 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"NvMediaCenter"="c:\windows\System32\NVMCTRAY. DLL" [2003-10-06 49152]
"BitTorrent DNA"="c:\archivos de programa\DNA\btdna.exe" [2008-12-19 342848]
"MsnMsgr"="c:\archivos de programa\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"gStart"="c:\garmin\gStart.exe" [2008-08-13 1891416]
"FileZilla Server Interface"="c:\archivos de programa\FileZilla Server\FileZilla Server Interface.exe" [2008-11-02 942080]
"H/PC Connection Agent"="c:\archivos de programa\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"PC Suite Tray"="c:\archivos de programa\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-12 1414144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-10-06 5058560]
"StatusClient"="c:\archivos de programa\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864]
"TomcatStartup"="c:\archivos de programa\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 155648]
"Adobe Reader Speed Launcher"="c:\archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.e xe" [2001-07-09 155648]
"Norton Ghost 14.0"="c:\archivos de programa\Norton Ghost\Agent\VProTray.exe" [2008-01-19 2245984]
"DAEMON Tools-1033"="c:\archivos de programa\D-Tools\daemon.exe" [2004-03-12 81920]
"avgnt"="c:\archivos de programa\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Mensajeria Web"="c:\archivos de programa\MensajeriaWeb\MensajeriaWeb.exe" [2006-04-04 640000]
"SunJavaUpdateSched"="c:\archivos de programa\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2003-10-06 741376]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Men£ Inicio\Programas\Inicio\
Adobe Gamma Loader.lnk - c:\archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe [2008-8-31 113664]
TwinDocs Ambassador.lnk - c:\archivos de programa\TwinDocs\Ambassador\Ambassador.exe [2009-5-21 3998983]

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Archivos de programa\\Messenger\\msmsgs.exe"=
"c:\\Archivos de programa\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\ja vaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Archivos de programa\\eMule\\emule.exe"=
"c:\\Archivos de programa\\DNA\\btdna.exe"=
"c:\\Archivos de programa\\BitTorrent\\bittorrent.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\livecall.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\archivos de programa\Microsoft ActiveSync\rapimgr.exe"= c:\archivos de programa\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\archivos de programa\Microsoft ActiveSync\wcescomm.exe"= c:\archivos de programa\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\archivos de programa\Microsoft ActiveSync\WCESMgr.exe"= c:\archivos de programa\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"21:TCP"= 21:TCP:FTP
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 d346bus;d346bus;c:\windows\system32\drivers\d346bu s.sys [30/11/2008 22:20 156800]
R0 d346prt;d346prt;c:\windows\system32\drivers\d346pr t.sys [30/11/2008 22:20 5248]
R3 xpvcom;XPVCOM Port;c:\windows\system32\drivers\XPVCOM.sys [23/03/2007 1:00 30032]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\archivos de programa\Avira\AntiVir Desktop\sched.exe [20/05/2009 21:27 108289]
S2 BT848;AVerMedia, AVerTV WDM Video Capture;c:\windows\system32\drivers\BT848.sys [31/08/2008 18:19 260712]
S2 BTTUNER;AVerMedia, AVerTV WDM TvTuner;c:\windows\system32\drivers\bttuner.sys [31/08/2008 18:20 21504]
S2 BTXBAR;AVerMedia, AVerTV WDM Crossbar;c:\windows\system32\drivers\btxbar.sys [31/08/2008 18:20 13308]
S2 gupdate1c9cce5aa3d7020;Servicio Google Update (gupdate1c9cce5aa3d7020);c:\archivos de programa\Google\Update\GoogleUpdate.exe [04/05/2009 19:25 133104]
S2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [23/07/2003 19:10 5120]
S3 Camdrv30;Philips ToUcam XS;c:\windows\system32\drivers\camdrv30.sys [31/08/2008 18:39 171264]
S3 SymSnapService;SymSnapService;c:\archivos de programa\Norton Ghost\Shared\Drivers\SymSnapService.exe [20/12/2007 16:13 1553896]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\archivos de programa\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [02/12/2006 5:17 2805000]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - BTTUNER
*NewlyCreated* - BTXBAR
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-11-04 c:\windows\Tasks\Google Software Updater.job
- c:\archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-01 20:03]

2009-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2009-05-04 18:25]

2009-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2009-05-04 18:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.es/
uInternet Settings,ProxyOverride = <local>
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: aeat.es\www4
Trusted Zone: aeat.es\www5
TCP: {8F0648A2-3C37-4C76-A86D-D5CEAF67A9D5} = 80.58.0.33
TCP: {C85957EF-A83B-4165-94D6-A8663EEFBBAE} = 80.58.0.33,62.37.228.20
DPF: {B785FA3C-1DE9-4D20-8396-613C486FE95E} - hxxps://www5.aeat.es/es13/h/cactivex.cab
FF - ProfilePath - c:\documents and settings\jelopez\Datos de programa\Mozilla\Firefox\Profiles\hytvoqlu.default \
FF - prefs.js: browser.startup.homepage - www.google.es
FF - component: c:\archivos de programa\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\archivos de programa\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\archivos de programa\Google\Update\1.2.183.13\npGoogleOneClick 8.dll
FF - plugin: c:\archivos de programa\Mozilla Firefox\plugins\npbittorrent.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-04 23:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x86754B40]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x86754b40
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Installer\UserData\LocalSystem\Componen ts\�äwÿÿÿÿp�äw4²Ñw*]
"A0C0110900063D11C8EF10054038389C"="C?\\WINDOWS\\S ystem32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Installer\UserData\LocalSystem\Componen ts\Ø•€|ÿÿÿÿ•€|ù•Ñw*]
"A0C0110900063D11C8EF10054038389C"="C?\\WINDOWS\\S ystem32\\FM20ENU.DLL"
.
Completion time: 2009-11-04 23:22
ComboFix-quarantined-files.txt 2009-11-04 22:22
ComboFix2.txt 2009-11-04 21:44

Pre-Run: 67.526.369.280 bytes libres
Post-Run: 67.489.570.816 bytes libres

Bueno.

Edita ese log de ComboFix y realiza las instrucciones que te indique.

No olvides traer los reportes !!!!

Nilrac,

Hice lo que decíaa ComboFix: instale la consola de recuperación y ejecuté fixmbr. Pero el problema persiste.

También el MBR de GMER, y este log obtuve:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

Sin embargo, sigue estando: AVIRA lo detecta cada vez que arranca el PC!!!!

Por otro lado, siguiendo tus instrucciones he pasado el MalwareBytes en opción express y no encuentra nada. Ahora mismo está ejecutándose el scan completo y de momento tampoco encuentra. En cuanto acabe pasaré el Dr. Web a ver...

Estoy desesperado. Gracias por vuestra ayuda

Tranquilo.

Pega los reportes y sigue las instrucciones al pie de la letra.

Report completo de MAlware:

Malwarebytes' Anti-Malware 1.41
Versión de la Base de Datos: 3107
Windows 5.1.2600 Service Pack 3 (Safe Mode)

05/11/2009 22:59:46
mbam-log-2009-11-05 (22-59-46).txt

Tipo de examen : Examen Completo (C:\|D:\|)
Objetos examinados: 286523
Tiempo transcurrido: 32 minute(s), 10 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 0
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 0
Ficheros Infectados: 0

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
(No se han detectado elementos maliciosos)

Valores del Registro Infectados:
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
(No se han detectado elementos maliciosos)

Ficheros Infectados:
(No se han detectado elementos maliciosos)

--------------

Report de DrWEB cureIT

No encuentra absolutamente nada



También he probado el HouseCall y tampoco.

Ayudaaaaaa!!!! ¿Qué hago?

Solo falta el reporte de Panda.

Esto es el de Panda

;************************************************* ************************************************** ************************************************** ******************************
ANALYSIS: 2009-11-06 16:02:34
PROTECTIONS: 1
MALWARE: 31
SUSPECTS: 2
;************************************************* ************************************************** ************************************************** ******************************
PROTECTIONS
Description Version Active Updated
;================================================= ================================================== ================================================== ==============================
AntiVir Desktop 9.0.1.32 Yes Yes
;================================================= ================================================== ================================================== ==============================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;================================================= ================================================== ================================================== ==============================
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\documents and settings\miguel\cookies\miguel@casalemedia[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\documents and settings\jelopez\cookies\jelopez@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\documents and settings\raul\cookies\raul@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\documents and settings\merisu\cookies\merisu@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\documents and settings\miguel\cookies\miguel@doubleclick[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\merisu\cookies\merisu@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\miguel\cookies\miguel@atdmt[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\raul\cookies\raul@atdmt[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\jelopez\cookies\jelopez@atdmt[1].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No c:\documents and settings\raul\cookies\raul@tradedoubler[1].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No c:\documents and settings\miguel\cookies\miguel@tradedoubler[2].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\miguel\cookies\miguel@247realmedia[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\documents and settings\merisu\cookies\merisu@fastclick[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\documents and settings\miguel\cookies\miguel@fastclick[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\documents and settings\miguel\cookies\miguel@tribalfusion[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\documents and settings\miguel\cookies\miguel@mediaplex[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No c:\documents and settings\raul\cookies\raul@xiti[1].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No c:\documents and settings\miguel\cookies\miguel@toplist[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\documents and settings\raul\cookies\raul@statcounter[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\documents and settings\merisu\cookies\merisu@statcounter[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\documents and settings\miguel\cookies\miguel@statcounter[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\raul\cookies\raul@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\miguel\cookies\miguel@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\merisu\cookies\merisu@ad.yieldmanager[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\merisu\cookies\merisu@apmebf[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\miguel\cookies\miguel@apmebf[2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No c:\documents and settings\miguel\cookies\miguel@burstnet[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\raul\cookies\raul@serving-sys[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\miguel\cookies\miguel@serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\miguel\cookies\miguel@bs.serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\raul\cookies\raul@bs.serving-sys[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No c:\documents and settings\raul\cookies\raul@weborama[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No c:\documents and settings\miguel\cookies\miguel@weborama[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No c:\documents and settings\miguel\cookies\miguel@adtech[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No c:\documents and settings\raul\cookies\raul@adtech[1].txt
00168116 Cookie/Comclick TrackingCookie No 0 Yes No c:\documents and settings\miguel\cookies\miguel@fl01.ct2.comclick[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\documents and settings\raul\cookies\raul@advertising[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\documents and settings\merisu\cookies\merisu@advertising[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\documents and settings\miguel\cookies\miguel@advertising[1].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\documents and settings\miguel\cookies\miguel@statse.webtrendsliv e[2].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\documents and settings\raul\cookies\raul@overture[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\documents and settings\miguel\cookies\miguel@overture[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\miguel\cookies\miguel@realmedia[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\documents and settings\miguel\cookies\miguel@questionmarket[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\documents and settings\miguel\cookies\miguel@zedo[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\documents and settings\raul\cookies\raul@zedo[1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No c:\documents and settings\miguel\cookies\miguel@bluestreak[1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No c:\documents and settings\raul\cookies\raul@bluestreak[1].txt
00974355 Trj/Agent.DPE Virus/Trojan No 1 Yes No c:\documents and settings\jelopez\thunderbird\mail\local folders\trash[factura_49.zip][factura_49.doc____________________________________ _.exe]
00974355 Trj/Agent.DPE Virus/Trojan No 1 Yes No c:\documents and settings\jelopez\thunderbird\mail\local folders\junk[factura_49.zip][factura_49.doc____________________________________ _.exe]
00974355 Trj/Agent.DPE Virus/Trojan No 1 Yes No c:\documents and settings\jelopez\thunderbird\mail\local folders\inbox[factura_49.zip][factura_49.doc____________________________________ _.exe]
01953102 Trj/Sinowal.WKK Virus/Trojan No 1 Yes No c:\documents and settings\jelopez\thunderbird\mail\local folders\inbox[faktura11.zip][faktura11.doc_____________________________________ __________________________________________________ _____________.exe]
01953102 Trj/Sinowal.WKK Virus/Trojan No 1 Yes No c:\documents and settings\jelopez\thunderbird\mail\local folders\trash[faktura11.zip][faktura11.doc_____________________________________ __________________________________________________ _____________.exe]
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No c:\system volume information\_restore{894ac383-32c7-4194-a489-906dfa2b07a2}\rp1\a0000061.sys
03074964 Trj/CI.A Virus/Trojan No 0 Yes No d:\psp\sony media manager for psp multilanguage\sony psp media manager\crack\e-spmm10.exe
05355202 Generic Trojan Virus/Trojan No 0 Yes No c:\documents and settings\jelopez\thunderbird\mail\local folders\inbox[~0004469.~][factura01.zip][factura01.doc_____________________________________ ___.exe]
;================================================= ================================================== ================================================== ==============================
SUSPECTS
Sent Location
;================================================= ================================================== ================================================== ==============================
No c:\documents and settings\merisu\mis documentos\chorradas\chorradas\fotoconreyes.zip[fotoconreyes.exe]
No d:\para grabar\kerio personal firewall 4.2.0.785 + patch.zip[kpf420 patch.exe]
;================================================= ================================================== ================================================== ==============================
VULNERABILITIES
Id Severity Description
;================================================= ================================================== ================================================== ==============================
;================================================= ================================================== ================================================== ==============================