Foro de InfoSpyware - Foro de Hijackthis - Foro de Virus

bueno, ahora salio bastante mejor! ahi va el reporte
KASPERSKY ONLINE SCANNER REPORT
Saturday, July 14, 2007 8:33:00 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 14/07/2007
Kaspersky Anti-Virus database records: 362331
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 82659
Number of viruses found: 3
Number of infected objects: 14
Number of suspicious objects: 0
Duration of the scan process: 01:41:04

Infected Object Name / Virus Name / Last Action
C:\Archivos de programa\Kodak\Kodak EasyShare software\bin\Catalog\EasyShare.me Object is locked skipped
C:\Archivos de programa\Kodak\Kodak EasyShare software\bin\Catalog\EasyShare.mm Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\UploadBendBuildCreative\Bias Send.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\All Users\Datos de programa\UploadBendBuildCreative\fivepile.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\All Users\Datos de programa\UploadBendBuildCreative\jump poke.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\jazmin\Configuración local\Archivos temporales de Internet\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Datos de programa\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Datos de programa\Microsoft\Messenger\jacis84@hotmail.com\S haringMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Datos de programa\Microsoft\Messenger\jacis84@hotmail.com\S haringMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Datos de programa\Microsoft\Messenger\jacis84@hotmail.com\S haringMetadata\Working\database_FAA0_12D5_A012_986 9\dfsr.db Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Datos de programa\Microsoft\Messenger\jacis84@hotmail.com\S haringMetadata\Working\database_FAA0_12D5_A012_986 9\fsr.log Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Datos de programa\Microsoft\Messenger\jacis84@hotmail.com\S haringMetadata\Working\database_FAA0_12D5_A012_986 9\fsrtmp.log Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Datos de programa\Microsoft\Messenger\jacis84@hotmail.com\S haringMetadata\Working\database_FAA0_12D5_A012_986 9\tmp.edb Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Datos de programa\Microsoft\Windows Live Contacts\jacis84@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Datos de programa\Microsoft\Windows Live Contacts\jacis84@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Datos de programa\Microsoft\Windows Media\11.0\WMSDKNSD.XML Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Historial\History.IE5\MSHist0120070714200707 15\index.dat Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Temp\bis29F.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\jazmin\Configuración local\Temp\bis2FE.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\jazmin\Configuración local\Temp\bis379.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\jazmin\Configuración local\Temp\Cliprex_WhenUSave_InstallerInst.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\jazmin\Configuración local\Temp\me_53MSdLnkBYgJCFu Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Temp\me_cjkSdLmHTLusnYY Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Temp\me_hnxse467ZriLa8d Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Temp\me_KleBjjI5ODpdE3w Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Temp\me_Qzg5v63RXntPd7C Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Temp\Perflib_Perfdata_600.dat Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Temp\Perflib_Perfdata_bc.dat Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Temp\~DF115.tmp Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Temp\~DF8972.tmp Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Temp\~DF8C4B.tmp Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Temp\~DFF1A1.tmp Object is locked skipped
C:\Documents and Settings\jazmin\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\jazmin\Datos de programa\FREEDATASUPPORT\ascncspe.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\jazmin\Datos de programa\FREEDATASUPPORT\gubuyscx.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\jazmin\Datos de programa\FREEDATASUPPORT\guxfqjhy.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\jazmin\Datos de programa\FREEDATASUPPORT\magscurbonceokay.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\jazmin\Datos de programa\FREEDATASUPPORT\Multi Amen Bits.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\jazmin\Datos de programa\Skype\maria.jazmin.tarruella\call256.dbb Object is locked skipped
C:\Documents and Settings\jazmin\Datos de programa\Skype\maria.jazmin.tarruella\callmember25 6.dbb Object is locked skipped
C:\Documents and Settings\jazmin\Datos de programa\Skype\maria.jazmin.tarruella\chat1024.dbb Object is locked skipped
C:\Documents and Settings\jazmin\Datos de programa\Skype\maria.jazmin.tarruella\chat256.dbb Object is locked skipped
C:\Documents and Settings\jazmin\Datos de programa\Skype\maria.jazmin.tarruella\chat512.dbb Object is locked skipped
C:\Documents and Settings\jazmin\Datos de programa\Skype\maria.jazmin.tarruella\chatmember25 6.dbb Object is locked skipped
C:\Documents and Settings\jazmin\Datos de programa\Skype\maria.jazmin.tarruella\chatmsg1024. dbb Object is locked skipped
C:\Documents and Settings\jazmin\Datos de programa\Skype\maria.jazmin.tarruella\chatmsg256.d bb Object is locked skipped
C:\Documents and Settings\jazmin\Datos de programa\Skype\maria.jazmin.tarruella\chatmsg512.d bb Object is locked skipped
C:\Documents and Settings\jazmin\Datos de programa\Skype\maria.jazmin.tarruella\chatsync\39\ 397f027a23b19f2d.dat Object is locked skipped
C:\Documents and Settings\jazmin\Datos de programa\Skype\maria.jazmin.tarruella\chatsync\c4\ c4e7ccb421dd684f.dat Object is locked skipped
C:\Documents and Settings\jazmin\Datos de programa\Skype\maria.jazmin.tarruella\contactgroup 256.dbb Object is locked skipped
C:\Documents and Settings\jazmin\Datos de programa\Skype\maria.jazmin.tarruella\dyncontent\b undle.dat Object is locked skipped
C:\Documents and Settings\jazmin\Datos de programa\Skype\maria.jazmin.tarruella\index2.dat Object is locked skipped
C:\Documents and Settings\jazmin\Datos de programa\Skype\maria.jazmin.tarruella\profile4096. dbb Object is locked skipped
C:\Documents and Settings\jazmin\Datos de programa\Skype\maria.jazmin.tarruella\transfer256. dbb Object is locked skipped
C:\Documents and Settings\jazmin\Datos de programa\Skype\maria.jazmin.tarruella\transfer512. dbb Object is locked skipped
C:\Documents and Settings\jazmin\Datos de programa\Skype\maria.jazmin.tarruella\user1024.dbb Object is locked skipped
C:\Documents and Settings\jazmin\Datos de programa\Skype\maria.jazmin.tarruella\user16384.db b Object is locked skipped
C:\Documents and Settings\jazmin\Datos de programa\Skype\maria.jazmin.tarruella\user4096.dbb Object is locked skipped
C:\Documents and Settings\jazmin\Datos de programa\Skype\maria.jazmin.tarruella\voicemail256 .dbb Object is locked skipped
C:\Documents and Settings\jazmin\Datos de programa\SUPERAntiSpyware.com\SUPERAntiSpyware\SUP ERANTISPYWARE.LOG Object is locked skipped
C:\Documents and Settings\jazmin\ntuser.dat Object is locked skipped
C:\Documents and Settings\jazmin\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{2C8FB85A-6A11-4238-930A-52A0783FFDA8}\RP1\A0000045.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{2C8FB85A-6A11-4238-930A-52A0783FFDA8}\RP1\change.log Object is locked skipped
C:\WINDOWS\2481812.exe Infected: Trojan-PSW.Win32.Delf.vz skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Haz esto:

1) Activa Ver Archivos Ocultos.

2) Elimina manualmente a esta entradas:

C:\Documents and Settings\All Users\Datos de programa\UploadBendBuildCreative\Bias Send.exe
C:\Documents and Settings\All Users\Datos de programa\UploadBendBuildCreative\fivepile.exe
C:\Documents and Settings\All Users\Datos de programa\UploadBendBuildCreative\jump poke.exe
C:\Documents and Settings\jazmin\Configuración local\Temp\bis29F.exe
C:\Documents and Settings\jazmin\Configuración local\Temp\bis2FE.exe
C:\Documents and Settings\jazmin\Configuración local\Temp\bis379.exe
C:\Documents and Settings\jazmin\Datos de programa\FREEDATASUPPORT\ascncspe.exe
C:\Documents and Settings\jazmin\Datos de programa\FREEDATASUPPORT\gubuyscx.exe
C:\Documents and Settings\jazmin\Datos de programa\FREEDATASUPPORT\guxfqjhy.exe
C:\Documents and Settings\jazmin\Datos de programa\FREEDATASUPPORT\magscurbonceokay.exe
C:\Documents and Settings\jazmin\Datos de programa\FREEDATASUPPORT\Multi Amen Bits.exe
C:\System Volume Information\_restore{2C8FB85A-6A11-4238-930A-52A0783FFDA8}\RP1\A0000045.exe
C:\WINDOWS\2481812.exe

Si no se dejan eliminar utiliza para hacerlo al FileASSASSIN y si no se dejan eliminar con el FileASSASSIN, eliminalos con el KillBox.

3) Desactiva Ver Archivos Ocultos.

4) Haz de nuevo un escaneo con el Kaspersky y pégame el reporte aquí una vez más.

C:\System Volume Information\_restore{2C8FB85A-6A11-4238-930A-52A0783FFDA8}\RP1\A0000045.exe
este no puedo porq cuando quiero abrir la carpeta de system vol information me dive q no se puede abrir x acceso denegado...como hago?

sorry no dije nada, me tare, jaja, ya lo elimine usando el fileassassine

bueno aca va el nuevo reporte
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, July 15, 2007 9:42:08 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 15/07/2007
Kaspersky Anti-Virus database records: 362420
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 82843
Number of viruses found: 3
Number of infected objects: 13
Number of suspicious objects: 0
Duration of the scan process: 01:21:52

Infected Object Name / Virus Name / Last Action
C:\Archivos de programa\Kodak\Kodak EasyShare software\bin\Catalog\EasyShare.me Object is locked skipped
C:\Archivos de programa\Kodak\Kodak EasyShare software\bin\Catalog\EasyShare.mm Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Archivos temporales de Internet\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Datos de programa\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Datos de programa\Microsoft\Messenger\jacis84@hotmail.com\S haringMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Datos de programa\Microsoft\Messenger\jacis84@hotmail.com\S haringMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Datos de programa\Microsoft\Messenger\jacis84@hotmail.com\S haringMetadata\Working\database_FAA0_12D5_A012_986 9\dfsr.db Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Datos de programa\Microsoft\Messenger\jacis84@hotmail.com\S haringMetadata\Working\database_FAA0_12D5_A012_986 9\fsr.log Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Datos de programa\Microsoft\Messenger\jacis84@hotmail.com\S haringMetadata\Working\database_FAA0_12D5_A012_986 9\fsrtmp.log Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Datos de programa\Microsoft\Messenger\jacis84@hotmail.com\S haringMetadata\Working\database_FAA0_12D5_A012_986 9\tmp.edb Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Datos de programa\Microsoft\Windows Live Contacts\jacis84@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Datos de programa\Microsoft\Windows Live Contacts\jacis84@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Historial\History.IE5\MSHist0120070715200707 16\index.dat Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Temp\Cliprex_WhenUSave_InstallerInst.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\jazmin\Configuración local\Temp\me_53MSdLnkBYgJCFu Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Temp\me_cjkSdLmHTLusnYY Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Temp\me_hnxse467ZriLa8d Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Temp\me_KleBjjI5ODpdE3w Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Temp\me_Qzg5v63RXntPd7C Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Temp\Perflib_Perfdata_600.dat Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Temp\Perflib_Perfdata_bc.dat Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Temp\~DF9924.tmp Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Temp\~DF9930.tmp Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Temp\~DFA306.tmp Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Temp\~DFA312.tmp Object is locked skipped
C:\Documents and Settings\jazmin\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\jazmin\Datos de programa\Skype\maria.jazmin.tarruella\call256.dbb Object is locked skipped
C:\Documents and Settings\jazmin\Datos de programa\Skype\maria.jazmin.tarruella\callmember25 6.dbb Object is locked skipped
C:\Documents and Settings\jazmin\Datos de programa\Skype\maria.jazmin.tarruella\chat1024.dbb Object is locked skipped
C:\Documents and Settings\jazmin\Datos de programa\Skype\maria.jazmin.tarruella\chat256.dbb Object is locked skipped
C:\Documents and Settings\jazmin\Datos de programa\Skype\maria.jazmin.tarruella\chat512.dbb Object is locked skipped
C:\Documents and Settings\jazmin\Datos de programa\Skype\maria.jazmin.tarruella\chatmember25 6.dbb Object is locked skipped
C:\Documents and Settings\jazmin\Datos de programa\Skype\maria.jazmin.tarruella\chatmsg1024. dbb Object is locked skipped
C:\Documents and Settings\jazmin\Datos de programa\Skype\maria.jazmin.tarruella\chatmsg256.d bb Object is locked skipped
C:\Documents and Settings\jazmin\Datos de programa\Skype\maria.jazmin.tarruella\chatmsg512.d bb Object is locked skipped
C:\Documents and Settings\jazmin\Datos de programa\Skype\maria.jazmin.tarruella\chatsync\39\ 397f027a23b19f2d.dat Object is locked skipped
C:\Documents and Settings\jazmin\Datos de programa\Skype\maria.jazmin.tarruella\chatsync\c4\ c4e7ccb421dd684f.dat Object is locked skipped
C:\Documents and Settings\jazmin\Datos de programa\Skype\maria.jazmin.tarruella\contactgroup 256.dbb Object is locked skipped
C:\Documents and Settings\jazmin\Datos de programa\Skype\maria.jazmin.tarruella\dyncontent\b undle.dat Object is locked skipped
C:\Documents and Settings\jazmin\Datos de programa\Skype\maria.jazmin.tarruella\index2.dat Object is locked skipped
C:\Documents and Settings\jazmin\Datos de programa\Skype\maria.jazmin.tarruella\profile4096. dbb Object is locked skipped
C:\Documents and Settings\jazmin\Datos de programa\Skype\maria.jazmin.tarruella\transfer256. dbb Object is locked skipped
C:\Documents and Settings\jazmin\Datos de programa\Skype\maria.jazmin.tarruella\transfer512. dbb Object is locked skipped
C:\Documents and Settings\jazmin\Datos de programa\Skype\maria.jazmin.tarruella\user1024.dbb Object is locked skipped
C:\Documents and Settings\jazmin\Datos de programa\Skype\maria.jazmin.tarruella\user16384.db b Object is locked skipped
C:\Documents and Settings\jazmin\Datos de programa\Skype\maria.jazmin.tarruella\user4096.dbb Object is locked skipped
C:\Documents and Settings\jazmin\Datos de programa\Skype\maria.jazmin.tarruella\voicemail256 .dbb Object is locked skipped
C:\Documents and Settings\jazmin\Datos de programa\SUPERAntiSpyware.com\SUPERAntiSpyware\SUP ERANTISPYWARE.LOG Object is locked skipped
C:\Documents and Settings\jazmin\ntuser.dat Object is locked skipped
C:\Documents and Settings\jazmin\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\RECYCLER\S-1-5-21-796845957-1547161642-682003330-1003\Dc31.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\RECYCLER\S-1-5-21-796845957-1547161642-682003330-1003\Dc32.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\RECYCLER\S-1-5-21-796845957-1547161642-682003330-1003\Dc33.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\RECYCLER\S-1-5-21-796845957-1547161642-682003330-1003\Dc34.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\RECYCLER\S-1-5-21-796845957-1547161642-682003330-1003\Dc35.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\RECYCLER\S-1-5-21-796845957-1547161642-682003330-1003\Dc36.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\RECYCLER\S-1-5-21-796845957-1547161642-682003330-1003\Dc37.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\RECYCLER\S-1-5-21-796845957-1547161642-682003330-1003\Dc38.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\RECYCLER\S-1-5-21-796845957-1547161642-682003330-1003\Dc39.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\RECYCLER\S-1-5-21-796845957-1547161642-682003330-1003\Dc40.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\RECYCLER\S-1-5-21-796845957-1547161642-682003330-1003\Dc41.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\RECYCLER\S-1-5-21-796845957-1547161642-682003330-1003\Dc42.exe Infected: Trojan-PSW.Win32.Delf.vz skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{2C8FB85A-6A11-4238-930A-52A0783FFDA8}\RP1\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Hola !

Hacé esto:

1) Vacia tu papelera de reciclaje.

2) Descarga y hace un escaneo a tu pc con estas 2 herramientas:

- Disk Cleaner
- CCleaner, y usa la opción "Registro", para limpiar toda basura q haya en el registro de Windows (antes, realiza una copia de seguridad).

3) De nuevo, hace un escaneo con el Kaspersky y pégame el nuevo reporte aquí.

ok, preg, como hago una copia de seguridad?

Te dejo aquí el MANUAL.

ultimo reporte..
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, July 15, 2007 2:56:01 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 15/07/2007
Kaspersky Anti-Virus database records: 362546
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 57004
Number of viruses found: 2
Number of infected objects: 9
Number of suspicious objects: 0
Duration of the scan process: 01:14:46

Infected Object Name / Virus Name / Last Action
C:\Archivos de programa\Kodak\Kodak EasyShare software\bin\Catalog\EasyShare.me Object is locked skipped
C:\Archivos de programa\Kodak\Kodak EasyShare software\bin\Catalog\EasyShare.mm Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Archivos temporales de Internet\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Datos de programa\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Datos de programa\Microsoft\Messenger\jacis84@hotmail.com\S haringMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Datos de programa\Microsoft\Messenger\jacis84@hotmail.com\S haringMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Datos de programa\Microsoft\Messenger\jacis84@hotmail.com\S haringMetadata\Working\database_FAA0_12D5_A012_986 9\dfsr.db Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Datos de programa\Microsoft\Messenger\jacis84@hotmail.com\S haringMetadata\Working\database_FAA0_12D5_A012_986 9\fsr.log Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Datos de programa\Microsoft\Messenger\jacis84@hotmail.com\S haringMetadata\Working\database_FAA0_12D5_A012_986 9\fsrtmp.log Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Datos de programa\Microsoft\Messenger\jacis84@hotmail.com\S haringMetadata\Working\database_FAA0_12D5_A012_986 9\tmp.edb Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Datos de programa\Microsoft\Windows Live Contacts\jacis84@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Datos de programa\Microsoft\Windows Live Contacts\jacis84@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Historial\History.IE5\MSHist0120070715200707 16\index.dat Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Temp\me_53MSdLnkBYgJCFu Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Temp\me_cjkSdLmHTLusnYY Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Temp\me_hnxse467ZriLa8d Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Temp\me_KleBjjI5ODpdE3w Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Temp\me_Qzg5v63RXntPd7C Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Temp\Perflib_Perfdata_600.dat Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Temp\Perflib_Perfdata_bc.dat Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Temp\~DF178.tmp Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Temp\~DF183.tmp Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Temp\~DFB48.tmp Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Temp\~DFB64.tmp Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Temp\~DFD4FB.tmp Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Temp\~DFFF88.tmp Object is locked skipped
C:\Documents and Settings\jazmin\Configuración local\Temp\~DFFFA3.tmp Object is locked skipped
C:\Documents and Settings\jazmin\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\jazmin\Datos de programa\Skype\maria.jazmin.tarruella\call256.dbb Object is locked skipped
C:\Documents and Settings\jazmin\Datos de programa\Skype\maria.jazmin.tarruella\callmember25 6.dbb Object is locked skipped
C:\Documents and Settings\jazmin\Datos de programa\Skype\maria.jazmin.tarruella\chat1024.dbb Object is locked skipped
C:\Documents and Settings\jazmin\Datos de programa\Skype\maria.jazmin.tarruella\chat256.dbb Object is locked skipped
C:\Documents and Settings\jazmin\Datos de programa\Skype\maria.jazmin.tarruella\chat512.dbb Object is locked skipped
C:\Documents and Settings\jazmin\Datos de programa\Skype\maria.jazmin.tarruella\chatmember25 6.dbb Object is locked skipped
C:\Documents and Settings\jazmin\Datos de programa\Skype\maria.jazmin.tarruella\chatmsg1024. dbb Object is locked skipped
C:\Documents and Settings\jazmin\Datos de programa\Skype\maria.jazmin.tarruella\chatmsg256.d bb Object is locked skipped
C:\Documents and Settings\jazmin\Datos de programa\Skype\maria.jazmin.tarruella\chatmsg512.d bb Object is locked skipped
C:\Documents and Settings\jazmin\Datos de programa\Skype\maria.jazmin.tarruella\chatsync\39\ 397f027a23b19f2d.dat Object is locked skipped
C:\Documents and Settings\jazmin\Datos de programa\Skype\maria.jazmin.tarruella\chatsync\b7\ b758c4296dc99098.dat Object is locked skipped
C:\Documents and Settings\jazmin\Datos de programa\Skype\maria.jazmin.tarruella\contactgroup 256.dbb Object is locked skipped
C:\Documents and Settings\jazmin\Datos de programa\Skype\maria.jazmin.tarruella\dyncontent\b undle.dat Object is locked skipped
C:\Documents and Settings\jazmin\Datos de programa\Skype\maria.jazmin.tarruella\index2.dat Object is locked skipped
C:\Documents and Settings\jazmin\Datos de programa\Skype\maria.jazmin.tarruella\profile4096. dbb Object is locked skipped
C:\Documents and Settings\jazmin\Datos de programa\Skype\maria.jazmin.tarruella\transfer256. dbb Object is locked skipped
C:\Documents and Settings\jazmin\Datos de programa\Skype\maria.jazmin.tarruella\transfer512. dbb Object is locked skipped
C:\Documents and Settings\jazmin\Datos de programa\Skype\maria.jazmin.tarruella\user1024.dbb Object is locked skipped
C:\Documents and Settings\jazmin\Datos de programa\Skype\maria.jazmin.tarruella\user16384.db b Object is locked skipped
C:\Documents and Settings\jazmin\Datos de programa\Skype\maria.jazmin.tarruella\user4096.dbb Object is locked skipped
C:\Documents and Settings\jazmin\Datos de programa\Skype\maria.jazmin.tarruella\voicemail256 .dbb Object is locked skipped
C:\Documents and Settings\jazmin\Datos de programa\SUPERAntiSpyware.com\SUPERAntiSpyware\SUP ERANTISPYWARE.LOG Object is locked skipped
C:\Documents and Settings\jazmin\ntuser.dat Object is locked skipped
C:\Documents and Settings\jazmin\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{2C8FB85A-6A11-4238-930A-52A0783FFDA8}\RP1\A0000056.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{2C8FB85A-6A11-4238-930A-52A0783FFDA8}\RP1\A0000057.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{2C8FB85A-6A11-4238-930A-52A0783FFDA8}\RP1\A0000058.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{2C8FB85A-6A11-4238-930A-52A0783FFDA8}\RP1\A0000059.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{2C8FB85A-6A11-4238-930A-52A0783FFDA8}\RP1\A0000060.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{2C8FB85A-6A11-4238-930A-52A0783FFDA8}\RP1\A0000061.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{2C8FB85A-6A11-4238-930A-52A0783FFDA8}\RP1\A0000062.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{2C8FB85A-6A11-4238-930A-52A0783FFDA8}\RP1\A0000063.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{2C8FB85A-6A11-4238-930A-52A0783FFDA8}\RP1\A0000064.exe Infected: Trojan-PSW.Win32.Delf.vz skipped
C:\System Volume Information\_restore{2C8FB85A-6A11-4238-930A-52A0783FFDA8}\RP2\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Bueno, hay q ser perseverante....

Hace esto ahora:

1) Apaga Restaurar Sistema y activa Ver Archivos Ocultos.

2) Elimina manualmente con el FileASSASSIN, o sino se dejan, con el KillBox a estos archivos:

C:\System Volume Information\_restore{2C8FB85A-6A11-4238-930A-52A0783FFDA8}\RP1\A0000056.exe
C:\System Volume Information\_restore{2C8FB85A-6A11-4238-930A-52A0783FFDA8}\RP1\A0000057.exe
C:\System Volume Information\_restore{2C8FB85A-6A11-4238-930A-52A0783FFDA8}\RP1\A0000058.exe
C:\System Volume Information\_restore{2C8FB85A-6A11-4238-930A-52A0783FFDA8}\RP1\A0000059.exe
C:\System Volume Information\_restore{2C8FB85A-6A11-4238-930A-52A0783FFDA8}\RP1\A0000060.exe
C:\System Volume Information\_restore{2C8FB85A-6A11-4238-930A-52A0783FFDA8}\RP1\A0000061.exe
C:\System Volume Information\_restore{2C8FB85A-6A11-4238-930A-52A0783FFDA8}\RP1\A0000062.exe
C:\System Volume Information\_restore{2C8FB85A-6A11-4238-930A-52A0783FFDA8}\RP1\A0000063.exe
C:\System Volume Information\_restore{2C8FB85A-6A11-4238-930A-52A0783FFDA8}\RP1\A0000064.exe

3) Pasa de nuevo de la misma manera q te dije antes, primero al Disk Cleaner, y luego al CCleaner usando la opción "Registro" y pasalos a ambos hasta q no encuentren más nada.

4) Deshace todo el paso paso 1.

5) Pégame aquí otra vez un nuevo reporte del Kaspersky.

persevero...ayer tenia 5000 objects infectados y 5 virus...ahora 2 virus y 9 objects jaja
pero mmm hay un problem...en el C no esta mas la carpeta de system vol information! aparecen solo las sig:
396283a0e802212c0cbb
Documents and Settings
My Downloads
Archivos de programa
KPCMS
Windows
Lo busque con el buscador de windows pero me dice q no se encontraron archivos o carpetas con ese nombre

Hola jacis84

No la vas a encontrar ya que es una carpeta oculta y protejida por el sistema donde se guardan las restauraciones de windows.

Por ello, para eliminar dicha infeccion ubicada en esa carpeta, solo basta con apagar Restaurar Sistema (ya indicado) Reinicias tu Pc, y Prendes Nuevamente Restaurar Sistema

Saludos, envia un Nuevo scan Para Verificar