Foro de InfoSpyware - Foro de Hijackthis - Foro de Virus

amigos no he podido sacar el w32.sillyfdc aqui dejo el log

Logfile of HijackThis v1.99.1
Scan saved at 8:52:43 AM, on 25-Jan-08
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\Documents and Settings\Administrator\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell\OpenManage\dataeng\bin\dcevt32.exe
C:\Program Files\Dell\OpenManage\dataeng\bin\dcstor32.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\Dfssvc.exe
C:\WINDOWS\System32\dns.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\ismserv.exe
C:\Program Files\Dell\OpenManage\Array Manager\mr2kserv.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\ntfrs.exe
C:\Program Files\Dell\OpenManage\oma\bin\omsad32.exe
C:\Program Files\Minuteman\SentryII\SentryII.exe
C:\Program Files\Dell\OpenManage\iws\bin\win32\omaws32.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\lserver.exe
C:\Program Files\Dell\OpenManage\Array Manager\VxSvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Symantec AntiVirus\VPC32.exe
E:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/hardAdmin.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.eltiempo.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AuCaption] DSA OMSA Reminder
O4 - HKLM\..\Run: [AuFlag] 
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [Iomega Automatic Backup Pro] "C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem.exe" -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - Global Startup: Administrador de servicios.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O10 - Broken Internet access because of LSP provider 'c:\documents and settings\administrator\windows\system32\mswsock.dl l' missing
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121104215000
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = diamond.com.co
O17 - HKLM\Software\..\Telephony: DomainName = diamond.com.co
O17 - HKLM\System\CCS\Services\Tcpip\..\{AFF60396-1D70-4725-BF12-2C4897999DA2}: NameServer = 200.75.51.132,200.75.51.133
O17 - HKLM\System\CCS\Services\Tcpip\..\{D159D69A-BB08-48E3-85BC-5E9576C15E50}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = diamond.com.co
O20 - Winlogon Notify: dimsntfy - dimsntfy.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Application Experience Lookup Service (AeLookupSvc) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.ex e (file missing)
O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Application Management (AppMgmt) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.ex e (file missing)
O23 - Service: Windows Audio (AudioSrv) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.ex e (file missing)
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.ex e (file missing)
O23 - Service: Computer Browser (Browser) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.ex e (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cryptographic Services (CryptSvc) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.ex e (file missing)
O23 - Service: Systems Management Event Manager (dcevt32) - Dell Inc. - C:\Program Files\Dell\OpenManage\dataeng\bin\dcevt32.exe
O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.ex e (file missing)
O23 - Service: Systems Management Data Manager (dcstor32) - Dell Inc. - C:\Program Files\Dell\OpenManage\dataeng\bin\dcstor32.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Distributed File System (Dfs) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\Dfssvc.exe (file missing)
O23 - Service: DHCP Client (Dhcp) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.ex e (file missing)
O23 - Service: DHCP Server (DHCPServer) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\tcpsvcs.ex e (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\dmadmin.ex e (file missing)
O23 - Service: Logical Disk Manager (dmserver) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.ex e (file missing)
O23 - Service: DNS Server (DNS) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\dns.exe (file missing)
O23 - Service: DNS Client (Dnscache) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.ex e (file missing)
O23 - Service: Error Reporting Service (ERSvc) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.ex e (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\services.e xe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Help and Support (helpsvc) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.ex e (file missing)
O23 - Service: Intersite Messaging (IsmServ) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\ismserv.ex e (file missing)
O23 - Service: Kerberos Key Distribution Center (kdc) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Server (lanmanserver) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.ex e (file missing)
O23 - Service: Workstation (lanmanworkstation) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.ex e (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: TCP/IP NetBIOS Helper (LmHosts) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.ex e (file missing)
O23 - Service: mr2kserv - Unknown owner - C:\Program Files\Dell\OpenManage\Array Manager\mr2kserv.exe
O23 - Service: MSSQLSERVER - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER (file missing)
O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Network Connections (Netman) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.ex e (file missing)
O23 - Service: Network Location Awareness (NLA) (Nla) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.ex e (file missing)
O23 - Service: File Replication Service (NtFrs) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\ntfrs.exe (file missing)
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Removable Storage (NtmsSvc) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.ex e (file missing)
O23 - Service: OM Common Services (omsad) - Dell Inc. - C:\Program Files\Dell\OpenManage\oma\bin\omsad32.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\services.e xe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Access Auto Connection Manager (RasAuto) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.ex e (file missing)
O23 - Service: Remote Access Connection Manager (RasMan) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.ex e (file missing)
O23 - Service: Routing and Remote Access (RemoteAccess) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.ex e (file missing)
O23 - Service: Remote Registry (RemoteRegistry) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.ex e (file missing)
O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\locator.ex e (file missing)
O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.ex e (file missing)
O23 - Service: Resultant Set of Policy Provider (RSoPProv) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\RSoPProv.e xe (file missing)
O23 - Service: Special Administration Console Helper (sacsvr) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.ex e (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Smart Card (SCardSvr) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\SCardSvr.e xe (file missing)
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.ex e (file missing)
O23 - Service: Secondary Logon (seclogon) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.ex e (file missing)
O23 - Service: System Event Notification (SENS) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.ex e (file missing)
O23 - Service: SentryII - Unknown owner - C:\Program Files\Minuteman\SentryII\SentryII.exe
O23 - Service: Secure Port Server (Server Administrator) - Unknown owner - %SystemDrive%\Program Files\Dell\OpenManage\iws\bin\win32\omaws32.exe (file missing)
O23 - Service: Shell Hardware Detection (ShellHWDetection) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.ex e (file missing)
O23 - Service: SNMP Service (SNMP) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\snmp.exe (file missing)
O23 - Service: SNMP Trap Service (SNMPTRAP) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\snmptrap.e xe (file missing)
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\spoolsv.ex e (file missing)
O23 - Service: SQLSERVERAGENT - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE" -i MSSQLSERVER (file missing)
O23 - Service: Microsoft Software Shadow Copy Provider (swprv) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.ex e (file missing)
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Performance Logs and Alerts (SysmonLog) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\smlogsvc.e xe (file missing)
O23 - Service: Telephony (TapiSrv) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.ex e (file missing)
O23 - Service: Terminal Services (TermService) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.ex e (file missing)
O23 - Service: Terminal Server Licensing (TermServLicensing) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\lserver.ex e (file missing)
O23 - Service: Distributed Link Tracking Client (TrkWks) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.ex e (file missing)
O23 - Service: Upload Manager (uploadmgr) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.ex e (file missing)
O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\ups.exe (file missing)
O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: Disk Management Service (VxSvc) - VERITAS Software Corp. - C:\Program Files\Dell\OpenManage\Array Manager\VxSvc.exe
O23 - Service: Windows Time (W32Time) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.ex e (file missing)
O23 - Service: World Wide Web Publishing Service (W3SVC) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.ex e (file missing)
O23 - Service: WinHTTP Web Proxy Auto-Discovery Service (WinHttpAutoProxySvc) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.ex e (file missing)
O23 - Service: Windows Management Instrumentation (winmgmt) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.ex e (file missing)
O23 - Service: Portable Media Serial Number Service (WmdmPmSN) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.ex e (file missing)
O23 - Service: Windows Management Instrumentation Driver Extensions (Wmi) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.ex e (file missing)
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.ex e (file missing)
O23 - Service: Wireless Configuration (WZCSVC) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.ex e (file missing)
O23 - Service: Network Provisioning Service (xmlprov) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.ex e (file missing)

Hola arnaldomurillo, te doy la bienvenida al Foro de InfoSpyware

Estas usando una versión antigua de HijackThis, por lo que descarga y ejecuta la nueva versión de
*HijackThis 2.0.2 para generar y dejarnos un nuevo log en este mismo mensaje.

Salu2

primero, agradezco mucho que me hayas contestado estoy un poco desesperado con este virus w32.sillyfdc, te envio el log con el nuevo hijack this
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:20:52 PM, on 02-Feb-08
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\Documents and Settings\Administrator\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell\OpenManage\dataeng\bin\dcevt32.exe
C:\Program Files\Dell\OpenManage\dataeng\bin\dcstor32.exe
C:\WINDOWS\system32\Dfssvc.exe
C:\WINDOWS\System32\dns.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\ismserv.exe
C:\Program Files\Dell\OpenManage\Array Manager\mr2kserv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$SOPHOS\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\ntfrs.exe
C:\Program Files\Dell\OpenManage\oma\bin\omsad32.exe
c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\SCC\schdsrvc.exe
C:\Program Files\Minuteman\SentryII\SentryII.exe
C:\Program Files\Dell\OpenManage\iws\bin\win32\omaws32.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Sophos\SCC\Remote Management System\ManagementAgentNT.exe
c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Sophos\SCC\CertificationManagerServiceNT.exe
C:\Program Files\Sophos\SCC\Remote Management System\EMLibUpdateAgentNT.exe
C:\Program Files\Sophos\SCC\MgntSvc.exe
C:\Program Files\Sophos\SCC\Remote Management System\RouterNT.exe
C:\WINDOWS\system32\lserver.exe
C:\Program Files\Dell\OpenManage\Array Manager\VxSvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/hardAdmin.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.eltiempo.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AuCaption] DSA OMSA Reminder
O4 - HKLM\..\Run: [AuFlag] 
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [Iomega Automatic Backup Pro] "C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem.exe" -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [!teamcfg] %SystemRoot%\..\dell\nicteaming\intel\nicteamconfi g.bat (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-405388489-1769468277-2961378379-1177\..\Run: [] (User 'inventario1')
O4 - HKUS\S-1-5-21-405388489-1769468277-2961378379-1180\..\Run: [] (User 'compras1')
O4 - HKUS\S-1-5-21-405388489-1769468277-2961378379-1183\..\Run: [] (User 'produccion1')
O4 - HKUS\S-1-5-18\..\Run: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [] (User 'Default user')
O4 - Global Startup: Administrador de servicios.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: RepThrt.ltt
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O10 - Broken Internet access because of LSP provider 'c:\documents and settings\administrator\windows\system32\mswsock.dl l' missing
O15 - ESC Trusted Zone: http://runonce.msn.com
O15 - ESC Trusted Zone: http://*.windowsupdate.com
O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121104215000
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = diamond.com.co
O17 - HKLM\Software\..\Telephony: DomainName = diamond.com.co
O17 - HKLM\System\CCS\Services\Tcpip\..\{AFF60396-1D70-4725-BF12-2C4897999DA2}: NameServer = 200.75.51.132,200.75.51.133
O17 - HKLM\System\CCS\Services\Tcpip\..\{D159D69A-BB08-48E3-85BC-5E9576C15E50}: NameServer = 192.168.0.1
O20 - AppInit_DLLs: c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
O23 - Service: Systems Management Event Manager (dcevt32) - Dell Inc. - C:\Program Files\Dell\OpenManage\dataeng\bin\dcevt32.exe
O23 - Service: Systems Management Data Manager (dcstor32) - Dell Inc. - C:\Program Files\Dell\OpenManage\dataeng\bin\dcstor32.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: mr2kserv - Unknown owner - C:\Program Files\Dell\OpenManage\Array Manager\mr2kserv.exe
O23 - Service: OM Common Services (omsad) - Dell Inc. - C:\Program Files\Dell\OpenManage\oma\bin\omsad32.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos Enterprise Manager Scheduler (SEMScheduler) - Sophos Plc - C:\Program Files\Sophos\SCC\schdsrvc.exe
O23 - Service: SentryII - Unknown owner - C:\Program Files\Minuteman\SentryII\SentryII.exe
O23 - Service: Secure Port Server (Server Administrator) - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\iws\bin\win32\omaws32.exe
O23 - Service: Sophos Agent - Sophos Plc - C:\Program Files\Sophos\SCC\Remote Management System\ManagementAgentNT.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Sophos Certification Manager - Sophos Plc - C:\Program Files\Sophos\SCC\CertificationManagerServiceNT.exe
O23 - Service: Sophos EMLibUpdate Agent - Sophos Plc - C:\Program Files\Sophos\SCC\Remote Management System\EMLibUpdateAgentNT.exe
O23 - Service: Sophos Management Service - Sophos Plc - C:\Program Files\Sophos\SCC\MgntSvc.exe
O23 - Service: Sophos Message Router - Sophos Plc - C:\Program Files\Sophos\SCC\Remote Management System\RouterNT.exe
O23 - Service: Disk Management Service (VxSvc) - VERITAS Software Corp. - C:\Program Files\Dell\OpenManage\Array Manager\VxSvc.exe

--
End of file - 9078 bytes

- Descarga la herramienta ComboFix.exe y guárdala en el escritorio.

• Desactiva temporalmente el Antivirus y/o Antispyware.
• Cierra todas las ventanas abiertas.
• Hacele doble clic al archivo combofix.exe y seguí las instrucciones.
• Cuando termine, generara un registro en C:\ComboFix.txt.
  • *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
  • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.
• Pega el reporte de ComboFix.txt en este mismo mensaje.

Reinicia y nos dejas los reportes.

Salu2

gracias, agrego el log de combofix

ComboFix 08-02.05.3 - administrator 2008-02-05 12:36:25.2 - NTFSx86
Running from: C:\Program Files\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\system32\Cache

.
((((((((((((((((((((((((( Files Created from 2008-01-05 to 2008-02-05 )))))))))))))))))))))))))))))))
.

2008-02-04 20:20 . 2008-02-04 20:20 1,593,889 --a------ C:\Program Files\ComboFix.exe
2008-02-02 16:19 . 2008-02-02 16:19 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-25 12:04 . 2008-01-25 12:04 <DIR> d-------- C:\Program Files\Common Files\Cisco Systems
2008-01-25 12:04 . 2007-03-09 09:56 17,920 --a------ C:\WINDOWS\system32\SophosBootTasks.exe
2008-01-25 11:55 . 2007-09-10 11:09 101,120 --a------ C:\WINDOWS\system32\drivers\savonaccesscontrol.sys
2008-01-25 11:55 . 2007-09-10 11:08 33,408 --a------ C:\WINDOWS\system32\drivers\savonaccessfilter.sys
2008-01-25 11:54 . 2008-01-25 11:55 <DIR> d-------- C:\savwsa
2008-01-25 11:25 . 2008-01-25 12:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sophos
2008-01-25 11:22 . 2008-01-25 12:06 <DIR> d-------- C:\Program Files\Sophos
2008-01-25 11:22 . 2008-01-25 11:22 <DIR> d-------- C:\Program Files\Crystal Decisions
2008-01-25 11:22 . 2008-01-25 11:22 <DIR> d-------- C:\Program Files\Common Files\Sophos
2008-01-25 11:22 . 2008-01-25 11:22 <DIR> d-------- C:\Program Files\Common Files\Crystal Decisions
2008-01-25 11:10 . 2008-01-25 11:10 <DIR> d-------- C:\savcc20
2008-01-17 13:26 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-01-17 13:24 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\hgsggmffopya.sys
2008-01-17 13:02 . 2008-01-21 17:21 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-17 13:02 . 2008-01-21 17:19 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-17 13:02 . 2008-01-21 17:19 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-17 13:02 . 2008-01-21 17:19 1,406 --a------ C:\WINDOWS\system32\Help.ico

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-01-25 21:59 --------- d-----w C:\Program Files\CCleaner
2008-01-25 17:01 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-25 17:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-25 16:15 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-01-25 14:35 --------- d-----w C:\Program Files\Symantec
2008-01-17 19:13 --------- d-----w C:\Program Files\Google
2008-01-17 18:29 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Iomega Automatic Backup Pro
2007-12-28 01:27 --------- d-----w C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2007-12-28 00:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-18 16:25 --------- d-----w C:\Program Files\Java
2007-12-12 20:00 56,159 ----a-w C:\WINDOWS\ms35.tmp
2007-12-12 20:00 56,159 ----a-w C:\WINDOWS\ms14.tmp
2007-11-08 21:15 815,616 ----a-w C:\WINDOWS\system32\lsasrv.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Iomega Automatic Backup Pro"="C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem.exe" [2004-12-03 11:10 7405568]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-02-17 09:03 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-06-24 14:34 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"AuCaption"="DSA OMSA Reminder" []
"AuFlag"="2 (0x2)" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"Iomega Automatic Backup Pro"="C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem.exe" [2004-12-03 11:10 7405568]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-02-17 09:03 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-06-24 14:34 68856]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Administrador de servicios.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 22:07:32 81920]
AutoUpdate Monitor.lnk - C:\Program Files\Sophos\AutoUpdate\ALMon.exe [2007-06-21 10:18:00 245760]
RepThrt.ltt [2008-01-25 11:31:41 8]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"disablecad"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"ShowSuperHidden"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~ 1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, pwdssp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-24 14:34 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe

R0 afamgt;afamgt;C:\WINDOWS\system32\drivers\afamgt.s ys [2003-12-16 19:01]
R0 crcdisk;CRC Disk Filter Driver;C:\WINDOWS\system32\DRIVERS\crcdisk.sys [2007-02-17 01:09]
R0 dcdbas;Systems management base driver;C:\WINDOWS\system32\DRIVERS\dcdbas32.sys [2005-07-10 15:38]
R0 DfsDriver;DfsDriver;C:\WINDOWS\system32\drivers\Df s.sys [2007-02-17 00:51]
R0 IABFilt;Iomega Snapshot Volume Filter;C:\WINDOWS\system32\DRIVERS\IABFilt.sys [2004-11-04 16:11]
R1 SAVOnAccessControl;SAVOnAccessControl;C:\WINDOWS\s ystem32\DRIVERS\savonaccesscontrol.sys [2007-09-10 11:09]
R1 SAVOnAccessFilter;SAVOnAccessFilter;C:\WINDOWS\sys tem32\DRIVERS\savonaccessfilter.sys [2007-09-10 11:08]
R2 AeLookupSvc;Application Experience Lookup Service;C:\WINDOWS\system32\svchost.exe [2007-02-17 09:04]
R2 Dfs;Distributed File System;C:\WINDOWS\system32\Dfssvc.exe [2007-02-17 09:03]
R2 DHCPServer;DHCP Server;C:\WINDOWS\system32\tcpsvcs.exe [2003-03-25 07:00]
R2 DNS;DNS Server;C:\WINDOWS\System32\dns.exe [2007-10-16 05:52]
R2 IsmServ;Intersite Messaging;C:\WINDOWS\System32\ismserv.exe [2007-02-17 09:03]
R2 kdc;Kerberos Key Distribution Center;C:\WINDOWS\System32\lsass.exe [2003-03-25 07:00]
R2 MSSQL$SOPHOS;MSSQL$SOPHOS;C:\Program Files\Microsoft SQL Server\MSSQL$SOPHOS\Binn\sqlservr.exe [2002-12-17 17:26]
R2 NtFrs;File Replication Service;C:\WINDOWS\system32\ntfrs.exe [2007-02-17 09:03]
R2 Pop3Svc;Microsoft POP3 Service;C:\WINDOWS\system32\POP3Server\pop3svc.exe [2007-02-17 09:03]
R2 SEMScheduler;Sophos Enterprise Manager Scheduler;"C:\Program Files\Sophos\SCC\schdsrvc.exe" [2006-09-14 10:37]
R2 SentryII;SentryII;"C:\Program Files\Minuteman\SentryII\SentryII.exe" [2002-11-22 11:27]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2007-02-17 09:03]
R2 Sophos Certification Manager;Sophos Certification Manager;"C:\Program Files\Sophos\SCC\CertificationManagerServiceNT.exe " -background []
R2 Sophos EMLibUpdate Agent;Sophos EMLibUpdate Agent;"C:\Program Files\Sophos\SCC\Remote Management System\EMLibUpdateAgentNT.exe" -service []
R2 Sophos Management Service;Sophos Management Service;"C:\Program Files\Sophos\SCC\MgntSvc.exe" [2006-05-10 15:19]
R2 TermServLicensing;Terminal Server Licensing;C:\WINDOWS\system32\lserver.exe [2007-02-17 09:03]
R3 ati2mpad;ati2mpad;C:\WINDOWS\system32\DRIVERS\ati2 mpad.sys [2003-03-24 16:54]
R3 dcdipm;Systems management IPMI driver;C:\WINDOWS\system32\DRIVERS\dcdipm32.sys [2005-07-10 15:38]
R3 dcdtvm;Systems management TVM driver;C:\WINDOWS\system32\DRIVERS\dcdtvm32.sys [2005-07-10 15:38]
R3 PORTACCESSOR;PORTACCESSOR;C:\PROGRA~1\Dell\OPENMA~ 1\oldiags\packages\PORTACCESSOR.sys [2005-07-10 15:40]
R3 stdatw2k;stdatw2k;C:\WINDOWS\system32\DRIVERS\stda tw2k.sys [2004-03-03 01:06]
S3 4mmdat;4mmdat;C:\WINDOWS\system32\DRIVERS\4mmdat.s ys [2003-03-24 23:05]
S3 RSoPProv;Resultant Set of Policy Provider;C:\WINDOWS\system32\RSoPProv.exe [2007-02-17 09:03]
S3 sacsvr;Special Administration Console Helper;C:\WINDOWS\System32\svchost.exe [2007-02-17 09:04]
S3 SQLAgent$SOPHOS;SQLAgent$SOPHOS;C:\Program Files\Microsoft SQL Server\MSSQL$SOPHOS\Binn\sqlagent.EXE [2002-12-17 17:23]
S3 WinHttpAutoProxySvc;WinHTTP Web Proxy Auto-Discovery Service;C:\WINDOWS\system32\svchost.exe [2007-02-17 09:04]
S3 WLBS;Network Load Balancing;C:\WINDOWS\system32\DRIVERS\wlbs.sys [2007-02-17 01:29]
S4 ClusDisk;Cluster Disk Driver;C:\WINDOWS\system32\DRIVERS\ClusDisk.sys [2007-02-17 01:02]
S4 TrkSvr;Distributed Link Tracking Server;C:\WINDOWS\system32\svchost.exe [2007-02-17 09:04]
S4 Tssdis;Terminal Services Session Directory;C:\WINDOWS\System32\tssdis.exe [2007-02-17 09:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WinErr REG_MULTI_SZ ERsvc
tapisrv REG_MULTI_SZ Tapisrv
regsvc REG_MULTI_SZ RemoteRegistry
swprv REG_MULTI_SZ swprv
iissvcs REG_MULTI_SZ w3svc
DcomLaunch REG_MULTI_SZ DcomLaunch

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
HidServ
LanmanServer
LanmanWorkstation
Messenger
Nla
NWCWorkstation
Sacsvr
Schedule
Seclogon
Themes
TrkWks
TrkSvr
Wmi
WmdmPmSp
winmgmt
wuauserv
BITS
ShellHWDetection
uploadmgr
xmlprov
AeLookupSvc
helpsvc

*Newly Created Service* - PORTACCESSOR

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36BBA8D2-CA5C-4847-81CC-4F807DD86C91}]
%SystemRoot%\system32\regsvr32.exe /s /n /i:IEUpdateUser urlmon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6D69F546-C1AF-4049-AE9E-28627B91D3F5}]
%SystemRoot%\system32\regsvr32.exe /s /n /i:IEUpdateAdmin urlmon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}]
%SystemRoot%\system32\rundll32.exe iesetup.dll,IEHardenAdmin

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}]
%SystemRoot%\system32\rundll32.exe iesetup.dll,IEHardenUser
.
Contents of the 'Scheduled Tasks' folder
"2008-02-02 18:00:00 C:\WINDOWS\Tasks\Copia Semanal.job"
- C:\WINDOWS\system32\ntbackup.exeCbackup
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-05 12:40:38
Windows 5.2.3790 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Iomega Automatic Backup Pro = "C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem.exe" -s????????????????????????????????????????????????? ????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\system\ControlSet004\Services\S ophos Message Router]
"ImagePath"="\"C:\Program Files\Sophos\SCC\Remote Management System\RouterNT.exe\" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194"
.
Completion time: 2008-02-05 12:42:25
.
2008-01-09 08:02:56 --- E O F ---

Hacele un escaneo completo con:

• SUPERAntiSpyware
• Dr.Web CureIt!
• Kaspersky Antivirus Online

Reinicia y nos dejas los reportes.

Salu2

definitivamente todo este proceso es muy lento pero ahi lo vamos haciendo, el cureit.exe no corre me aparece cannot engine load envio el resto de los log, gracias.

log combofix

ComboFix 08-02.05.3 - administrator 2008-02-05 12:36:25.2 - NTFSx86
Running from: C:\Program Files\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\system32\Cache

.
((((((((((((((((((((((((( Files Created from 2008-01-05 to 2008-02-05 )))))))))))))))))))))))))))))))
.

2008-02-04 20:20 . 2008-02-04 20:20 1,593,889 --a------ C:\Program Files\ComboFix.exe
2008-02-02 16:19 . 2008-02-02 16:19 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-25 12:04 . 2008-01-25 12:04 <DIR> d-------- C:\Program Files\Common Files\Cisco Systems
2008-01-25 12:04 . 2007-03-09 09:56 17,920 --a------ C:\WINDOWS\system32\SophosBootTasks.exe
2008-01-25 11:55 . 2007-09-10 11:09 101,120 --a------ C:\WINDOWS\system32\drivers\savonaccesscontrol.sys
2008-01-25 11:55 . 2007-09-10 11:08 33,408 --a------ C:\WINDOWS\system32\drivers\savonaccessfilter.sys
2008-01-25 11:54 . 2008-01-25 11:55 <DIR> d-------- C:\savwsa
2008-01-25 11:25 . 2008-01-25 12:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sophos
2008-01-25 11:22 . 2008-01-25 12:06 <DIR> d-------- C:\Program Files\Sophos
2008-01-25 11:22 . 2008-01-25 11:22 <DIR> d-------- C:\Program Files\Crystal Decisions
2008-01-25 11:22 . 2008-01-25 11:22 <DIR> d-------- C:\Program Files\Common Files\Sophos
2008-01-25 11:22 . 2008-01-25 11:22 <DIR> d-------- C:\Program Files\Common Files\Crystal Decisions
2008-01-25 11:10 . 2008-01-25 11:10 <DIR> d-------- C:\savcc20
2008-01-17 13:26 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-01-17 13:24 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\hgsggmffopya.sys
2008-01-17 13:02 . 2008-01-21 17:21 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-17 13:02 . 2008-01-21 17:19 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-17 13:02 . 2008-01-21 17:19 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-17 13:02 . 2008-01-21 17:19 1,406 --a------ C:\WINDOWS\system32\Help.ico

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-01-25 21:59 --------- d-----w C:\Program Files\CCleaner
2008-01-25 17:01 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-25 17:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-25 16:15 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-01-25 14:35 --------- d-----w C:\Program Files\Symantec
2008-01-17 19:13 --------- d-----w C:\Program Files\Google
2008-01-17 18:29 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Iomega Automatic Backup Pro
2007-12-28 01:27 --------- d-----w C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2007-12-28 00:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-18 16:25 --------- d-----w C:\Program Files\Java
2007-12-12 20:00 56,159 ----a-w C:\WINDOWS\ms35.tmp
2007-12-12 20:00 56,159 ----a-w C:\WINDOWS\ms14.tmp
2007-11-08 21:15 815,616 ----a-w C:\WINDOWS\system32\lsasrv.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Iomega Automatic Backup Pro"="C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem.exe" [2004-12-03 11:10 7405568]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-02-17 09:03 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-06-24 14:34 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"AuCaption"="DSA OMSA Reminder" []
"AuFlag"="2 (0x2)" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"Iomega Automatic Backup Pro"="C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem.exe" [2004-12-03 11:10 7405568]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-02-17 09:03 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-06-24 14:34 68856]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Administrador de servicios.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 22:07:32 81920]
AutoUpdate Monitor.lnk - C:\Program Files\Sophos\AutoUpdate\ALMon.exe [2007-06-21 10:18:00 245760]
RepThrt.ltt [2008-01-25 11:31:41 8]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"disablecad"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"ShowSuperHidden"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~ 1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, pwdssp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-24 14:34 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe

R0 afamgt;afamgt;C:\WINDOWS\system32\drivers\afamgt.s ys [2003-12-16 19:01]
R0 crcdisk;CRC Disk Filter Driver;C:\WINDOWS\system32\DRIVERS\crcdisk.sys [2007-02-17 01:09]
R0 dcdbas;Systems management base driver;C:\WINDOWS\system32\DRIVERS\dcdbas32.sys [2005-07-10 15:38]
R0 DfsDriver;DfsDriver;C:\WINDOWS\system32\drivers\Df s.sys [2007-02-17 00:51]
R0 IABFilt;Iomega Snapshot Volume Filter;C:\WINDOWS\system32\DRIVERS\IABFilt.sys [2004-11-04 16:11]
R1 SAVOnAccessControl;SAVOnAccessControl;C:\WINDOWS\s ystem32\DRIVERS\savonaccesscontrol.sys [2007-09-10 11:09]
R1 SAVOnAccessFilter;SAVOnAccessFilter;C:\WINDOWS\sys tem32\DRIVERS\savonaccessfilter.sys [2007-09-10 11:08]
R2 AeLookupSvc;Application Experience Lookup Service;C:\WINDOWS\system32\svchost.exe [2007-02-17 09:04]
R2 Dfs;Distributed File System;C:\WINDOWS\system32\Dfssvc.exe [2007-02-17 09:03]
R2 DHCPServer;DHCP Server;C:\WINDOWS\system32\tcpsvcs.exe [2003-03-25 07:00]
R2 DNS;DNS Server;C:\WINDOWS\System32\dns.exe [2007-10-16 05:52]
R2 IsmServ;Intersite Messaging;C:\WINDOWS\System32\ismserv.exe [2007-02-17 09:03]
R2 kdc;Kerberos Key Distribution Center;C:\WINDOWS\System32\lsass.exe [2003-03-25 07:00]
R2 MSSQL$SOPHOS;MSSQL$SOPHOS;C:\Program Files\Microsoft SQL Server\MSSQL$SOPHOS\Binn\sqlservr.exe [2002-12-17 17:26]
R2 NtFrs;File Replication Service;C:\WINDOWS\system32\ntfrs.exe [2007-02-17 09:03]
R2 Pop3Svc;Microsoft POP3 Service;C:\WINDOWS\system32\POP3Server\pop3svc.exe [2007-02-17 09:03]
R2 SEMScheduler;Sophos Enterprise Manager Scheduler;"C:\Program Files\Sophos\SCC\schdsrvc.exe" [2006-09-14 10:37]
R2 SentryII;SentryII;"C:\Program Files\Minuteman\SentryII\SentryII.exe" [2002-11-22 11:27]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2007-02-17 09:03]
R2 Sophos Certification Manager;Sophos Certification Manager;"C:\Program Files\Sophos\SCC\CertificationManagerServiceNT.exe " -background []
R2 Sophos EMLibUpdate Agent;Sophos EMLibUpdate Agent;"C:\Program Files\Sophos\SCC\Remote Management System\EMLibUpdateAgentNT.exe" -service []
R2 Sophos Management Service;Sophos Management Service;"C:\Program Files\Sophos\SCC\MgntSvc.exe" [2006-05-10 15:19]
R2 TermServLicensing;Terminal Server Licensing;C:\WINDOWS\system32\lserver.exe [2007-02-17 09:03]
R3 ati2mpad;ati2mpad;C:\WINDOWS\system32\DRIVERS\ati2 mpad.sys [2003-03-24 16:54]
R3 dcdipm;Systems management IPMI driver;C:\WINDOWS\system32\DRIVERS\dcdipm32.sys [2005-07-10 15:38]
R3 dcdtvm;Systems management TVM driver;C:\WINDOWS\system32\DRIVERS\dcdtvm32.sys [2005-07-10 15:38]
R3 PORTACCESSOR;PORTACCESSOR;C:\PROGRA~1\Dell\OPENMA~ 1\oldiags\packages\PORTACCESSOR.sys [2005-07-10 15:40]
R3 stdatw2k;stdatw2k;C:\WINDOWS\system32\DRIVERS\stda tw2k.sys [2004-03-03 01:06]
S3 4mmdat;4mmdat;C:\WINDOWS\system32\DRIVERS\4mmdat.s ys [2003-03-24 23:05]
S3 RSoPProv;Resultant Set of Policy Provider;C:\WINDOWS\system32\RSoPProv.exe [2007-02-17 09:03]
S3 sacsvr;Special Administration Console Helper;C:\WINDOWS\System32\svchost.exe [2007-02-17 09:04]
S3 SQLAgent$SOPHOS;SQLAgent$SOPHOS;C:\Program Files\Microsoft SQL Server\MSSQL$SOPHOS\Binn\sqlagent.EXE [2002-12-17 17:23]
S3 WinHttpAutoProxySvc;WinHTTP Web Proxy Auto-Discovery Service;C:\WINDOWS\system32\svchost.exe [2007-02-17 09:04]
S3 WLBS;Network Load Balancing;C:\WINDOWS\system32\DRIVERS\wlbs.sys [2007-02-17 01:29]
S4 ClusDisk;Cluster Disk Driver;C:\WINDOWS\system32\DRIVERS\ClusDisk.sys [2007-02-17 01:02]
S4 TrkSvr;Distributed Link Tracking Server;C:\WINDOWS\system32\svchost.exe [2007-02-17 09:04]
S4 Tssdis;Terminal Services Session Directory;C:\WINDOWS\System32\tssdis.exe [2007-02-17 09:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WinErr REG_MULTI_SZ ERsvc
tapisrv REG_MULTI_SZ Tapisrv
regsvc REG_MULTI_SZ RemoteRegistry
swprv REG_MULTI_SZ swprv
iissvcs REG_MULTI_SZ w3svc
DcomLaunch REG_MULTI_SZ DcomLaunch

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
HidServ
LanmanServer
LanmanWorkstation
Messenger
Nla
NWCWorkstation
Sacsvr
Schedule
Seclogon
Themes
TrkWks
TrkSvr
Wmi
WmdmPmSp
winmgmt
wuauserv
BITS
ShellHWDetection
uploadmgr
xmlprov
AeLookupSvc
helpsvc

*Newly Created Service* - PORTACCESSOR

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36BBA8D2-CA5C-4847-81CC-4F807DD86C91}]
%SystemRoot%\system32\regsvr32.exe /s /n /i:IEUpdateUser urlmon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6D69F546-C1AF-4049-AE9E-28627B91D3F5}]
%SystemRoot%\system32\regsvr32.exe /s /n /i:IEUpdateAdmin urlmon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}]
%SystemRoot%\system32\rundll32.exe iesetup.dll,IEHardenAdmin

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}]
%SystemRoot%\system32\rundll32.exe iesetup.dll,IEHardenUser
.
Contents of the 'Scheduled Tasks' folder
"2008-02-02 18:00:00 C:\WINDOWS\Tasks\Copia Semanal.job"
- C:\WINDOWS\system32\ntbackup.exeCbackup
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-05 12:40:38
Windows 5.2.3790 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Iomega Automatic Backup Pro = "C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem.exe" -s????????????????????????????????????????????????? ????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\system\ControlSet004\Services\S ophos Message Router]
"ImagePath"="\"C:\Program Files\Sophos\SCC\Remote Management System\RouterNT.exe\" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194"
.
Completion time: 2008-02-05 12:42:25
.
2008-01-09 08:02:56 --- E O F ---



log superspyware

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/07/2008 at 11:39 PM

Application Version : 3.9.1008

Core Rules Database Version : 3397
Trace Rules Database Version: 1389

Scan type : Complete Scan
Total Scan Time : 05:34:09

Memory items scanned : 676
Memory threats detected : 0
Registry items scanned : 5051
Registry threats detected : 0
File items scanned : 142187
File threats detected : 162

Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.u s.e-planning[1].txt
D:\shared\LIDA\NO USADO\francynov29\Documents and Settings\asesorcomercial3\Cookies\asesorcomercial3 @112.2o7[1].txt
D:\shared\LIDA\NO USADO\francynov29\Documents and Settings\asesorcomercial3\Cookies\asesorcomercial3 @2o7[2].txt
D:\shared\LIDA\NO USADO\francynov29\Documents and Settings\asesorcomercial3\Cookies\asesorcomercial3 @ad.yieldmanager[2].txt
D:\shared\LIDA\NO USADO\francynov29\Documents and Settings\asesorcomercial3\Cookies\asesorcomercial3 @ads.addynamix[1].txt
D:\shared\LIDA\NO USADO\francynov29\Documents and Settings\asesorcomercial3\Cookies\asesorcomercial3 @ads.us.e-planning[2].txt
D:\shared\LIDA\NO USADO\francynov29\Documents and Settings\asesorcomercial3\Cookies\asesorcomercial3 @ads.weblogssl[2].txt
D:\shared\LIDA\NO USADO\francynov29\Documents and Settings\asesorcomercial3\Cookies\asesorcomercial3 @as-eu.falkag[2].txt
D:\shared\LIDA\NO USADO\francynov29\Documents and Settings\asesorcomercial3\Cookies\asesorcomercial3 @atdmt[2].txt
D:\shared\LIDA\NO USADO\francynov29\Documents and Settings\asesorcomercial3\Cookies\asesorcomercial3 @belnk[1].txt
D:\shared\LIDA\NO USADO\francynov29\Documents and Settings\asesorcomercial3\Cookies\asesorcomercial3 @dist.belnk[2].txt
D:\shared\LIDA\NO USADO\francynov29\Documents and Settings\asesorcomercial3\Cookies\asesorcomercial3 @doubleclick[1].txt
D:\shared\LIDA\NO USADO\francynov29\Documents and Settings\asesorcomercial3\Cookies\asesorcomercial3 @m1.webstats4u[1].txt
D:\shared\LIDA\NO USADO\francynov29\Documents and Settings\asesorcomercial3\Cookies\asesorcomercial3 @msnportal.112.2o7[1].txt
D:\shared\LIDA\NO USADO\francynov29\Documents and Settings\asesorcomercial3\Cookies\asesorcomercial3 @richmedia.eresmas[2].txt
D:\shared\LIDA\NO USADO\francynov29\Documents and Settings\asesorcomercial3\Cookies\asesorcomercial3 @smileycentral[1].txt
D:\shared\LIDA\NO USADO\francynov29\Documents and Settings\asesorcomercial3\Cookies\asesorcomercial3 @statcounter[2].txt
D:\shared\LIDA\NO USADO\francynov29\Documents and Settings\asesorcomercial3\Cookies\asesorcomercial3 @stats1.reliablestats[1].txt
F:\Backups\PC28 Conjunto de copia de seguridad de datos 1\D\Shared\LIDA\NO USADO\francynov29\Documents and Settings\asesorcomercial3\Cookies\asesorcomercial3 @112.2o7[1].txt
F:\Backups\PC28 Conjunto de copia de seguridad de datos 1\D\Shared\LIDA\NO USADO\francynov29\Documents and Settings\asesorcomercial3\Cookies\asesorcomercial3 @2o7[2].txt
F:\Backups\PC28 Conjunto de copia de seguridad de datos 1\D\Shared\LIDA\NO USADO\francynov29\Documents and Settings\asesorcomercial3\Cookies\asesorcomercial3 @ad.yieldmanager[2].txt
F:\Backups\PC28 Conjunto de copia de seguridad de datos 1\D\Shared\LIDA\NO USADO\francynov29\Documents and Settings\asesorcomercial3\Cookies\asesorcomercial3 @ads.addynamix[1].txt
F:\Backups\PC28 Conjunto de copia de seguridad de datos 1\D\Shared\LIDA\NO USADO\francynov29\Documents and Settings\asesorcomercial3\Cookies\asesorcomercial3 @ads.us.e-planning[2].txt
F:\Backups\PC28 Conjunto de copia de seguridad de datos 1\D\Shared\LIDA\NO USADO\francynov29\Documents and Settings\asesorcomercial3\Cookies\asesorcomercial3 @ads.weblogssl[2].txt
F:\Backups\PC28 Conjunto de copia de seguridad de datos 1\D\Shared\LIDA\NO USADO\francynov29\Documents and Settings\asesorcomercial3\Cookies\asesorcomercial3 @as-eu.falkag[2].txt
F:\Backups\PC28 Conjunto de copia de seguridad de datos 1\D\Shared\LIDA\NO USADO\francynov29\Documents and Settings\asesorcomercial3\Cookies\asesorcomercial3 @atdmt[2].txt
F:\Backups\PC28 Conjunto de copia de seguridad de datos 1\D\Shared\LIDA\NO USADO\francynov29\Documents and Settings\asesorcomercial3\Cookies\asesorcomercial3 @belnk[1].txt
F:\Backups\PC28 Conjunto de copia de seguridad de datos 1\D\Shared\LIDA\NO USADO\francynov29\Documents and Settings\asesorcomercial3\Cookies\asesorcomercial3 @dist.belnk[2].txt
F:\Backups\PC28 Conjunto de copia de seguridad de datos 1\D\Shared\LIDA\NO USADO\francynov29\Documents and Settings\asesorcomercial3\Cookies\asesorcomercial3 @doubleclick[1].txt
F:\Backups\PC28 Conjunto de copia de seguridad de datos 1\D\Shared\LIDA\NO USADO\francynov29\Documents and Settings\asesorcomercial3\Cookies\asesorcomercial3 @m1.webstats4u[1].txt
F:\Backups\PC28 Conjunto de copia de seguridad de datos 1\D\Shared\LIDA\NO USADO\francynov29\Documents and Settings\asesorcomercial3\Cookies\asesorcomercial3 @msnportal.112.2o7[1].txt
F:\Backups\PC28 Conjunto de copia de seguridad de datos 1\D\Shared\LIDA\NO USADO\francynov29\Documents and Settings\asesorcomercial3\Cookies\asesorcomercial3 @richmedia.eresmas[2].txt
F:\Backups\PC28 Conjunto de copia de seguridad de datos 1\D\Shared\LIDA\NO USADO\francynov29\Documents and Settings\asesorcomercial3\Cookies\asesorcomercial3 @smileycentral[1].txt
F:\Backups\PC28 Conjunto de copia de seguridad de datos 1\D\Shared\LIDA\NO USADO\francynov29\Documents and Settings\asesorcomercial3\Cookies\asesorcomercial3 @statcounter[2].txt
F:\Backups\PC28 Conjunto de copia de seguridad de datos 1\D\Shared\LIDA\NO USADO\francynov29\Documents and Settings\asesorcomercial3\Cookies\asesorcomercial3 @stats1.reliablestats[1].txt
F:\Backups\PC28 Conjunto de copia de seguridad de datos 1\D\DocDiamond\GerenciaGeneral\Temp\Cookies\anyuse r@belnk[1].txt
F:\Backups\PC28 Conjunto de copia de seguridad de datos 1\D\DocDiamond\GerenciaGeneral\Temp\Cookies\asesor comercial1@belnk[1].txt
F:\Backups\PC28 Conjunto de copia de seguridad de datos 1\D\DocDiamond\GerenciaGeneral\Temp\Cookies\asesor comercial1@casalemedia[1].txt
F:\Backups\PC28 Conjunto de copia de seguridad de datos 1\D\DocDiamond\GerenciaGeneral\Temp\Cookies\asesor comercial1@tradedoubler[1].txt
F:\Backups\PC28 Conjunto de copia de seguridad de datos 1\D\DocDiamond\GerenciaGeneral\Temp\Cookies\asesor comercial1@webpdp.gator[2].txt
F:\Backups\PC28 Conjunto de copia de seguridad de datos 1\D\DocDiamond\GerenciaGeneral\Temp\Cookies\gerenc iageneral@belnk[2].txt
F:\Backups\PC28 Conjunto de copia de seguridad de datos 1\D\DocDiamond\GerenciaGeneral\Temp\Cookies\gerenc iageneral@webpdp.gator[2].txt
F:\Seguridad\PC28\DocumentosPC28\GerenciaGeneral\T emp\Cookies\anyuser@belnk[1].txt
F:\Seguridad\PC28\DocumentosPC28\GerenciaGeneral\T emp\Cookies\asesorcomercial1@belnk[1].txt
F:\Seguridad\PC28\DocumentosPC28\GerenciaGeneral\T emp\Cookies\asesorcomercial1@casalemedia[1].txt
F:\Seguridad\PC28\DocumentosPC28\GerenciaGeneral\T emp\Cookies\asesorcomercial1@tradedoubler[1].txt
F:\Seguridad\PC28\DocumentosPC28\GerenciaGeneral\T emp\Cookies\asesorcomercial1@webpdp.gator[2].txt
F:\Seguridad\PC28\DocumentosPC28\GerenciaGeneral\T emp\Cookies\gerenciageneral@belnk[2].txt
F:\Seguridad\PC28\DocumentosPC28\GerenciaGeneral\T emp\Cookies\gerenciageneral@webpdp.gator[2].txt
F:\Seguridad\PC28\C\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt
F:\Seguridad\PC28\C\Documents and Settings\Administrator\Cookies\administrator@belnk[1].txt
F:\Seguridad\PC28\C\Documents and Settings\Administrator\Cookies\administrator@blues treak[1].txt
F:\Seguridad\PC28\C\Documents and Settings\Administrator\Cookies\administrator@doubl eclick[2].txt
F:\Seguridad\PC28\C\Documents and Settings\Administrator\Cookies\administrator@ehg.h itbox[2].txt
F:\Seguridad\PC28\C\Documents and Settings\Administrator\Cookies\administrator@fastc lick[1].txt
F:\Seguridad\PC28\C\Documents and Settings\Administrator\Cookies\administrator@hitbo x[2].txt
F:\Seguridad\PC28\C\Documents and Settings\Administrator\Cookies\administrator@quest ionmarket[1].txt
F:\Seguridad\PC28\C\Documents and Settings\Administrator\Cookies\administrator@triba lfusion[1].txt
F:\Seguridad\PC28\C\Documents and Settings\Administrator\Cookies\administrator@versi ontracker[2].txt
F:\Seguridad\PC28\C\Documents and Settings\Administrator\Cookies\administrator@z1.ad server[1].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@112.2o7[1].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@247realmedia[1].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@2o7[1].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@ad-creatividades.infojobs[1].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@ad.conexcol[1].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@ad.ir[2].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@ad.yieldmanag er[1].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@adbrite[2].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@adinterax[2].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@adopt.eurocli ck[1].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@ads.addynamix[1].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@ads.e-planning[1].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@ads.esmas[1].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@ads.glispa[2].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@ads.ibest.com[1].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@ads.latinmedi os[1].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@ads.miarroba[1].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@ads.pointroll[2].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@ads.prisacom[1].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@ads.tripod.ly cos[2].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@ads.us.e-planning[2].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@ads1.mediaops .com[1].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@adserver.hisp avista[2].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@adserver.ocio media[2].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@adserver.terr a[1].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@adserver[1].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@adservingml[1].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@advertising[2].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@angleinteract ive.directtrack[2].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@apmebf[1].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@atdmt[1].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@atwola[1].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@belnk[1].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@bluestreak[2].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@camhandball.t ripod[2].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@casalemedia[2].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@citi.bridgetr ack[2].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@coxhsi.112.2o 7[1].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@directtrack[1].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@dist.belnk[2].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@doubleclick[1].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@ds.clickexper ts[1].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@dsml.clickexp erts[1].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@eas.apm.emedi ate[1].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@ehg-foxsports.hitbox[1].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@fastclick[2].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@fortunecity[1].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@hotelscom.122 .2o7[1].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@m1.webstats.m otigo[2].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@maxserving[1].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@media.adrevol ver[1].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@mediaplex[2].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@microsoftwga. 112.2o7[1].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@microsoftwlme ssengermkt.112.2o7[2].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@msnaccountser vices.112.2o7[1].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@msnportal.112 .2o7[1].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@nextag[2].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@partner2profi t[1].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@perf.overture[1].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@qksrv[1].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@qnsr[2].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@questionmarke t[2].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@realmedia[1].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@revenue[2].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@revsci[1].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@richmedia.yah oo[2].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@server.iad.li veperson[1].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@serving-sys[2].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@sexole[2].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@spac-05.tripod[1].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@specificclick[2].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@spylog[2].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@stat.onestat[2].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@statcounter[1].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@statse.webtre ndslive[1].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@track.webgain s[1].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@trafficmp[2].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@tribalfusion[1].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@tripod.lycos[2].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@tripod[1].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@weborama[1].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@www.burstnet[1].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@www.nacionads erver[1].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@xiti[1].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@yadro[1].txt
F:\Seguridad\PC14\Documents and Settings\CordAdmin\Cookies\cordadmin@zedo[1].txt
F:\CompaqHome\Documents and Settings\Myroso\Cookies\myroso@atdmt[2].txt
F:\CompaqHome\Documents and Settings\jd\Cookies\jd@ads.tripod.lycos[1].txt
F:\CompaqHome\Documents and Settings\jd\Cookies\jd@tripod.lycos[1].txt
F:\CompaqHome\Seguridad\jd\Cookies\jd@hotbar[1].txt
F:\backuptenjo\PC09CDERLY\WINDOWS\Cookies\deptco@w ww.macromedia[2].txt
F:\backuptenjo\PC09CDERLY\WINDOWS\Cookies\deptco@2 o7[1].txt
F:\backuptenjo\PC09DDERLY\copia a\Pc01\Windows\Cookies\pc01@ads.adsag[1].txt
F:\backuptenjo\PC09DDERLY\copia a\Pc01\Windows\Cookies\pc01@atdmt[2].txt

Trojan.Downloader-Gen/A
D:\FACTORY\PKS\A.EXE
F:\FACTORY\PKS\A.EXE
F:\BACKUPTENJO\CFABIO\FACTORY\PKS\A.EXE
F:\BACKUPTENJO\PC09CDERLY\FACTORY\PKS\A.EXE
F:\BACKUPTENJO\PC09DDERLY\COPIA A\FACTORY\PKS\A.EXE
F:\BACKUPTENJO\CPC19SERVIDOR\CARPETA CON ERRORES DE FACTORY\FACTORY\PKS\A.EXE
F:\BACKUPTENJO\CPC19SERVIDOR\DOCUMENTS AND SETTINGS\FACTORY\PKS\A.EXE


log karspersky

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER INFORME
martes, 12 de febrero de 2008 10:33:56
Sistema operativo: Microsoft Windows Server&nbsp;2003 family,, Service Pack 2 (Build 3790)
Kaspersky Online Scanner versión: 5.0.84.1
Ultima actualización: 9/02/2008
Registros en la base antivirus: 515127
-------------------------------------------------------------------------------

Configuración del análisis:
Analizar usando las siguientes bases: standard
Analizar archivos: verdadero
Analizar bases de correo: verdadero

Objetivo a analizar - Mi PC:
A:\
C:\
D:\
E:\
F:\
G:\
Z:\

Estadísticas:
Número de objeros analizados: 483918
Virus encontrados: 2
Objetos infectados: 32 / 0
Objetos sospechosos: 0
Duración del análisis: 46:46:56

Bombre del objeto infectado / Nombre del virus / Última acción
C:\Documents and Settings\Administrator\Application Data\Iomega Automatic Backup Pro\VaultDb.tdb Object is locked saltado
C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERAN TISPYWARE.LOG Object is locked saltado
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked saltado
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked saltado
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked saltado
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked saltado
C:\Documents and Settings\Administrator\Local Settings\Temp\fla16.tmp Object is locked saltado
C:\Documents and Settings\Administrator\Local Settings\Temp\JET49B.tmp Object is locked saltado
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked saltado
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked saltado
C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked saltado
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked saltado
C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\Config\interchk.chk Object is locked saltado
C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\logs\SAV.txt Object is locked saltado
C:\Documents and Settings\Default User\Cookies\index.dat Object is locked saltado
C:\Documents and Settings\Default User\Local Settings\History\History.IE5\index.dat Object is locked saltado
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked saltado
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked saltado
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked saltado
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked saltado
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked saltado
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked saltado
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked saltado
C:\Program Files\Dell\OpenManage\Array Manager\VxSvc.log Object is locked saltado
C:\Program Files\Microsoft SQL Server\MSSQL\Data\master.mdf Object is locked saltado
C:\Program Files\Microsoft SQL Server\MSSQL\Data\mastlog.ldf Object is locked saltado
C:\Program Files\Microsoft SQL Server\MSSQL\Data\model.mdf Object is locked saltado
C:\Program Files\Microsoft SQL Server\MSSQL\Data\modellog.ldf Object is locked saltado
C:\Program Files\Microsoft SQL Server\MSSQL\Data\tempdb.mdf Object is locked saltado
C:\Program Files\Microsoft SQL Server\MSSQL\Data\templog.ldf Object is locked saltado
C:\Program Files\Microsoft SQL Server\MSSQL\LOG\ERRORLOG Object is locked saltado
C:\Program Files\Microsoft SQL Server\MSSQL$SOPHOS\Data\master.mdf Object is locked saltado
C:\Program Files\Microsoft SQL Server\MSSQL$SOPHOS\Data\mastlog.ldf Object is locked saltado
C:\Program Files\Microsoft SQL Server\MSSQL$SOPHOS\Data\model.mdf Object is locked saltado
C:\Program Files\Microsoft SQL Server\MSSQL$SOPHOS\Data\modellog.ldf Object is locked saltado
C:\Program Files\Microsoft SQL Server\MSSQL$SOPHOS\Data\SOPHOS2.mdf Object is locked saltado
C:\Program Files\Microsoft SQL Server\MSSQL$SOPHOS\Data\SOPHOS2_log.LDF Object is locked saltado
C:\Program Files\Microsoft SQL Server\MSSQL$SOPHOS\Data\tempdb.mdf Object is locked saltado
C:\Program Files\Microsoft SQL Server\MSSQL$SOPHOS\Data\templog.ldf Object is locked saltado
C:\Program Files\Microsoft SQL Server\MSSQL$SOPHOS\LOG\ERRORLOG Object is locked saltado
C:\Program Files\Sophos\SCC\CertificationManager\Logs\CertMan ager-20080205-181120.log Object is locked saltado
C:\Program Files\Sophos\SCC\MgntSvc-20080205-181125.log Object is locked saltado
C:\Program Files\Sophos\SCC\Remote Management System\Agent\Logs\Agent-20080209-014613.log Object is locked saltado
C:\Program Files\Sophos\SCC\Remote Management System\EMLib\Logs\EMLib-20080205-181120.log Object is locked saltado
C:\Program Files\Sophos\SCC\Remote Management System\Router\Logs\Router-20080205-181126.log Object is locked saltado
C:\WINDOWS\Debug\Netlogon.log Object is locked saltado
C:\WINDOWS\Debug\NtFrs_0005.log Object is locked saltado
C:\WINDOWS\Debug\PASSWD.LOG Object is locked saltado
C:\WINDOWS\NETLOGON.CHG Object is locked saltado
C:\WINDOWS\ntds\edb.log Object is locked saltado
C:\WINDOWS\ntds\edbtmp.log Object is locked saltado
C:\WINDOWS\ntds\ntds.dit Object is locked saltado
C:\WINDOWS\ntds\temp.edb Object is locked saltado
C:\WINDOWS\ntfrs\jet\log\edb.log Object is locked saltado
C:\WINDOWS\ntfrs\jet\ntfrs.jdb Object is locked saltado
C:\WINDOWS\ntfrs\jet\temp\tmp.edb Object is locked saltado
C:\WINDOWS\SoftwareDistribution\EventCache\{7187A3 FF-31D5-47C9-BFB6-8FE9EF02BC74}.bin Object is locked saltado
C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked saltado
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked saltado
C:\WINDOWS\system32\config\default Object is locked saltado
C:\WINDOWS\system32\config\default.LOG Object is locked saltado
C:\WINDOWS\system32\config\DnsEvent.Evt Object is locked saltado
C:\WINDOWS\system32\config\Internet Explorer.evt Object is locked saltado
C:\WINDOWS\system32\config\NTDS.Evt Object is locked saltado
C:\WINDOWS\system32\config\NtFrs.Evt Object is locked saltado
C:\WINDOWS\system32\config\SAM Object is locked saltado
C:\WINDOWS\system32\config\SAM.LOG Object is locked saltado
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked saltado
C:\WINDOWS\system32\config\SECURITY Object is locked saltado
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked saltado
C:\WINDOWS\system32\config\software Object is locked saltado
C:\WINDOWS\system32\config\software.LOG Object is locked saltado
C:\WINDOWS\system32\config\SophosEvent.evt Object is locked saltado
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked saltado
C:\WINDOWS\system32\config\system Object is locked saltado
C:\WINDOWS\system32\config\system.LOG Object is locked saltado
C:\WINDOWS\system32\dhcp\dhcp.mdb Object is locked saltado
C:\WINDOWS\system32\dhcp\DhcpSrvLog-Sat.log Object is locked saltado
C:\WINDOWS\system32\dhcp\j50.log Object is locked saltado
C:\WINDOWS\system32\dhcp\j50tmp.log Object is locked saltado
C:\WINDOWS\system32\dhcp\tmp.edb Object is locked saltado
C:\WINDOWS\system32\dns\dns.log Object is locked saltado
C:\WINDOWS\system32\h323log.txt Object is locked saltado
C:\WINDOWS\system32\LServer\edb.log Object is locked saltado
C:\WINDOWS\system32\LServer\edbtmp.log Object is locked saltado
C:\WINDOWS\system32\LServer\TLSLic.edb Object is locked saltado
C:\WINDOWS\system32\LServer\tmp.edb Object is locked saltado
C:\WINDOWS\system32\MsDtc\MSDTC.LOG Object is locked saltado
C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked saltado
C:\WINDOWS\Tasks\SchedLgU.Txt Object is locked saltado
C:\WINDOWS\Temp\hsperfdata_SYSTEM\2576 Object is locked saltado
C:\WINDOWS\Temp\VxsvcError.log.tmp Object is locked saltado
C:\WINDOWS\WindowsUpdate.log Object is locked saltado
D:\Factory\AUTOEXEC.BAT Infectados: Worm.Win32.VB.il saltado
D:\Factory\CONT\FOXUSER.DBF Object is locked saltado
D:\Factory\CONT\FOXUSER.FPT Object is locked saltado
D:\Factory\CONT\_2AO0MWTY9.DBC Object is locked saltado
D:\Factory\CONT\_2AO0MWTY9.DCT Object is locked saltado
D:\Factory\CONT\_2AO0MWTY9.DCX Object is locked saltado
D:\Factory\NOM\FOXUSER.DBF Object is locked saltado
D:\Factory\NOM\FOXUSER.FPT Object is locked saltado
D:\Factory\NTDETECT.COM Infectados: Worm.Win32.VB.il saltado
D:\Factory\RECYCLER\S-1-5-21-1078081533-1229272821-725345543-666\AUTOEXEC.BAT Infectados: Worm.Win32.VB.il saltado
D:\Factory\RECYCLER\S-1-5-21-1078081533-1229272821-725345543-666\NTDETECT.COM Infectados: Worm.Win32.VB.il saltado
D:\Factory\RECYCLER\S-1-5-21-1078081533-1229272821-725345543-666\svch.com Infectados: Worm.Win32.VB.il saltado
D:\Factory\RECYCLER\S-1-5-21-1078081533-1229272821-725345543-666\winwkh.exe Infectados: Worm.Win32.VB.il saltado
D:\Factory\Temp\AUTOEXEC.BAT Infectados: Worm.Win32.VB.il saltado
D:\RECYCLER\S-1-5-21-405388489-1769468277-2961378379-500\Dd22\S-1-5-21-1078081533-1229272821-725345543-666\AUTOEXEC.BAT Infectados: Worm.Win32.VB.il saltado
D:\RECYCLER\S-1-5-21-405388489-1769468277-2961378379-500\Dd22\S-1-5-21-1078081533-1229272821-725345543-666\NTDETECT.COM Infectados: Worm.Win32.VB.il saltado
D:\RECYCLER\S-1-5-21-405388489-1769468277-2961378379-500\Dd22\S-1-5-21-1078081533-1229272821-725345543-666\svch.com Infectados: Worm.Win32.VB.il saltado
D:\RECYCLER\S-1-5-21-405388489-1769468277-2961378379-500\Dd22\S-1-5-21-1078081533-1229272821-725345543-666\winwkh.exe Infectados: Worm.Win32.VB.il saltado
D:\RECYCLER\S-1-5-21-405388489-1769468277-2961378379-500\Dd23\S-1-5-21-1078081533-1229272821-725345543-666\AUTOEXEC.BAT Infectados: Worm.Win32.VB.il saltado
D:\RECYCLER\S-1-5-21-405388489-1769468277-2961378379-500\Dd23\S-1-5-21-1078081533-1229272821-725345543-666\NTDETECT.COM Infectados: Worm.Win32.VB.il saltado
D:\RECYCLER\S-1-5-21-405388489-1769468277-2961378379-500\Dd23\S-1-5-21-1078081533-1229272821-725345543-666\svch.com Infectados: Worm.Win32.VB.il saltado
D:\RECYCLER\S-1-5-21-405388489-1769468277-2961378379-500\Dd23\S-1-5-21-1078081533-1229272821-725345543-666\winwkh.exe Infectados: Worm.Win32.VB.il saltado
D:\Sima\AUTOEXEC.BAT Infectados: Worm.Win32.VB.il saltado
D:\Sima\NTDETECT.COM Infectados: Worm.Win32.VB.il saltado
D:\Sima\RECYCLER\S-1-5-21-1078081533-1229272821-725345543-666\AUTOEXEC.BAT Infectados: Worm.Win32.VB.il saltado
D:\Sima\RECYCLER\S-1-5-21-1078081533-1229272821-725345543-666\NTDETECT.COM Infectados: Worm.Win32.VB.il saltado
D:\Sima\RECYCLER\S-1-5-21-1078081533-1229272821-725345543-666\svch.com Infectados: Worm.Win32.VB.il saltado
D:\Sima\RECYCLER\S-1-5-21-1078081533-1229272821-725345543-666\winwkh.exe Infectados: Worm.Win32.VB.il saltado
D:\Sima\Temp\AUTOEXEC.BAT Infectados: Worm.Win32.VB.il saltado
F:\CompaqHome\Documents and Settings\Myroso\Local Settings\Application Data\Identities\{5D8CA754-4916-4DAB-903C-0B9F1E10484A}\Microsoft\Outlook Express\Deleted Items.dbx/[From eBay <support_ref_46686050616508@ebay.com>][Date Tue, 09 Aug 2005 09:09:49 +0200]/UNNAMED/html Infectados: Trojan-Spy.HTML.Bayfraud.hn saltado
F:\CompaqHome\Documents and Settings\Myroso\Local Settings\Application Data\Identities\{5D8CA754-4916-4DAB-903C-0B9F1E10484A}\Microsoft\Outlook Express\Deleted Items.dbx/[From eBay <support_ref_46686050616508@ebay.com>][Date Tue, 09 Aug 2005 09:09:49 +0200]/UNNAMED Infectados: Trojan-Spy.HTML.Bayfraud.hn saltado
F:\CompaqHome\Documents and Settings\Myroso\Local Settings\Application Data\Identities\{5D8CA754-4916-4DAB-903C-0B9F1E10484A}\Microsoft\Outlook Express\Deleted Items.dbx Mail MS Outlook 5: infectado - 2 saltado
G:\AUTOEXEC.BAT Infectados: Worm.Win32.VB.il saltado
G:\COMP\CENTROS.CDX Object is locked saltado
G:\COMP\CENTROS.FIL Object is locked saltado
G:\COMP\C_MARYR1.fil Object is locked saltado
G:\COMP\C_MARYR1.IDX Object is locked saltado
G:\COMP\C_MARYR2.fil Object is locked saltado
G:\COMP\C_ORDEN1.FPT Object is locked saltado
G:\COMP\C_ORDEN1.REP Object is locked saltado
G:\COMP\C__2AQ0KVMUY.DBC Object is locked saltado
G:\COMP\C__2AQ0KVMUY.DCT Object is locked saltado
G:\COMP\C__2AQ0KVMUY.DCX Object is locked saltado
G:\COMP\FOXUSER.DBF Object is locked saltado
G:\COMP\FOXUSER.FPT Object is locked saltado
G:\FACT\FANDRE2.DBF Object is locked saltado
G:\FACT\FOXUSER.DBF Object is locked saltado
G:\FACT\FOXUSER.FPT Object is locked saltado
G:\FACT\ORDEN.FIL Object is locked saltado
G:\FACT\Pedidos.CDX Object is locked saltado
G:\FACT\PEDIDOS.FIL Object is locked saltado
G:\FACT\Vendedor.CDX Object is locked saltado
G:\FACT\vendedor.fil Object is locked saltado
G:\INV\BODEGAS.CDX Object is locked saltado
G:\INV\BODEGAS.FIL Object is locked saltado
G:\INV\DPTO.CDX Object is locked saltado
G:\INV\DPTO.FIL Object is locked saltado
G:\INV\MAESTRO.CDX Object is locked saltado
G:\INV\maestro.FIL Object is locked saltado
G:\INV\MAESTRO1.CDX Object is locked saltado
G:\INV\maestro1.FIL Object is locked saltado
G:\INV\METODO.CDX Object is locked saltado
G:\INV\METODO.FIL Object is locked saltado
G:\NTDETECT.COM Infectados: Worm.Win32.VB.il saltado
G:\PROD\FOXUSER.DBF Object is locked saltado
G:\PROD\FOXUSER.FPT Object is locked saltado
G:\PROD\MASTER.CDX Object is locked saltado
G:\PROD\MASTER.FIL Object is locked saltado
G:\PROD\MASTER.FPT Object is locked saltado
G:\PROD\MASTER1.CDX Object is locked saltado
G:\PROD\MASTER1.FIL Object is locked saltado
G:\PROD\MASTER3.CDX Object is locked saltado
G:\PROD\MASTER3.FIL Object is locked saltado
G:\PROD\PRGUSTAV.DBF Object is locked saltado
G:\RECYCLER\S-1-5-21-1078081533-1229272821-725345543-666\AUTOEXEC.BAT Infectados: Worm.Win32.VB.il saltado
G:\RECYCLER\S-1-5-21-1078081533-1229272821-725345543-666\NTDETECT.COM Infectados: Worm.Win32.VB.il saltado
G:\RECYCLER\S-1-5-21-1078081533-1229272821-725345543-666\svch.com Infectados: Worm.Win32.VB.il saltado
G:\RECYCLER\S-1-5-21-1078081533-1229272821-725345543-666\winwkh.exe Infectados: Worm.Win32.VB.il saltado
G:\Temp\AUTOEXEC.BAT Infectados: Worm.Win32.VB.il saltado

Análisis completado.

Hola, ahora tendrías que borrar los archivos infectados que te detecta el KAS

"D:\Factory\AUTOEXEC.BAT"
"D:\Factory\NTDETECT.COM"

El resto esta en las carpetas de Recycler por lo que limpia todo tu equipo con estos pasos:


Descarga CCleaner y ejecútalo usando primero su opción de "Limpiador" para borrar cookies, temporales de internet y todos los archivos que este te muestre como obsoletos, y luego usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad).

Una vez que este termine de limpiar todo, actualiza "Java", hace una Desfragmentación del disco con la opción de Windows y pasa por www.windowsupdate.com para descargar todos los parches disponibles (si tu sistema lo permite)

• Descarga y ejecuta la utilidad Advanced WindowsCare, para reparar y optimizar a fondo tu PC.

Reinicia y nos contas los resultados.

Salu2

hago todo lo que dices pero apenas borro el autoexec.bat y el ntdetect.com vuelve y me los crea y mke crea los siguientes archivos de texto

1.- [* ¿Por que gastáis el dinos en lo que no es pan, y vuestro trabajo en lo que no sacia? *]
[* come del bien y se deleitara nuestra alma *]

[* Así será mi palabra que sale de mi boca: no volverá a mi vaca, si no hara lo que yo *]
[* quiero y será prosperada en aquello para que la envié *]

[* por que no contenderé para siempre, ni para siempre me enojaré: pues decaería ante *]
[* mi el espíritu, y las almas que yo he creado *]

[* Por que vendrá el enemigo como rió, mas el espíritu de Jehová levantara bandera *]
[* contra el *]

[* Levántate y resplandece; por ha venido tu luz, y la gloria de Jehová ha nacido sobre ti *]

[*Jehová dijo así: el cielo es mi trono y la tierra estrado de mis pies; ¿donde esta la casa *]
[* que me habréis de edificar y donde el lugar de mi reposo? *]


2.-
[* ¡Ay de los que dictan leyes injustas, y prescriben tiranía *]

[* Vienen de lejana tierra, de lo postrero de los cielos, Jehová y los instrumentos de su *]
[* ira, para destruir la tierra *]

[* Con arco tiraran a los niños, y no tendrán misericordia del fruto del vientre, ni su ojo *]
[* perdonará a sus hijos *]



[* Vosotros, todos los moradores de la mundo y habitantes de la tierra, cuando se levante *]
[* bandera en los monte mirad; y cuando se toque trompeta escucha *]

[* He aquí que Jehová vacía la tierra y la desnuda y la desnuda, y trasforma su faz y hace *]
[* esparcir sus moradores *]

[* Terror, foso y red sobre ti, OH morador de la tierra *]


que son los archivos que me llenan el disco y no se que hacer.


ademas noto que cuando corre el cccleaner lo hace solo sobre el C:\

En ese caso te recomiendo un buen formateo a tu pc.

Salu2