Foro de InfoSpyware - Foro de Hijackthis - Foro de Virus

Hola a todos por favor tengo este virus trojan horse backdoor.generic9.wox y no lo puedo eliminar. busque en el foro pero como no era exactamente el mismo no indague mucho. Talvez este la repuesta por ahi soy novato. ayuda por favor gracias

Bienvenido al Foro

Haz lo siguiente:

• Descarga y actualiza Malwarebytes’ Anti-Malware
• Descarga CCleaner

1. Desactiva Restaurar Sistema
2. Reinicia en Modo Seguro
3. Haz una Limpieza con CCleaner, usa la opción Limpiador para borrar cookies y temporales, y la opción Registro para efectuar una limpieza del registro de Windows.
4. Ejecuta Malwarebytes’ Anti-Malware (Es importante que selecciones escaneo completo de la PC y que limpie lo que encuentre.
   
5. Reinicia en Modo Normal y pasa Kaspersky on line, pegando aquí el reporte que genere, junto con el de Malwarebytes' Anti-Malware
   (Selecciona MiPC, para que el escaneo sea completo)
   
   
   
   *Una vez terminados los pasos, vuelve a activar Restaurar Sistema*

Saludos

Guau que velocidad de respuesta !!!!!! Gracias lo pruebo y te cuento

ok esto es el resultado de los analizis
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, April 02, 2008 9:25:40 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 2/04/2008
Kaspersky Anti-Virus database records: 677382
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 54619
Number of viruses found: 2
Number of infected objects: 3
Number of suspicious objects: 0
Duration of the scan process: 00:49:26

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Datos de programa\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\DIEGO\Configuración local\Archivos temporales de Internet\Content.IE5\1NF7TLKE\PmsSrv[1] Object is locked skipped
C:\Documents and Settings\DIEGO\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\DIEGO\Configuración local\Archivos temporales de Internet\Content.IE5\OHUZ8LQF\0000000001_000000000 000000562424[1].swf Object is locked skipped
C:\Documents and Settings\DIEGO\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\DIEGO\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\DIEGO\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\DIEGO\Configuración local\Historial\History.IE5\MSHist0120080402200804 03\index.dat Object is locked skipped
C:\Documents and Settings\DIEGO\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\DIEGO\Datos de programa\SUPERAntiSpyware.com\SUPERAntiSpyware\App Logs\SUPERANTISPYWARE-3-31-2008( 20-55-30 ).LOG Object is locked skipped
C:\Documents and Settings\DIEGO\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\DIEGO\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\0PAB0HYJ\in[1].htm Infected: Trojan-Downloader.JS.Zapchast.f skipped
C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\KHYF4T2B\in[1].htm Infected: Trojan-Downloader.JS.Zapchast.f skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\Rhw51.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\lich.dat Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\WLCtrl32.dll Infected: Trojan-Downloader.Win32.Agent.lxa skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\Incoming\Ares\___ARESTRA___big guns 2.avi Object is locked skipped
D:\Incoming\Ares\___ARESTRA___catalina - bear boned (gay, bears, hairy, hunks, muscle).avi Object is locked skipped
D:\Incoming\Ares\___ARESTRA___catalinaville (catalina, 1998) - steve rambo, cole tucker, ray harley, tony bullitt, matthew anders, cliff parker, loga.mpg Object is locked skipped
D:\Incoming\Ares\___ARESTRA___femdom_-_manholes_(strapon,fisting)(1).mpg Object is locked skipped
D:\Incoming\Ares\___ARESTRA___gay - bears - iron house - cop corruption.avi Object is locked skipped
D:\Incoming\Temp emule\001.part Object is locked skipped
D:\Incoming\Temp emule\002.part Object is locked skipped
D:\Incoming\Temp emule\003.part Object is locked skipped
D:\Incoming\Temp emule\004.part Object is locked skipped
D:\Incoming\Temp emule\005.part Object is locked skipped
D:\Incoming\Temp emule\024.part Object is locked skipped
D:\Incoming\Temp emule\025.part Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.
Malwarebytes' Anti-Malware 1.09
Versión de la Base de Datos: 574

Tipo de examen : Examen Completo (C:\|D:\|)
Objetos examinados: 76954
Tiempo transcurrido: 14 minute(s), 6 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 1
Claves del Registro Infectadas: 16
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 0
Ficheros Infectados: 9

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
C:\WINDOWS\system32\WLCtrl32.dll (Trojan.Agent) -> No action taken.

Claves del Registro Infectadas:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{3c49ddac-3da4-4743-af6c-5974feaf875c} (Trojan.DownLoader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{54c7d1dd-4296-451e-b756-1e94f665b4ff} (Spyware.Graball) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WLCtrl32 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\USB2_04 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\n tsvc32k (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\n tsvc32k (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\ntsvc32k (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\r dpsvc2 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\r dpsvc2 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\rdpsvc2 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\s ysvideo32 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\s ysvideo32 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sysvideo32 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\w inmgt32k (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\w inmgt32k (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\winmgt32k (Trojan.Agent) -> No action taken.

Valores del Registro Infectados:
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
(No se han detectado elementos maliciosos)

Ficheros Infectados:
C:\Documents and Settings\DIEGO\Configuración local\Temp\GLK3.tmp (Rogue.EvidenceEliminator) -> No action taken.
C:\WINDOWS\system32\WLCtrl32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\lich.dat (Spyware.Passwords.LDPinch) -> No action taken.
C:\WINDOWS\system32\0_exception.nls (Trojan.Tibs) -> No action taken.
C:\Archivos de programa\Archivos comunes\System\ntsvc32k.exe (Trojan.Agent) -> No action taken.
C:\Archivos de programa\Archivos comunes\System\RDPsvc2.exe (Trojan.Agent) -> No action taken.
C:\Archivos de programa\Archivos comunes\System\sysvideo32.dll (Trojan.Agent) -> No action taken.
C:\Archivos de programa\Archivos comunes\System\winmgt32k.dll (Trojan.Agent) -> No action taken.
C:\Documents and Settings\DIEGO\Configuración local\Temp\winlogon.exe_old (Heuristics.Reserved.Word.Exploit) -> No action taken.


espero puedas ayudarme gracias

Descarga OTMoveIt y lo guardas en el Escritorio.
Haz un doble clic sobre OTMoveIt.exe para ejecutarlo.
Asegurate que este marcado "Unregister Dll's and Ocx's".
Copia el texto que se encuentra en el recuadro de más abajo, y lo pegas en el cuadro Paste Standard List of Files / Folders Move

Clic en MoveIt! para iniciar la eliminación.
Reinicia la PC (Este paso es importante), y busca el reporte que genera en:
C: \ _ OTMoveIt\MovedFiles


Luego vuelve a ejecutar Malwarebytes' Anti-Malware, pero selecciona la opción "Quitar lo encontrado", para que elimine las claves de registro infectadas.

Haz un nuevo escaneo on line y dejas el reporte.

Saludos

Bueno este es el nuevo reporte. Creo que hice todo ok pero la verdad es que no se -------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, April 05, 2008 4:14:02 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 5/04/2008
Kaspersky Anti-Virus database records: 684963
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 57959
Number of viruses found: 2
Number of infected objects: 3
Number of suspicious objects: 0
Duration of the scan process: 00:57:56

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Datos de programa\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\DIEGO\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\DIEGO\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\DIEGO\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\DIEGO\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\DIEGO\Configuración local\Historial\History.IE5\MSHist0120080405200804 06\index.dat Object is locked skipped
C:\Documents and Settings\DIEGO\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\DIEGO\Datos de programa\SUPERAntiSpyware.com\SUPERAntiSpyware\App Logs\SUPERANTISPYWARE-4-4-2008( 6-22-25 ).LOG Object is locked skipped
C:\Documents and Settings\DIEGO\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\DIEGO\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\DIEGO\UserData\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{159CD0C1-E82D-4C4A-9530-6133DE657AF7}\RP1\A0001117.dll Object is locked skipped
C:\System Volume Information\_restore{159CD0C1-E82D-4C4A-9530-6133DE657AF7}\RP2\A0001156.dll Object is locked skipped
C:\System Volume Information\_restore{159CD0C1-E82D-4C4A-9530-6133DE657AF7}\RP2\A0001157.dll Object is locked skipped
C:\System Volume Information\_restore{159CD0C1-E82D-4C4A-9530-6133DE657AF7}\RP3\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Configura ción local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Configura ción local\Historial\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Cookies\i ndex.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Datos de programa\Microsoft\MSNLiveFav\LiveFavorites.xml Object is locked skipped
C:\WINDOWS\system32\drivers\Rhw51.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\WLCtrl32.dll Object is locked skipped
C:\WINDOWS\Temp\154015.exe Infected: Trojan-Downloader.Win32.Agent.mkb skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\_OTMoveIt\MovedFiles\04032008_014047\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\0PAB0HYJ\in[1].htm Infected: Trojan-Downloader.JS.Zapchast.f skipped
C:\_OTMoveIt\MovedFiles\04032008_014047\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\KHYF4T2B\in[1].htm Infected: Trojan-Downloader.JS.Zapchast.f skipped
D:\Incoming\Ares\___ARESTRA___big guns 2.avi Object is locked skipped
D:\Incoming\Ares\___ARESTRA___catalina - bear boned (gay, bears, hairy, hunks, muscle).avi Object is locked skipped
D:\Incoming\Ares\___ARESTRA___catalinaville (catalina, 1998) - steve rambo, cole tucker, ray harley, tony bullitt, matthew anders, cliff parker, loga.mpg Object is locked skipped
D:\Incoming\Ares\___ARESTRA___femdom_-_manholes_(strapon,fisting)(1).mpg Object is locked skipped
D:\Incoming\Ares\___ARESTRA___gay - bears - iron house - cop corruption.avi Object is locked skipped
D:\Incoming\Temp emule\001.part Object is locked skipped
D:\Incoming\Temp emule\002.part Object is locked skipped
D:\Incoming\Temp emule\003.part Object is locked skipped
D:\Incoming\Temp emule\004.part Object is locked skipped
D:\Incoming\Temp emule\005.part Object is locked skipped
D:\Incoming\Temp emule\024.part Object is locked skipped
D:\Incoming\Temp emule\025.part Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{159CD0C1-E82D-4C4A-9530-6133DE657AF7}\RP3\change.log Object is locked skipped

Scan process completed.

Hola salba. Hace un tiempo que no me sale nada del virus en cuestion. Ahora me salen otros jajaja...pero bueno ya vere como eliminarlo. gracias por los datos

Perdón la demora, tuve que ausentarme unos días.

Deja otro reporte a ver que tal estamos.

Saludos

hola salba gracias! este es mi nuevo analizis...
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, April 08, 2008 12:57:28 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 8/04/2008
Kaspersky Anti-Virus database records: 689792
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 64886
Number of viruses found: 3
Number of infected objects: 4
Number of suspicious objects: 0
Duration of the scan process: 00:51:32

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Datos de programa\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\DIEGO\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\DIEGO\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\DIEGO\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\DIEGO\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\DIEGO\Configuración local\Historial\History.IE5\MSHist0120080408200804 09\index.dat Object is locked skipped
C:\Documents and Settings\DIEGO\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\DIEGO\Datos de programa\SUPERAntiSpyware.com\SUPERAntiSpyware\App Logs\SUPERANTISPYWARE-4-7-2008( 23-22-22 ).LOG Object is locked skipped
C:\Documents and Settings\DIEGO\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\DIEGO\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\DataStor e.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb .log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp .edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\Download\cd8270d24 64165622aac9be2aac10652\download\BIT25.tmp Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{505D1B D1-24EB-4D42-A8D7-F406855B4978}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edbtmp.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Configura ción local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Configura ción local\Historial\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Cookies\i ndex.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Datos de programa\Microsoft\MSNLiveFav\LiveFavorites.xml Object is locked skipped
C:\WINDOWS\system32\drivers\Rhw51.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\154234.exe Infected: Backdoor.Win32.Agent.gij skipped
C:\WINDOWS\Temp\20935921.exe Infected: Backdoor.Win32.Agent.ggs skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\_OTMoveIt\MovedFiles\04032008_014047\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\0PAB0HYJ\in[1].htm Infected: Trojan-Downloader.JS.Zapchast.f skipped
C:\_OTMoveIt\MovedFiles\04032008_014047\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\KHYF4T2B\in[1].htm Infected: Trojan-Downloader.JS.Zapchast.f skipped
D:\Incoming\Ares\___ARESTRA___big guns 2.avi Object is locked skipped
D:\Incoming\Ares\___ARESTRA___catalina - bear boned (gay, bears, hairy, hunks, muscle).avi Object is locked skipped
D:\Incoming\Ares\___ARESTRA___catalinaville (catalina, 1998) - steve rambo, cole tucker, ray harley, tony bullitt, matthew anders, cliff parker, loga.mpg Object is locked skipped
D:\Incoming\Ares\___ARESTRA___femdom_-_manholes_(strapon,fisting)(1).mpg Object is locked skipped
D:\Incoming\Ares\___ARESTRA___gay - bears - iron house - cop corruption.avi Object is locked skipped
D:\Incoming\Temp emule\001.part Object is locked skipped
D:\Incoming\Temp emule\002.part Object is locked skipped
D:\Incoming\Temp emule\003.part Object is locked skipped
D:\Incoming\Temp emule\004.part Object is locked skipped
D:\Incoming\Temp emule\005.part Object is locked skipped
D:\Incoming\Temp emule\007.part Object is locked skipped
D:\Incoming\Temp emule\008.part Object is locked skipped
D:\Incoming\Temp emule\009.part Object is locked skipped
D:\Incoming\Temp emule\010.part Object is locked skipped
D:\Incoming\Temp emule\011.part Object is locked skipped
D:\Incoming\Temp emule\012.part Object is locked skipped
D:\Incoming\Temp emule\024.part Object is locked skipped
D:\Incoming\Temp emule\025.part Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

Descarga OTMoveIt y lo guardas en el Escritorio.
Haz un doble clic sobre OTMoveIt.exe para ejecutarlo.
Asegurate que este marcado "Unregister Dll's and Ocx's".
Copia el texto que se encuentra en el recuadro de más abajo, y lo pegas en el cuadro Paste Standard List of Files / Folders Move

Clic en MoveIt! para iniciar la eliminación.
Reinicia la PC (Este paso es importante), y busca el reporte que genera en:
C: \ _ OTMoveIt\MovedFiles

Luego deja otro reporte, esta vez de Panda