Foro de InfoSpyware - Foro de Hijackthis - Foro de Virus

Buenas que tal. Despues de hacer un scan en mi pc arrojo ( number of infected objects 2 )
C:WINDOWS\system32\ddcDwxWP.dll-a variant of Win32/Adware.Virtumonde.NCV application
C:WINDOWS\system32\ddcDwxWP.dll-a variant of Win32/Adware.Virtumonde.NCV application
tal cual, aparece 2 veces...
No puedo eliminarlos bueno de mas no esta decir que soy un poco novato en estas cosas. Y a la hora de navegar hay ventanas emergentes tambien un recuadro de ASE_Setup_free_es_exe diciendome que estoy infectado llamandome a instalar dicho programa antivirus. Confio en la capacidad que tienen y sus consejos para resolver ciertos problemas...
Sin mas que agregar me despido, y gracias de antemano por esta via de ayuda

ola

si puedes apaga la opcion de restaurar sistema y ejecuta este programa :dr web lees el manual atentamente te sera mas fasil si imprimes y luego sigues los pasos .

en tu proximo log me comentas como va el pasiente .

saludos

Hola Anoika como andas... Gracias por tu respuesta, he querido conectarme despues de mi primer mensaje pero el trabajo aveces nos absorbe.
Despues del escaneo o analisis con DR web como indicaste arrojo lo siguiente:

ddcdwxwp.dll c:\windows\system32 Trojan.Virtumod.448 Eliminado.
ddcDwxWP.dll C:\WINDOWS\system32 Trojan.Virtumod.448 Eliminado.
fcnmda.dll C:\WINDOWS\system32 Trojan.Juan.54 Eliminado.
leidhpcf.dll C:\WINDOWS\system32 Trojan.Virtumod.569 Eliminado.
nncrpfbd.dll C:\WINDOWS\system32 Trojan.Juan.54 Eliminado.
omdpkk.dll C:\WINDOWS\system32 Trojan.Juan.54 Eliminado.
pasolotg.dll C:\WINDOWS\system32 Trojan.Juan.54 Eliminado.
sobilwlh.dll C:\WINDOWS\system32 Trojan.Juan.54 Eliminado.
xtmsro.dll C:\WINDOWS\system32 Trojan.Juan.54 Eliminado.

No se si tengo que hacer algun otro paso despues de esto, aun las ventanas emergentes siguen saliendo. Espero se halla borrado estos resultado.
Y gracias una vez mas por su ayuda

ola

deves eliminar esas infecciones manualmente como indica el manual del drweb , despues ejecuta y -o actualisa estas herramientas :

inisias en modo a prueba de errores:

* malware byte antymalware
* ccleaner
* escan on line con kasperzky.

lees los manuales y las ejecutas en el orden que estan.

pegas el reporte del malware byte y el del kasperzky , junto con comentar como sigue el pasiente

Buenas... Sr Anoika como anda. Tengo el reporte dado por Malwarebytes que enseguida lo muestro, pero aun no he podido escanear con Kaspersky On-line creo que mi modem es muy lento pero si lo llego a tener (el reporte) cuanto antes pego ambos como indico, mientras aqui esta uno de ellos.
Malwarebytes' Anti-Malware 1.30
Versión de la Base de Datos: 1415
Windows 5.1.2600 Service Pack 3

22/11/2008 17:40:46
mbam-log-2008-11-22 (17-40-46).txt

Tipo de examen : Examen Completo (C:\|)
Objetos examinados: 67809
Tiempo transcurrido: 23 minute(s), 19 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 2
Claves del Registro Infectadas: 30
Valores del Registro Infectados: 1
Elementos de Datos del Registro Infectados: 26
Carpetas Infectadas: 2
Ficheros Infectados: 14

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
C:\WINDOWS\system32\xxyvwWpn.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\yluext.dll (Trojan.Vundo.H) -> Delete on reboot.

Claves del Registro Infectadas:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{382347c3-da39-40ea-bb46-2b8afee1b94c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{382347c3-da39-40ea-bb46-2b8afee1b94c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{a9db5cd3-4e33-4222-b9ba-c534f8376edc} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{a9db5cd3-4e33-4222-b9ba-c534f8376edc} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{030a0f33-5b99-482e-83f5-2eeb8457878b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{302d49ca-575b-4262-9b8c-2f26c2d9f83a} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4d5f64f5-621b-434b-a6e2-7a889f72ceab} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{4d5f64f5-621b-434b-a6e2-7a889f72ceab} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{62078f5c-1993-40a1-8a7d-93fc0ce2476e} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{62078f5c-1993-40a1-8a7d-93fc0ce2476e} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8d392181-8295-4abd-9b08-101a197146b9} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{8d392181-8295-4abd-9b08-101a197146b9} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b2d23b32-d91e-4edc-9b09-c76afb209084} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{b2d23b32-d91e-4edc-9b09-c76afb209084} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b97286c5-8c30-464e-80e0-fb8d3e093b93} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{b97286c5-8c30-464e-80e0-fb8d3e093b93} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d13caca2-409b-4f4f-a91d-d41d2d237f79} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{d13caca2-409b-4f4f-a91d-d41d2d237f79} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{382347c3-da39-40ea-bb46-2b8afee1b94c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\e405.e405mgr (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\Warning Center (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> Quarantined and deleted successfully.

Valores del Registro Infectados:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\bc3bbf82 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Elementos de Datos del Registro Infectados:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\xxyvwwpn -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger.H) -> Data: kdqth.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\xxyvwwpn -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.Search) -> Bad: (http://windiwsfsearch.com/ie6.html) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.Search) -> Bad: (http://windiwsfsearch.com/ie6.html) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q=%s) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q=%s) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip\Parameters\Interfaces\{2d3354d1-4fdf-4247-9d7c-3d51c0c07ece}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.106,85.255.112.149 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip\Parameters\Interfaces\{88fb6680-7df4-49ec-abb5-f4a9f93b8f6d}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.106,85.255.112.149 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip\Parameters\Interfaces\{88fb6680-7df4-49ec-abb5-f4a9f93b8f6d}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.106,85.255.112.149 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\T cpip\Parameters\Interfaces\{2d3354d1-4fdf-4247-9d7c-3d51c0c07ece}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.106,85.255.112.149 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\T cpip\Parameters\Interfaces\{88fb6680-7df4-49ec-abb5-f4a9f93b8f6d}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.106,85.255.112.149 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\T cpip\Parameters\Interfaces\{88fb6680-7df4-49ec-abb5-f4a9f93b8f6d}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.106,85.255.112.149 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\T cpip\Parameters\Interfaces\{2d3354d1-4fdf-4247-9d7c-3d51c0c07ece}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.106,85.255.112.149 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\T cpip\Parameters\Interfaces\{88fb6680-7df4-49ec-abb5-f4a9f93b8f6d}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.106,85.255.112.149 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\T cpip\Parameters\Interfaces\{88fb6680-7df4-49ec-abb5-f4a9f93b8f6d}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.106,85.255.112.149 -> Quarantined and deleted successfully.

Carpetas Infectadas:
C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\675873 (Trojan.BHO) -> Quarantined and deleted successfully.

Ficheros Infectados:
C:\WINDOWS\system32\yluext.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\xxyvwWpn.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\npWwvyxx.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\npWwvyxx.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dslanvkn.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nkvnalsd.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hkcmsjri.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\irjsmckh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kdqth.exe (Rootkit.DNSChanger.H) -> Delete on reboot.
C:\WINDOWS\system32\nvkbjhwo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smqwpc.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tcbusfdb.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fccdbyYP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Archivos de programa\Applications\wcu.exe (Trojan.Zlob) -> Quarantined and deleted successfully.

No se espero sirva de algo mientras tanto

ola

descarga esta herramienta sigue las intrucciones y me comentas como va el pasiente:vundo fix

despues pegas el reporte del kasperzky ok

Buenos Dias Sr Anoika aqui estoy de nuevo, aqu tengo el reporte que arrojò kaspersky online scanner

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER INFORME
domingo, 23 de noviembre de 2008 7:02:21
Sistema operativo: Microsoft Windows XP Professional, Service Pack 3 (Build 2600)
Kaspersky Online Scanner versión: 5.0.84.1
Ultima actualización: 23/11/2008
Registros en la base antivirus: 1260611
-------------------------------------------------------------------------------

Configuración del análisis:
Analizar usando las siguientes bases: standard
Analizar archivos: verdadero
Analizar bases de correo: verdadero

Objetivo a analizar - Mi PC:
C:\
D:\
E:\

Estadísticas:
Número de objeros analizados: 29330
Virus encontrados: 1
Objetos infectados: 4 / 0
Objetos sospechosos: 0
Duración del análisis: 00:35:39

Bombre del objeto infectado / Nombre del virus / Última acción
C:\Documents and Settings\Administrador\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked saltado
C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Ahead\Nero Home\bl.db Object is locked saltado
C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Ahead\Nero Home\is2.db Object is locked saltado
C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Identities\{BAA9B6C8-BBAC-408F-AA17-59395C763F20}\Microsoft\Outlook Express\Folders.dbx Object is locked saltado
C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Identities\{BAA9B6C8-BBAC-408F-AA17-59395C763F20}\Microsoft\Outlook Express\Offline.dbx Object is locked saltado
C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked saltado
C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado
C:\Documents and Settings\Administrador\Configuración local\Historial\History.IE5\index.dat Object is locked saltado
C:\Documents and Settings\Administrador\Configuración local\Historial\History.IE5\MSHist0120081122200811 23\index.dat Object is locked saltado
C:\Documents and Settings\Administrador\Cookies\index.dat Object is locked saltado
C:\Documents and Settings\Administrador\Datos de programa\Datalayer\356962014128806\CalendarDB\vcal DB.dta Object is locked saltado
C:\Documents and Settings\Administrador\Datos de programa\Datalayer\356962014128806\ContactsDB\vcar dDB.dta Object is locked saltado
C:\Documents and Settings\Administrador\Datos de programa\Datalayer\356962014128806\notesDB\notesDB .dta Object is locked saltado
C:\Documents and Settings\Administrador\Datos de programa\Datalayer\356962014128806\SMSDB\smsDB.dta Object is locked saltado
C:\Documents and Settings\Administrador\NTUSER.DAT Object is locked saltado
C:\Documents and Settings\Administrador\NTUSER.DAT.LOG Object is locked saltado
C:\Documents and Settings\Administrador\Temp\hpodvd09.log Object is locked saltado
C:\Documents and Settings\Administrador\Temp\NDLC11 Object is locked saltado
C:\Documents and Settings\All Users\Datos de programa\ESET\ESET NOD32 Antivirus\Charon\CACHE.NDB Object is locked saltado
C:\Documents and Settings\All Users\Datos de programa\ESET\ESET NOD32 Antivirus\Logs\virlog.dat Object is locked saltado
C:\Documents and Settings\All Users\Datos de programa\ESET\ESET NOD32 Antivirus\Logs\warnlog.dat Object is locked saltado
C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr0.dat Object is locked saltado
C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr1.dat Object is locked saltado
C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked saltado
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked saltado
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado
C:\Documents and Settings\LocalService\Configuración local\Historial\History.IE5\index.dat Object is locked saltado
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked saltado
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked saltado
C:\Documents and Settings\LocalService\NTUSER.DAT.LOG Object is locked saltado
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked saltado
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked saltado
C:\Documents and Settings\NetworkService\NTUSER.DAT.LOG Object is locked saltado
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked saltado
C:\WINDOWS\Debug\PASSWD.LOG Object is locked saltado
C:\WINDOWS\SchedLgU.Txt Object is locked saltado
C:\WINDOWS\Sti_Trace.log Object is locked saltado
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked saltado
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked saltado
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked saltado
C:\WINDOWS\system32\config\default Object is locked saltado
C:\WINDOWS\system32\config\default.LOG Object is locked saltado
C:\WINDOWS\system32\config\Internet.evt Object is locked saltado
C:\WINDOWS\system32\config\SAM Object is locked saltado
C:\WINDOWS\system32\config\SAM.LOG Object is locked saltado
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked saltado
C:\WINDOWS\system32\config\SECURITY Object is locked saltado
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked saltado
C:\WINDOWS\system32\config\software Object is locked saltado
C:\WINDOWS\system32\config\software.LOG Object is locked saltado
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked saltado
C:\WINDOWS\system32\config\system Object is locked saltado
C:\WINDOWS\system32\config\system.LOG Object is locked saltado
C:\WINDOWS\system32\gvtfcq.dll Infectados: Packed.Win32.PolyCrypt.d saltado
C:\WINDOWS\system32\h323log.txt Object is locked saltado
C:\WINDOWS\system32\idxcaant.dll Infectados: Packed.Win32.PolyCrypt.d saltado
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked saltado
C:\WINDOWS\system32\otxjww.dll Infectados: Packed.Win32.PolyCrypt.d saltado
C:\WINDOWS\system32\sjnsnrwu.dll Infectados: Packed.Win32.PolyCrypt.d saltado
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked saltado
C:\WINDOWS\wiadebug.log Object is locked saltado
C:\WINDOWS\wiaservc.log Object is locked saltado

Análisis completado.

Con el analisis de la herramienta VundoFix no arrojò nigùn resultado solo indico lo sigiente ( Done Searchin for Files )

(Dones Serarchin For Files No infected files were found)

No està de màs decir que al navegar las ventanas emergentes han cesado

Aùn la opciòn de restaurar sistema sigue desactivada mi pregunta es la siguiente ¿debo dejarla asì ò activarla?



Gracias.

ola amigo

primero que nada descarga esta herramienta :


* drweb

lees su manual y me comentas ya que todavía veo un par de bichos en el reporte de kasperzky.

me comentas como sigue tu pc en tu próximo post , y después de pasar el DRWEB activas la opción de restaurar sistema

saludos amigo ya casi los tenemos

Amigo Anoika que tal... Aqui tengo el resultado arrojado por Dr.Web

kjxgdz.dll C:\WINDOWS\system32 Trojan.Juan.54 Eliminado.
ynvvcwnn.dll C:\WINDOWS\system32 Trojan.Juan.54 Eliminado.

Gracias por la atencion

ola

como sigue tu pc , si ves que todavía te da problemas me comentas.

el drweb elimino los ultimos vius que el kasperzky detecto ya deveria estar mejor tu pc