Foro de InfoSpyware - Foro de Hijackthis - Foro de Virus

Hola,

He estado leyendo el tema crado por fitogm81 y estoy en la misma situación que él. Mi Sistema Operativo es el Windows XP Pro. A ver si alguien sabría cómo me puedo quitar el troyano de encima.

Resulta que tengo el "Win32 Troyandownloader Wigon BS" y el antivirus Nod32 no hace mas que darme avisos de alerta sobre el troyano que me esta creando ficheros en el /system32 y en el /temp.
También me está modificando ficheros con la aplicación Ati2evxx.exe. Este es el log del Nod32:

Time Module Object Name Threat Action User Information
03/04/2009 22:22:49 AMON file C:\WINDOWS\system32\drivers\i386si.sys Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a new file created by the application: C:\WINDOWS\TEMP\BN654.tmp. The file was moved to quarantine. You may close this window.
03/04/2009 22:22:45 AMON file C:\WINDOWS\TEMP\BN655.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 22:22:42 AMON file C:\WINDOWS\system32\drivers\acpi32.sys Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a new file created by the application: C:\WINDOWS\TEMP\BN621.tmp. The file was moved to quarantine. You may close this window.
03/04/2009 22:22:36 AMON file C:\WINDOWS\TEMP\BN622.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 22:01:31 AMON file C:\WINDOWS\system32\drivers\ksi32sk.sys Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a new file created by the application: C:\WINDOWS\TEMP\BN4A4.tmp. The file was moved to quarantine. You may close this window.
03/04/2009 22:01:31 AMON file C:\WINDOWS\TEMP\BN4A5.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 22:01:30 AMON file C:\WINDOWS\TEMP\BN44C.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 22:01:29 AMON file C:\WINDOWS\system32\drivers\nicsk32.sys Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a new file created by the application: C:\WINDOWS\TEMP\BN2EA.tmp. The file was moved to quarantine. You may close this window.
03/04/2009 22:01:29 AMON file C:\WINDOWS\TEMP\BN2EB.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 22:01:28 AMON file C:\WINDOWS\system32\drivers\i386si.sys Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
03/04/2009 22:01:27 AMON file C:\WINDOWS\TEMP\BN190.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 22:01:26 AMON file C:\WINDOWS\system32\drivers\ati64si.sys Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a new file created by the application: C:\WINDOWS\TEMP\BN3D.tmp. The file was moved to quarantine. You may close this window.
03/04/2009 21:31:41 AMON file C:\WINDOWS\TEMP\BN3E.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 21:20:49 AMON file C:\WINDOWS\system32\drivers\ati64si.sys Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
03/04/2009 21:20:48 AMON file C:\WINDOWS\TEMP\BN17.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 20:29:51 AMON file C:\WINDOWS\TEMP\BN1ACE.tmp probably a variant of Win32/Nuwar worm quarantined - deleted SNOWCOP\snowcopito Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 20:29:48 AMON file C:\WINDOWS\system32\drivers\acpi32.sys Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a new file created by the application: C:\WINDOWS\TEMP\BN1ACD.tmp. The file was moved to quarantine. You may close this window.
03/04/2009 20:24:52 AMON file C:\Archivos de programa\ESET\infected\UJYD1SDA.NQF Win32/Medbot.GP trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a file modified by the application: C:\Archivos de programa\Mozilla Firefox\firefox.exe. The file was moved to quarantine. You may close this window.
03/04/2009 20:24:51 AMON file C:\Archivos de programa\ESET\infected\TEJLYRBA.NQF Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a file modified by the application: C:\Archivos de programa\Mozilla Firefox\firefox.exe. The file was moved to quarantine. You may close this window.
03/04/2009 20:24:50 AMON file C:\Archivos de programa\ESET\infected\OKWFZPCA.NQF Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a file modified by the application: C:\Archivos de programa\Mozilla Firefox\firefox.exe. The file was moved to quarantine. You may close this window.
03/04/2009 20:24:48 AMON file C:\Archivos de programa\ESET\infected\5HO4X2DA.NQF Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a file modified by the application: C:\Archivos de programa\Mozilla Firefox\firefox.exe. The file was moved to quarantine. You may close this window.
03/04/2009 19:21:32 AMON file C:\WINDOWS\TEMP\BN1827.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 19:21:31 AMON file C:\WINDOWS\system32\drivers\port135sik.sys Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a new file created by the application: C:\WINDOWS\TEMP\BN1826.tmp. The file was moved to quarantine. You may close this window.
03/04/2009 18:23:21 AMON file C:\WINDOWS\system32\drivers\securentm.sys Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
03/04/2009 18:23:18 AMON file C:\WINDOWS\TEMP\BN13D3.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 17:49:33 AMON file C:\WINDOWS\TEMP\BNA3F.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 17:49:33 AMON file C:\WINDOWS\TEMP\BN9F7.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 17:49:32 AMON file C:\WINDOWS\system32\drivers\i386si.sys Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a new file created by the application: C:\WINDOWS\TEMP\BN9D4.tmp. The file was moved to quarantine. You may close this window.
03/04/2009 17:49:31 AMON file C:\WINDOWS\TEMP\BN9D5.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 17:49:30 AMON file C:\WINDOWS\system32\drivers\ksi32sk.sys Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a new file created by the application: C:\WINDOWS\TEMP\BN9C2.tmp. The file was moved to quarantine. You may close this window.
03/04/2009 17:49:29 AMON file C:\WINDOWS\TEMP\BN9C3.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 17:49:26 AMON file C:\WINDOWS\system32\drivers\netsik.sys Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a new file created by the application: C:\WINDOWS\TEMP\BN73D.tmp. The file was moved to quarantine. You may close this window.
03/04/2009 17:44:08 AMON file C:\WINDOWS\TEMP\BN73E.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 17:44:07 AMON file C:\WINDOWS\TEMP\BN645.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 17:44:06 AMON file C:\WINDOWS\system32\drivers\ati64si.sys Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a new file created by the application: C:\WINDOWS\TEMP\BN644.tmp. The file was moved to quarantine. You may close this window.
03/04/2009 17:44:05 AMON file C:\WINDOWS\system32\drivers\fips32cup.sys Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
03/04/2009 17:44:01 AMON file C:\WINDOWS\TEMP\BN5DC.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 17:21:26 AMON file C:\WINDOWS\system32\drivers\securentm.sys Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
03/04/2009 15:47:10 AMON file C:\WINDOWS\TEMP\BN3BD.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 15:26:35 AMON file C:\WINDOWS\system32\drivers\securentm.sys Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
03/04/2009 15:26:34 AMON file C:\WINDOWS\TEMP\BN17E.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 15:26:34 AMON file C:\WINDOWS\system32\drivers\netsik.sys Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
03/04/2009 15:26:33 AMON file C:\WINDOWS\TEMP\BN1B.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 15:09:11 AMON file C:\WINDOWS\system32\drivers\fips32cup.sys Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
03/04/2009 15:09:10 AMON file C:\WINDOWS\TEMP\BN6.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 14:57:56 AMON file C:\WINDOWS\TEMP\BN804.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 14:57:56 AMON file C:\WINDOWS\TEMP\BN801.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 14:57:55 AMON file C:\WINDOWS\TEMP\BN7ED.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 14:57:55 AMON file C:\WINDOWS\TEMP\BN7EA.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 14:57:54 AMON file C:\WINDOWS\TEMP\BN7E7.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 14:57:25 AMON file C:\WINDOWS\TEMP\BN7E4.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 14:57:24 AMON file C:\WINDOWS\TEMP\BN7E1.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 14:57:22 AMON file C:\WINDOWS\TEMP\BN7DE.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 14:57:21 AMON file C:\WINDOWS\TEMP\BN7DB.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 14:57:20 AMON file C:\WINDOWS\system32\drivers\fips32cup.sys Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a new file created by the application: C:\WINDOWS\TEMP\BN7D7.tmp. The file was moved to quarantine. You may close this window.
03/04/2009 14:57:19 AMON file C:\WINDOWS\TEMP\BN7D8.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 14:57:18 AMON file C:\WINDOWS\TEMP\BN7D5.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 14:57:17 AMON file C:\WINDOWS\TEMP\BN7D2.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 14:57:17 AMON file C:\WINDOWS\TEMP\BN7CE.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 14:57:16 AMON file C:\WINDOWS\TEMP\BN7B0.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 14:57:15 AMON file C:\WINDOWS\TEMP\BN7AD.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 14:57:15 AMON file C:\WINDOWS\TEMP\BN7AA.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 14:57:15 AMON file C:\WINDOWS\TEMP\BN7A5.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 14:57:14 AMON file C:\WINDOWS\TEMP\BN7A2.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 14:57:13 AMON file C:\WINDOWS\TEMP\BN79F.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 14:57:13 AMON file C:\WINDOWS\TEMP\BN79C.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 14:57:12 AMON file C:\WINDOWS\TEMP\BN799.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 14:57:09 AMON file C:\WINDOWS\system32\drivers\systemntmi.sys Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted Event occurred on a new file created by the application: C:\WINDOWS\TEMP\BN795.tmp. The file was moved to quarantine. You may close this window.
03/04/2009 14:56:05 AMON file C:\WINDOWS\TEMP\BN796.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 14:56:05 AMON file C:\WINDOWS\TEMP\BN793.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 14:56:04 AMON file C:\WINDOWS\TEMP\BN790.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 14:56:04 AMON file C:\WINDOWS\TEMP\BN77B.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 14:56:03 AMON file C:\WINDOWS\TEMP\BN778.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 14:56:03 AMON file C:\WINDOWS\TEMP\BN773.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 14:56:02 AMON file C:\WINDOWS\TEMP\BN770.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 14:55:48 AMON file C:\WINDOWS\TEMP\BN76D.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 14:55:47 AMON file C:\WINDOWS\TEMP\BN76A.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 14:54:47 AMON file C:\WINDOWS\TEMP\BN767.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 14:54:46 AMON file C:\WINDOWS\TEMP\BN764.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 14:50:24 AMON file C:\WINDOWS\system32\drivers\ws2_32sik.sys Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted Event occurred on a new file created by the application: C:\WINDOWS\TEMP\BN760.tmp. The file was moved to quarantine. You may close this window.
03/04/2009 14:50:19 AMON file C:\WINDOWS\TEMP\BN761.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 14:50:19 AMON file C:\WINDOWS\TEMP\BN75E.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 14:50:18 AMON file C:\WINDOWS\TEMP\BN74A.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 14:50:18 AMON file C:\WINDOWS\TEMP\BN747.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 14:50:17 AMON file C:\WINDOWS\TEMP\BN744.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 14:50:17 AMON file C:\WINDOWS\TEMP\BN741.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 14:50:16 AMON file C:\WINDOWS\TEMP\BN73E.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 14:50:16 AMON file C:\WINDOWS\TEMP\BN73B.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 14:50:15 AMON file C:\WINDOWS\TEMP\BN6DB.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 14:50:15 AMON file C:\WINDOWS\TEMP\BN6D6.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 14:50:14 AMON file C:\WINDOWS\TEMP\BN6D3.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 14:50:13 AMON file C:\WINDOWS\TEMP\BN6CD.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 14:50:12 AMON file C:\WINDOWS\system32\drivers\amd64si.sys Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a new file created by the application: C:\WINDOWS\TEMP\BN55E.tmp. The file was moved to quarantine. You may close this window.
03/04/2009 14:50:12 AMON file C:\WINDOWS\TEMP\BN55F.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 14:50:11 AMON file C:\WINDOWS\TEMP\BN55B.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 14:50:10 AMON file C:\WINDOWS\TEMP\BN543.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 14:50:09 AMON file C:\WINDOWS\system32\drivers\ati64si.sys Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a new file created by the application: C:\WINDOWS\TEMP\BN278.tmp. The file was moved to quarantine. You may close this window.
03/04/2009 14:50:08 AMON file C:\WINDOWS\TEMP\BN27A.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 14:50:07 AMON file C:\WINDOWS\system32\drivers\i386si.sys Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
03/04/2009 14:50:06 AMON file C:\WINDOWS\TEMP\BN26D.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 14:50:06 AMON file C:\WINDOWS\TEMP\BN269.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 14:50:05 AMON file C:\WINDOWS\TEMP\BN265.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 14:50:04 AMON file C:\WINDOWS\system32\drivers\netsik.sys Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a new file created by the application: C:\WINDOWS\TEMP\BN208.tmp. The file was moved to quarantine. You may close this window.
03/04/2009 14:50:03 AMON file C:\WINDOWS\TEMP\BN209.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 14:50:02 AMON file C:\WINDOWS\system32\drivers\ksi32sk.sys Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
03/04/2009 14:50:01 AMON file C:\WINDOWS\TEMP\BN206.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 14:50:01 AMON file C:\WINDOWS\TEMP\BN203.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 14:50:00 AMON file C:\WINDOWS\system32\drivers\port135sik.sys Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a new file created by the application: C:\WINDOWS\TEMP\BN202.tmp. The file was moved to quarantine. You may close this window.
03/04/2009 14:49:59 AMON file C:\WINDOWS\TEMP\BN1ED.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 14:49:58 AMON file C:\WINDOWS\system32\drivers\securentm.sys Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a new file created by the application: C:\WINDOWS\TEMP\BN1E9.tmp. The file was moved to quarantine. You may close this window.
03/04/2009 14:49:56 AMON file C:\WINDOWS\TEMP\BN1EA.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 14:49:55 AMON file C:\WINDOWS\system32\drivers\acpi32.sys Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
03/04/2009 14:49:53 AMON file C:\WINDOWS\TEMP\BN1E7.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 8:40:18 AMON file C:\WINDOWS\system32\drivers\nicsk32.sys Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a new file created by the application: C:\WINDOWS\TEMP\BN1E4.tmp. The file was moved to quarantine. You may close this window.
03/04/2009 8:38:07 AMON file C:\WINDOWS\system32\drivers\ati64si.sys Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
03/04/2009 8:38:06 AMON file C:\WINDOWS\TEMP\BN1E2.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 8:38:04 AMON file C:\WINDOWS\system32\drivers\systemntmi.sys Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a new file created by the application: C:\WINDOWS\TEMP\BN1DE.tmp. The file was moved to quarantine. You may close this window.
03/04/2009 8:38:03 AMON file C:\WINDOWS\TEMP\BN1DF.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 8:38:00 AMON file C:\WINDOWS\system32\drivers\acpi32.sys Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a new file created by the application: C:\WINDOWS\TEMP\BN1DB.tmp. The file was moved to quarantine. You may close this window.
03/04/2009 8:37:59 AMON file C:\WINDOWS\TEMP\BN1DC.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 8:18:03 AMON file C:\WINDOWS\system32\drivers\fips32cup.sys Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a new file created by the application: C:\WINDOWS\TEMP\BN106.tmp. The file was moved to quarantine. You may close this window.
03/04/2009 8:18:01 AMON file C:\WINDOWS\TEMP\BN107.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 8:16:21 AMON file C:\WINDOWS\system32\drivers\ati64si.sys Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a new file created by the application: C:\WINDOWS\TEMP\BN1A.tmp. The file was moved to quarantine. You may close this window.
03/04/2009 8:16:20 AMON file C:\WINDOWS\TEMP\BN1B.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 8:16:19 AMON file C:\WINDOWS\system32\drivers\amd64si.sys Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
03/04/2009 8:16:17 AMON file C:\WINDOWS\TEMP\BN17.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 0:29:10 AMON file C:\WINDOWS\system32\drivers\ksi32sk.sys Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a new file created by the application: C:\WINDOWS\TEMP\BN1A23.tmp. The file was moved to quarantine. You may close this window.
03/04/2009 0:29:03 AMON file C:\WINDOWS\TEMP\BN1A24.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a file modified by the application: C:\WINDOWS\system32\Ati2evxx.exe. The file was moved to quarantine. You may close this window.
03/04/2009 0:28:59 AMON file C:\DOCUME~1\SNOWCO~1\CONFIG~1\Temp\BN1A22.tmp Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a file modified by the application: C:\WINDOWS\Explorer.EXE. The file was moved to quarantine. You may close this window.
03/04/2009 0:27:42 AMON file C:\WINDOWS\system32\drivers\securentm.sys Win32/TrojanDownloader.Wigon.BS trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a new file created by the application: C:\DOCUME~1\SNOWCO~1\CONFIG~1\Temp\BN1A21.tmp. The file was moved to quarantine. You may close this window.
03/04/2009 0:20:57 AMON file C:\Documents and Settings\snowcopito\Configuración local\Archivos temporales de Internet\Content.IE5\6QNZO7Q0\load[1].exe Win32/AutoRun.FakeAlert.BD worm quarantined - deleted SNOWCOP\snowcopito Event occurred on a new file created by the application: C:\Archivos de programa\Internet Explorer\iexplore.exe. The file was moved to quarantine. You may close this window.
03/04/2009 0:20:46 AMON file C:\DOCUME~1\SNOWCO~1\CONFIG~1\Temp\wJQs.exe Win32/AutoRun.FakeAlert.BD worm quarantined - deleted SNOWCOP\snowcopito Event occurred on a new file created by the application: C:\Archivos de programa\Internet Explorer\iexplore.exe. The file was moved to quarantine. You may close this window.
03/04/2009 0:20:32 IMON file http://bdsm-movies.info/33/load.php?id=7&0 Win32/AutoRun.FakeAlert.BD worm Connection terminated SNOWCOP\snowcopito
18/03/2009 1:58:32 AMON file C:\Documents and Settings\snowcopito\Configuración local\Archivos temporales de Internet\Content.IE5\QRWHP2EF\1[1].exe Win32/TrojanDownloader.FakeAlert.YV trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a new file created by the application: C:\Archivos de programa\Internet Explorer\iexplore.exe. The file was moved to quarantine. You may close this window.
18/03/2009 1:58:24 AMON file C:\DOCUME~1\SNOWCO~1\CONFIG~1\Temp\wJQs.exe Win32/TrojanDownloader.FakeAlert.YV trojan quarantined - deleted SNOWCOP\snowcopito Event occurred on a new file created by the application: C:\Archivos de programa\Internet Explorer\iexplore.exe. The file was moved to quarantine. You may close this window.
18/03/2009 1:58:02 IMON file http://tusset.de/z/?s0 Win32/TrojanDownloader.FakeAlert.YV trojan Connection terminated SNOWCOP\snowcopito


He seguido los pasos que le habeis dicho a fitogm81 y he pasado el Malwarebytes' Anti-Malware y he pasado el Kaspersky Online Scanner que me ha dejado este log:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER INFORME
viernes, 03 de abril de 2009 23:54:12
Sistema operativo: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner versión: 5.0.84.2
Ultima actualización: 3/04/2009
Registros en la base antivirus: 1813311
-------------------------------------------------------------------------------

Configuración del análisis:
Analizar usando las siguientes bases: standard
Analizar archivos: verdadero
Analizar bases de correo: verdadero

Objetivo a analizar - Carpetas:
C:\

Estadísticas:
Número de objeros analizados: 58960
Virus encontrados: 3
Objetos infectados: 5 / 0
Objetos sospechosos: 0
Duración del análisis: 01:33:05

Bombre del objeto infectado / Nombre del virus / Última acción
C:\Archivos de programa\ESET\cache\CACHE.NDB Object is locked saltado
C:\Archivos de programa\ESET\infected\RTH10JCA.NQF Infectados: Trojan-Downloader.Win32.Agent.bhis saltado
C:\Archivos de programa\ESET\infected\T02LMWCA.NQF Infectados: Trojan-Downloader.Win32.Agent.bhis saltado
C:\Archivos de programa\ESET\infected\TEJLYRBA.NQF Infectados: Trojan-Downloader.Win32.Agent.bhis saltado
C:\Archivos de programa\ESET\infected\UPRQHYAA.NQF Infectados: Rootkit.Win32.Agent.ikz saltado
C:\Archivos de programa\ESET\logs\virlog.dat Object is locked saltado
C:\Archivos de programa\ESET\logs\warnlog.dat Object is locked saltado
C:\Archivos de programa\Filseclab\xfilter\AppLog.dat Object is locked saltado
C:\Archivos de programa\Filseclab\xfilter\IcmpLog.dat Object is locked saltado
C:\Documents and Settings\All Users\Datos de programa\Lavasoft\Ad-Aware\Logs\RPNetwork.log Object is locked saltado
C:\Documents and Settings\All Users\Datos de programa\Lavasoft\Ad-Aware\Logs\RPProcess.log Object is locked saltado
C:\Documents and Settings\All Users\Datos de programa\Lavasoft\Ad-Aware\Logs\RPRegistry.log Object is locked saltado
C:\Documents and Settings\All Users\Datos de programa\Lavasoft\Ad-Aware\Logs\RP_2009-04-03-21-27-51.log Object is locked saltado
C:\Documents and Settings\All Users\Datos de programa\Lavasoft\Ad-Aware\Logs\Scan_2009-04-03-21-27-51.log Object is locked saltado
C:\Documents and Settings\All Users\Datos de programa\Lavasoft\Ad-Aware\Logs\Service_2009-04-03-21-27-51.log Object is locked saltado
C:\Documents and Settings\All Users\Datos de programa\Lavasoft\Ad-Aware\MiniMessage\2 Object is locked saltado
C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked saltado
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked saltado
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado
C:\Documents and Settings\LocalService\Configuración local\Historial\History.IE5\index.dat Object is locked saltado
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked saltado
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked saltado
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked saltado
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked saltado
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked saltado
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked saltado
C:\Documents and Settings\snowcopito\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked saltado
C:\Documents and Settings\snowcopito\Configuración local\Datos de programa\Cooliris\4878adcd-ff35-f849-ad91-e1f1a7021c1f\prefs.sqlite Object is locked saltado
C:\Documents and Settings\snowcopito\Configuración local\Datos de programa\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Galería de Web Slice~.feed-ms Object is locked saltado
C:\Documents and Settings\snowcopito\Configuración local\Datos de programa\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Sitios sugeridos~.feed-ms Object is locked saltado
C:\Documents and Settings\snowcopito\Configuración local\Datos de programa\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{3C053D88-2087-11DE-AEB3-000B6B49679A}.dat Object is locked saltado
C:\Documents and Settings\snowcopito\Configuración local\Datos de programa\Microsoft\Internet Explorer\Recovery\Active\{3C053D89-2087-11DE-AEB3-000B6B49679A}.dat Object is locked saltado
C:\Documents and Settings\snowcopito\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked saltado
C:\Documents and Settings\snowcopito\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado
C:\Documents and Settings\snowcopito\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\hkh43s99.default \Cache\_CACHE_001_ Object is locked saltado
C:\Documents and Settings\snowcopito\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\hkh43s99.default \Cache\_CACHE_002_ Object is locked saltado
C:\Documents and Settings\snowcopito\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\hkh43s99.default \Cache\_CACHE_003_ Object is locked saltado
C:\Documents and Settings\snowcopito\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\hkh43s99.default \Cache\_CACHE_MAP_ Object is locked saltado
C:\Documents and Settings\snowcopito\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\hkh43s99.default \urlclassifier3.sqlite Object is locked saltado
C:\Documents and Settings\snowcopito\Configuración local\Historial\History.IE5\index.dat Object is locked saltado
C:\Documents and Settings\snowcopito\Configuración local\Historial\History.IE5\MSHist0120090403200904 04\index.dat Object is locked saltado
C:\Documents and Settings\snowcopito\Configuración local\Temp\etilqs_4U038fi7TG0JcU1E6y2o Object is locked saltado
C:\Documents and Settings\snowcopito\Configuración local\Temp\IH13C2.tmp Object is locked saltado
C:\Documents and Settings\snowcopito\Configuración local\Temp\~DF93A3.tmp Object is locked saltado
C:\Documents and Settings\snowcopito\Configuración local\Temp\~DF93A8.tmp Object is locked saltado
C:\Documents and Settings\snowcopito\Configuración local\Temp\~DF940E.tmp Object is locked saltado
C:\Documents and Settings\snowcopito\Configuración local\Temp\~DF9415.tmp Object is locked saltado
C:\Documents and Settings\snowcopito\Configuración local\Temp\~DF9533.tmp Object is locked saltado
C:\Documents and Settings\snowcopito\Configuración local\Temp\~DF9538.tmp Object is locked saltado
C:\Documents and Settings\snowcopito\Configuración local\Temp\~DFE933.tmp Object is locked saltado
C:\Documents and Settings\snowcopito\Configuración local\Temp\~DFF442.tmp Object is locked saltado
C:\Documents and Settings\snowcopito\Cookies\index.dat Object is locked saltado
C:\Documents and Settings\snowcopito\Datos de programa\Mozilla\Firefox\Profiles\hkh43s99.default \cert8.db Object is locked saltado
C:\Documents and Settings\snowcopito\Datos de programa\Mozilla\Firefox\Profiles\hkh43s99.default \content-prefs.sqlite Object is locked saltado
C:\Documents and Settings\snowcopito\Datos de programa\Mozilla\Firefox\Profiles\hkh43s99.default \cookies.sqlite Object is locked saltado
C:\Documents and Settings\snowcopito\Datos de programa\Mozilla\Firefox\Profiles\hkh43s99.default \downloads.sqlite Object is locked saltado
C:\Documents and Settings\snowcopito\Datos de programa\Mozilla\Firefox\Profiles\hkh43s99.default \formhistory.sqlite Object is locked saltado
C:\Documents and Settings\snowcopito\Datos de programa\Mozilla\Firefox\Profiles\hkh43s99.default \key3.db Object is locked saltado
C:\Documents and Settings\snowcopito\Datos de programa\Mozilla\Firefox\Profiles\hkh43s99.default \parent.lock Object is locked saltado
C:\Documents and Settings\snowcopito\Datos de programa\Mozilla\Firefox\Profiles\hkh43s99.default \permissions.sqlite Object is locked saltado
C:\Documents and Settings\snowcopito\Datos de programa\Mozilla\Firefox\Profiles\hkh43s99.default \places.sqlite Object is locked saltado
C:\Documents and Settings\snowcopito\Datos de programa\Mozilla\Firefox\Profiles\hkh43s99.default \places.sqlite-journal Object is locked saltado
C:\Documents and Settings\snowcopito\Datos de programa\Mozilla\Firefox\Profiles\hkh43s99.default \search.sqlite Object is locked saltado
C:\Documents and Settings\snowcopito\Datos de programa\Skype\snowcopito\call256.dbb Object is locked saltado
C:\Documents and Settings\snowcopito\Datos de programa\Skype\snowcopito\callmember256.dbb Object is locked saltado
C:\Documents and Settings\snowcopito\Datos de programa\Skype\snowcopito\chat512.dbb Object is locked saltado
C:\Documents and Settings\snowcopito\Datos de programa\Skype\snowcopito\chatmember256.dbb Object is locked saltado
C:\Documents and Settings\snowcopito\Datos de programa\Skype\snowcopito\contactgroup256.dbb Object is locked saltado
C:\Documents and Settings\snowcopito\Datos de programa\Skype\snowcopito\dyncontent\bundle.dat Object is locked saltado
C:\Documents and Settings\snowcopito\Datos de programa\Skype\snowcopito\index2.dat Object is locked saltado
C:\Documents and Settings\snowcopito\Datos de programa\Skype\snowcopito\profile256.dbb Object is locked saltado
C:\Documents and Settings\snowcopito\Datos de programa\Skype\snowcopito\transfer256.dbb Object is locked saltado
C:\Documents and Settings\snowcopito\Datos de programa\Skype\snowcopito\transfer512.dbb Object is locked saltado
C:\Documents and Settings\snowcopito\Datos de programa\Skype\snowcopito\user1024.dbb Object is locked saltado
C:\Documents and Settings\snowcopito\Datos de programa\Skype\snowcopito\user16384.dbb Object is locked saltado
C:\Documents and Settings\snowcopito\Datos de programa\Skype\snowcopito\voicemail256.dbb Object is locked saltado
C:\Documents and Settings\snowcopito\Datos de programa\Sony Ericsson\Teleca\Telecalib\Logging\Application logs\FM_log.txt Object is locked saltado
C:\Documents and Settings\snowcopito\NTUSER.DAT Object is locked saltado
C:\Documents and Settings\snowcopito\ntuser.dat.LOG Object is locked saltado
C:\Documents and Settings\snowcopito\snowcopito.exe Infectados: Backdoor.Win32.Agent.affe saltado
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked saltado
C:\WINDOWS\Debug\PASSWD.LOG Object is locked saltado
C:\WINDOWS\SchedLgU.Txt Object is locked saltado
C:\WINDOWS\Sti_Trace.log Object is locked saltado
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked saltado
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked saltado
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked saltado
C:\WINDOWS\system32\config\default Object is locked saltado
C:\WINDOWS\system32\config\default.LOG Object is locked saltado
C:\WINDOWS\system32\config\Internet.evt Object is locked saltado
C:\WINDOWS\system32\config\SAM Object is locked saltado
C:\WINDOWS\system32\config\SAM.LOG Object is locked saltado
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked saltado
C:\WINDOWS\system32\config\SECURITY Object is locked saltado
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked saltado
C:\WINDOWS\system32\config\software Object is locked saltado
C:\WINDOWS\system32\config\software.LOG Object is locked saltado
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked saltado
C:\WINDOWS\system32\config\system Object is locked saltado
C:\WINDOWS\system32\config\system.LOG Object is locked saltado
C:\WINDOWS\system32\drivers\sptd.sys Object is locked saltado
C:\WINDOWS\system32\h323log.txt Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked saltado
C:\WINDOWS\Temp\Perflib_Perfdata_764.dat Object is locked saltado
C:\WINDOWS\wiadebug.log Object is locked saltado
C:\WINDOWS\wiaservc.log Object is locked saltado

Análisis completado.


Además el firewall me ha estado avisando que han intentado conectarme a través de mis puertos, pero los he bloqueado los intentos.

Gracias

Hola blackmode Bienvenido al Foro de Infospyware


Por suerte el Nod32 detuvo la infección, Actualmente se encuentran en Cuarentena

Realiza lo siguiente:

Descarga y/o actualiza:

-> Ccleanner + Manual
-> Malwarebytes' Anti-Malware
-> DR. Web Cureit + Manual

Desactiva Restaurar Sistema (Sólo en Windows Me, XP y Vista)

Reinicia en "Modo a prueba de fallos" (modo seguro)

Elimina los archivos que tienes en Cuarentena del Nod32

Ejecuta Malwarebytes' Anti-Malware

* Marque la Casilla de "Realizar un Examen Completo" . Haga clic en "Examinar", a continuación, haga clic en "Empezar a Examinar".
* una vez finalizado si te detecta algo haz clic en (Quitar lo seleccionado)
* El reporte queda almacenado en la pestaña "Logs" o "Registros" en español, abres el reporte y copias el contenido para pegarlo en este tema.

Realiza una limpieza con Ccleaner, primero con la opción Limpiador para eliminar cookies y temporales y después con la opción Registro para hacer limpieza del registro de Windows (Recuerda hacer copia de seguridad)

Ejecuta DR. Web Cureit + Manual y elimina todo lo que encuentre.

Vuelves a activar Restaurar Sistema

Pega el reporte del Malwarebytes' Anti-Malware, y del Web Cureit

Espero los reportes

Notas:
*Para que se te haga más sencillo imprime los pasos.
*Si no puedes realizar alguno de los pasos omítelo y continúa con los demás.


Salu2

Hola Juancho_ve,

A ver te cuento, he seguido los pasos que me has indicado. Te dejo el log del Mawarebytes y el del Dr. Web. El Dr. Web sólo encontro un fichero, que era el del Troyano, un ejecutable con el nombre de mi PC, y lo ha eliminado.
Por ahora, llevo 3 minutos con el ordenador en marcha y aún no me ha saltado ningún aviso del Nod32 y en el Administrador de tareas ya no está el ejecutable con el nombre de mi PC. Y ya no me salen avisos del Firewall con un montón de peticiones de conectarse a mis puertos.


Este es el log del Malwarebytes:

Malwarebytes' Anti-Malware 1.35
Database version: 1938
Windows 5.1.2600 Service Pack 2

04/04/2009 15:47:08
mbam-log-2009-04-04 (15-47-08).txt

Scan type: Full Scan (C:\|)
Objects scanned: 130174
Time elapsed: 38 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Temp\BN17.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN1B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN29.tmp (Trojan.Agent) -> Quarantined and deleted successfully.



Y del Dr. Web sólo ha salido esta línea en el Excel:

snowcopito.exe c:\documents and settings\snowcopito Trojan.DownLoad.33158 Eliminado.


¿Cómo lo ves?

Muchas gracias

Hola blackmode

Todas las infecciones han sido eliminadas

El Malwarebytes' Anti-Malware eliminó los temporales infectados y el DR. Web Cureit eliminó la infección detectada por el aspersky Online

Por ultimo, descarga y ejecuta la utilidad Advanced SystemCare Free v3 (siguiendo el Manual) para reparar y optimizar a fondo tu PC.

Coméntanos si podemos dar el tema como Solucionado

Saludos..!

Ya me he bajado el Advanced System Care y lo he pasado, parece que ha solucionado muchos problemas.

Pues sí, creo que se puede dar por cerrado el tema. El ordenador funciona correctamente.

Muchas gracias por la ayuda!!!

Excelente, Damos el tema como solucionado, Cualquier cosa aquí estamos

En caso de que desees reabrir el tema solo dale clic al icono con el motivo de la re-apertura del caso.

Saludos..!