Foro de InfoSpyware - Foro de Hijackthis - Foro de Virus

Hola,

Llevaba unos días con el nod32 saltando y el spybot avisando de cambios de registro... hice un escaneo completo con el nod32 y no encontró nada, pero el kaspersky online me encuentra 20(!) archivos de
Trojan-Downloader.Win32.Suurch.zq
Así como Win32.BHO.nby, Backdoor.Win32.Newrest.an

Por favor, alguien podría ayudarme a eliminarlos? Me gustaría preguntar también por qué el nod32 "salta" de vez en cuando pero no los detecta

Muchas gracias por adelantado,

Hola drmiguel, para problemas de infeccion, es importantisimo conocer el directorio de el/los archivos infectados.


Realiza los siguientes pasos: (si no podes con alguno, lo salteas, continuas y nos comentas)

Descarga e instala los siguientes programas pero no los ejecutes aun.

Malwarebytes´AntiMalware (leer manual)

Ccleaner


Apaga restaurar sistema
Inicia en Modo Seguro.

Realiza estos pasos:

Ccleaner
Usando primero su opción "Limpiador", para borrar cookies, archivos temporales de internet, y luego usa su opción "Registro" para limpiar todo el Registro de Windows haciendo Copia de Seguridad

Malwarebytes.
En su opción de examen completo, y dándole al finalizar "Quitar todo lo encontrado" y guardas el reporte para ponerlo aqui con tu proximo mensaje.

Reinicias tu PC en Modo Normal.
Activa la opción Restaurar Sistema.
Realiza un nuevo Análisis Online con Kaspersky y con tu siguiente mensaje dejas el reporte que te dio.

Si utilizas Firefox, debes usar la IE tab. (te recomiendo usar Firefox)

Recorda de dejar los reportes con tu proximo mensaje.


Salu2

Hola jack24bauer247,

Muchas gracias!

Voy haciendo lo que me dices, y, por si sirve de algo, éste es el primer reporte

C:\WINDOWS\system32\gsf83iujid.dll/C:\WINDOWS\system32\gsf83iujid.dll Infected: Trojan-Downloader.Win32.BHO.nby 9

C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\1159738028.exe Infected: Trojan-Downloader.Win32.Suurch.zq 1

C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\1304883384.exe Infected: Trojan-Downloader.Win32.Suurch.zq 1

C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\1424603566.exe Infected: Trojan-Downloader.Win32.Suurch.zq 1

C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\1427416066.exe Infected: Trojan-Downloader.Win32.Suurch.zq 1

C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\1690188658.exe Infected: Trojan-Downloader.Win32.Suurch.zq 1

C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\1787267108.exe Infected: Trojan-Downloader.Win32.Suurch.zq 1

C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\1800780910.exe Infected: Trojan-Downloader.Win32.Suurch.zq 1

C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\203720580.exe Infected: Trojan-Downloader.Win32.Suurch.zq 1

C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\2130740230.exe Infected: Trojan-Downloader.Win32.Suurch.zq 1

C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\2398386270.exe Infected: Trojan-Downloader.Win32.Suurch.zq 1

C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\2441594908.exe Infected: Trojan-Downloader.Win32.Suurch.zq 1

C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\2454599964.exe Infected: Trojan-Downloader.Win32.Suurch.zq 1

C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\2764116652.exe Infected: Trojan-Downloader.Win32.Suurch.zq 1

C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\3484752568.exe Infected: Trojan-Downloader.Win32.Suurch.zq 1

C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\348931344.exe Infected: Trojan-Downloader.Win32.Suurch.zq 1

C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\3533920428.exe Infected: Trojan-Downloader.Win32.Suurch.zq 1

C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\3614138462.exe Infected: Trojan-Downloader.Win32.Suurch.zq 1

C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\3678909534.exe Infected: Trojan-Downloader.Win32.Suurch.zq 1

C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\3986275094.exe Infected: Trojan-Downloader.Win32.Suurch.zq 1

C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\587716966.exe Infected: Trojan-Downloader.Win32.Suurch.zq 1

C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\663102872.exe Infected: Trojan-Downloader.Win32.Suurch.zq 1

C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\720740230.exe Infected: Trojan-Downloader.Win32.Suurch.zq 1

C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\858341966.exe Infected: Trojan-Downloader.Win32.Suurch.zq 1

C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\923549790.exe Infected: Trojan-Downloader.Win32.Suurch.zq 1

C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\952416066.exe Infected: Trojan-Downloader.Win32.Suurch.zq 1

C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\debug.exe Infected: Trojan-Downloader.Win32.Suurch.zp 1

C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\login.exe Infected: Trojan-Downloader.Win32.Suurch.zp 1

C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\notepad.exe Infected: Trojan-Downloader.Win32.Suurch.zp 1

C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\services.exe Infected: Trojan-Downloader.Win32.Suurch.zp 1

C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\system.exe Infected: Trojan-Downloader.Win32.Suurch.zp 1

C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\taskmgr.exe Infected: Trojan-Downloader.Win32.Suurch.zp 1

C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\win.exe Infected: Trojan-Downloader.Win32.Suurch.zp 1

C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\winamp.exe Infected: Trojan-Downloader.Win32.Suurch.zp 1

C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\winlogon.exe Infected: Trojan-Downloader.Win32.Suurch.zp 1

C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\z9mvhk.exe Infected: Trojan-Downloader.Win32.Wzhyk.dg 1

C:\lrrrcoe.exe Infected: Trojan-Downloader.Win32.Clopack.a 1

C:\mupwjiav.exe Infected: Backdoor.Win32.NewRest.an 1

C:\Program Files\Common\helper.dll Infected: Trojan.Win32.ExeDot.mq 1

C:\WINDOWS\ld11.exe Infected: Net-Worm.Win32.Koobface.akw 1

C:\WINDOWS\system32\gsf83iujid.dll Infected: Trojan-Downloader.Win32.BHO.nby 1

C:\WINDOWS\Temp\INF8.tmp Infected: Trojan-Downloader.Win32.Suurch.zq 1


La verdad es que no lo entiendo... porque hace dos meses tenía todo limpio y no me había dado nada ningún problema (aparte de tener el Nod32, el ZoneAlarm y el Spybot residente...). He cambiado recientemente al explorer 8 (no sé por qué, pero el firefox me da problemas en el portátil, no sé si es por venir con todo de serie) y a partir de ahí he ido viendo esto más lento

Muchas gracias de nuevo, voy avanzando con lo que me has dicho

Lo mejor va a ser trabajar con los nuevos reportes.. los espero..

Por otro lado, segun experiencia propia, ZoneAlarm con el Spybot SD-Residente tuve problemas porque "chocan", "discuten"... se pelean entre los 2
Consejo: para configurar por ej una red local, es mas facil configurar el Spybot que el ZoneAlarm con los puertos. Asi que dependiendo los usos de tu PC, te recomiendo deshacerte de alguna de las 2 aplicaciones.

Lo mismo me pasó con tener 2 exploradores cualesquiera funcionando simultaneamente. Te recomiendo, y el foro tambien, utilizar Firefox que agregandole tambien el IniFox by InfoSpyware, va muy bien



Salu2

Gracias de nuevo... Éste es el reporte del Malvarebytes'. Parece que la cosa va mejor... pero todavía queda... el kaspersky está en marcha...

Malwarebytes' Anti-Malware 1.38
Database version: 2369
Windows 5.1.2600 Service Pack 3

03/07/2009 20:13:40
mbam-log-2009-07-03 (20-13-13).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 320474
Time elapsed: 2 hour(s), 13 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 7
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 14

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\gsf83iujid.dll (Trojan.Ertfor) -> No action taken.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{d76ab2a1-00f3-42bd-f434-00bbc39c8953} (Trojan.Zlob.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{d76ab2a1-00f3-42bd-f434-00bbc39c8953} (Trojan.Ertfor) -> No action taken.
HKEY_CLASSES_ROOT\main.bho (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{8e3c68cd-f500-4a2a-8cb9-132bb38c3573} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{986a8ac1-ab4d-4f41-9068-4b01c0197867} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\main.bho.1 (Trojan.BHO) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler\{d76ab2a1-00f3-42bd-f434-00bbc39c8953} (Trojan.Zlob.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\idstrf (Malware.Trace) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\gsf83iujid.dll (Trojan.Zlob.H) -> No action taken.
C:\Program Files\Shared\lib.dll (Trojan.BHO) -> No action taken.
c:\nkavnxe.exe (Trojan.Agent) -> No action taken.
c:\wyhgm.exe (Trojan.Dropper) -> No action taken.
c:\WINDOWS\ld11.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\wbem\proquota.exe (Trojan.Dropper) -> No action taken.
d:\Inglés\programitas\lingvosoft talking dictionary 2007 (4.0.69) english - spanish for pocket pc\Patch.exe (Trojan.Downloader) -> No action taken.
C:\Program Files\Common\helper.dll (Trojan.BHO) -> No action taken.
c:\documents and settings\Miguel Marcos\Local Settings\Temp\winlogon.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\Miguel Marcos\Local Settings\Temp\taskmgr.exe (Trojan.Downloader) -> No action taken.
C:\Program Files\Common\helper.sig (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\dsound3dd.dll (Trojan.Downloader) -> No action taken.
c:\documents and settings\Miguel Marcos\Local Settings\Temp\services.exe (Password.Stealer) -> No action taken.
C:\mupwjiav.exe (Trojan.Downloader) -> No action taken.

Vas a tener que hacer nuevamente el escaneo con Malwarebytes.. ya que "No Action Taken", quiere decir que no elimino lo que encontro. Debes seleccionar "quitar lo encontrado"
Espero ambos reportes..

Creo que el problema ha sido que le di a guardar reporte antes de darle a que eliminara... pero luego estuvo eliminando e incluso pidió reiniciar para terminar la eliminación. Sería suficiente?

El reporte del kaspersky después de esto es:
Scan statistics
Files scanned 175912
Threat name 18
Infected objects 49
Suspicious objects 0
Duration of the scan 04:18:04

File name Threat name Threats count
C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\1159738028.exe Infected: Trojan-Downloader.Win32.Suurch.zq 1

C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\1304883384.exe Infected: Trojan-Downloader.Win32.Suurch.zq 1

C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\1424603566.exe Infected: Trojan-Downloader.Win32.Suurch.zq 1

C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\1427416066.exe Infected: Trojan-Downloader.Win32.Suurch.zq 1

C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\1690188658.exe Infected: Trojan-Downloader.Win32.Suurch.zq 1

C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\1787267108.exe Infected: Trojan-Downloader.Win32.Suurch.zq 1

C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\1800780910.exe Infected: Trojan-Downloader.Win32.Suurch.zq 1

C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\203720580.exe Infected: Trojan-Downloader.Win32.Suurch.zq 1

C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\2130740230.exe Infected: Trojan-Downloader.Win32.Suurch.zq 1

C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\2398386270.exe Infected: Trojan-Downloader.Win32.Suurch.zq 1

C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\2441594908.exe Infected: Trojan-Downloader.Win32.Suurch.zq 1

C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\2454599964.exe Infected: Trojan-Downloader.Win32.Suurch.zq 1

C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\2764116652.exe Infected: Trojan-Downloader.Win32.Suurch.zq 1

C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\3484752568.exe Infected: Trojan-Downloader.Win32.Suurch.zq 1

C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\348931344.exe Infected: Trojan-Downloader.Win32.Suurch.zq 1

C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\3533920428.exe Infected: Trojan-Downloader.Win32.Suurch.zq 1

C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\3614138462.exe Infected: Trojan-Downloader.Win32.Suurch.zq 1

C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\3678909534.exe Infected: Trojan-Downloader.Win32.Suurch.zq 1

C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\3986275094.exe Infected: Trojan-Downloader.Win32.Suurch.zq 1

C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\587716966.exe Infected: Trojan-Downloader.Win32.Suurch.zq 1

C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\663102872.exe Infected: Trojan-Downloader.Win32.Suurch.zq 1

C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\720740230.exe Infected: Trojan-Downloader.Win32.Suurch.zq 1

C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\858341966.exe Infected: Trojan-Downloader.Win32.Suurch.zq 1

C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\923549790.exe Infected: Trojan-Downloader.Win32.Suurch.zq 1

C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\952416066.exe Infected: Trojan-Downloader.Win32.Suurch.zq 1

C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\debug.exe Infected: Trojan-Downloader.Win32.Suurch.zp 1

C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\login.exe Infected: Trojan-Downloader.Win32.Suurch.zp 1

C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\system.exe Infected: Trojan-Downloader.Win32.Suurch.zp 1

C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\win.exe Infected: Trojan-Downloader.Win32.Suurch.zp 1

C:\lrrrcoe.exe Infected: Trojan-Downloader.Win32.Clopack.a 1

C:\Program Files\ESET\infected\1XIUMKCA.NQF Infected: Trojan-Downloader.Win32.Suurch.zp 1

C:\Program Files\ESET\infected\4MPVDSCA.NQF Infected: Trojan.Win32.Monderb.acml 1

C:\Program Files\ESET\infected\4NED2CAA.NQF Infected: Trojan.Win32.FraudPack.pcn 1

C:\Program Files\ESET\infected\5D3E1MCA.NQF Infected: Backdoor.Win32.IRCBot.ika 1

C:\Program Files\ESET\infected\B4E33ECA.NQF Infected: Trojan.Win32.FraudPack.owr 1

C:\Program Files\ESET\infected\BP2C1DCA.NQF Infected: Trojan-Downloader.Win32.Clopack.a 1

C:\Program Files\ESET\infected\CAP1WFAA.NQF Infected: Trojan-Downloader.Win32.Suurch.zq 1

C:\Program Files\ESET\infected\D0Y2NAAA.NQF Infected: Trojan-Downloader.Win32.Suurch.zm 1

C:\Program Files\ESET\infected\DL2MACCA.NQF Infected: Trojan.Win32.Inject.aesq 1

C:\Program Files\ESET\infected\GJSLKHDA.NQF Infected: Backdoor.Win32.NewRest.an 1

C:\Program Files\ESET\infected\LMT53NDA.NQF Infected: Trojan-Downloader.Win32.Wzhyk.dg 1

C:\Program Files\ESET\infected\PCJ0ZHAA.NQF Infected: Packed.Win32.Krap.m 1

C:\Program Files\ESET\infected\R5FWFXDA.NQF Infected: not-a-virus:Monitor.Win32.Perflogger.al 1

C:\Program Files\ESET\infected\R5FWFXDA.NQF Infected: not-a-virus:Monitor.Win32.Perflogger.aa 1

C:\Program Files\ESET\infected\R5FWFXDA.NQF Infected: not-a-virus:Monitor.Win32.Perflogger.ad 1

C:\Program Files\ESET\infected\R5FWFXDA.NQF Infected: Trojan.Win32.KillAV.ef 1

C:\Program Files\ESET\infected\UCQHFYBA.NQF Infected: Trojan.Win32.Inject.aesq 1

C:\Program Files\ESET\infected\WQ2NKBAA.NQF Infected: Trojan.Win32.Buzus.bhnb 1

The selected area was scanned.

Sí parece que el malwarebytes hizo cosas...

Descarga OTM en el escritorio.

* Hace un doble clic sobre OTM.exe para ejecutarlo.
* Asegurate que este marcado : Unregister Dll's and Ocx's
* Copia el texto que se encuentra en el cuadrado más abajo, y pega el texto en el marco de izquierdo de OTM nombrado: Paste Instructions for items to be Moved



* Haz clic en MoveIt! Para lanzar la supresión.
* Cuando el resultado aparece en el marco Results, se abrirá un aviso preguntando si deseamos reiniciar el PC: Pulsar sobre "YES"
* NOTA: En caso de que no aparezca el aviso de reiniciar. Reinicie manualmente su pc. ya que es importante reiniciar para eliminar las infecciones
* En tu proximo mensaje pones el reporte de OTM. Se encuentra en C: \ _ OTM\MovedFiles\********_******.txt

Entra en la carpeta de NOD32 "infected" que se encuentra en C:\Program Files\ESET\infected y borras el contenido de la carpeta. (no la carpeta)
Luego vacias la papelera de reciclaje.

Realiza un nuevo escaneo con Kaspersky.
Genera un nuevo reporte de Kaspersky cuando vuelvas a escanear y lo pegas aqui.

Salu2

A ello voy... tardará un rato que el Kaspersky es pesado...

Éste es el reporte pendiente del Malwarebytes...

Malwarebytes' Anti-Malware 1.38
Database version: 2369
Windows 5.1.2600 Service Pack 3

03/07/2009 20:13:50
mbam-log-2009-07-03 (20-13-50).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 320474
Time elapsed: 2 hour(s), 13 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 7
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 14

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\gsf83iujid.dll (Trojan.Ertfor) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{d76ab2a1-00f3-42bd-f434-00bbc39c8953} (Trojan.Zlob.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{d76ab2a1-00f3-42bd-f434-00bbc39c8953} (Trojan.Ertfor) -> Delete on reboot.
HKEY_CLASSES_ROOT\main.bho (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8e3c68cd-f500-4a2a-8cb9-132bb38c3573} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{986a8ac1-ab4d-4f41-9068-4b01c0197867} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\main.bho.1 (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler\{d76ab2a1-00f3-42bd-f434-00bbc39c8953} (Trojan.Zlob.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\gsf83iujid.dll (Trojan.Zlob.H) -> Delete on reboot.
C:\Program Files\Shared\lib.dll (Trojan.BHO) -> Quarantined and deleted successfully.
c:\nkavnxe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\wyhgm.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\ld11.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wbem\proquota.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
d:\Inglés\programitas\lingvosoft talking dictionary 2007 (4.0.69) english - spanish for pocket pc\Patch.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Common\helper.dll (Trojan.BHO) -> Quarantined and deleted successfully.
c:\documents and settings\Miguel Marcos\Local Settings\Temp\winlogon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Miguel Marcos\Local Settings\Temp\taskmgr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Common\helper.sig (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dsound3dd.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Miguel Marcos\Local Settings\Temp\services.exe (Password.Stealer) -> Quarantined and deleted successfully.
C:\mupwjiav.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

No me daba cuenta que bastaba con entrar en modo safe mode otra vez para recuperar el log... sorry...

El reporte de la bombita atómica ésa...

All processes killed
========== FILES ==========
C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\1159738028.exe moved successfully.
C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\1304883384.exe moved successfully.
C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\1424603566.exe moved successfully.
C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\1427416066.exe moved successfully.
C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\1690188658.exe moved successfully.
C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\1787267108.exe moved successfully.
C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\1800780910.exe moved successfully.
C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\203720580.exe moved successfully.
C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\2130740230.exe moved successfully.
C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\2398386270.exe moved successfully.
C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\2441594908.exe moved successfully.
C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\2454599964.exe moved successfully.
C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\2764116652.exe moved successfully.
C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\3484752568.exe moved successfully.
C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\348931344.exe moved successfully.
C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\3533920428.exe moved successfully.
C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\3614138462.exe moved successfully.
C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\3678909534.exe moved successfully.
C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\3986275094.exe moved successfully.
C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\587716966.exe moved successfully.
C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\663102872.exe moved successfully.
C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\720740230.exe moved successfully.
C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\858341966.exe moved successfully.
C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\923549790.exe moved successfully.
C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\952416066.exe moved successfully.
C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\debug.exe moved successfully.
C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\login.exe moved successfully.
C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\system.exe moved successfully.
C:\Documents and Settings\Miguel Marcos\Local Settings\Temp\win.exe moved successfully.
C:\lrrrcoe.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 103775 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: Guest
->Temp folder emptied: 173305 bytes
->Temporary Internet Files folder emptied: 22172848 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 2384543 bytes

User: Miguel Marcos
->Temp folder emptied: 225452877 bytes
->Temporary Internet Files folder emptied: 191321471 bytes
->Java cache emptied: 7774359 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 31223373 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 395281 bytes
Windows Temp folder emptied: 717478 bytes

RecycleBin emptied: 37306916 bytes

Total Files Cleaned = 495,06 mb


OTM by OldTimer - Version 3.0.0.3 log created on 07042009_012439

Files moved on Reboot...

Registry entries deleted on Reboot...



Kaspersky trabajando... y yo profundamente agradecido...