Foro de InfoSpyware - Foro de Hijackthis - Foro de Virus

Necesito ayuda, tengo creo yo que varios virus en mi p.c ya que aparecen ventanas negras con el cursor moviendose para todos lados, sin poder controlarlo, ademas de eso sale un mensaje de que se tiene que cerrar internet explorer por un problema y cuando se da aceptar es como si se reiniciara el escritorio, pero no puedo analizarlo con el Kaspersky Online ya que sale un mensaje que dice: no puede iniciar el programa que es necesaria una correccion ininterrumpida. Asegurese de que la conexion a Internet eta establecida. [ERROR: La licencia ha caducado].

por favor no se que hacer estoy desesperada, ojala me puedan colaborar, gracias.

Hola:

Intenta lo siguiente:

Descarga y/o actualiza pero no ejecutes aún:

• Malwarebytes
• Ccleaner

Reinicias el Sistema en Modo Seguro.


Ejecutas Malwarebytes' Anti-Malware;

• Realizas un Scan Completo.
• Marcar la opción "Quitar lo Seleccionado".
• Su Reporte se encuentra en la Pestaña Registro.

Ejecutas en Modo Normal

Ccleaner.

• Usando primero su opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos.
• Despues usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad).

Realizas un análisis con Kaspersky Online Versión Inglesa >> Manual. (No olvides "Salvar" el reporte.

En tu próximo post pegas los reportes de Malwarebytes y Kaspersky Online.

Nos cuentas.

Salu2.

ya tengo los analisis, que pena la demora tuve pequeños incovenientes, muchas gracias por todo
Este es el reporte del Malware:


Malwarebytes' Anti-Malware 1.41
Versión de la Base de Datos: 3037
Windows 5.1.2600 Service Pack 2 (Safe Mode)

27/10/2009 14:26:31
mbam-log-2009-10-27 (14-26-31).txt

Tipo de examen : Examen Completo (C:\|D:\|)
Objetos examinados: 313001
Tiempo transcurrido: 3 hour(s), 9 minute(s), 17 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 5
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 4
Ficheros Infectados: 100

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{g0np7z2v-b1zd-qhjb-52lr-oua3xrmoqgok} (Generic.Bot.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{63mad6m8-1mad-81ad-jim6-26op5g6789085} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{63mad6m8-1mad-81ad-jim6-26op5g1234585} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{67mad6m8-1mad-81ad-mad6-32op5g1234521} (Trojan.Refroso) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{12lop3s8-1vrx-81vs-jkl6-61op5g7774441} (Trojan.Agent) -> Quarantined and deleted successfully.

Valores del Registro Infectados:
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
C:\WIN\DOWS (Backdoor.IRCBot) -> Quarantined and deleted successfully.
C:\Feast\Ival (Trojan.Refroso) -> Quarantined and deleted successfully.
C:\DODA\JENE (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\AKON\BYONC (Backdoor.Bot) -> Quarantined and deleted successfully.

Ficheros Infectados:
C:\WINDOWS\system32\NVUKZ.exe (Generic.Bot.H) -> Quarantined and deleted successfully.
C:\AKON\BYONC\AKON.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\DODA\JENE\NeST.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WIN\DOWS\LAX.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Agudelo\dqxaqxste.exe (Trojan.PWS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Agudelo\dxvfate.exe (Trojan.PWS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Agudelo\e6p8p44f5.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Agudelo\eaqaaqae.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Agudelo\eaqae.exe (Trojan.PWS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Agudelo\eaqasqae.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Agudelo\easdxzaqae.exe (Trojan.PWS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Agudelo\f3h4i57e8.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Agudelo\q1k9r91i6.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Agudelo\t8e7v98u1.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Agudelo\Configuración local\Archivos temporales de Internet\Content.IE5\021QFTCY\bo2la[1].gif (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Agudelo\Configuración local\Archivos temporales de Internet\Content.IE5\021QFTCY\xaVy[1].gif (Trojan.PWS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Agudelo\Configuración local\Archivos temporales de Internet\Content.IE5\021QFTCY\xaVy[2].gif (Trojan.PWS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Agudelo\Configuración local\Archivos temporales de Internet\Content.IE5\136YK5JA\xy[2].gif (Trojan.PWS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Agudelo\Configuración local\Archivos temporales de Internet\Content.IE5\49MRG92N\xaVy[1].gif (Trojan.PWS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Agudelo\Configuración local\Archivos temporales de Internet\Content.IE5\6IW1EE46\man[1].gif (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Agudelo\Configuración local\Archivos temporales de Internet\Content.IE5\85E78TEN\xaVy[1].gif (Trojan.PWS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Agudelo\Configuración local\Archivos temporales de Internet\Content.IE5\85E78TEN\xaVy[2].gif (Trojan.PWS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Agudelo\Configuración local\Archivos temporales de Internet\Content.IE5\85E78TEN\xaVy[3].gif (Trojan.PWS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Agudelo\Datos de programa\Desktopicon\eBayShortcuts.exe (Adware.ADON) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invitado\c9p6q98l4.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invitado\Configuración local\Archivos temporales de Internet\Content.IE5\1YVQ7IXG\mandat[1].avi (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DAC82D3-6E16-4A44-801A-20A3548A0266}\RP25\A0039682.exe (Trojan.Dialer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DAC82D3-6E16-4A44-801A-20A3548A0266}\RP25\A0042682.exe (Trojan.Dialer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DAC82D3-6E16-4A44-801A-20A3548A0266}\RP25\A0042688.exe (Trojan.Dialer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DAC82D3-6E16-4A44-801A-20A3548A0266}\RP25\A0044682.exe (Trojan.Dialer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DAC82D3-6E16-4A44-801A-20A3548A0266}\RP25\A0044684.exe (Trojan.Dialer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DAC82D3-6E16-4A44-801A-20A3548A0266}\RP25\A0044713.exe (Trojan.Dialer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DAC82D3-6E16-4A44-801A-20A3548A0266}\RP25\A0044714.exe (Trojan.Dialer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DAC82D3-6E16-4A44-801A-20A3548A0266}\RP26\A0044771.exe (Trojan.Dialer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DAC82D3-6E16-4A44-801A-20A3548A0266}\RP26\A0044772.exe (Trojan.Dialer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DAC82D3-6E16-4A44-801A-20A3548A0266}\RP26\A0044825.exe (Trojan.Dialer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DAC82D3-6E16-4A44-801A-20A3548A0266}\RP26\A0044856.exe (Trojan.Dialer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DAC82D3-6E16-4A44-801A-20A3548A0266}\RP27\A0045901.exe (Trojan.Dialer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DAC82D3-6E16-4A44-801A-20A3548A0266}\RP27\A0045902.exe (Trojan.Dialer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DAC82D3-6E16-4A44-801A-20A3548A0266}\RP27\A0045938.exe (Trojan.Dialer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DAC82D3-6E16-4A44-801A-20A3548A0266}\RP27\A0045940.exe (Trojan.Dialer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DAC82D3-6E16-4A44-801A-20A3548A0266}\RP28\A0048971.exe (Trojan.Dialer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DAC82D3-6E16-4A44-801A-20A3548A0266}\RP28\A0050015.exe (Trojan.Dialer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DAC82D3-6E16-4A44-801A-20A3548A0266}\RP28\A0050016.exe (Trojan.Dialer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DAC82D3-6E16-4A44-801A-20A3548A0266}\RP28\A0051036.exe (Trojan.Dialer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DAC82D3-6E16-4A44-801A-20A3548A0266}\RP28\A0051037.exe (Trojan.Dialer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DAC82D3-6E16-4A44-801A-20A3548A0266}\RP28\A0051075.exe (Trojan.Dialer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DAC82D3-6E16-4A44-801A-20A3548A0266}\RP28\A0051076.exe (Trojan.Dialer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DAC82D3-6E16-4A44-801A-20A3548A0266}\RP29\A0051139.exe (Trojan.Dialer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DAC82D3-6E16-4A44-801A-20A3548A0266}\RP29\A0051142.exe (Trojan.Dialer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DAC82D3-6E16-4A44-801A-20A3548A0266}\RP29\A0052170.exe (Trojan.Dialer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DAC82D3-6E16-4A44-801A-20A3548A0266}\RP30\A0052221.exe (Trojan.Dialer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DAC82D3-6E16-4A44-801A-20A3548A0266}\RP30\A0055214.exe (Trojan.Dialer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DAC82D3-6E16-4A44-801A-20A3548A0266}\RP30\A0055229.exe (Trojan.Dialer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DAC82D3-6E16-4A44-801A-20A3548A0266}\RP30\A0055230.exe (Trojan.Dialer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DAC82D3-6E16-4A44-801A-20A3548A0266}\RP31\A0057326.exe (Trojan.Dialer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DAC82D3-6E16-4A44-801A-20A3548A0266}\RP31\A0057333.exe (Trojan.Dialer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DAC82D3-6E16-4A44-801A-20A3548A0266}\RP31\A0057355.exe (Trojan.Dialer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DAC82D3-6E16-4A44-801A-20A3548A0266}\RP31\A0057357.exe (Trojan.Dialer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DAC82D3-6E16-4A44-801A-20A3548A0266}\RP38\A0095553.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DAC82D3-6E16-4A44-801A-20A3548A0266}\RP38\A0095564.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DAC82D3-6E16-4A44-801A-20A3548A0266}\RP39\A0095591.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DAC82D3-6E16-4A44-801A-20A3548A0266}\RP40\A0096651.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DAC82D3-6E16-4A44-801A-20A3548A0266}\RP40\A0100713.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DAC82D3-6E16-4A44-801A-20A3548A0266}\RP42\A0103850.exe (Trojan.Dialer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DAC82D3-6E16-4A44-801A-20A3548A0266}\RP42\A0103851.exe (Trojan.Dialer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DAC82D3-6E16-4A44-801A-20A3548A0266}\RP42\A0103855.exe (Trojan.Dialer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DAC82D3-6E16-4A44-801A-20A3548A0266}\RP42\A0103858.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DAC82D3-6E16-4A44-801A-20A3548A0266}\RP42\A0103872.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DAC82D3-6E16-4A44-801A-20A3548A0266}\RP42\A0103915.exe (Trojan.Dialer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DAC82D3-6E16-4A44-801A-20A3548A0266}\RP42\A0103959.exe (Trojan.Refroso) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DAC82D3-6E16-4A44-801A-20A3548A0266}\RP42\A0103961.exe (Trojan.VBKrypt) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DAC82D3-6E16-4A44-801A-20A3548A0266}\RP42\A0103967.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DAC82D3-6E16-4A44-801A-20A3548A0266}\RP42\A0103968.EXE (Trojan.FlyStudio) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DAC82D3-6E16-4A44-801A-20A3548A0266}\RP42\A0103986.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DAC82D3-6E16-4A44-801A-20A3548A0266}\RP44\A0104179.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DAC82D3-6E16-4A44-801A-20A3548A0266}\RP44\A0104181.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DAC82D3-6E16-4A44-801A-20A3548A0266}\RP44\A0104201.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DAC82D3-6E16-4A44-801A-20A3548A0266}\RP44\A0104204.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DAC82D3-6E16-4A44-801A-20A3548A0266}\RP45\A0104244.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DAC82D3-6E16-4A44-801A-20A3548A0266}\RP45\A0104250.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DAC82D3-6E16-4A44-801A-20A3548A0266}\RP45\A0104251.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DAC82D3-6E16-4A44-801A-20A3548A0266}\RP45\A0104252.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DAC82D3-6E16-4A44-801A-20A3548A0266}\RP45\A0104287.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DAC82D3-6E16-4A44-801A-20A3548A0266}\RP46\A0104369.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DAC82D3-6E16-4A44-801A-20A3548A0266}\RP46\A0104478.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DAC82D3-6E16-4A44-801A-20A3548A0266}\RP46\A0104479.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DAC82D3-6E16-4A44-801A-20A3548A0266}\RP47\A0104538.exe (Trojan.PWS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DAC82D3-6E16-4A44-801A-20A3548A0266}\RP47\A0104539.exe (Trojan.PWS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DAC82D3-6E16-4A44-801A-20A3548A0266}\RP48\A0104540.exe (Trojan.PWS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DAC82D3-6E16-4A44-801A-20A3548A0266}\RP48\A0104541.exe (Trojan.PWS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DAC82D3-6E16-4A44-801A-20A3548A0266}\RP48\A0107586.exe (Trojan.PWS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DAC82D3-6E16-4A44-801A-20A3548A0266}\RP48\A0107587.exe (Trojan.PWS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DAC82D3-6E16-4A44-801A-20A3548A0266}\RP48\A0107606.exe (Trojan.PWS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DAC82D3-6E16-4A44-801A-20A3548A0266}\RP48\A0107631.exe (Trojan.PWS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DAC82D3-6E16-4A44-801A-20A3548A0266}\RP48\A0107763.exe (Trojan.PWS) -> Quarantined and deleted successfully.
C:\xAVx\ReleAsE\xAVy.exe (Trojan.PWS) -> Quarantined and deleted successfully.
C:\WIN\DOWS\desKtOp.InI (Backdoor.IRCBot) -> Quarantined and deleted successfully.
C:\DODA\JENE\desKtOp.InI (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\AKON\BYONC\desKtOp.InI (Backdoor.Bot) -> Quarantined and deleted successfully.





y este es el reporte del kaspersky:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, October 29, 2009
Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, October 29, 2009 14:37:51
Records in database: 3101822
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Objects scanned: 173459
Threats found: 3
Infected objects found: 14
Suspicious objects found: 0
Scan duration: 06:08:32


File name / Threat / Threats count
C:\Documents and Settings\Agudelo\a8g3b96f9.exe Infected: Trojan.Win32.Scar.ahnl 1
C:\Documents and Settings\Agudelo\Configuración local\Temp\IHE.tmp Infected: Trojan.Win32.Scar.ahnl 1
C:\Documents and Settings\Agudelo\g7n5b76e9.exe Infected: Trojan.Win32.Scar.ahnl 1
C:\Documents and Settings\Agudelo\g7q7i42e4.exe Infected: Trojan.Win32.Scar.ahnl 1
C:\Documents and Settings\Agudelo\h5g9x97f2.exe Infected: Trojan.Win32.Scar.ahnl 1
C:\Documents and Settings\Agudelo\h7j9f65w8.exe Infected: Trojan.Win32.Scar.ahnl 1
C:\Documents and Settings\Agudelo\k1m1x63s7.exe Infected: Trojan.Win32.Scar.ahnl 1
C:\Documents and Settings\Agudelo\k7j7t44k3.exe Infected: Trojan.Win32.Scar.ahnl 1
C:\Documents and Settings\Agudelo\v1q5q93q5.exe Infected: Trojan.Win32.Scar.ahnl 1
C:\Documents and Settings\Agudelo\v9y3c66o4.exe Infected: Trojan.Win32.Scar.ahnl 1
C:\Documents and Settings\Agudelo\w8h8z56b8.exe Infected: Trojan.Win32.Scar.ahnl 1
C:\Documents and Settings\Agudelo\y5o8h28d4.exe Infected: Trojan.Win32.Scar.ahnl 1
C:\MAD\TRACK\mad.exe Infected: Trojan.Win32.VB.vhu 1
C:\WINDOWS\system32\0FCAA3\u6t7f4.exe Infected: not-a-virus:AdWare.Win32.FlyStudio.l 1

Selected area has been scanned.


espero instrucciones muchas gracias de nuevo.

Hola mayeazul09:

Pues si que había cosas por ahí..y aun hay mas...

Realiza lo siguiente:


Desactivas Restaurar Sistema, y lo dejas así hasta que terminemos con la desinfección:

• Descarga OTM by OldTimer en el escritorio.
  • Haz doble clic sobre el icono OTM.exe para ejecutarlo
  • Asegúrate que esté marcada la casilla "Unregister Dll´s and Ocx´s".
  • Pega el siguiente script bajo el area "Paste Instructions for items to be Moved". (Se excluye la palabra "codigo").
    
    
    Código:

    :files
    C:\Documents and Settings\Agudelo\a8g3b96f9.exe
    C:\Documents and Settings\Agudelo\Configuración local\Temp\IHE.tmp
    C:\Documents and Settings\Agudelo\g7n5b76e9.exe
    C:\Documents and Settings\Agudelo\g7q7i42e4.exe
    C:\Documents and Settings\Agudelo\h5g9x97f2.exe
    C:\Documents and Settings\Agudelo\h7j9f65w8.exe
    C:\Documents and Settings\Agudelo\k1m1x63s7.exe
    C:\Documents and Settings\Agudelo\k7j7t44k3.exe
    C:\Documents and Settings\Agudelo\v1q5q93q5.exe
    C:\Documents and Settings\Agudelo\v9y3c66o4.exe
    C:\Documents and Settings\Agudelo\w8h8z56b8.exe
    C:\Documents and Settings\Agudelo\y5o8h28d4.exe
    C:\MAD\TRACK\mad.exe
    C:\WINDOWS\system32\0FCAA3\u6t7f4.exe
    
    :commands
    [emptytemp]
    [Reboot]
    

  • Presiona el boton rojo MoveIt!
  • Espera hasta cuando el resultado aparezca en el marco Results.
  • Permite que se reinicie el equipo, esto es importante.
  • Envía el reporte de OTM situado sobre C: \ _ OTM\MovedFiles\***_***.log

Actualiza Malwarebytes y vuelve a correrlo en Modo Normal.

Realizas un nuevo análisis con Kaspersky.

En tu próximo post, pegas los reportes de OTM, Malwarebytes y Kaspersky.


Salu2.

que pena la demora es debido a que comparto el p.c con mis hermanos y ellos tienen tareas por eso no habia podidi responder, pero aqui estan los reportes:
OTM:

All processes killed
========== FILES ==========
C:\Documents and Settings\Agudelo\a8g3b96f9.exe moved successfully.
C:\Documents and Settings\Agudelo\Configuración local\Temp\IHE.tmp moved successfully.
C:\Documents and Settings\Agudelo\g7n5b76e9.exe moved successfully.
C:\Documents and Settings\Agudelo\g7q7i42e4.exe moved successfully.
C:\Documents and Settings\Agudelo\h5g9x97f2.exe moved successfully.
C:\Documents and Settings\Agudelo\h7j9f65w8.exe moved successfully.
C:\Documents and Settings\Agudelo\k1m1x63s7.exe moved successfully.
C:\Documents and Settings\Agudelo\k7j7t44k3.exe moved successfully.
C:\Documents and Settings\Agudelo\v1q5q93q5.exe moved successfully.
C:\Documents and Settings\Agudelo\v9y3c66o4.exe moved successfully.
C:\Documents and Settings\Agudelo\w8h8z56b8.exe moved successfully.
C:\Documents and Settings\Agudelo\y5o8h28d4.exe moved successfully.
C:\MAD\TRACK\mad.exe moved successfully.
C:\WINDOWS\system32\0FCAA3\u6t7f4.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrador
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Agudelo
File delete failed. C:\Documents and Settings\Agudelo\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\XOOZ59CP\challenge[1].new_audio_default&psig=3nleCSKGktqjv1QA_j6VZHfZhY o&nonce=G0UAGJ_P7p51-5Y2KTITIA&tt=gk0C66X_JoQgEas-R5D6kMO6yIs&time=1254631743&new_audio_default=1 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Agudelo\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\XOOZ59CP\ht%3D90%26pubid%3D99 ee858a3e0e99d07df75b6b4081eb9e%26bgcolor%3Dffedfe% 26textcolor%3D93008a%26bordercolor%3Dffbdfb%26link color%3D93008a%26fb_sig_in_iframe%3D1%26fb_sig_&r= 0 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Agudelo\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\SXUB4967\ht%3D90%26pubid%3D99 ee858a3e0e99d07df75b6b4081eb9e%26bgcolor%3Dffedfe% 26textcolor%3D93008a%26bordercolor%3Dffbdfb%26link color%3D93008a%26fb_sig_in_iframe%3D1%26fb_sig_&r= 0 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Agudelo\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\PRQIEBI5\ht%3D90%26pubid%3D99 ee858a3e0e99d07df75b6b4081eb9e%26bgcolor%3Dffedfe% 26textcolor%3D93008a%26bordercolor%3Dffbdfb%26link color%3D93008a%26fb_sig_in_iframe%3D1%26fb_sig_&r= 0 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Agudelo\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\OR43UNCR\challenge[1].new_audio_default&psig=7FW4G9tB7Tf2umoOvyCewS-R5iU&nonce=YRDZftBq7Q2GA2dnFeTzOg&tt=D7Zpyh_Mn2In8 1gz0ssSqeO36_Q&time=1254630383&new_audio_default=1 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Agudelo\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\OR43UNCR\ht%3D90%26pubid%3D99 ee858a3e0e99d07df75b6b4081eb9e%26bgcolor%3Dffedfe% 26textcolor%3D93008a%26bordercolor%3Dffbdfb%26link color%3D93008a%26fb_sig_in_iframe%3D1%26fb_sig_&r= 0 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Agudelo\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\OLIJSP2Z\ht%3D90%26pubid%3D99 ee858a3e0e99d07df75b6b4081eb9e%26bgcolor%3Dffedfe% 26textcolor%3D93008a%26bordercolor%3Dffbdfb%26link color%3D93008a%26fb_sig_in_iframe%3D1%26fb_sig_&r= 0 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Agudelo\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\CP2VO1YZ\ht%3D90%26pubid%3D99 ee858a3e0e99d07df75b6b4081eb9e%26bgcolor%3Dffedfe% 26textcolor%3D93008a%26bordercolor%3Dffbdfb%26link color%3D93008a%26fb_sig_in_iframe%3D1%26fb_sig_&r= 0 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Agudelo\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\BHUN8TER\challenge[1].new_audio_default&psig=MPFN2_4aUN1K3xcUCVvWvSpITq c&nonce=hwb6qzLG-3BPSoYG7raj2A&tt=dCUBPOl8oTqsr4CB19ryTYz-7ng&time=1254631160&new_audio_default=1 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Agudelo\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\BHUN8TER\ht%3D90%26pubid%3D99 ee858a3e0e99d07df75b6b4081eb9e%26bgcolor%3Dffedfe% 26textcolor%3D93008a%26bordercolor%3Dffbdfb%26link color%3D93008a%26fb_sig_in_iframe%3D1%26fb_sig_&r= 0 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Agudelo\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\8PIFWLIN\ht%3D90%26pubid%3D99 ee858a3e0e99d07df75b6b4081eb9e%26bgcolor%3Dffedfe% 26textcolor%3D93008a%26bordercolor%3Dffbdfb%26link color%3D93008a%26fb_sig_in_iframe%3D1%26fb_sig_&r= 0 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Agudelo\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\714K9OL0\ht%3D90%26pubid%3D99 ee858a3e0e99d07df75b6b4081eb9e%26bgcolor%3Dffedfe% 26textcolor%3D93008a%26bordercolor%3Dffbdfb%26link color%3D93008a%26fb_sig_in_iframe%3D1%26fb_sig_&r= 0 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Agudelo\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\0XU7WXQ3\challenge[1].new_audio_default&psig=xJPFZwminUd20Ayp0QiGeqmTtO c&nonce=mcaN6I1LHXgUV--eYHC2dw&tt=nBfhWctSkJod0UFx9z7WwfXogB0&time=125463 1020&new_audio_default=1 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Agudelo\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\0XU7WXQ3\ht%3D90%26pubid%3D99 ee858a3e0e99d07df75b6b4081eb9e%26bgcolor%3Dffedfe% 26textcolor%3D93008a%26bordercolor%3Dffbdfb%26link color%3D93008a%26fb_sig_in_iframe%3D1%26fb_sig_&r= 0 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Agudelo\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\0H6JGDEF\ht%3D90%26pubid%3D99 ee858a3e0e99d07df75b6b4081eb9e%26bgcolor%3Dffedfe% 26textcolor%3D93008a%26bordercolor%3Dffbdfb%26link color%3D93008a%26fb_sig_in_iframe%3D1%26fb_sig_&r= 0 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Agudelo\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\07EB6MS4\ht%3D90%26pubid%3D99 ee858a3e0e99d07df75b6b4081eb9e%26bgcolor%3Dffedfe% 26textcolor%3D93008a%26bordercolor%3Dffbdfb%26link color%3D93008a%26fb_sig_in_iframe%3D1%26fb_sig_&r= 0 scheduled to be deleted on reboot.
->Temp folder emptied: 683578024 bytes
->Temporary Internet Files folder emptied: 168031181 bytes
->Java cache emptied: 25621439 bytes
->FireFox cache emptied: 47801669 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Invitado
->Temp folder emptied: 22692664 bytes
->Temporary Internet Files folder emptied: 91953893 bytes
->Java cache emptied: 45026 bytes
->FireFox cache emptied: 59115081 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: usuario
->Temp folder emptied: 401639924 bytes
->Temporary Internet Files folder emptied: 12598031 bytes
->Java cache emptied: 148511 bytes
->FireFox cache emptied: 15088254 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2114656 bytes
%systemroot%\System32 .tmp files removed: 2909 bytes
Windows Temp folder emptied: 2305692 bytes
RecycleBin emptied: 29495638 bytes

Total Files Cleaned = 1489,99 mb


OTM by OldTimer - Version 3.0.0.6 log created on 10302009_172250

Files moved on Reboot...
File C:\Documents and Settings\Agudelo\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\XOOZ59CP\challenge[1].new_audio_default&psig=3nleCSKGktqjv1QA_j6VZHfZhY o&nonce=G0UAGJ_P7p51-5Y2KTITIA&tt=gk0C66X_JoQgEas-R5D6kMO6yIs&time=1254631743&new_audio_default=1 not found!
File C:\Documents and Settings\Agudelo\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\XOOZ59CP\ht%3D90%26pubid%3D99 ee858a3e0e99d07df75b6b4081eb9e%26bgcolor%3Dffedfe% 26textcolor%3D93008a%26bordercolor%3Dffbdfb%26link color%3D93008a%26fb_sig_in_iframe%3D1%26fb_sig_&r= 0 not found!
File C:\Documents and Settings\Agudelo\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\SXUB4967\ht%3D90%26pubid%3D99 ee858a3e0e99d07df75b6b4081eb9e%26bgcolor%3Dffedfe% 26textcolor%3D93008a%26bordercolor%3Dffbdfb%26link color%3D93008a%26fb_sig_in_iframe%3D1%26fb_sig_&r= 0 not found!
File C:\Documents and Settings\Agudelo\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\PRQIEBI5\ht%3D90%26pubid%3D99 ee858a3e0e99d07df75b6b4081eb9e%26bgcolor%3Dffedfe% 26textcolor%3D93008a%26bordercolor%3Dffbdfb%26link color%3D93008a%26fb_sig_in_iframe%3D1%26fb_sig_&r= 0 not found!
File C:\Documents and Settings\Agudelo\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\OR43UNCR\challenge[1].new_audio_default&psig=7FW4G9tB7Tf2umoOvyCewS-R5iU&nonce=YRDZftBq7Q2GA2dnFeTzOg&tt=D7Zpyh_Mn2In8 1gz0ssSqeO36_Q&time=1254630383&new_audio_default=1 not found!
File C:\Documents and Settings\Agudelo\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\OR43UNCR\ht%3D90%26pubid%3D99 ee858a3e0e99d07df75b6b4081eb9e%26bgcolor%3Dffedfe% 26textcolor%3D93008a%26bordercolor%3Dffbdfb%26link color%3D93008a%26fb_sig_in_iframe%3D1%26fb_sig_&r= 0 not found!
File C:\Documents and Settings\Agudelo\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\OLIJSP2Z\ht%3D90%26pubid%3D99 ee858a3e0e99d07df75b6b4081eb9e%26bgcolor%3Dffedfe% 26textcolor%3D93008a%26bordercolor%3Dffbdfb%26link color%3D93008a%26fb_sig_in_iframe%3D1%26fb_sig_&r= 0 not found!
File C:\Documents and Settings\Agudelo\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\CP2VO1YZ\ht%3D90%26pubid%3D99 ee858a3e0e99d07df75b6b4081eb9e%26bgcolor%3Dffedfe% 26textcolor%3D93008a%26bordercolor%3Dffbdfb%26link color%3D93008a%26fb_sig_in_iframe%3D1%26fb_sig_&r= 0 not found!
File C:\Documents and Settings\Agudelo\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\BHUN8TER\challenge[1].new_audio_default&psig=MPFN2_4aUN1K3xcUCVvWvSpITq c&nonce=hwb6qzLG-3BPSoYG7raj2A&tt=dCUBPOl8oTqsr4CB19ryTYz-7ng&time=1254631160&new_audio_default=1 not found!
File C:\Documents and Settings\Agudelo\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\BHUN8TER\ht%3D90%26pubid%3D99 ee858a3e0e99d07df75b6b4081eb9e%26bgcolor%3Dffedfe% 26textcolor%3D93008a%26bordercolor%3Dffbdfb%26link color%3D93008a%26fb_sig_in_iframe%3D1%26fb_sig_&r= 0 not found!
File C:\Documents and Settings\Agudelo\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\8PIFWLIN\ht%3D90%26pubid%3D99 ee858a3e0e99d07df75b6b4081eb9e%26bgcolor%3Dffedfe% 26textcolor%3D93008a%26bordercolor%3Dffbdfb%26link color%3D93008a%26fb_sig_in_iframe%3D1%26fb_sig_&r= 0 not found!
File C:\Documents and Settings\Agudelo\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\714K9OL0\ht%3D90%26pubid%3D99 ee858a3e0e99d07df75b6b4081eb9e%26bgcolor%3Dffedfe% 26textcolor%3D93008a%26bordercolor%3Dffbdfb%26link color%3D93008a%26fb_sig_in_iframe%3D1%26fb_sig_&r= 0 not found!
File C:\Documents and Settings\Agudelo\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\0XU7WXQ3\challenge[1].new_audio_default&psig=xJPFZwminUd20Ayp0QiGeqmTtO c&nonce=mcaN6I1LHXgUV--eYHC2dw&tt=nBfhWctSkJod0UFx9z7WwfXogB0&time=125463 1020&new_audio_default=1 not found!
File C:\Documents and Settings\Agudelo\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\0XU7WXQ3\ht%3D90%26pubid%3D99 ee858a3e0e99d07df75b6b4081eb9e%26bgcolor%3Dffedfe% 26textcolor%3D93008a%26bordercolor%3Dffbdfb%26link color%3D93008a%26fb_sig_in_iframe%3D1%26fb_sig_&r= 0 not found!
File C:\Documents and Settings\Agudelo\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\0H6JGDEF\ht%3D90%26pubid%3D99 ee858a3e0e99d07df75b6b4081eb9e%26bgcolor%3Dffedfe% 26textcolor%3D93008a%26bordercolor%3Dffbdfb%26link color%3D93008a%26fb_sig_in_iframe%3D1%26fb_sig_&r= 0 not found!
File C:\Documents and Settings\Agudelo\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\07EB6MS4\ht%3D90%26pubid%3D99 ee858a3e0e99d07df75b6b4081eb9e%26bgcolor%3Dffedfe% 26textcolor%3D93008a%26bordercolor%3Dffbdfb%26link color%3D93008a%26fb_sig_in_iframe%3D1%26fb_sig_&r= 0 not found!

Registry entries deleted on Reboot...


MALWARE:
Malwarebytes' Anti-Malware 1.41
Versión de la Base de Datos: 3063
Windows 5.1.2600 Service Pack 2

30/10/2009 18:48:01
mbam-log-2009-10-30 (18-48-01).txt

Tipo de examen : Examen Completo (C:\|D:\|)
Objetos examinados: 289159
Tiempo transcurrido: 1 hour(s), 11 minute(s), 59 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 3
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 1
Ficheros Infectados: 0

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{63mad6m8-1mad-81ad-jim6-32op5g1234521} (Worm.AutoRun) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{14mad6m8-1mad-81ad-jim6-26op5g3369085} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{63mad6m8-1mad-81ad-jim6-56op5g1234999} (Backdoor.Bot) -> Quarantined and deleted successfully.

Valores del Registro Infectados:
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
C:\jim\carry (Worm.AutoRun) -> Quarantined and deleted successfully.

Ficheros Infectados:
(No se han detectado elementos maliciosos)


KASPERSKY:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, November 4, 2009
Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, November 04, 2009 17:01:05
Records in database: 3132202
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Objects scanned: 161401
Threats found: 7
Infected objects found: 26
Suspicious objects found: 0
Scan duration: 06:17:48


File name / Threat / Threats count
C:\AKON\BYONC\AKON.exe Infected: Trojan-Downloader.Win32.VB.sef 1
C:\Archivos de programa\Archivos comunes\System\Mapi\3082\easdxzaqae.exe Infected: Trojan.Win32.Kreeper.ey 1
C:\Documents and Settings\Agudelo\Configuración local\Archivos temporales de Internet\Content.IE5\0B9R6IVH\4[1].gif Infected: Trojan.Win32.Kreeper.ey 1
C:\Documents and Settings\Agudelo\easdxzaqae.exe Infected: Trojan.Win32.Kreeper.ey 1
C:\Documents and Settings\Agudelo\f8l3w89k5.exe Infected: Trojan.Win32.Kreeper.ga 1
C:\Documents and Settings\Agudelo\m6e9q29h1.exe Infected: Trojan.Win32.Kreeper.ga 1
C:\Documents and Settings\Agudelo\s1s3c15u4.exe Infected: Trojan.Win32.Kreeper.ga 1
C:\Documents and Settings\Agudelo\uf37y5.exe Infected: Trojan.Win32.Kreeper.ga 1
C:\Documents and Settings\Agudelo\uf3d7y5.exe Infected: Trojan.Win32.Kreeper.ey 1
C:\hjvjte.exe Infected: Trojan-GameThief.Win32.Magania.cktj 1
C:\Tender\InterPol\NkeY.exe Infected: Trojan.Win32.Kreeper.ey 1
C:\_OTM\MovedFiles\10302009_172250\Documents and Settings\Agudelo\a8g3b96f9.exe Infected: Trojan.Win32.Scar.ahnl 1
C:\_OTM\MovedFiles\10302009_172250\Documents and Settings\Agudelo\Configuración local\Temp\IHE.tmp Infected: Trojan.Win32.Scar.ahnl 1
C:\_OTM\MovedFiles\10302009_172250\Documents and Settings\Agudelo\g7n5b76e9.exe Infected: Trojan.Win32.Scar.ahnl 1
C:\_OTM\MovedFiles\10302009_172250\Documents and Settings\Agudelo\g7q7i42e4.exe Infected: Trojan.Win32.Scar.ahnl 1
C:\_OTM\MovedFiles\10302009_172250\Documents and Settings\Agudelo\h5g9x97f2.exe Infected: Trojan.Win32.Scar.ahnl 1
C:\_OTM\MovedFiles\10302009_172250\Documents and Settings\Agudelo\h7j9f65w8.exe Infected: Trojan.Win32.Scar.ahnl 1
C:\_OTM\MovedFiles\10302009_172250\Documents and Settings\Agudelo\k1m1x63s7.exe Infected: Trojan.Win32.Scar.ahnl 1
C:\_OTM\MovedFiles\10302009_172250\Documents and Settings\Agudelo\k7j7t44k3.exe Infected: Trojan.Win32.Scar.ahnl 1
C:\_OTM\MovedFiles\10302009_172250\Documents and Settings\Agudelo\v1q5q93q5.exe Infected: Trojan.Win32.Scar.ahnl 1
C:\_OTM\MovedFiles\10302009_172250\Documents and Settings\Agudelo\v9y3c66o4.exe Infected: Trojan.Win32.Scar.ahnl 1
C:\_OTM\MovedFiles\10302009_172250\Documents and Settings\Agudelo\w8h8z56b8.exe Infected: Trojan.Win32.Scar.ahnl 1
C:\_OTM\MovedFiles\10302009_172250\Documents and Settings\Agudelo\y5o8h28d4.exe Infected: Trojan.Win32.Scar.ahnl 1
C:\_OTM\MovedFiles\10302009_172250\MAD\TRACK\mad.e xe Infected: Trojan.Win32.VB.vhu 1
C:\_OTM\MovedFiles\10302009_172250\WINDOWS\system3 2\0FCAA3\u6t7f4.exe Infected: not-a-virus:AdWare.Win32.FlyStudio.l 1
D:\hjvjte.exe Infected: Trojan-GameThief.Win32.Magania.cktj 1

Selected area has been scanned.





Gracias

Hola:

Continúan las infecciones , el problema en la demora esta en que los bichos se reproducen y se dificulta pues se suman.

Realiza lo siguiente:

Realiza lo siguiente:

Descarga e instala y/o actualiza los siguientes programas, pero no los ejecutes aún:

• OTM by OldTimer en el escritorio
• Dr. Web.
• Flash_Disinfector.exe (al final del post)
• Ccleaner.

Activa Ver los Archivos Ocultos.

Reinicias tu Ordenador en Modo Seguro.


Ejecutas los siguientes programas en este Orden:

OTM
.

• Haz doble clic sobre el icono OTM.exe para ejecutarlo
• Asegúrate que esté marcada la casilla "Unregister Dll´s and Ocx´s".
• Pega el siguiente script bajo el area "Paste Instructions for items to be Moved". (Se excluye la palabra "código").
  
  
  Código:

  :files
  C:\AKON\BYONC\AKON.exe
  C:\Archivos de programa\Archivos comunes\System\Mapi\3082\easdxzaqae.exe
  C:\Documents and Settings\Agudelo\Configuración local\Archivos temporales de Internet\Content.IE5\0B9R6IVH\4[1].gif
  C:\Documents and Settings\Agudelo\easdxzaqae.exe
  C:\Documents and Settings\Agudelo\f8l3w89k5.exe
  C:\Documents and Settings\Agudelo\m6e9q29h1.exe
  C:\Documents and Settings\Agudelo\s1s3c15u4.exe
  C:\Documents and Settings\Agudelo\uf37y5.exe
  C:\Documents and Settings\Agudelo\uf3d7y5.exe
  C:\hjvjte.exe
  C:\Tender\InterPol\NkeY.exe
  D:\hjvjte.exe
  
  
  :commands
  [emptytemp]
  [purity]
  [Reboot]
  

• Presiona el boton rojo MoveIt!
• Espera hasta cuando el resultado aparezca en el marco Results.
• Permite que se reinicie el equipo, esto es importante.
• Envía el reporte de OTM situado sobre C: \ _ OTM\MovedFiles\***_***.log

Flash_Disinfector.exe

• Ejecutar Flash_Disinfector.exe en el PC.
• Luego Colocar los Pendrive en el puerto USB y ejecutarlo nuevamente.

Dr. Web.

• La herramienta primero realiza un Chequeo Express
• Después eliges Escaneo Completo Eliminas o Curras lo que encuentre.
• Terminado el escaneo. Ir a Archivo > Grabar lista de Informes... guardas el reporte.

Ccleaner.

• Ejecutalo en sus dos opciones limpiador y registro
• Haciendo Copia Seguridad cuando te lo pida

En Modo Normal y realizas un análisis con

Eset AV de la siguiente manera: (Nota:Corre tambien en los Navegadores Opera y Firefox)

En tu Próximo post nos colocas los informes de:

-OTM
-Dr. Web
.Eset

Salu2.

hola me tomo mucho tiempo poder analizarlo con todo, tengo muchas cosas en mi p.c pero aqui estan los reportes, gracias.

OTM:

All processes killed
========== FILES ==========
C:\AKON\BYONC\AKON.exe moved successfully.
C:\Archivos de programa\Archivos comunes\System\Mapi\3082\easdxzaqae.exe moved successfully.
File/Folder C:\Documents and Settings\Agudelo\Configuración local\Archivos temporales de Internet\Content.IE5\0B9R6IVH\4[1].gif not found.
C:\Documents and Settings\Agudelo\easdxzaqae.exe moved successfully.
File/Folder C:\Documents and Settings\Agudelo\f8l3w89k5.exe not found.
File/Folder C:\Documents and Settings\Agudelo\m6e9q29h1.exe not found.
File/Folder C:\Documents and Settings\Agudelo\s1s3c15u4.exe not found.
File/Folder C:\Documents and Settings\Agudelo\uf37y5.exe not found.
File/Folder C:\Documents and Settings\Agudelo\uf3d7y5.exe not found.
C:\hjvjte.exe moved successfully.
C:\Tender\InterPol\NkeY.exe moved successfully.
D:\hjvjte.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrador
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Agudelo
->Temp folder emptied: 142117199 bytes
->Temporary Internet Files folder emptied: 26332994 bytes
->Java cache emptied: 128012 bytes
->FireFox cache emptied: 52271586 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Invitado
->Temp folder emptied: 432877 bytes
->Temporary Internet Files folder emptied: 37910434 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 37390228 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: usuario
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 524580 bytes
RecycleBin emptied: 518378 bytes

Total Files Cleaned = 283,87 mb


OTM by OldTimer - Version 3.0.0.6 log created on 11062009_182853

Files moved on Reboot...

Registry entries deleted on Reboot...


Dr. Web:

a8g3b96f9.exe C:\_OTM\MovedFiles\10302009_172250\Documents and Settings\Agudelo Dialer.Siggen.121 Eliminado.
g7n5b76e9.exe C:\_OTM\MovedFiles\10302009_172250\Documents and Settings\Agudelo Dialer.Siggen.121 Eliminado.
g7q7i42e4.exe C:\_OTM\MovedFiles\10302009_172250\Documents and Settings\Agudelo Dialer.Siggen.121 Eliminado.
h5g9x97f2.exe C:\_OTM\MovedFiles\10302009_172250\Documents and Settings\Agudelo Dialer.Siggen.121 Eliminado.
h7j9f65w8.exe C:\_OTM\MovedFiles\10302009_172250\Documents and Settings\Agudelo Dialer.Siggen.121 Eliminado.
k1m1x63s7.exe C:\_OTM\MovedFiles\10302009_172250\Documents and Settings\Agudelo Dialer.Siggen.121 Eliminado.
k7j7t44k3.exe C:\_OTM\MovedFiles\10302009_172250\Documents and Settings\Agudelo Dialer.Siggen.121 Eliminado.
v1q5q93q5.exe C:\_OTM\MovedFiles\10302009_172250\Documents and Settings\Agudelo Dialer.Siggen.121 Eliminado.
v9y3c66o4.exe C:\_OTM\MovedFiles\10302009_172250\Documents and Settings\Agudelo Dialer.Siggen.121 Eliminado.
w8h8z56b8.exe C:\_OTM\MovedFiles\10302009_172250\Documents and Settings\Agudelo Dialer.Siggen.121 Eliminado.
y5o8h28d4.exe C:\_OTM\MovedFiles\10302009_172250\Documents and Settings\Agudelo Dialer.Siggen.121 Eliminado.
IHE.tmp C:\_OTM\MovedFiles\10302009_172250\Documents and Settings\Agudelo\Configuración local\Temp Dialer.Siggen.121 Eliminado.
mad.exe C:\_OTM\MovedFiles\10302009_172250\MAD\TRACK Trojan.PWS.Multi.75 Eliminado.
u6t7f4.exe C:\_OTM\MovedFiles\10302009_172250\WINDOWS\system3 2\0FCAA3 Trojan.Siggen.3067 Eliminado.
hjvjte.exe C:\_OTM\MovedFiles\11062009_182853 Trojan.PWS.Wsgame.12661 Eliminado.
AKON.exe C:\_OTM\MovedFiles\11062009_182853\AKON\BYONC Trojan.Inject.6473 Eliminado.
easdxzaqae.exe C:\_OTM\MovedFiles\11062009_182853\Archivos de programa\Archivos comunes\System\Mapi\3082 Trojan.Siggen.15832 Incurable.Movido.
easdxzaqae.exe C:\_OTM\MovedFiles\11062009_182853\Documents and Settings\Agudelo Trojan.Siggen.15832 Incurable.Movido.
NkeY.exe C:\_OTM\MovedFiles\11062009_182853\Tender\InterPol Trojan.Siggen.15832 Incurable.Movido.
1a1dndah.exe D:\ Trojan.PWS.Wsgame.12661 Eliminado.
mwfubaob.exe D:\ Trojan.PWS.Wsgame.12661 Eliminado.
srgo.exe D:\ Trojan.PWS.Wsgame.12661 Eliminado.


Eset:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=72e7ab6142036a4ab310377cd8eac729
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-11-12 02:14:09
# local_time=2009-11-11 09:14:09 (-0500, Hora est. del Pacífico de SA)
# country="Spain"
# lang=3082
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=8194 67108185 100 100 18024325 41909239 0 0
# scanned=163519
# found=17
# cleaned=17
# scan_time=7773
# nod_component=NOD32MOD_WINNT_SPANISH_BASE Build:0x1108161a
# nod_component=NOD32MOD_WINNT_SPANISH_INET Build:0x1108161a
# nod_component=NOD32MOD_WINNT_SPANISH_STANDARD Build:0x1108161a
C:\autorun.inf Win32/PSW.OnLineGames.NNU Troyano (no se ha podido desinfectar - archivo eliminado - puesto en Cuarentena) 00000000000000000000000000000000 C
C:\g12g.exe Win32/PSW.OnLineGames.NNU Troyano (no se ha podido desinfectar - archivo eliminado - puesto en Cuarentena) 00000000000000000000000000000000 C
C:\pbudsara.exe Win32/PSW.OnLineGames.NNU Troyano (no se ha podido desinfectar - archivo eliminado - puesto en Cuarentena) 00000000000000000000000000000000 C
C:\v1cbvsmq.exe Win32/PSW.OnLineGames.NNU Troyano (no se ha podido desinfectar - archivo eliminado - puesto en Cuarentena) 00000000000000000000000000000000 C
C:\vk0w.exe Win32/PSW.OnLineGames.NNU Troyano (no se ha podido desinfectar - archivo eliminado - puesto en Cuarentena) 00000000000000000000000000000000 C
C:\Documents and Settings\Agudelo\Configuración local\Temp\cvasds0.dll Win32/PSW.OnLineGames.ODJ Troyano (no se ha podido desinfectar - archivo eliminado - puesto en Cuarentena) 00000000000000000000000000000000 C
C:\Documents and Settings\Agudelo\Configuración local\Temp\cvasds1.dll Win32/PSW.OnLineGames.ODJ Troyano (no se ha podido desinfectar - archivo eliminado (después del próximo reinicio) - puesto en Cuarentena) 00000000000000000000000000000000 C
C:\Documents and Settings\Agudelo\Configuración local\Temp\herss.exe Win32/PSW.OnLineGames.NNU Troyano (no se ha podido desinfectar - archivo eliminado - puesto en Cuarentena) 00000000000000000000000000000000 C
C:\Documents and Settings\Agudelo\DoctorWeb\Quarantine\easdxzaqa0.e xe Win32/AutoRun.KS gusano (no se ha podido desinfectar - archivo eliminado - puesto en Cuarentena) 00000000000000000000000000000000 C
C:\Documents and Settings\Agudelo\DoctorWeb\Quarantine\easdxzaqa1.e xe Win32/AutoRun.KS gusano (no se ha podido desinfectar - archivo eliminado - puesto en Cuarentena) 00000000000000000000000000000000 C
C:\Documents and Settings\Agudelo\DoctorWeb\Quarantine\easdxzaqae.e xe Win32/AutoRun.KS gusano (no se ha podido desinfectar - archivo eliminado - puesto en Cuarentena) 00000000000000000000000000000000 C
C:\Documents and Settings\Agudelo\DoctorWeb\Quarantine\NkeY.exe Win32/AutoRun.KS gusano (no se ha podido desinfectar - archivo eliminado - puesto en Cuarentena) 00000000000000000000000000000000 C
C:\Documents and Settings\Agudelo\Escritorio\vdownloader_setup.exe una variante de Win32/Adware.ADON aplicación (eliminado - puesto en Cuarentena) 00000000000000000000000000000000 C
D:\autorun.inf Win32/PSW.OnLineGames.NNU Troyano (no se ha podido desinfectar - archivo eliminado - puesto en Cuarentena) 00000000000000000000000000000000 C
D:\g12g.exe Win32/PSW.OnLineGames.NNU Troyano (no se ha podido desinfectar - archivo eliminado - puesto en Cuarentena) 00000000000000000000000000000000 C
D:\v1cbvsmq.exe Win32/PSW.OnLineGames.NNU Troyano (no se ha podido desinfectar - archivo eliminado - puesto en Cuarentena) 00000000000000000000000000000000 C
D:\vk0w.exe Win32/PSW.OnLineGames.NNU Troyano (no se ha podido desinfectar - archivo eliminado - puesto en Cuarentena) 00000000000000000000000000000000 C

Hola:

Todas las herramientas encontraron infecciones..

Realiza lo siguiente:

* Ejecuta OTM
o Asegurate de estar conectado a internet.
o Presiona el botón CleanUp!
o Confirma el inicio del proceso de limpieza pulsando en "Yes".
o Aparecerá un listado de las herramientas usadas durante la desinfección.
o OTM pedira que reinicie el sistema, confírmelo pulsando en "Yes".

Elimina la carpeta de Dr. Web, y vaciás la Papelera, con ello se eliminara su cuarentena.

Vuelves a ejecutar Malwarebytes desde Modo Seguro, (Recuerda actualizarlo previamente en Modo Normal.)

Para confirmar que el equipo este limpio, vuelves a realizar un analisis Kaspersky Online Versión Inglesa >> Manual. (No olvides "Salvar" el reporte.).

Recuerda volver y comentar como sigue el Pc.

Salu2.