Foro de InfoSpyware - Foro de Hijackthis - Foro de Virus

QUE TAL

DESDE HACE MUCHO TIEMPO ME APARECE EL CLÁSICO ERROR DEL BERASJATAH AL INICIAR MI PC.

ME ACABO DE DAR CUENTA DE QUE ES UN VIRUS.
CORRÍ EL BITDEFENDER Y ME DA ESTO COMO RESULTADO

BitDefender QuickScan Beta v0.9.7.8
-----------------------------------

Scan date: Thu Nov 05 13:52:34 2009
Machine ID: CE5AB72

C:\autorun.inf executes C:\1a1dndah.exe
Process Explorer.exe (1412) is affected by Gen:Trojan.Heur.Nsanti.du4@cuL1lQp
Process java.exe (1496) is affected by Gen:Trojan.Heur.Nsanti.du4@cuL1lQp
Process AhnRpta.exe (1692) is affected by Gen:Trojan.Heur.Nsanti.du4@cuL1lQp


Found 4 infected files!
-------------------------
c:\windows\system32\softqq0.dll - Gen:Trojan.Heur.Nsanti.du4@cChu2yj
C:\WINDOWS\system32\IntelProset.exe - Gen:Trojan.Heur.VB.em0@dCtq1gG
C:\recycler\s-1-5-21-2216122345-9142935142-987106867-5659\sysdate.exe - Worm.P2P.Palevo.B
C:\WINDOWS\system32\ahndoor0.dll - Gen:Trojan.Heur.Nsanti.du4@cuL1lQp


Processes
---------

<verified> Java(TM) Platform SE binary 1496 C:\Archivos de programa\Java\jre6\bin\java.exe
<verified> Firefox 1680 C:\Archivos de programa\Mozilla Firefox\firefox.exe
<verified> Bloc de notas 1692 C:\WINDOWS\AhnRpta.exe
<verified> Explorador de Windows 1412 C:\WINDOWS\Explorer.exe
<verified> Client Server Runtime Process 468 C:\WINDOWS\system32\csrss.exe
<verified> LSA Shell (Export Version) 548 C:\WINDOWS\system32\lsass.exe
<verified> Aplicación de servicios y controlador 536 C:\WINDOWS\system32\services.exe
<verified> Administrador de sesión de Windows NT 408 C:\WINDOWS\System32\smss.exe
<verified> Generic Host Process for Win32 Services 692 C:\WINDOWS\system32\svchost.exe
<verified> Generic Host Process for Win32 Services 760 C:\WINDOWS\system32\svchost.exe
<verified> Generic Host Process for Win32 Services 880 C:\WINDOWS\system32\svchost.exe
<verified> Generic Host Process for Win32 Services 904 C:\WINDOWS\system32\svchost.exe
<verified> Generic Host Process for Win32 Services 948 C:\WINDOWS\system32\svchost.exe
<verified> Aplicación de inicio de sesión de Windows NT 492 C:\WINDOWS\system32\winlogon.exe


Network activity
----------------
Process java.exe (1496) connected on port 80 (HTTP) - 38.117.107.188
Process firefox.exe (1680) connected on port 80 (HTTP) - ds160.xs4all.nl
Process firefox.exe (1680) connected on port 80 (HTTP) - ds160.xs4all.nl
Process firefox.exe (1680) connected on port 80 (HTTP) - ds160.xs4all.nl
Process firefox.exe (1680) connected on port 80 (HTTP) - ds160.xs4all.nl
Process firefox.exe (1680) connected on port 80 (HTTP) - dc3.122.2o7.net
Process firefox.exe (1680) connected on port 80 (HTTP) - a69-192-124-20.deploy.akamaitechnologies.com
Process firefox.exe (1680) connected on port 80 (HTTP) - ds160.xs4all.nl
Process firefox.exe (1680) connected on port 80 (HTTP) - ds160.xs4all.nl

Process svchost.exe (760) listens on ports: 135 (RPC)


Autoruns and critical files
---------------------------
<unsigned> Adobe Acrobat SpeedLauncher C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
<unsigned> Adobe Photoshop Album Starter Edition 3.0 componen C:\Archivos de programa\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
<unsigned> ATI Desktop Control Panel C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe
<unsigned> LtMoh MFC Application C:\Archivos de programa\ltmoh\Ltmoh.exe
<unsigned> Accelerator Core Services C:\Archivos de programa\Max\maxcore.exe
<unsigned> Accelerator User Interface C:\Archivos de programa\Max\maxgui.exe
<unsigned> qttask.exe C:\Archivos de programa\QuickTime\qttask.exe
<unsigned> CD/DVD Drive Acoustic Silencer C:\Archivos de programa\TOSHIBA\TOSCDSPD\toscdspd.exe
<unsigned> TOSHIBA Direct Disc Writer - Event Monitor C:\Archivos de programa\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
<unsigned> SmoothView C:\Archivos de programa\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
<unsigned> PadTouch Main C:\Archivos de programa\TOSHIBA\Touch and Launch\PadExe.exe
<unsigned> TOSHIBA Hotkey Filter Application c:\Archivos de programa\Toshiba\Windows Utilities\Hotkey.exe
<unsigned> TOSHIBA Pinger c:\toshiba\ivp\ism\pinger.exe
<unsigned> SoftModem Messaging Applet C:\WINDOWS\AGRSMMSG.exe
<unsigned> ahndoor0.dll C:\WINDOWS\system32\ahndoor0.dll
<unsigned> CD Burning of Windows XP disabling tool for DVD MU C:\WINDOWS\system32\RAMASST.exe
<unsigned> softqq0.dll c:\windows\system32\softqq0.dll
<unsigned> TPSMain.exe C:\WINDOWS\system32\TPSMain.exe

<verified> RealNetworks Scheduler C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
<verified> ESET GUI C:\Archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe
<verified> Java(TM) Platform SE binary C:\Archivos de programa\Java\jre6\bin\jusched.exe
<verified> Malwarebytes' Anti-Malware C:\Archivos de programa\Malwarebytes' Anti-Malware\mbam.exe
<verified> MindManager Topic Alerts C:\Archivos de programa\Mindjet\MindManager 8\MMReminderService.exe
<verified> Synaptics TouchPad Enhancements C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
<verified> Realtek Azalia Audio - Event Monitor C:\WINDOWS\ALCMTR.EXE
<verified> Realtek HD Audio Control Panel C:\WINDOWS\RTHDCPL.EXE
<verified> Realtek Voice Manager C:\WINDOWS\SkyTel.EXE
<verified> ATI External Event Utility DLL Module C:\WINDOWS\system32\ati2evxx.dll
<verified> Biblioteca de IU Shell Browser C:\WINDOWS\system32\browseui.dll
<verified> Crypto API32 C:\WINDOWS\system32\crypt32.dll
<verified> Crypto Network Related API C:\WINDOWS\system32\cryptnet.dll
<verified> Agente de red sin conexión C:\WINDOWS\system32\cscdll.dll
<verified> CTF Loader C:\WINDOWS\system32\ctfmon.exe
<verified> DIMS Notification Handler C:\WINDOWS\system32\dimsntfy.dll
<verified> Interfaz de usuario de inicio d sesión de Windows C:\WINDOWS\system32\logonui.exe
<verified> Microsoft Feeds Synchronization C:\WINDOWS\system32\msfeedssync.exe
<verified> DLL de notificación de servicio de inicio de sesió C:\WINDOWS\system32\sclgntfy.dll
<verified> DLL común del shell de Windows C:\WINDOWS\system32\shell32.dll
<verified> Objeto de servicio de núcleo Systray c:\windows\system32\stobject.dll
<verified> Aplicación de inicio de sesión (Userinit) c:\windows\system32\userinit.exe
<verified> Web Site Monitor c:\windows\system32\webcheck.dll
<verified> DLL común de recepción de notificaciones Winlogon C:\WINDOWS\system32\wlnotify.dll
<verified> Windows Portable Device Shell Service Object c:\windows\system32\wpdshserviceobj.dll


Browser plugins
---------------
<unsigned> Java(TM) Platform SE binary c:\archivos de programa\java\jre6\bin\jp2ssv.dll
<unsigned> Java(TM) Quick Starter binary c:\archivos de programa\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dl l
<unsigned> Imaging Component c:\archivos de programa\max\components\nowimaging.dll
<unsigned> Accelerator Winsock2 Layered Service Provider C:\Archivos de programa\Max\sliplsp.dll
<unsigned> RealJukebox Netscape Plugin C:\Archivos de programa\Mozilla Firefox\plugins\nprjplug.dll
<unsigned> 6.0.12.448 C:\Archivos de programa\Mozilla Firefox\plugins\nprpjplug.dll
<unsigned> RealJukebox Netscape Plugin c:\program files\real\realplayer\Netscape6\nprjplug.dll
<unsigned> 6.0.12.448 c:\program files\real\realplayer\Netscape6\nprpjplug.dll

<verified> Adobe Acrobat IE Helper Version 7.0 for ActiveX c:\archivos de programa\adobe\acrobat 7.0\activex\acroiehelper.dll
<verified> WindowsLiveLogin.dll c:\archivos de programa\archivos comunes\microsoft shared\windows live\windowslivelogin.dll
<verified> Fast Search c:\archivos de programa\google\google toolbar\component\fastsearch_b7c5ac242193bb3e.dll
<verified> Google Toolbar c:\archivos de programa\google\google toolbar\googletoolbar_32.dll
<verified> GoogleToolbarNotifier c:\archivos de programa\google\googletoolbarnotifier\5.3.4501.141 8\swg.dll
<verified> 3.0.40818.0 c:\Archivos de programa\Microsoft Silverlight\3.0.40818.0\npctrl.dll
<verified> Office Live Update v1.3 C:\Archivos de programa\Microsoft\Office Live\npOLW.dll
<verified> Search Helper for Internet Explorer c:\archivos de programa\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll
<verified> Internet Explorer add-in for MindManager 8 c:\archivos de programa\mindjet\mindmanager 8\mm8internetexplorer.dll
<verified> getplusplusadobe16236 C:\Archivos de programa\Mozilla Firefox\plugins\np_gp.dll
<verified> Default Plug-in C:\Archivos de programa\Mozilla Firefox\plugins\npnul32.dll
<verified> RealPlayer(tm) LiveConnect-Enabled Plug-In C:\Archivos de programa\Mozilla Firefox\plugins\nppl3260.dll
<verified> NPWLPG C:\Archivos de programa\Windows Live\Photo Gallery\NPWLPG.dll
<verified> Windows Live Toolbar Core c:\archivos de programa\windows live\toolbar\wltcore.dll
<verified> Yahoo! Toolbar c:\archivos de programa\yahoo!\companion\installs\cpn0\yt.dll
<verified> Yahoo! Single Instance for Mail c:\archivos de programa\yahoo!\companion\installs\cpn0\ytsinglein stance.dll
<verified> RealPlayer(tm) LiveConnect-Enabled Plug-In c:\program files\real\realplayer\Netscape6\nppl3260.dll
<verified> RealPlayer Download and Record Plugin c:\program files\real\realplayer\rpbrowserrecordplugin.dll
<verified> Adobe® Flash® Player ActiveX Installer C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
<verified> Windows Presentation Foundation (WPF) plug-in for c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
<verified> Network Diagnostic for Windows XP C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
<verified> Internet Explorer C:\WINDOWS\system32\ieframe.dll
<verified> NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
<verified> Proveedor de servicios de Microsoft Windows Socket C:\WINDOWS\system32\mswsock.dll
<verified> Microsoft Windows Rsvp 1.0 Service Provider C:\WINDOWS\system32\rsvpsp.dll
<verified> LDAP RnR Provider DLL C:\WINDOWS\system32\winrnr.dll


Missing files
-------------
File not found: C:\Archivos de programa\Messenger\msmsgs.exe
referenced in: HKLM\Software\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\"Exec"

File not found: WgaLogon.dll
referenced in: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\"DllNam e"


Scan
----
The following file(s) must be uploaded for server-side scanning:
c:\windows\system32\softqq0.dll
C:\WINDOWS\system32\IntelProset.exe
C:\Archivos de programa\Max\maxcore.exe
C:\recycler\s-1-5-21-2216122345-9142935142-987106867-5659\sysdate.exe
C:\Archivos de programa\Max\maxgui.exe
C:\WINDOWS\system32\ahndoor0.dll

Upload started - 6 file(s)
Upload: C:\WINDOWS\system32\IntelProset.exe - 65536 bytes, hash: 4642dc49ecd5c6306a86f3038c2e2380
Upload: C:\recycler\s-1-5-21-2216122345-9142935142-987106867-5659\sysdate.exe - 109056 bytes, hash: 0362ca3f340e145ca6f98b2fa3cd684e
Upload: C:\Archivos de programa\Max\maxgui.exe - 225280 bytes, hash: c7b361f91246853b4a744c6a6193f2b3
Upload: C:\Archivos de programa\Max\maxcore.exe - 339968 bytes, hash: 1bc619e0f208bd06a75f18a139624cd1
Upload: c:\windows\system32\softqq0.dll - 61816 bytes, hash: 3cd5ac77c4446e118fe189c2e8a8c651
Upload: C:\WINDOWS\system32\ahndoor0.dll - 62422 bytes, hash: 2df64ca65aa50fb2bbb261befd16c317
Upload speed - 19 KB/s
Upload finished - 6 uploaded, 0 failed

Scan finished - communication took 45 sec
Total traffic - 0.86 MB sent, 2.32 KB recvd
Scanned 791 files and modules - 93 seconds


SI ALGUIEN ME PUEDE AYUDAR SE LO AGRADECERÍA MUCHISIMO PARA ELIMINAR ESTE VIRUS

Hola, por favor sigue estos pasos que enumero.

-Para tu comodidad te recomiendo imprimir los pasos.
-Si algún paso no lo puedes realizar te lo saltas y sigues con el siguiente.
- Leer los manuales de las herramientas

1º- Descarga / instala, estas herramientas.Pero no ejecutes a un:

CCleaner su manual

Flash_Disinfector.exe

Malwarebytes’ Anti-Malware su manual

2º- Inicias tu pc en modo seguro

3º- Ejecuta las herramientas de una en una y en este orden:

Flash_Disinfector.exe

• Ejecutar Flash_Disinfector.exe en el PC.
• Luego Colocar todos los Pendrive en el puerto USB uno a uno y ejecutarlo nuevamente.

Nota:
Flash_Disinfector creará una carpeta oculta llamado "autorun.inf" en cada partición y cada unidad USB que se encuentre conectado al momento de ejecutar este. No elimine esta carpeta ... eso le ayudara a proteger sus dispositivos USB de futuras infecciones.


Malwarebytes' Anti-Malware

• Realizas un scan completo.
• Dar en la opción quitar lo seleccionado.
• Su reporte se encuentra en la pestaña registro.

Ccleaner

• Ejecutala en sus dos opciones limpiador y registro
• Haciendo copia del registro cuando te lo pida

4º- Reinicias el pc a modo normal

5º- Realizas un scan con un antivirus online Pruebas con Kaspersky o con Panda ActiveScan 2.0

• En tu proximo mensaje, pegas los siguientes reporte:

• Antivirus Online
• Malwarebytes' Anti-Malware

saludos: Espero tu respuesta.

QUE TAL, YA HICE LO QUE ME RECOMENDASTE Y ESTOS SON LOS RESULTADOS


SEGÚN MALWAREBYTES:
Malwarebytes' Anti-Malware 1.41
Versión de la Base de Datos: 2775
Windows 5.1.2600 Service Pack 3

05/11/2009 03:41:26 p.m.
mbam-log-2009-11-05 (15-41-26).txt

Tipo de examen : Examen Rápido
Objetos examinados: 102979
Tiempo transcurrido: 9 minute(s), 5 second(s)

Procesos en Memoria Infectados: 1
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 0
Valores del Registro Infectados: 1
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 0
Ficheros Infectados: 1

Procesos en Memoria Infectados:
C:\WINDOWS\AhnRpta.exe (Trojan.Backdoor) -> Unloaded process successfully.

Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
(No se han detectado elementos maliciosos)

Valores del Registro Infectados:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully.

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
(No se han detectado elementos maliciosos)

Ficheros Infectados:
C:\WINDOWS\AhnRpta.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.

SEGÚN KARPERSKY ONLINE

File name Threat Threats count
C:\10nb.exe Infected: Trojan-GameThief.Win32.Magania.calm 1
C:\2o1ajagt.exe Infected: Trojan-GameThief.Win32.Magania.cbwy 1
C:\3c.exe Infected: Trojan-GameThief.Win32.Magania.caje 1
C:\3n8awsyg.exe Infected: Trojan-GameThief.Win32.Magania.ckwz 1
C:\3ntq.exe Infected: Trojan-GameThief.Win32.Magania.bvcw 1
C:\3yalgc.exe Infected: Trojan-GameThief.Win32.Magania.ccba 1
C:\6bgke.exe Infected: Trojan-GameThief.Win32.Magania.bolz 1
C:\9jyhdim8.exe Infected: Trojan-GameThief.Win32.Magania.cehd 1
C:\9vlgaqms.cmd Infected: Trojan-GameThief.Win32.Magania.blzc 1
C:\asfcm6.bat Infected: Trojan-GameThief.Win32.Magania.brqa 1
C:\b00ijwpu.exe Infected: Trojan.Win32.Inject.akus 1
C:\cahpcg.cmd Infected: Trojan-GameThief.Win32.Magania.biaw 1
C:\ctu8r.exe Infected: Trojan-GameThief.Win32.Magania.cfle 1
C:\cv8j.exe Infected: Trojan-GameThief.Win32.Magania.bovp 1
C:\dih6ke.bat Infected: Trojan-GameThief.Win32.Magania.bgea 1
C:\Documents and Settings\VIOLETA LIZETH\Configuración local\Temp\lv2.BetaBat.bat Infected: Worm.Win32.AutoRun.aqwl 1
C:\dogyx90.exe Infected: Trojan-GameThief.Win32.Magania.camm 1
C:\eej2.exe Infected: Trojan-GameThief.Win32.Magania.bshm 1
C:\ewqij.bat Infected: Trojan-GameThief.Win32.Magania.bzxr 1
C:\f9o8o.exe Infected: Trojan-GameThief.Win32.Magania.cfot 1
C:\g8k.exe Infected: Worm.Win32.AutoRun.aust 1
C:\hifdmgt.com Infected: Trojan-GameThief.Win32.Magania.bjpf 1
C:\jvjjafl.cmd Infected: Trojan-GameThief.Win32.Magania.bdhs 1
C:\lhh3v.exe Infected: Trojan-GameThief.Win32.Magania.cbus 1
C:\metdgv.bat Infected: Trojan-GameThief.Win32.Magania.bizr 1
C:\mjafm.exe Infected: Trojan-GameThief.Win32.Magania.cayk 1
C:\mje12tni.exe Infected: Trojan-GameThief.Win32.Magania.cgoe 1
C:\mwfubaob.exe Infected: Trojan-GameThief.Win32.Magania.clqa 1
C:\nds0q.exe Infected: Trojan-GameThief.Win32.Magania.cjqd 1
C:\oiwj.exe Infected: Trojan-GameThief.Win32.Magania.bult 1
C:\oobbyju.exe Infected: Trojan-GameThief.Win32.Magania.cbnh 1
C:\p0ijj.bat Infected: Trojan-GameThief.Win32.Magania.bpqe 1
C:\ph.exe Infected: Trojan-GameThief.Win32.Magania.casv 1
C:\pkkwng.exe Infected: Trojan-GameThief.Win32.Magania.bzmm 1
C:\q2c.bat Infected: Trojan-GameThief.Win32.Magania.bcjq 1
C:\qcod.exe Infected: Trojan-GameThief.Win32.Magania.cbow 1
C:\qf8hn.bat Infected: Trojan-GameThief.Win32.Magania.busb 1
C:\r8.exe Infected: Trojan-GameThief.Win32.Magania.capv 1
C:\RECYCLER\S-1-5-21-2216122345-9142935142-987106867-5659\sysdate.exe Infected: P2P-Worm.Win32.Palevo.ann 1
C:\RECYCLER\Sysyery.bat Infected: Worm.Win32.AutoRun.aqwl 1
C:\rg9g9bgq.exe Infected: Trojan-GameThief.Win32.Magania.cebm 1
C:\s3ek.exe Infected: Trojan-GameThief.Win32.Magania.cgzg 1
C:\se12ydam.exe Infected: Trojan.Win32.Vaklik.gbh 1
C:\sfkn.exe Infected: Trojan-GameThief.Win32.Magania.cbzg 1
C:\srgo.exe Infected: Trojan-GameThief.Win32.Magania.clqc 1
C:\suit0.com Infected: Trojan-GameThief.Win32.Magania.bgxt 1
C:\t2hjo0.exe Infected: Trojan-GameThief.Win32.Magania.cepk 1
C:\tuiuivdh.bat Infected: Trojan-GameThief.Win32.Magania.brux 1
C:\w6fvm1.com Infected: Trojan-GameThief.Win32.Magania.bdcr 1
C:\w9uxx92.exe Infected: Trojan-GameThief.Win32.Magania.cdpv 1
C:\wcgswa.exe Infected: Trojan.Win32.Inject.akto 1
C:\WINDOWS\system32\ahndoor0.dll Infected: Trojan-GameThief.Win32.Magania.cfox 1
C:\WINDOWS\system32\e8main1.dll Infected: Trojan-GameThief.Win32.Magania.cefb 1
C:\WINDOWS\system32\e8main2.dll Infected: Trojan-GameThief.Win32.Magania.cexx 1
C:\WINDOWS\system32\Winlogo.bat Infected: Worm.Win32.AutoRun.aqwl 1
Selected area has been scanned.



NO VI LA OPCION DE BORRAR ESTOS ARCHIVOS INFECTADOS, ASI QUE ESTOY BAJO TUS RECOMENDACIONES.
QUIERO BORRARLOS PARA DEJAR LO MÁS LIMPIA POSIBLE A MI PC

GRACIAS

Los paso que yo le indique, no fueron bien realizados. Hay que leer bien y prestar atención a o lo que se indica y no de momento empezar a realizar los pasos.

Con malwarebytes le indique, que realizara examan completo y usted realizo examen rápido. lo cual esta mal. Y a demas no lo actualizo a malwarebytes.

Espero que la herramienta Flash_Disinfector.exe, la ejecutara tal cual se le indica.


El informe de Kaspersky online, esta incompleto para la próxima vez, tráigalo completo.


Ahora por favor realiza lo siguiente:

• Descarga OTM en el escritorio.
• Haz doble clic sobre el icono OTM.exe para ejecutarlo
• Asegúrate que esté marcada la casilla "Unregister Dll´s and Ocx´s".
• Pega el siguiente script, que se encuentra dentro del recuadro de abajo, en el area "Paste Instructions for items to be Moved"

• dar clic sobre el boton MoveIt!
• Espere hasta cuando el resultado aparezca en el marco Results.
• Simultáneamente se abrirá un aviso preguntando si deseamos reiniciar el PC, pulse sobre Yes para reiniciar.si no sale el aviso lo reinicias manualmente,>>> Este reinicio es importante
• En su proximo mensaje envie reporte de OTM situado sobre C: \ _ OTM\MovedFiles\***_***.log

Despues de ejecutar OTM, actualice Malwarebytes y realice un examen completo, elimine todo lo que encuentre, dando en la opción quitar lo seleccionado y traiga su nuevo informe

QUE TAL. YA VEO QUE NO LEI BIEN SUS INSTRUCCIONES.
BUENO, AQUI ESTAN LOS RESULTADOS<<<<

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
C:\3yalgc.exe moved successfully.
C:\6bgke.exe moved successfully.
C:\9jyhdim8.exe moved successfully.
C:\9vlgaqms.cmd moved successfully.
C:\asfcm6.bat moved successfully.
C:\b00ijwpu.exe moved successfully.
C:\cahpcg.cmd moved successfully.
C:\ctu8r.exe moved successfully.
C:\cv8j.exe moved successfully.
C:\dih6ke.bat moved successfully.
C:\Documents and Settings\VIOLETA LIZETH\Configuración local\Temp\lv2.BetaBat.bat moved successfully.
C:\dogyx90.exe moved successfully.
C:\eej2.exe moved successfully.
C:\ewqij.bat moved successfully.
C:\f9o8o.exe moved successfully.
C:\g8k.exe moved successfully.
C:\hifdmgt.com moved successfully.
C:\jvjjafl.cmd moved successfully.
C:\lhh3v.exe moved successfully.
C:\metdgv.bat moved successfully.
C:\mjafm.exe moved successfully.
C:\mje12tni.exe moved successfully.
C:\mwfubaob.exe moved successfully.
C:\nds0q.exe moved successfully.
C:\oiwj.exe moved successfully.
C:\oobbyju.exe moved successfully.
C:\p0ijj.bat moved successfully.
C:\ph.exe moved successfully.
C:\pkkwng.exe moved successfully.
C:\q2c.bat moved successfully.
C:\qcod.exe moved successfully.
C:\qf8hn.bat moved successfully.
C:\r8.exe moved successfully.
C:\RECYCLER\S-1-5-21-2216122345-9142935142-987106867-5659\sysdate.exe moved successfully.
C:\RECYCLER\Sysyery.bat moved successfully.
C:\rg9g9bgq.exe moved successfully.
C:\s3ek.exe moved successfully.
C:\se12ydam.exe moved successfully.
C:\sfkn.exe moved successfully.
C:\srgo.exe moved successfully.
C:\suit0.com moved successfully.
C:\t2hjo0.exe moved successfully.
C:\tuiuivdh.bat moved successfully.
C:\w6fvm1.com moved successfully.
C:\w9uxx92.exe moved successfully.
C:\wcgswa.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ahndoor0.dll
C:\WINDOWS\system32\ahndoor0.dll NOT unregistered.
C:\WINDOWS\system32\ahndoor0.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\e8main1.dll
C:\WINDOWS\system32\e8main1.dll NOT unregistered.
C:\WINDOWS\system32\e8main1.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\e8main2.dll
C:\WINDOWS\system32\e8main2.dll NOT unregistered.
C:\WINDOWS\system32\e8main2.dll moved successfully.
C:\WINDOWS\system32\Winlogo.bat moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrador
->Temp folder emptied: 87157127 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 27851811 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 689772 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 8911367 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 69600 bytes

User: VIOLETA LIZETH
->Temp folder emptied: 843336574 bytes
->Temporary Internet Files folder emptied: 6117357 bytes
->Java cache emptied: 132474 bytes
->FireFox cache emptied: 40751005 bytes

%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\msdownld.tmp folder deleted successfully.
%systemroot% .tmp files removed: 2134225 bytes
%systemroot%\System32 .tmp files removed: 9989603 bytes
Windows Temp folder emptied: 448 bytes
RecycleBin emptied: 17596780 bytes

Total Files Cleaned = 996,37 mb


OTM by OldTimer - Version 3.0.0.6 log created on 11062009_121911

Files moved on Reboot...

Registry entries deleted on Reboot...
<<<<<<<<<<<<<<<<<<<<<<<<

MALWAREBYTES

Malwarebytes' Anti-Malware 1.41
Versión de la Base de Datos: 2775
Windows 5.1.2600 Service Pack 3

06/11/2009 01:37:41 p.m.
mbam-log-2009-11-06 (13-37-41).txt

Tipo de examen : Examen Completo (C:\|)
Objetos examinados: 177665
Tiempo transcurrido: 50 minute(s), 3 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 0
Valores del Registro Infectados: 1
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 0
Ficheros Infectados: 85

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
(No se han detectado elementos maliciosos)

Valores del Registro Infectados:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully.

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
(No se han detectado elementos maliciosos)

Ficheros Infectados:
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP209\A0068206.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP202\A0066765.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP203\A0066772.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP203\A0066867.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP204\A0066880.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP204\A0066907.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP205\A0066912.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP205\A0067008.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP206\A0067011.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP206\A0067029.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP206\A0067137.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP206\A0067152.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP207\A0067875.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP207\A0067858.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP208\A0068034.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP208\A0068056.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP211\A0068278.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP211\A0068311.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP211\A0068363.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP211\A0068376.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP211\A0068377.dll (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP211\A0068380.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP211\A0068402.dll (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP211\A0068405.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP211\A0068416.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP212\A0068419.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP212\A0068443.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP212\A0068476.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP213\A0069551.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP214\A0069588.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP214\A0069597.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP214\A0069598.dll (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP214\A0069601.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP214\A0069606.dll (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP214\A0069680.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP214\A0069710.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP215\A0069773.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP215\A0069738.bat (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP215\A0069767.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP215\A0069770.bat (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP216\A0069820.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP216\A0069810.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP216\A0069821.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP216\A0069824.bat (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP216\A0069866.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP216\A0069877.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP216\A0069878.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP216\A0069881.bat (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP217\A0070249.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP217\A0070252.bat (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP217\A0070255.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP217\A0070256.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP217\A0070267.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP217\A0070296.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP217\A0070297.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP218\A0070322.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP219\A0070357.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP219\A0070451.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP219\A0070498.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP219\A0070554.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP219\A0070585.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP220\A0070617.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP220\A0070643.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP221\A0070661.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP221\A0070714.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP222\A0070732.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP222\A0070794.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP222\A0070810.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP222\A0070828.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP222\A0070856.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP222\A0070885.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP222\A0070904.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP222\A0070937.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP223\A0070964.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP224\A0070995.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP224\A0071009.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP224\A0071031.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP225\A0071156.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP226\A0071188.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP226\A0071270.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP226\A0071316.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP226\A0071330.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP226\A0071378.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DEEB962F-FDB3-47A5-B0D6-8C482E053A1B}\RP241\A0075251.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\WINDOWS\AhnRpta.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.

<<<<<<<<<<<

SIGUE APARECIENDO LOS MISMOS AVISOS CUANDO INICIO MI PC.
HASTA PRONTO Y OJALÁ PUEDA SEGUIR AYUDÁNDOME
GRACIAS POR SU ATENCION

Hola.

Realiza este paso, para eliminar OTM y su cuarentena.

• Ejecuta OTM.exe

1. Asegurate de estar conectado a internet.
2. Presiona el botón CleanUp!
3. Confirma el inicio del proceso de limpieza pulsando en "Yes".
4. Aparecerá un listado de las herramientas usadas durante la desinfección.
5. OTMoveIt3 pedira que reinicie el sistema, confirmelo pulsando en "Yes".

luego continue con estos:

paso1

Apaga restaurar sistema>>> Reinicias el PC>>> Vuelves activar Restaurar sistema.

paso2

Descarga el ESET Smart Installer

• Ejecutar y marcar, las casillas Eliminar las amenazas detectadas y analizar archivos.
• Dar en Configuración adicional, marcar las casillas de Analizar en busca de aplicaciones potencialmente indeseables, Analizar en busca de aplicaciones potencialmente peligrosas y Activar la tecnoligía Anti-Stealth.
• Dar en Iniciar para que empiece a descargar la base firmas de virus y posteriormente empiece a analizar tu sistema.
• Acabado el scan dar en Finalizar El reporte se puede localizar en C:\Archivos de programa\ESET\ESET Online Scanner\log

traiga el informe de ESET Online Scanner\

AQUI ESTA EL INFORME DE ESET ONLINE SCANNER

ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internet# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=21fa1190c57ece45b025e616ae78df19
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-11-06 10:39:18
# local_time=2009-11-06 04:39:18 (-0600, Hora estándar central (México))
# country="Mexico"
# lang=3082
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108823 100 0 0 0 0 0
# scanned=66971
# found=11
# cleaned=11
# scan_time=2954
# nod_component=V3 Build:0x30000000
C:\10nb.exe Win32/AutoRun.PSW.OnlineGames.AJ gusano (no se ha podido desinfectar - archivo eliminado - puesto en Cuarentena) 00000000000000000000000000000000 C
C:\1a1dndah.exe Win32/PSW.OnLineGames.NNU Troyano (no se ha podido desinfectar - archivo eliminado - puesto en Cuarentena) 00000000000000000000000000000000 C
C:\2o1ajagt.exe una variante de Win32/Pacex.Gen virus (eliminado - puesto en Cuarentena) 00000000000000000000000000000000 C
C:\3c.exe Win32/PSW.OnLineGames.NNU Troyano (no se ha podido desinfectar - archivo eliminado - puesto en Cuarentena) 00000000000000000000000000000000 C
C:\3n8awsyg.exe Win32/PSW.OnLineGames.NNU Troyano (no se ha podido desinfectar - archivo eliminado - puesto en Cuarentena) 00000000000000000000000000000000 C
C:\3ntq.exe Win32/PSW.OnLineGames.NNU Troyano (no se ha podido desinfectar - archivo eliminado - puesto en Cuarentena) 00000000000000000000000000000000 C
C:\Archivos de programa\ESET\ESET NOD32 Antivirus\eguiEmon.dll probablemente una variante de Win32/Patched.NAE virus (eliminado - puesto en Cuarentena) 00000000000000000000000000000000 C
C:\Archivos de programa\ESET\ESET NOD32 Antivirus\eguiEpfw.dll probablemente una variante de Win32/Patched.NAE virus (eliminado - puesto en Cuarentena) 00000000000000000000000000000000 C
C:\Archivos de programa\ESET\ESET NOD32 Antivirus\ekrnEmon.dll probablemente una variante de Win32/Patched.NAE virus (eliminado - puesto en Cuarentena) 00000000000000000000000000000000 C
C:\Archivos de programa\ESET\ESET NOD32 Antivirus\ekrnEpfw.dll probablemente una variante de Win32/Patched.NAE virus (eliminado - puesto en Cuarentena) 00000000000000000000000000000000 C
C:\Archivos de programa\ESET\ESET NOD32 Antivirus\updater.dll probablemente una variante de Win32/Patched.NAE virus (eliminado - puesto en Cuarentena) 00000000000000000000000000000000 C

Hola, como sigue el PC

PUES SIGUEN APARECIENDO LOS ERRORES DE
SVCHOST
Y BERASJATAH
AL INICIAR LA SESION

QUÉ HAGO CON LOS VIRUS QUE ENCONTRÓ EL ESET ??

Lo puede dejar en su cuarentena o eliminarlo


Realiza lo siguiente:


paso1

• Descarga, no necesita instalación, ni actualización Dr.Web CureIt su manual

Dr. Web Cure-IT

• La herramienta primero realiza un chequeo express
• Después escojes escaneo completo eliminas lo que encuentre o curas lo que encuentre.
• Terminado el escaneo. Ir a Archivo >>> Grabar lista de Informes...>>> guardas el Informe

• Traes su informe.

Paso 2

• Descarga con el navegador Internet Explorer DDS.pif guardala en tu escritorio de Windows.
• Haga doble clic para ejecutar la herramienta y espere pacientemente el reporte.

• Cuando haya terminado, DDS se abrirá dos (2) reportes:

1. DDS.txt
2. Attach.txt

• Guardar los dos informes en su escritorio y pegue únicamente el reporte del archivo DDS.txt en este mismo mensaje.

Cita:

*Nota* Guarde reporte del archivo Attach.txt y péguelo únicamente si se le solicita.

Saludos y no olvide comentarnos como sigue el PC