Hola desde hace 3 dias mi PC se desconecta de internet y aparecen 2 conexiones nuevas cada cierto tiempo que se llaman UserXXXXXX (X: numeros al azar) y aparecen mensajes de error que dicen ULWindowsSeek: winXXX.tmp.exe no se puede cerrar. Ademas que aparece un proceso diferente winXXX.tmp.exe.

Segui las instrucciones del foro y le pase a mi PC el Spybot SyD, el Ad-Aware, el disk cleaner, mi antivirus (Avast) y el Kaspersky on-line (del cual tengo el reporte)

Limpie la gran cantidad de spyware y porquerias que tenia pero, el problema aun sigue, y despues de instalar el ewido el reconocio que eran esos dos troyanos com esos procesos, pero no elimina el problema, solo restringe la creacion de nuevas cuentas (aunque aun me desconecta la Internet) y elimina el win.XXX.tmp.exe nuevo, pero no elimina el problema.

Espero que puedan ayudarme y gracias por su atencion.

hola

Pega los reportes que tengas de los antivirus.

Saludos

Que mas, no pude pegar el informe porq en mi PC hay varias cuentas de usuario y el reporte salia muy extenso y era imposible pegarlo (el PC se ponia demasiado lento) hasta que encontre la solucion así que aqui esta:

Monday, July 10, 2006 10:55:51 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 10/07/2006
Kaspersky Anti-Virus database records: 193704
Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
Scan Statistics
Total number of scanned objects 117688
Number of viruses found 4
Number of infected objects 14 / 0
Number of suspicious objects 0
Duration of the scan process 03:24:47

Infected Object Name Virus Name Last Action
C:\Archivos de programa\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Archivos de programa\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Archivos de programa\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Archivos de programa\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Archivos de programa\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Archivos de programa\Alwil Software\Avast4\DATA\report\Protección residente.txt Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Diego\Configuración local\Archivos temporales de Internet\AntiPhishing\CAE33426-F44F-405C-9719-08FC9932048E.dat Object is locked skipped
C:\Documents and Settings\Diego\Configuración local\Archivos temporales de Internet\Content.IE5\GAWP5CMP\srvbos[1].exe Infected: Trojan.Win32.Pakes skipped
C:\Documents and Settings\Diego\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Diego\Configuración local\Archivos temporales de Internet\Content.IE5\Q3WMY1BK\srvkfd[1].exe Infected: Trojan.Win32.Pakes skipped
C:\Documents and Settings\Diego\Configuración local\Archivos temporales de Internet\Content.IE5\T7FVKJRX\bgates[1].exe Infected: Trojan.Win32.Dialer.pz skipped
C:\Documents and Settings\Diego\Configuración local\Datos de programa\Microsoft\Feeds\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Diego\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Diego\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Diego\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Diego\Configuración local\Historial\History.IE5\MSHist0120060709200607 10\index.dat Object is locked skipped
C:\Documents and Settings\Diego\Configuración local\Temp\~DF84FC.tmp Object is locked skipped
C:\Documents and Settings\Diego\Configuración local\Temp\~DF8502.tmp Object is locked skipped
C:\Documents and Settings\Diego\Configuración local\Temp\~DFF490.tmp Object is locked skipped
C:\Documents and Settings\Diego\Configuración local\Temp\~DFF507.tmp Object is locked skipped
C:\Documents and Settings\Diego\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Diego\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Diego\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Leidy\Mis documentos\mIs CoSiLlAsºº\Descargas\Programas msn\CEDP4-Stealer-Setup(mess[1].es).zip/CEDP4-Stealer-Setup.exe/stream/data0005 Infected: Trojan-Spy.Win32.BJCG.e skipped
C:\Documents and Settings\Leidy\Mis documentos\mIs CoSiLlAsºº\Descargas\Programas msn\CEDP4-Stealer-Setup(mess[1].es).zip/CEDP4-Stealer-Setup.exe/stream Infected: Trojan-Spy.Win32.BJCG.e skipped
C:\Documents and Settings\Leidy\Mis documentos\mIs CoSiLlAsºº\Descargas\Programas msn\CEDP4-Stealer-Setup(mess[1].es).zip/CEDP4-Stealer-Setup.exe Infected: Trojan-Spy.Win32.BJCG.e skipped
C:\Documents and Settings\Leidy\Mis documentos\mIs CoSiLlAsºº\Descargas\Programas msn\CEDP4-Stealer-Setup(mess[1].es).zip ZIP: infected - 3 skipped
C:\Documents and Settings\Leidy\Mis documentos\Programas msn\CEDP4-Stealer-Setup(mess[1].es).zip/CEDP4-Stealer-Setup.exe/stream/data0005 Infected: Trojan-Spy.Win32.BJCG.e skipped
C:\Documents and Settings\Leidy\Mis documentos\Programas msn\CEDP4-Stealer-Setup(mess[1].es).zip/CEDP4-Stealer-Setup.exe/stream Infected: Trojan-Spy.Win32.BJCG.e skipped
C:\Documents and Settings\Leidy\Mis documentos\Programas msn\CEDP4-Stealer-Setup(mess[1].es).zip/CEDP4-Stealer-Setup.exe Infected: Trojan-Spy.Win32.BJCG.e skipped
C:\Documents and Settings\Leidy\Mis documentos\Programas msn\CEDP4-Stealer-Setup(mess[1].es).zip ZIP: infected - 3 skipped
C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-839522115-1957994488-1004\Dc4.lnk Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-839522115-1957994488-1005\Dc10.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-839522115-1957994488-1005\Dc11.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-839522115-1957994488-1005\Dc12.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-839522115-1957994488-1005\Dc13.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-839522115-1957994488-1005\Dc14.zip Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-839522115-1957994488-1005\Dc15.zip Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-839522115-1957994488-1005\Dc16.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-839522115-1957994488-1005\Dc18.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-839522115-1957994488-1005\Dc19.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-839522115-1957994488-1005\Dc20.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-839522115-1957994488-1005\Dc21.gif Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-839522115-1957994488-1005\Dc22.zip Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-839522115-1957994488-1005\Dc23.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-839522115-1957994488-1005\Dc24.gif Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-839522115-1957994488-1005\Dc27.lnk Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-839522115-1957994488-1005\Dc3.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-839522115-1957994488-1005\Dc4.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-839522115-1957994488-1005\Dc5.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-839522115-1957994488-1005\Dc6.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-839522115-1957994488-1005\Dc7.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-839522115-1957994488-1005\Dc8.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-839522115-1957994488-1005\Dc9.jpg Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\winrip32.dll Infected: Packed.Win32.Klone.g skipped
C:\WINDOWS\Temp\Perflib_Perfdata_67c.dat Object is locked skipped
C:\WINDOWS\Temp\win14C5.tmp.exe Infected: Trojan.Win32.Pakes skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\Temp\__delete_on_reboot__w_i_n_1_3_E_4_ ._t_m_p_._e_x_e_ Infected: Trojan.Win32.Pakes skipped
C:\WINDOWS\Temp\~DF389B.tmp Object is locked skipped
C:\WINDOWS\Temp\~DF391E.tmp Object is locked skipped
C:\WINDOWS\Temp\~DF85A0.tmp Object is locked skipped
C:\WINDOWS\Temp\~DF86CD.tmp Object is locked skipped
C:\WINDOWS\Temp\~DFBFB.tmp Object is locked skipped
C:\WINDOWS\Temp\~DFC00.tmp Object is locked skipped
C:\WINDOWS\Temp\~DFC0B2.tmp Object is locked skipped
C:\WINDOWS\Temp\~DFC548.tmp Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.

Espero q me puedan ayudar porq esto cada día esta peor (cada vez mas lento).
Gracias de antemano

Hola,

Nada mas por curiosidad, como le hiciste?
Tal vez si entraras con alguna cuenta de administrador no te daria el reporte tan largo

Tienes estos archivos infectados:

C:\Documents and Settings\Diego\Configuración local\Archivos temporales de Internet\Content.IE5\GAWP5CMP\srvbos[1].exe Infected
C:\Documents and Settings\Diego\Configuración local\Archivos temporales de Internet\Content.IE5\Q3WMY1BK\srvkfd[1].exe Infected
C:\Documents and Settings\Diego\Configuración local\Archivos temporales de Internet\Content.IE5\T7FVKJRX\bgates[1].exe Infected
C:\Documents and Settings\Leidy\Mis documentos\mIs CoSiLlAsºº\Descargas\Programas msn\CEDP4-Stealer-Setup(mess[1].es).zip/CEDP4-Stealer-Setup.exe
C:\WINDOWS\Temp\__delete_on_reboot__w_i_n_1_3_E_4_ ._t_m_p_._e_x_e_ Infected


Por las carpetas donde estan , se pueden ir pasando el Disk Cleaner (que borra archvios temporales y eso). si no desaparecen dichos archvios, usa el KillBox para eliminarlos.

Despues vuelve a pasra el antivirus a ver si te sigue detectando algo...

Saludos

Que mas. bueno lo que hice fue quitar eso de convertir las carpetas en privadas (yo entre como administrador y seguia saliendo el reporte demasiado largo) y asi el antivirus escaneo bien todas las carpetas.
Bueno el problema con mi PC sigue igual y aunque le pase el Disk Cleaner aparecen archivos similares a los que encontro el día de ayer aquí esta el reporte:

Tuesday, July 11, 2006 12:02:37 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 11/07/2006
Kaspersky Anti-Virus database records: 206386
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
Scan Statistics
Total number of scanned objects 112842
Number of viruses found 6
Number of infected objects 10 / 0
Number of suspicious objects 0
Duration of the scan process 03:05:15

Infected Object Name Virus Name Last Action
C:\Archivos de programa\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Archivos de programa\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Archivos de programa\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Archivos de programa\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Archivos de programa\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Archivos de programa\Alwil Software\Avast4\DATA\report\Protección residente.txt Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Diego\Configuración local\Archivos temporales de Internet\AntiPhishing\CAE33426-F44F-405C-9719-08FC9932048E.dat Object is locked skipped
C:\Documents and Settings\Diego\Configuración local\Archivos temporales de Internet\Content.IE5\A68MKL3M\bgates[1].exe Infected: Trojan.Win32.Dialer.pz skipped
C:\Documents and Settings\Diego\Configuración local\Archivos temporales de Internet\Content.IE5\A68MKL3M\srvweo[1].exe Infected: Trojan.Win32.Pakes skipped
C:\Documents and Settings\Diego\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Diego\Configuración local\Archivos temporales de Internet\Content.IE5\K39CX78T\srvzcd[1].exe Infected: Trojan.Win32.Pakes skipped
C:\Documents and Settings\Diego\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Diego\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Diego\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Diego\Configuración local\Temp\hsperfdata_Diego\3632 Object is locked skipped
C:\Documents and Settings\Diego\Configuración local\Temp\Perflib_Perfdata_898.dat Object is locked skipped
C:\Documents and Settings\Diego\Configuración local\Temp\~DFFC7C.tmp Object is locked skipped
C:\Documents and Settings\Diego\Configuración local\Temp\~DFFC8D.tmp Object is locked skipped
C:\Documents and Settings\Diego\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Diego\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Diego\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-839522115-1957994488-1004\Dc4.lnk Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-839522115-1957994488-1005\Dc10.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-839522115-1957994488-1005\Dc11.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-839522115-1957994488-1005\Dc12.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-839522115-1957994488-1005\Dc13.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-839522115-1957994488-1005\Dc14.zip Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-839522115-1957994488-1005\Dc15.zip Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-839522115-1957994488-1005\Dc16.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-839522115-1957994488-1005\Dc18.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-839522115-1957994488-1005\Dc19.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-839522115-1957994488-1005\Dc20.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-839522115-1957994488-1005\Dc21.gif Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-839522115-1957994488-1005\Dc22.zip Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-839522115-1957994488-1005\Dc23.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-839522115-1957994488-1005\Dc24.gif Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-839522115-1957994488-1005\Dc27.lnk Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-839522115-1957994488-1005\Dc3.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-839522115-1957994488-1005\Dc4.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-839522115-1957994488-1005\Dc5.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-839522115-1957994488-1005\Dc6.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-839522115-1957994488-1005\Dc7.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-839522115-1957994488-1005\Dc8.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-839522115-1957994488-1005\Dc9.jpg Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{154E78 C6-C4F6-42C3-8800-366DCCBBD91C}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\winrip32.dll Infected: Packed.Win32.Klone.g skipped
C:\WINDOWS\Temp\Perflib_Perfdata_674.dat Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\Temp\__delete_on_reboot__w_i_n_1_5_0_3_ ._t_m_p_._e_x_e_ Infected: Trojan.Win32.Pakes skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{5E593418-EE12-4E2E-AA5C-CF5437DBC7E1}\RP1\A0000026.exe Infected: not-a-virus:AdWare.Win32.FunWeb.e skipped
E:\Programas Varios\Aceleradores de Descarga\mirc616.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
E:\Programas Varios\Aceleradores de Descarga\mirc616.exe mIRC: infected - 1 skipped
E:\Programas Varios\DivX Pro\codecs\bsplayer141.832.exe/data0011 Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped
E:\Programas Varios\DivX Pro\codecs\bsplayer141.832.exe NSIS: infected - 1 skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.

Hola,
Ahora usa el KillBox para eliminar:
C:\WINDOWS\system32\winrip32.dll
C:\Documents and Settings\Diego\Configuración local\Archivos temporales de Internet\Content.IE5\A68MKL3M\bgates[1].exe
C:\Documents and Settings\Diego\Configuración local\Archivos temporales de Internet\Content.IE5\A68MKL3M\srvweo[1].exe
C:\Documents and Settings\Diego\Configuración local\Archivos temporales de Internet\Content.IE5\K39CX78T\srvzcd[1].exe
C:\WINDOWS\Temp\__delete_on_reboot__w_i_n_1_5_0_3_ ._t_m_p_._e_x_e_
E:\Programas Varios\Aceleradores de Descarga\mirc616.exe
E:\Programas Varios\DivX Pro\codecs\bsplayer141.832.exe

Corre de nuevo el antivirus y nos cuentas si siguen los problemas. Si es asi, buscamos otras herramientas para la desinfeccion...

Saludos

Listo aqui esta el nuevo reporte el PC todavia va un poco lento pero ya el ewido no ha mostrado mas alertas del winXXX.tmp asi q esto ya va mejorando

Tuesday, July 11, 2006 7:14:31 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 11/07/2006
Kaspersky Anti-Virus database records: 206653
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
Scan Statistics
Total number of scanned objects 110079
Number of viruses found 2
Number of infected objects 2 / 0
Number of suspicious objects 0
Duration of the scan process 02:38:20

Infected Object Name Virus Name Last Action
C:\!KillBox\winrip32.dll Infected: Packed.Win32.Klone.g skipped
C:\Archivos de programa\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Archivos de programa\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Archivos de programa\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Archivos de programa\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Archivos de programa\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Archivos de programa\Alwil Software\Avast4\DATA\report\Protección residente.txt Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Diego\Configuración local\Archivos temporales de Internet\AntiPhishing\CAE33426-F44F-405C-9719-08FC9932048E.dat Object is locked skipped
C:\Documents and Settings\Diego\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Diego\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Diego\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Diego\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Diego\Configuración local\Temp\~DF1777.tmp Object is locked skipped
C:\Documents and Settings\Diego\Configuración local\Temp\~DF19DF.tmp Object is locked skipped
C:\Documents and Settings\Diego\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Diego\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Diego\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-839522115-1957994488-1004\Dc4.lnk Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-839522115-1957994488-1005\Dc10.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-839522115-1957994488-1005\Dc11.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-839522115-1957994488-1005\Dc12.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-839522115-1957994488-1005\Dc13.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-839522115-1957994488-1005\Dc14.zip Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-839522115-1957994488-1005\Dc15.zip Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-839522115-1957994488-1005\Dc16.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-839522115-1957994488-1005\Dc18.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-839522115-1957994488-1005\Dc19.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-839522115-1957994488-1005\Dc20.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-839522115-1957994488-1005\Dc21.gif Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-839522115-1957994488-1005\Dc22.zip Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-839522115-1957994488-1005\Dc23.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-839522115-1957994488-1005\Dc24.gif Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-839522115-1957994488-1005\Dc27.lnk Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-839522115-1957994488-1005\Dc3.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-839522115-1957994488-1005\Dc4.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-839522115-1957994488-1005\Dc5.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-839522115-1957994488-1005\Dc6.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-839522115-1957994488-1005\Dc7.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-839522115-1957994488-1005\Dc8.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-839522115-1957994488-1005\Dc9.jpg Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{BC3B84 B5-0A33-4E1F-B1F0-865152F8C197}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edbtmp.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_680.dat Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{5E593418-EE12-4E2E-AA5C-CF5437DBC7E1}\RP1\A0000026.exe Infected: not-a-virus:AdWare.Win32.FunWeb.e skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.

Hola,

De hecho parece que ya se acabaron los porblemas de virus, lo que te detecta el antivirus esta en la carpeta !KillBox (que es como la papelera del KillBox, por si borraste algo pro equivocacion), elimina todo lo que haya en esa carpeta.

Lo otro esta es un archvio de restaurar sistema (es decir, si restauras el sistema, te ava a volver a aparecer esa infeccion0, asi que apaga restaurar sistema, sales, y lo vuelves a activar.

Sobre la laentitud de la PC, pasa el disk Cleaner y el RegSeeker, a ver si mejora algo 9son para hacer limpieza), los bajas de aqui:
http://www.infospyware.com/Herramientas.htm

Nos cuentas...

Saludos

No apagas completamente Restaurar Sistema. En vez de clickear la casilla Desactivar para todas las unidades desactivalo solopara la unidad D:, ya que asi podras seguir teninedo algnos puntos de restauracion para tu unidad C:.

Pasa el Ewido Scan On-Line y el Kaspersky On-Line Virus Scanner en ese orden y nos pegas los reportes.

salu2

Listo le pase el Kaspersky (porq el ewido no me deja, el antivirus lo bloquea) y no aparece ningun virus.
Bueno muchisimas gracias el problema esta solucionado
Una pregunta mas ud. saben como configurar el outpost firewall es q hace q el proceso svchost ocupe todo el cpu y lentea el PC (ademas ya no confio en ese firewall de windows) y al desinstalar el outpost todo vuelve a la normalidad.