Hola he estado viendo algunos mensajes del foro y algunos han tenido un problema parecido al mio... Desde esta mañana, me sale un mensaje en italiano de un dialer. Por lo que he visto tengo en C:\windows\temp varios archivos xxxxxx.tmp.exe. He pasado el antivirus Norton y me dice tengo en memoria el Dialer.Kotu, pero aunque lo limpie sigue apareciendo.

He montado el Hijackthis como indicais y veo que tengo estos programas ejecutandose.

Otra cosa que me hace el ordenador (y que no he visto en ningun mensaje) es que no me deja abrir ninguna pantalla del explorer, ni Mi Pc, etc.

Os dejo el log del hijack y la alerta del Norton Antivirus

Logfile of HijackThis v1.99.1
Scan saved at 0:56:13, on 21/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Symantec AntiVirus\DefWatch.exe
C:\Archivos de programa\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\Archivos de programa\Symantec AntiVirus\VPC32.exe
C:\WINDOWS\TEMP\iddE3.tmp.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\TEMP\win110.tmp.exe
C:\WINDOWS\TEMP\idd111.tmp.exe
C:\Documents and Settings\Carlos\Escritorio\HijackThis.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\ARCHIV~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Archivos de programa\Winamp\winampa.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [FileZilla Server Interface] "C:\Archivos de programa\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - Startup: Acceso directo a BORRARFILE.lnk = C:\BORRARFILE.BAT
O4 - Startup: Webshots.lnk = C:\Archivos de programa\Webshots\Launcher.exe
O4 - Startup: World Community Grid Agent.lnk = C:\Archivos de programa\WorldCommunityGrid\UD.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Inicio rápido de Adobe Reader.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Archivos de programa\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Archivos de programa\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Archivos de programa\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1110914923340
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Archivos de programa\Symantec AntiVirus\DefWatch.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Archivos de programa\FileZilla Server\FileZilla Server.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Archivos de programa\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Archivos de programa\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Symantec Antivirus
Tipo análisis: Manual Suceso
Análisis: Amenaza detectada
Amenaza: Dialer.Kotu
Archivo: C:\WINDOWS\TEMP\iddE3.tmp.exe
Ubicación: C:\WINDOWS\TEMP

Voy a ir haciendo lo que recomendais a ver si pudeo arreglar algo ...

Un salu2 y gracias.

Hola Underworld

Esto lo instalaste tu:C:\BORRARFILE.BAT; WorldCommunityGrid

El dialer no aparece en el log por lo que haras esto:

Descarga HunterDialer 1.0 y ejecutalo de esta forma:
Pasas:

• El Ad-Ware SE actualizado.
• El RegSeeker, debes usar la opción Limpiar Registro, pásalo las veces que sean necesarias hasta que no aparezca nada.
• El Disk Cleaner, para limpiar cookies y temporales.

Cuando termines realiza scann Online con Ewido y Kaspersky si encuentran algo pegas el reporte en tu proximo mensaje.

Saludos

Hola

hice todo lo que me indicastes, pero sigo teniendo virus ..

El log del ewido ..

__________________________________________________
ewido anti-spyware online scanner
http://www.ewido.net
__________________________________________________


Name: Dialer.Agent.z
Path: [3504] C:\WINDOWS\TEMP\iddFA.tmp.exe
Risk: High

Name: Dropper.Small.art
Path: C:\Documents and Settings\Carlos\Configuración local\Archivos temporales de Internet\Content.IE5\4PYN4TQR\srvbcj[1].exe
Risk: High

Name: Downloader.Zlob.yj
Path: C:\System Volume Information\_restore{3800B08B-95A0-448D-8394-26F66F0CD487}\RP330\A0076937.exe
Risk: High

Name: Downloader.Obfuscated.a
Path: C:\System Volume Information\_restore{3800B08B-95A0-448D-8394-26F66F0CD487}\RP330\A0076940.exe
Risk: High

Name: Downloader.Obfuscated.a
Path: C:\System Volume Information\_restore{3800B08B-95A0-448D-8394-26F66F0CD487}\RP330\A0076945.exe
Risk: High

Name: Downloader.Zlob.yj
Path: C:\System Volume Information\_restore{3800B08B-95A0-448D-8394-26F66F0CD487}\RP330\A0076946.exe
Risk: High

Name: Adware.MediaTicket
Path: C:\System Volume Information\_restore{3800B08B-95A0-448D-8394-26F66F0CD487}\RP330\A0076947.exe
Risk: Medium

Name: Trojan.Starter.65
Path: C:\System Volume Information\_restore{3800B08B-95A0-448D-8394-26F66F0CD487}\RP330\A0076951.exe
Risk: High

Name: Adware.ClickSpring
Path: C:\System Volume Information\_restore{3800B08B-95A0-448D-8394-26F66F0CD487}\RP330\A0076953.exe
Risk: Medium

Name: Adware.Softomate
Path: C:\System Volume Information\_restore{3800B08B-95A0-448D-8394-26F66F0CD487}\RP330\A0076993.dll
Risk: Medium

Name: Downloader.Small.ctf
Path: C:\System Volume Information\_restore{3800B08B-95A0-448D-8394-26F66F0CD487}\RP330\A0077001.exe
Risk: High

Name: Backdoor.Agent.acx
Path: C:\System Volume Information\_restore{3800B08B-95A0-448D-8394-26F66F0CD487}\RP330\A0077006.exe
Risk: High

Name: Trojan.ProcKill.DJ
Path: C:\System Volume Information\_restore{3800B08B-95A0-448D-8394-26F66F0CD487}\RP330\A0077007.exe
Risk: High

Name: Trojan.ProcKill.DJ
Path: C:\System Volume Information\_restore{3800B08B-95A0-448D-8394-26F66F0CD487}\RP330\A0077008.exe
Risk: High

Name: Adware.Virtumonde
Path: C:\System Volume Information\_restore{3800B08B-95A0-448D-8394-26F66F0CD487}\RP330\A0077094.dll
Risk: Medium

Name: Dialer.Agent.z
Path: C:\WINDOWS\Temp\idd115.tmp.exe
Risk: High

Name: Trojan.Dialer.qy
Path: C:\WINDOWS\Temp\idd21F.tmp.exe
Risk: High

Name: Dialer.Agent.z
Path: C:\WINDOWS\Temp\iddFA.tmp.exe
Risk: High

Name: Dropper.Small.art
Path: C:\WINDOWS\Temp\win114.tmp.exe
Risk: High

Name: Trojan.Pakes
Path: C:\WINDOWS\Temp\win21A.tmp.exe
Risk: High

Name: Dropper.Small.art
Path: C:\WINDOWS\Temp\winF9.tmp.exe
Risk: High

Name: TrackingCookie.Overture
Path: :mozilla.13:D:\$ThinkpadIBM\BckAplicativos\Documen ts and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vyekxfxl.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Overture
Path: :mozilla.14:D:\$ThinkpadIBM\BckAplicativos\Documen ts and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vyekxfxl.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Atdmt
Path: :mozilla.24:D:\$ThinkpadIBM\BckAplicativos\Documen ts and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vyekxfxl.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Doubleclick
Path: :mozilla.30:D:\$ThinkpadIBM\BckAplicativos\Documen ts and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vyekxfxl.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.247realmedia
Path: :mozilla.69:D:\$ThinkpadIBM\BckAplicativos\Documen ts and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vyekxfxl.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.127:D:\$ThinkpadIBM\BckAplicativos\Docume nts and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vyekxfxl.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.128:D:\$ThinkpadIBM\BckAplicativos\Docume nts and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vyekxfxl.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.130:D:\$ThinkpadIBM\BckAplicativos\Docume nts and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vyekxfxl.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.132:D:\$ThinkpadIBM\BckAplicativos\Docume nts and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vyekxfxl.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.133:D:\$ThinkpadIBM\BckAplicativos\Docume nts and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vyekxfxl.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.136:D:\$ThinkpadIBM\BckAplicativos\Docume nts and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vyekxfxl.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.139:D:\$ThinkpadIBM\BckAplicativos\Docume nts and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vyekxfxl.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.140:D:\$ThinkpadIBM\BckAplicativos\Docume nts and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vyekxfxl.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Fastclick
Path: :mozilla.141:D:\$ThinkpadIBM\BckAplicativos\Docume nts and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vyekxfxl.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Questionmarket
Path: :mozilla.160:D:\$ThinkpadIBM\BckAplicativos\Docume nts and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vyekxfxl.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Mediaplex
Path: :mozilla.183:D:\$ThinkpadIBM\BckAplicativos\Docume nts and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vyekxfxl.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: :mozilla.200:D:\$ThinkpadIBM\BckAplicativos\Docume nts and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vyekxfxl.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: :mozilla.244:D:\$ThinkpadIBM\BckAplicativos\Docume nts and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vyekxfxl.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Falkag
Path: :mozilla.253:D:\$ThinkpadIBM\BckAplicativos\Docume nts and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vyekxfxl.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: :mozilla.274:D:\$ThinkpadIBM\BckAplicativos\Docume nts and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vyekxfxl.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Bluestreak
Path: :mozilla.278:D:\$ThinkpadIBM\BckAplicativos\Docume nts and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vyekxfxl.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: :mozilla.317:D:\$ThinkpadIBM\BckAplicativos\Docume nts and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vyekxfxl.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Onestat
Path: :mozilla.352:D:\$ThinkpadIBM\BckAplicativos\Docume nts and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vyekxfxl.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Findwhat
Path: :mozilla.377:D:\$ThinkpadIBM\BckAplicativos\Docume nts and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vyekxfxl.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: :mozilla.400:D:\$ThinkpadIBM\BckAplicativos\Docume nts and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vyekxfxl.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Counted
Path: :mozilla.405:D:\$ThinkpadIBM\BckAplicativos\Docume nts and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vyekxfxl.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Ivwbox
Path: :mozilla.467:D:\$ThinkpadIBM\BckAplicativos\Docume nts and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vyekxfxl.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Webtrendslive
Path: :mozilla.471:D:\$ThinkpadIBM\BckAplicativos\Docume nts and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vyekxfxl.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Webtrendslive
Path: :mozilla.486:D:\$ThinkpadIBM\BckAplicativos\Docume nts and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vyekxfxl.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: :mozilla.505:D:\$ThinkpadIBM\BckAplicativos\Docume nts and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vyekxfxl.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Estat
Path: :mozilla.507:D:\$ThinkpadIBM\BckAplicativos\Docume nts and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vyekxfxl.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Ru4
Path: :mozilla.517:D:\$ThinkpadIBM\BckAplicativos\Docume nts and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vyekxfxl.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Valueclick
Path: :mozilla.532:D:\$ThinkpadIBM\BckAplicativos\Docume nts and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vyekxfxl.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: :mozilla.580:D:\$ThinkpadIBM\BckAplicativos\Docume nts and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vyekxfxl.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Targetnet
Path: :mozilla.581:D:\$ThinkpadIBM\BckAplicativos\Docume nts and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vyekxfxl.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.628:D:\$ThinkpadIBM\BckAplicativos\Docume nts and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vyekxfxl.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Centrport
Path: :mozilla.672:D:\$ThinkpadIBM\BckAplicativos\Docume nts and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vyekxfxl.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: :mozilla.677:D:\$ThinkpadIBM\BckAplicativos\Docume nts and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vyekxfxl.default\coo kies.txt
Risk: Medium

Name: Not-A-Virus.PSWTool.Win32.RAS.a
Path: D:\$ThinkpadIBM\Software\Utilidades\Password\RockX P3 Recupera pass Windows.exe/xpkey.exe
Risk: Low

Name: Not-A-Virus.PSWTool.Win32.RAS.a
Path: D:\$ThinkpadIBM\Software\Utilidades\Password\RockX P3 Recupera pass Windows.exe/keyms.exe
Risk: Low

Name: Not-A-Virus.PSWTool.Win32.RAS.a
Path: D:\$ThinkpadIBM\Software\Utilidades\Password\RockX P3 Recupera pass Windows.exe/RAS.exe
Risk: Low

Name: Not-A-Virus.PSWTool.Win32.RAS.a
Path: D:\$User\Software\Password\RockXP3 Recupera pass Windows.exe/xpkey.exe
Risk: Low

Name: Not-A-Virus.PSWTool.Win32.RAS.a
Path: D:\$User\Software\Password\RockXP3 Recupera pass Windows.exe/keyms.exe
Risk: Low

Name: Not-A-Virus.PSWTool.Win32.RAS.a
Path: D:\$User\Software\Password\RockXP3 Recupera pass Windows.exe/RAS.exe
Risk: Low

y este es el log del kaspersky:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, August 22, 2006 10:11:24 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 22/08/2006
Kaspersky Anti-Virus database records: 204492
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 58029
Number of viruses found: 11
Number of infected objects: 21 / 0
Number of suspicious objects: 0
Duration of the scan process: 03:01:49

Infected Object Name / Virus Name / Last Action
C:\Archivos de programa\FileZilla Server\Logs\FileZilla Server.log Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\Carlos\Configuración local\Archivos temporales de Internet\Content.IE5\0V0R6ZS3\srvmjj[1].exe Infected: Trojan.Win32.Pakes skipped
C:\Documents and Settings\Carlos\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Carlos\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Carlos\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Carlos\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\29gz2jnd.default \Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Carlos\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\29gz2jnd.default \Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Carlos\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\29gz2jnd.default \Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Carlos\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\29gz2jnd.default \Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Carlos\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Carlos\Configuración local\Temp\Perflib_Perfdata_504.dat Object is locked skipped
C:\Documents and Settings\Carlos\Configuración local\Temp\~DF5418.tmp Object is locked skipped
C:\Documents and Settings\Carlos\Configuración local\Temp\~DF7C6.tmp Object is locked skipped
C:\Documents and Settings\Carlos\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Carlos\Datos de programa\Mozilla\Firefox\Profiles\29gz2jnd.default \cert8.db Object is locked skipped
C:\Documents and Settings\Carlos\Datos de programa\Mozilla\Firefox\Profiles\29gz2jnd.default \formhistory.dat Object is locked skipped
C:\Documents and Settings\Carlos\Datos de programa\Mozilla\Firefox\Profiles\29gz2jnd.default \history.dat Object is locked skipped
C:\Documents and Settings\Carlos\Datos de programa\Mozilla\Firefox\Profiles\29gz2jnd.default \key3.db Object is locked skipped
C:\Documents and Settings\Carlos\Datos de programa\Mozilla\Firefox\Profiles\29gz2jnd.default \parent.lock Object is locked skipped
C:\Documents and Settings\Carlos\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Carlos\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{3800B08B-95A0-448D-8394-26F66F0CD487}\RP330\A0076937.exe Infected: Trojan-Downloader.Win32.Zlob.yj skipped
C:\System Volume Information\_restore{3800B08B-95A0-448D-8394-26F66F0CD487}\RP330\A0076940.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\System Volume Information\_restore{3800B08B-95A0-448D-8394-26F66F0CD487}\RP330\A0076945.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\System Volume Information\_restore{3800B08B-95A0-448D-8394-26F66F0CD487}\RP330\A0076946.exe Infected: Trojan-Downloader.Win32.Zlob.yj skipped
C:\System Volume Information\_restore{3800B08B-95A0-448D-8394-26F66F0CD487}\RP330\A0076947.exe Infected: Trojan-Dropper.Win32.VB.nn skipped
C:\System Volume Information\_restore{3800B08B-95A0-448D-8394-26F66F0CD487}\RP330\A0076953.exe Infected: Trojan-Downloader.Win32.PurityScan.cl skipped
C:\System Volume Information\_restore{3800B08B-95A0-448D-8394-26F66F0CD487}\RP330\A0077001.exe Infected: Trojan-Downloader.Win32.Small.ctf skipped
C:\System Volume Information\_restore{3800B08B-95A0-448D-8394-26F66F0CD487}\RP330\A0077006.exe Infected: Backdoor.Win32.Agent.acx skipped
C:\System Volume Information\_restore{3800B08B-95A0-448D-8394-26F66F0CD487}\RP332\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\CASA.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Configura ción local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Configura ción local\Historial\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Cookies\i ndex.dat Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\winhco32.dll Infected: Packed.Win32.Klone.g skipped
C:\WINDOWS\Temp\idd21F.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\WINDOWS\Temp\win114.tmp.exe Infected: Trojan-Dropper.Win32.Small.art skipped
C:\WINDOWS\Temp\win21A.tmp.exe Infected: Trojan.Win32.Pakes skipped
C:\WINDOWS\Temp\winF9.tmp.exe Infected: Trojan-Dropper.Win32.Small.art skipped
C:\WINDOWS\Temp\ZLT0783b.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT07862.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{3800B08B-95A0-448D-8394-26F66F0CD487}\RP332\change.log Object is locked skipped
E:\crack.rar/installer.exe/data0002 Infected: Trojan.Win32.VB.ami skipped
E:\crack.rar/installer.exe Infected: Trojan.Win32.VB.ami skipped
E:\crack.rar ZIP: infected - 2 skipped
E:\crack1\installer.exe/data0002 Infected: Trojan.Win32.VB.ami skipped
E:\crack1\installer.exe NSIS: infected - 1 skipped
E:\crack\installer.exe/data0002 Infected: Trojan.Win32.VB.ami skipped
E:\crack\installer.exe NSIS: infected - 1 skipped
G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
G:\System Volume Information\_restore{3800B08B-95A0-448D-8394-26F66F0CD487}\RP332\change.log Object is locked skipped

Scan process completed.

Respecto a los programas que indicabas los instale yo ... Tengo también el log del HijackThis por si lo necesitas. Lo ejecute dos veces, una antes de comenzar y otra al finalizar.

Gracias.

Hola de nuevo

El Dialer italiano no aparece en ninguno de los reportes por lo que es posible que fuera eliminado.

1. Apaga Restaurar Sistema

2. Ver Archivos Ocultos

3. Reinicia en Modo Seguro

4. Busca y elimina estos archivos con el KillBox, usando la opcion delete on reboot.

C:\Documents and Settings\Carlos\Configuración local\Archivos temporales de Internet\Content.IE5\0V0R6ZS3\srvmjj[1].exe
C:\WINDOWS\Temp\idd21F.tmp.exe
C:\WINDOWS\Temp\win114.tmp.exe
C:\WINDOWS\Temp\win21A.tmp.exe
C:\WINDOWS\Temp\winF9.tmp.exe
C:\WINDOWS\Temp\ZLT0783b.TMP
C:\WINDOWS\Temp\ZLT07862.TMP
E:\ crack.rar
C:\Documents and Settings\Carlos\Configuración local\Archivos temporales de Internet\Content.IE5\0V0R6ZS3\<< la carpeta con todo su contenido

D:\$ThinkpadIBM\Software\Utilidades\Password\RockX P3 Recupera pass Windows.exesi esto es una descarga de P2P borralo.

Le pasas nuevamente:

• El Ad-Ware SE actualizado.
• El RegSeeker, debes usar la opción Limpiar Registro, pásalo las veces que sean necesarias hasta que no aparezca nada.
• El Disk Cleaner, para limpiar cookies y temporales.

Reinicias y te recomiendo que instales el SpywareBlaster 3.5.1, y su Manual .

Debes visitar Windows Update para que descargues las últimas actualizaciones criticas de seguridad, y Aquí para el internet explorer.

Al finalizar deshaces los dos primeros pasos, pegas un nuevo log para ver los resultados y nos cuentas como te fue.

Saludos.

Buenas

Estuve haciendo lo que me indicastes y adicionalmente instale y ejecute el programa Spy Sweeper ya que mi hermana tuvo también el dialer italiano y con este lo quito.

El log del Ewido ...

__________________________________________________
ewido anti-spyware online scanner
http://www.ewido.net
__________________________________________________


Name: Not-A-Virus.Downloader.Win32.WinFixer.r
Path: C:\WINDOWS\system32\nqkcsydy.exe
Risk: Low

Name: Not-A-Virus.PSWTool.Win32.RAS.a
Path: D:\$ThinkpadIBM\Software\Utilidades\Password\RockX P3 Recupera pass Windows.exe/xpkey.exe
Risk: Low

Name: Not-A-Virus.PSWTool.Win32.RAS.a
Path: D:\$ThinkpadIBM\Software\Utilidades\Password\RockX P3 Recupera pass Windows.exe/keyms.exe
Risk: Low

Name: Not-A-Virus.PSWTool.Win32.RAS.a
Path: D:\$ThinkpadIBM\Software\Utilidades\Password\RockX P3 Recupera pass Windows.exe/RAS.exe
Risk: Low

Name: Not-A-Virus.PSWTool.Win32.RAS.a
Path: D:\$User\Software\Password\RockXP3 Recupera pass Windows.exe/xpkey.exe
Risk: Low

Name: Not-A-Virus.PSWTool.Win32.RAS.a
Path: D:\$User\Software\Password\RockXP3 Recupera pass Windows.exe/keyms.exe
Risk: Low

Name: Not-A-Virus.PSWTool.Win32.RAS.a
Path: D:\$User\Software\Password\RockXP3 Recupera pass Windows.exe/RAS.exe
Risk: Low

El log del Kaspersky, este si detecto una entrada de virus ...

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, August 25, 2006 12:55:03 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 24/08/2006
Kaspersky Anti-Virus database records: 205159
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 56896
Number of viruses found: 1
Number of infected objects: 1 / 0
Number of suspicious objects: 0
Duration of the scan process: 02:55:11

Infected Object Name / Virus Name / Last Action
C:\Archivos de programa\FileZilla Server\Logs\FileZilla Server.log Object is locked skipped
C:\Archivos de programa\Webroot\Spy Sweeper\Masters\Masters.bak Object is locked skipped
C:\Archivos de programa\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped
C:\Archivos de programa\Webroot\Spy Sweeper\Masters\Masters.mst Object is locked skipped
C:\Archivos de programa\Webroot\Spy Sweeper\Masters.base Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\Carlos\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Carlos\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Carlos\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Carlos\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\29gz2jnd.default \Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Carlos\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\29gz2jnd.default \Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Carlos\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\29gz2jnd.default \Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Carlos\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\29gz2jnd.default \Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Carlos\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Carlos\Configuración local\Historial\History.IE5\MSHist0120060824200608 25\index.dat Object is locked skipped
C:\Documents and Settings\Carlos\Configuración local\Temp\Perflib_Perfdata_c10.dat Object is locked skipped
C:\Documents and Settings\Carlos\Configuración local\Temp\~DFAB72.tmp Object is locked skipped
C:\Documents and Settings\Carlos\Configuración local\Temp\~DFC12A.tmp Object is locked skipped
C:\Documents and Settings\Carlos\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Carlos\Datos de programa\Mozilla\Firefox\Profiles\29gz2jnd.default \cert8.db Object is locked skipped
C:\Documents and Settings\Carlos\Datos de programa\Mozilla\Firefox\Profiles\29gz2jnd.default \history.dat Object is locked skipped
C:\Documents and Settings\Carlos\Datos de programa\Mozilla\Firefox\Profiles\29gz2jnd.default \key3.db Object is locked skipped
C:\Documents and Settings\Carlos\Datos de programa\Mozilla\Firefox\Profiles\29gz2jnd.default \parent.lock Object is locked skipped
C:\Documents and Settings\Carlos\Datos de programa\Webroot\Spy Sweeper\Logs\060824131249.ses Object is locked skipped
C:\Documents and Settings\Carlos\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Carlos\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\Carlos\UserData\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS052C0C58-0AC3-4597-B154-EE131768E46B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS05808051-11F9-45B8-A7F9-6C63E80CCA76.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS08BC8864-9F36-4D45-A008-D382BD8109A4.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS0B04B7B0-BB4D-473E-B3D2-4A842C4B8E15.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS0D65665B-8CFC-4083-812E-EF2B11C5D580.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS0F0B3E29-A7B7-4A37-8F75-9DF8A995CCD6.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS11F5B74F-74D5-41E6-92B2-3D8C092DD05F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS14C8F87A-27DF-48FB-8567-022388B62585.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS15AC48E9-C251-4524-8A11-69339350094A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS186EDA8C-3E56-447F-9DCD-7C8E22865A0E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS19E3250A-64A0-4E5A-A255-8495556D3245.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS1A5B3986-4D2A-4E1D-9614-C0AE19EB761D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS1B33855D-719D-48B2-9FB8-4FAA753DB554.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS22505D23-7965-4EB5-9E15-EC91D7691C4B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS23D5BAB8-2F6D-44ED-88DB-33B2B6F2F4D7.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS23DDD9CF-17C4-480F-85D4-E911B1E04532.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS23DE4865-D724-4BE9-BF2F-3441D2466959.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS249AB29B-92D0-48E4-A94A-1E667847493F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS2585D60B-AA6D-4FA6-BD88-6B70A463625D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS26AC8C15-3329-4D40-800F-9A240FC1ADC0.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS26DFE92D-F787-4DFF-A66B-9E298E15EAD1.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS26F9472C-6DE0-4E34-9CD0-2B0736CA83BE.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS27C8FB67-C60D-4B4A-9625-48E9183DC613.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS288244D1-7039-49E9-9A89-84599CDF6486.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS2A7BA843-BA4F-44C1-9CEC-102AFD73D849.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS2CC4B343-1F8C-4F21-BC66-4749FB918CBB.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS33C74799-DB49-4446-8A18-51D724C95A8C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS3817EAF1-10DF-4197-A8C1-4BCAC8FAF9D8.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS3829A718-6141-4A79-9633-FA2806B01BAA.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS39BABAC7-5CD8-4771-8E3B-817C45572D8C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS3EC8766A-42AB-4183-AA4F-3F0390820C80.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS40C7A9B6-4F9C-43ED-A632-491DBA8131FC.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS44ADE284-0B65-41E5-82C6-B30C8C5235A8.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS45645563-4CF5-45FD-9B20-3FA478059C29.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS45C39A22-C558-45D5-BB1C-F4D78E44EA80.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS47C8605C-E9B8-4DC4-B112-223E440CBA01.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS4E7907B6-A6C1-4E97-AD9A-AB8E0D217B97.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS4FB2C21A-42A4-418E-932E-DB25B29E278A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS51C38960-BF75-4CAB-8084-FBA496C0C163.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS53F75A6C-8A79-4BEB-976E-F76DD3E5A6B8.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS54E6B975-673D-49E7-8CE5-334A070E78B5.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS5DB2265A-60C9-4C64-8650-442CBB249073.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS606D6AB5-7D21-4F59-9B16-B6E948707258.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS609D9C02-6D3A-4F24-A8E1-A6A8FC31926A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS62288B7F-7292-4311-9B9D-4B7A77A074C5.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS626C2419-1E66-42D2-916E-C1731F2A943B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS634A06D1-0299-4BA8-BD3B-9DE894284970.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS6775116B-A3FC-4826-AEF9-467E3D95AE2D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS6970242B-3B3E-485E-B0DE-4AF1EE328F48.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS6CBA722B-775F-4DCC-9DE2-A42452462EF2.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS711650CD-1F1D-43C7-B6BB-87F459344157.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS720C67B1-E82B-4F34-881B-0E1407F3EC7B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS75525E53-53BF-499C-A3C5-D27A5CB85D80.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS7904FD17-7C65-4002-A808-A0E0117AF6A1.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS7B1CB24E-3BD3-4D0B-AA6B-13798ED22841.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS7B4402FA-8A3F-43DB-8025-363BC5BA9CD5.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS7CFE6FE0-F330-4F77-8B86-A5E58386E3E4.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS7D2DB4A8-6E01-421F-BEF9-0F48BD762729.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS7D750024-6104-4834-BC2E-7E36E84B7DA4.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS8048C386-1F52-4A65-A404-AD739A13A720.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS80A0E9BE-EC29-45D0-9FF4-258830257764.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS8594BD57-2BCD-4B62-AE31-92B441876C26.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS929A5FCE-883A-45D7-B115-E1F7ECCAC743.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS9510A6C1-EB3E-4E8B-8B43-FACD7397400E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS9D984671-D139-4A9B-BA73-14FCC7806FEC.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSA010CF7C-F59E-457A-9979-C7060A544A03.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSA0762A6B-62C1-41BD-969F-7FB1B5F6E466.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSA09F4DCC-E802-4FA0-80F5-E472390CF4E9.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSA2EFBCB3-5DE8-4B63-B10F-E21F9A2BEAFF.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSA54682FC-582A-4D14-90C7-C1FDE8BAFE48.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSA6336824-12F8-4AE7-9A1E-28BB562F863B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSA6350D82-1A33-44F6-BA94-6A0B194F0A10.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSA7FECC46-6EB5-4260-933A-A06C507E44DE.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSA8C337CA-1724-422E-8DC0-F6A5D198DA71.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSAC449082-D8AC-4CCB-ABB2-22D153691316.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSB2FB87A8-30E7-4431-8691-AC6689205E2E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSB51C7F77-C7BF-4EBC-B75D-96E5D11B07C3.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSB9FB4653-6B7A-44D3-B6CD-0E9833F5F3DD.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSBC7230EA-4CED-4720-A18D-D6C80DB311DC.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSBF2D33EA-C48E-4B5E-85FB-E6FDCD5C47EE.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSC0B904C8-6F05-46B5-8E1C-1EBC3E9D3988.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSC120D4C2-91FD-4771-8D98-7B0C1AE0F689.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSC16B3004-1C49-41FD-A503-D106A35D680D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSC5E82511-7F15-417C-910A-6D93D58C04BE.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSCB225254-6930-4722-89BE-AC633449ACC6.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSCDBDDC72-241E-447A-BCAC-6876EF7A8AB0.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSCDE0417C-38F6-4769-AF70-ADD155A6F8E3.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSCEAA0452-4ACD-4734-9FF2-8084FEB12719.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSD12B9FD0-0E32-426B-AE82-787DB0F7D1A6.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSD25AFFA6-F4DD-4323-9F4A-8066C0029509.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSD2A56A07-6DFF-4EED-BF46-700BB302178E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSD4455943-D490-4E35-B531-B597AD6BB80E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSDA3FBA0F-A2A9-4371-9C73-0317875B1B37.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSDC1ABFBB-6B1A-4DAD-8512-BF839150AD58.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSDC3FEF17-3C59-4078-84F7-819ECAFD35A5.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSDE7B1E10-9872-406C-A48D-F4EEF99FC7E5.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSE3FD7AD9-E52C-430C-937D-5FFC106CAB3A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSE770FFF2-4F14-4822-856D-ACA65BE90E80.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSE861B3CF-CD43-47B4-9048-CBD162A5BF51.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSEF3BB00F-519F-420D-81FC-FFB29551DE8D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSF273A129-FA82-4B76-AC41-CB34DFBFDD01.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSF3AF5E95-9CD0-41D8-8B8E-DDB10E38862B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSF6A03277-7C6B-49EA-A879-77D108C8716B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSF709B1FA-CF64-4275-870A-36862FD52404.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSF82BE978-5FCB-4A0E-A3F9-B809BF3507D7.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSFACA680C-AEC6-4CFD-9566-A46038FCD027.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSFB240E99-13BD-4D88-92A5-B795595863E0.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSFDAB5DA1-A3F3-42F6-9195-BA6C44D69E8D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSFFA0C2FB-A112-4DD9-BA43-B88E96D395ED.tmp Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{3800B08B-95A0-448D-8394-26F66F0CD487}\RP333\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\CASA.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{23BF7A BF-E5C7-44BD-8306-FD1F01720453}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\winhco32.dll Infected: Packed.Win32.Klone.g skipped
C:\WINDOWS\Temp\ZLT02462.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT0246c.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

Parece que algo se ha arreglado ya que parece que ahora ya no se reinicia el explorer ni sale ningún mensaje.

He dejado instalado tanto el spywareBlaster como el Spy Sweeper.

Hola de nuevo

Borra con el killBox:

C:\WINDOWS\system32\nqkcsydy.exe
C:\WINDOWS\system32\winhco32.dll, este es del dialer pero como dices que no tienes problemas lo mas proable es que no este.

Pasas nuevamente:
* El Ad-Ware SE actualizado.
* El RegSeeker, debes usar la opción Limpiar Registro, pásalo las veces que sean necesarias hasta que no aparezca nada.
* El Disk Cleaner, para limpiar cookies y temporales.

Pegas un nuevo log y me comentas los resultados.

Saludos

Hola

De los ficheros que indicabas solo he podido borrar el fichero C:\WINDOWS\system32\*winhco32.dll* ya que el otro no estaba.

Parece que hemos conseguido quitar el spyware ... Solamente salen estos archivos, pero los he eliminado para que no haya problemas.

Te dejo el log el ewido ...
__________________________________________________
ewido anti-spyware online scanner
http://www.ewido.net
__________________________________________________


Name: Not-A-Virus.PSWTool.Win32.RAS.a
Path: D:\$ThinkpadIBM\Software\Utilidades\Password\RockX P3 Recupera pass Windows.exe/xpkey.exe
Risk: Low

Name: Not-A-Virus.PSWTool.Win32.RAS.a
Path: D:\$ThinkpadIBM\Software\Utilidades\Password\RockX P3 Recupera pass Windows.exe/keyms.exe
Risk: Low

Name: Not-A-Virus.PSWTool.Win32.RAS.a
Path: D:\$ThinkpadIBM\Software\Utilidades\Password\RockX P3 Recupera pass Windows.exe/RAS.exe
Risk: Low

Name: Not-A-Virus.PSWTool.Win32.RAS.a
Path: D:\$User\Software\Password\RockXP3 Recupera pass Windows.exe/xpkey.exe
Risk: Low

Name: Not-A-Virus.PSWTool.Win32.RAS.a
Path: D:\$User\Software\Password\RockXP3 Recupera pass Windows.exe/keyms.exe
Risk: Low

Name: Not-A-Virus.PSWTool.Win32.RAS.a
Path: D:\$User\Software\Password\RockXP3 Recupera pass Windows.exe/RAS.exe
Risk: Low

Muchisimas gracias por todo y un saludo.
Si necesitais alguna cosa, por aqui andaré ...

Hola de nuevo

Como dices que eliminaste esos archivos que aparecen en el reporte de ewido y si no tienes problemas dare el tema como solucionado.

Salu2