Hola, amigos! Les escribo para pedirles ayuda en esta guerra de Spywares
1ro. se me abre un pequeño buscador al lado del reloj de la
barra, 2do. se crean archivos en c: que los borro pero vuleven a
aparecer:
deskbar.exe
dfndrff_14.exe
drsmartload.exe kybrdff_14.exe
nwnmff_14.exe
ucmoreeiex.exe(que me abre una barra al lado de los botones
de navegacion)


3ro. se abren 3 o 4 pantallas en Internet que son siempre las mismas
4to. tengo el Antivirus avg actualizado cada dia, que me reconoce
archivos troyanos, q los pongo en la boveda pero vuelven.
Troyano Downloader.Generic2.HBY
Troyano Downloader.Generic.HGT

Le paso el spybot y me salen:
LSA 1 entrada
Microsoft.WindowsSecurityCenter_disabled 1 entrada
MyWay.MyWebSearch 1 entrada
Network Monitor 2 entradas
WPA_Reset5 1 entrada
y varios mas, que al parecer no los elimina, pues sigue haciendo lo
mismo.
Le pase el RegSeeker y eliminé todo.
Le pase el Adaware 6 y no me encuentra nada

Tengo solucion? Tendre que hacer algo mas o debo mostrar
la bandera blanca y volver a usar DOS?
Les dejo el Log del Ewido y espero que me puedan ayudar
Gracias!! Daniel






ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:13:15 a.m. 29/08/2006

+ Scan result:



HKLM\SOFTWARE\Classes\CLSID\{6001CDF7-6F45-471b-A203-0225615E35A7} -> Adware.Generic : Cleaned.
C:\Documents and Settings\Corbata\Configuración local\Archivos temporales de Internet\Content.IE5\4BIJELA5\Installer[1].exe -> Adware.Look2Me : Cleaned.
[644] C:\WINDOWS\system32\mfrddm.dll -> Adware.Look2Me : Cleaned.
[756] C:\WINDOWS\system32\mfrddm.dll -> Adware.Look2Me : Cleaned.
E:\Programas\Cracks\Crack de Acdsee 3.0.zip/DT6 - acdseecrk.exe -> Backdoor.Theef.111 : Cleaned.
C:\Documents and Settings\Corbata\Configuración local\Archivos temporales de Internet\Content.IE5\I729GZIP\MTE3NDI6ODoxNg[1].exe -> Downloader.Small.buy : Cleaned.
C:\Documents and Settings\Corbata\directx.sys -> Rootkit.Agent.l : Cleaned.
C:\Documents and Settings\Corbata\Cookies\corbata@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Corbata\Cookies\corbata@cz4.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Corbata\Cookies\corbata@cz5.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Corbata\Cookies\corbata@www.epilot[1].txt -> TrackingCookie.Epilot : Cleaned.
C:\Documents and Settings\Corbata\Cookies\corbata@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned.
C:\Documents and Settings\Corbata\Cookies\corbata@revenue[1].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\Corbata\Cookies\corbata@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Corbata\Cookies\corbata@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Corbata\Cookies\corbata@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.


::Report end

Saludos. Realiza un nuevo scaneo, pero esta vez con ewido y kaspersky online.

Nos pegas el reporte que estos te generen aqui.
Suerte

Hola, fulgore. Bueno, despues de intentarlo pude entrar a windows, so se xq no podia, la cosa es q entre a prueba de fallos y le pase todo el arsenal (adaware, ewido, regseek, avg, spybot) Te dejo los logs que me pediste, a ver si me puedes ayudar, ya que estoy por tirar el cpu por la ventana. Muchas gracias por ayudarnos a los que sabemos poco. Corbata



---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 08:00:54 p.m. 30/08/2006

+ Scan result:



C:\Documents and Settings\Corbata\Configuración local\Archivos temporales de Internet\Content.IE5\4BIJELA5\Installer[1].exe -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\__delete_on_reboot__n_b_r_s_e_ n_g_._d_l_l_ -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\g0lm0a31ed.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
[1244] C:\WINDOWS\system32\llcdll.dll -> Adware.Look2Me : Error during cleaning.
[1704] C:\WINDOWS\system32\llcdll.dll -> Adware.Look2Me : Error during cleaning.
C:\Documents and Settings\Corbata\Configuración local\Archivos temporales de Internet\Content.IE5\61Q3Y5IV\ucmoreiex[1].exe/IUCMORE.DLL -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\Documents and Settings\Corbata\Configuración local\Archivos temporales de Internet\Content.IE5\61Q3Y5IV\ucmoreiex[1].exe/UCMTSAIE.DLL -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\Documents and Settings\Corbata\Configuración local\Archivos temporales de Internet\Content.IE5\61Q3Y5IV\ucmoreiex[1].exe/empty_00000001 -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\Documents and Settings\Corbata\Configuración local\Temp\GLB2A.tmp/empty_00000001 -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\Documents and Settings\Corbata\Configuración local\Archivos temporales de Internet\Content.IE5\I729GZIP\kybrdff_14[1].exe -> Downloader.Adload.ez : Cleaned with backup (quarantined).
C:\Documents and Settings\Corbata\Configuración local\Archivos temporales de Internet\Content.IE5\WFGNC7Q3\dfndrff_14[1].exe -> Downloader.Adload.ez : Cleaned with backup (quarantined).
C:\Documents and Settings\Corbata\Configuración local\Archivos temporales de Internet\Content.IE5\4BIJELA5\MTE3NDI6ODoxNg[1].exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\Documents and Settings\Corbata\Configuración local\Archivos temporales de Internet\Content.IE5\WFGNC7Q3\loader[1].exe -> Downloader.VB.agk : Cleaned with backup (quarantined).
C:\__delete_on_reboot__d_r_s_m_a_r_t_l_o_a_d_._e_x _e_ -> Downloader.VB.agk : Cleaned with backup (quarantined).
C:\Documents and Settings\Corbata\directx.sys -> Rootkit.Agent.l : Cleaned with backup (quarantined).


::Report end





-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, August 30, 2006 954 PM
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 31/08/2006
Kaspersky Anti-Virus database records: 206676
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - Folders:
C:\$VAULT$.AVG\
C:\Archivos de programa\
C:\Config.Msi\
C:\Documents and Settings\
C:\RECYCLER\
C:\System Volume Information\
C:\temps\
C:\WINDOWS\
D:\Programas\
D:\RECYCLER\
D:\System Volume Information\
E:\Cosas de Katty\
E:\Imágenes Varias\
E:\Letras de canciones\
E:\Páginas de Internet\
E:\Programas\
E:\RECYCLER\
E:\System Volume Information\
E:\Word, Powerpoint y Excel\

Scan Statistics:
Total number of scanned objects: 21091
Number of viruses found: 4
Number of infected objects: 3 / 0
Number of suspicious objects: 6
Duration of the scan process: 00:21:22

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Datos de programa\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip/drsmartload849a849f.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy\Recovery\SmitfraudC3.zip/drsmartload46a46f.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy\Recovery\SmitfraudC3.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy\Recovery\SmitfraudC4.zip/drsmartload45a45f.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy\Recovery\SmitfraudC4.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\Corbata\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Corbata\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Corbata\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Corbata\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Corbata\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Corbata\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Corbata\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\WINDOWS\Debug\DCPROMO.LOG Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Configura ción local\Archivos temporales de Internet\Content.IE5\01QF4H6R\newabc[1].jpg Infected: Trojan-Downloader.Win32.Adload.ds skipped
C:\WINDOWS\system32\directxnew.exe Infected: Backdoor.Win32.Rbot.gen skipped
C:\WINDOWS\system32\en20l1fm1.dll Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\i Infected: Trojan-Downloader.BAT.Ftp.ab skipped
C:\WINDOWS\system32\llcdll.dll Object is locked skipped
C:\WINDOWS\system32\p68q0gl5e6q.dll Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped

Scan process completed.

Hola. vamos a hacer lo sgte:


Descarga la herramienta Killbox
Activa la opcion Ver Archivos Ocultos
Apaga la opcion Restaurar Sistema si tienes Windows ME o XP.
Entra en Modo Seguro
Ejecuta el killbox, y borra lo siguiente:

C:\WINDOWS\system32\llcdll.dll
C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy\Recovery ----->> elimina TODO lo que hay en la carpeta, mas NO elimines la carpeta.
C:\WINDOWS\system32\config\systemprofile\Configura ción local\Archivos temporales de Internet\Content.IE5\01QF4H6R\newabc[1].jpg
C:\WINDOWS\system32\directxnew.exe
C:\WINDOWS\system32\i


Descarga y ejecuta la herramienta SpywareBlaster + Manual.

Haz un nuevo reporte de ewido y kaspersky, para ver como va todo, y lo pegas aqui.

Por que me pasa todo esto??? Bueno, me instale el programa q me dijiste, pero me sale que no tengo ningun objeto sin proteger, o algo asi, x lo tanto no me deja elegir nada, esta bien eso?
Un problemita mas que tengo es que me salen 2 o 3 pags de internet que son siempre las mismas, cada 5 minutos y es muy molesto.

El killbox me dice que un par de entradas de las q me diste para eliminar no existen, estas son:
C:\WINDOWS\system32\llcdll.dll
C:\WINDOWS\system32\config\systemprofile\Configura ción local\Archivos temporales de Internet\Content.IE5\01QF4H6R\newabc[1].jpg
Las otras las borre sin problemas.

El ewido me dice que tengo los sgtes malwares:
Adaware.look2me
TrackingCookie.Atdmt
TrackingCookie.Cpvfeed
TrackingCookie.Fastclick
TrackingCookie.2o7
TrackingCookie.Tribalfusion
TrackingCookie.Zedo
Rootkit.Agent.I (este ultimo de riesgo alto)


Dejo los logs.







---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:14:15 p.m. 30/08/2006

+ Scan result:



C:\WINDOWS\system32\driman32.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\k4800elmehqa0.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
[1244] C:\WINDOWS\system32\aawav.dll -> Adware.Look2Me : Error during cleaning.
[1844] C:\WINDOWS\system32\aawav.dll -> Adware.Look2Me : Error during cleaning.
C:\Documents and Settings\Corbata\directx.sys -> Rootkit.Agent.l : Cleaned with backup (quarantined).
C:\Documents and Settings\Corbata\Cookies\corbata@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Corbata\Cookies\corbata@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Corbata\Cookies\corbata@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Corbata\Cookies\corbata@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Corbata\Cookies\corbata@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Corbata\Cookies\corbata@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Corbata\Cookies\corbata@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.


::Report end



Kaspersky
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, August 30, 2006 11:23:06 PM
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 31/08/2006
Kaspersky Anti-Virus database records: 206706
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - Folders:
C:\!KillBox\
C:\$VAULT$.AVG\
C:\Archivos de programa\
C:\Config.Msi\
C:\Documents and Settings\
C:\RECYCLER\
C:\System Volume Information\
C:\temps\
C:\WINDOWS\
D:\Programas\
D:\RECYCLER\
D:\System Volume Information\
E:\Cosas de Katty\
E:\Imágenes Varias\
E:\Letras de canciones\
E:\Páginas de Internet\
E:\Programas\
E:\RECYCLER\
E:\System Volume Information\
E:\Word, Powerpoint y Excel\

Scan Statistics:
Total number of scanned objects: 21401
Number of viruses found: 4
Number of infected objects: 3 / 0
Number of suspicious objects: 6
Duration of the scan process: 00:40:35

Infected Object Name / Virus Name / Last Action
C:\!KillBox\directxnew.exe Infected: Backdoor.Win32.Rbot.gen skipped
C:\!KillBox\i Infected: Trojan-Downloader.BAT.Ftp.ab skipped
C:\!KillBox\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip/drsmartload849a849f.exe Suspicious: Password-protected-EXE skipped
C:\!KillBox\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip ZIP: suspicious - 1 skipped
C:\!KillBox\Spybot - Search & Destroy\Recovery\SmitfraudC3.zip/drsmartload46a46f.exe Suspicious: Password-protected-EXE skipped
C:\!KillBox\Spybot - Search & Destroy\Recovery\SmitfraudC3.zip ZIP: suspicious - 1 skipped
C:\!KillBox\Spybot - Search & Destroy\Recovery\SmitfraudC4.zip/drsmartload45a45f.exe Suspicious: Password-protected-EXE skipped
C:\!KillBox\Spybot - Search & Destroy\Recovery\SmitfraudC4.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Datos de programa\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Corbata\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Corbata\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Corbata\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Corbata\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Corbata\Configuración local\Historial\History.IE5\MSHist0120060830200608 31\index.dat Object is locked skipped
C:\Documents and Settings\Corbata\Configuración local\Temp\Perflib_Perfdata_53c.dat Object is locked skipped
C:\Documents and Settings\Corbata\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Corbata\directx.sys Object is locked skipped
C:\Documents and Settings\Corbata\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Corbata\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\aawav.dll Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Configura ción local\Archivos temporales de Internet\Content.IE5\01QF4H6R\newabc[1].jpg Infected: Trojan-Downloader.Win32.Adload.ds skipped
C:\WINDOWS\system32\f62m0gf1e62.dll Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Holass. Segui con lo siguiente:
1. - Entra en Modo Seguro (Modo a Prueba de Fallos).
2. - Borra estos archivos:
C:\!KillBox ==> vacia la carpeta
C:\WINDOWS\system32\aawav.dll
C:\WINDOWS\system32\driman32.dll
C:\WINDOWS\system32\k4800elmehqa0.dll
C:\WINDOWS\system32\f62m0gf1e62.dll
C:\WINDOWS\system32\config\systemprofile\Configura ción local\Archivos temporales de Internet\Content.IE5\01QF4H6R\newabc[1].jpg
Si no seborran, podes usar el Killbox.
3. - Escanea con:

• Look2Me-Destroyer.exe
  
  Cita:

  NOTA: ejecutar Look2ME-Destroyer Hacer Doble-click al archivo Look2ME-Destroyer.exe para activarlo. Marque la casilla - "Run this program as a task". Recibirá un mensaje que dice que el programa se cerrara y que abrira nuevamente en un minuto o menos. Déle ACEPTAR. Cuando Look2Me-Destroyer se vuelva a abrir, presiona el botón Look for L2M. Los íconos del escritorio desaparecerán, eso es normal. Una vez finalizada la exploración presiona el botón Remove L2M. Recibirás un mensaje que dice Done Scanning, presiona Aceptar. Cuando finalice recibirás este mensaje: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, presiona Aceptar. Tu PC se apagará, así que deberás volver a encenderla (en Modo Seguro).

• Ewido Anti-Malware 4.0 actualizado (yalo tienes).
• Ad-aware 1.06 SE Personal actualizado (Full Scan).

4. - No salgas del modo seguro. Has lo siguiente en cada cuenta de usuario:

• Cierra todas las ventanas.
• Pasa el CCleaner.
• Limpia el registro con RegSeeker (manual).

5. - Inicia en modo normal y escanea con:

• Ewido On-Line.
• Kaspersky On-Line.

>>> Guardas los reportes de cada scanner on-line.
6. - Peganos los reportes de los escanners on-line obtenidos en el punto 5 en este mismo tema para que los analizemos (pega los 2 juntos, no por separado).

Nos cintas resultados.

Salu2

Bueno, paso a contarte:
el unico archivo q pude eliminar es el newabc[1].jpg los otros no existian.
el aawav.dll al principio me decia q no lo podia eliminar, pero despues desaparecio.

El look2me-destroyer.exe lo tuve q ejecutar en Modo Normal, xq no me puedo conectar en modo a prueba de fallos, igual me salio que lo elimino todo.
El adaware no registro ningun problema, y el ewido esto:

C:\Documents and Settings\Corbata\Cookies\corbata@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Corbata\Cookies\corbata@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.

Pase el Ccleaner y el Regseek.
El Ewido on line no me detecto ningun problema; dejo el log del Kaspersky:


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, August 31, 2006 8:43:47 PM
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 1/09/2006
Kaspersky Anti-Virus database records: 206960
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - Folders:
C:\!KillBox\
C:\$VAULT$.AVG\
C:\Archivos de programa\
C:\Config.Msi\
C:\Documents and Settings\
C:\RECYCLER\
C:\System Volume Information\
C:\temps\
C:\WINDOWS\
E:\Archivos + de 18 años\
E:\Archivos Divertidos\
E:\Cosas de Katty\
E:\Imágenes Varias\
E:\Letras de canciones\
E:\Páginas de Internet\
E:\Programas\
E:\RECYCLER\
E:\System Volume Information\
E:\Word, Powerpoint y Excel\

Scan Statistics:
Total number of scanned objects: 23540
Number of viruses found: 0
Number of infected objects: 0 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:23:31

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Datos de programa\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Corbata\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Corbata\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Corbata\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Corbata\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Corbata\Configuración local\Historial\History.IE5\MSHist0120060831200609 01\index.dat Object is locked skipped
C:\Documents and Settings\Corbata\Configuración local\Temp\BIT19.tmp Object is locked skipped
C:\Documents and Settings\Corbata\Configuración local\Temp\Perflib_Perfdata_dcc.dat Object is locked skipped
C:\Documents and Settings\Corbata\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Corbata\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Corbata\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Corbata\UserData\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\catalog.wci\00000002.ps1 Object is locked skipped
C:\System Volume Information\catalog.wci\00000002.ps2 Object is locked skipped
C:\System Volume Information\catalog.wci\cicat.fid Object is locked skipped
C:\System Volume Information\catalog.wci\cicat.hsh Object is locked skipped
C:\System Volume Information\catalog.wci\CiCL0001.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiP10000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiP20000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiPT0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiSL0001.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiSP0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiST0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiVP0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\INDEX.000 Object is locked skipped
C:\System Volume Information\catalog.wci\propstor.bk1 Object is locked skipped
C:\System Volume Information\catalog.wci\propstor.bk2 Object is locked skipped
C:\System Volume Information\_restore{EE78D757-7A41-43B4-A2BE-C8A70524F766}\RP1\A0000001.sys Object is locked skipped
C:\System Volume Information\_restore{EE78D757-7A41-43B4-A2BE-C8A70524F766}\RP17\A0000254.exe Object is locked skipped
C:\System Volume Information\_restore{EE78D757-7A41-43B4-A2BE-C8A70524F766}\RP17\change.log Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SCHEDLGU.TXT Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
E:\System Volume Information\_restore{EE78D757-7A41-43B4-A2BE-C8A70524F766}\RP17\change.log Object is locked skipped

Scan process completed.

Bueno los reportes estan limpios ¿Sigues con problemas? Avisanos asi damos el tema por solucionado.

Salu2

Por ahora no surgieron problemas, creo que podeis dar el tema por solucionado. Una ultima pregunta: Que programas me aconsejan tener si o si en la maquina? (antivirus, antispywares, etc)
Muchisisisisisisisisisimas gracias por su paciencia y por ahorrarme mucho $$ en tecnicos!! Corbatta

Bueno, para estar + seguro:
Antivirus (asegurate de no instalar + de 1)

Antispywares (Spybot y SpywareBlaster, tambien lee sus respectivos enlaces relacionados).

Firewall (asegurate de no instalar + de 1)

Tambien lee estos articulos:
Archivo Hosts
Listado de Falsos Antispywares / Antivirus / Rogue Software (Actualizado al 16/9/08)
Programas P2P con y sin Spyware (Actualizado 02 de Febrero del 2008)

Nos cuentas si todo va bien, asi poder dar por solucionado el tema.

Salu2