Foro de InfoSpyware - Foro de Hijackthis - Foro de Virus

-------------------------------------------------------------------------------
 KASPERSKY ONLINE SCANNER INFORME
 martes, 09 de junio de 2009 15:01:34
 Sistema operativo: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
 Kaspersky Online Scanner versión: 5.0.84.2
 Ultima actualización:  9/06/2009
 Registros en la base antivirus: 2107423
-------------------------------------------------------------------------------

Configuración del análisis:
	Analizar usando las siguientes bases: standard
	Analizar archivos: verdadero
	Analizar bases de correo: verdadero

Objetivo a analizar - Mi PC:
	C:\
	D:\
	E:\

Estadísticas:
	Número de objeros analizados: 75113
	Virus encontrados: 1
	Objetos infectados: 1 / 0
	Objetos sospechosos: 0
	Duración del análisis: 01:01:49

Bombre del objeto infectado / Nombre del virus / Última acción
C:\WINDOWS\system32\config\system.LOG	Object is locked	saltado
C:\WINDOWS\system32\config\software.LOG	Object is locked	saltado
C:\WINDOWS\system32\config\default.LOG	Object is locked	saltado
C:\WINDOWS\system32\config\SAM.LOG	Object is locked	saltado
C:\WINDOWS\system32\config\SECURITY.LOG	Object is locked	saltado
C:\WINDOWS\system32\config\SecEvent.Evt	Object is locked	saltado
C:\WINDOWS\system32\config\AppEvent.Evt	Object is locked	saltado
C:\WINDOWS\system32\config\SysEvent.Evt	Object is locked	saltado
C:\WINDOWS\system32\config\Antivirus.Evt	Object is locked	saltado
C:\WINDOWS\system32\config\DEFAULT	Object is locked	saltado
C:\WINDOWS\system32\config\SECURITY	Object is locked	saltado
C:\WINDOWS\system32\config\SOFTWARE	Object is locked	saltado
C:\WINDOWS\system32\config\SYSTEM	Object is locked	saltado
C:\WINDOWS\system32\config\SAM	Object is locked	saltado
C:\WINDOWS\system32\config\Internet.evt	Object is locked	saltado
C:\WINDOWS\system32\config\OSession.evt	Object is locked	saltado
C:\WINDOWS\system32\config\ODiag.evt	Object is locked	saltado
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP	Object is locked	saltado
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP	Object is locked	saltado
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER	Object is locked	saltado
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP	Object is locked	saltado
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP	Object is locked	saltado
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA	Object is locked	saltado
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR	Object is locked	saltado
C:\WINDOWS\system32\CatRoot2\edb.log	Object is locked	saltado
C:\WINDOWS\system32\CatRoot2\tmp.edb	Object is locked	saltado
C:\WINDOWS\system32\h323log.txt	Object is locked	saltado
C:\WINDOWS\system32\nmdfgds0.dll	Infectados: Trojan-GameThief.Win32.Magania.bfjs	saltado
C:\WINDOWS\Debug\PASSWD.LOG	Object is locked	saltado
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log	Object is locked	saltado
C:\WINDOWS\Temp\CLML_AGENT_LOG1.txt	Object is locked	saltado
C:\WINDOWS\Temp\_avast4_\Webshlock.txt	Object is locked	saltado
C:\WINDOWS\Temp\Perflib_Perfdata_478.dat	Object is locked	saltado
C:\WINDOWS\Temp\sqlite_Alj3YvVSggiGjEW	Object is locked	saltado
C:\WINDOWS\Temp\Perflib_Perfdata_8f8.dat	Object is locked	saltado
C:\WINDOWS\wiaservc.log	Object is locked	saltado
C:\WINDOWS\SchedLgU.Txt	Object is locked	saltado
C:\WINDOWS\Sti_Trace.log	Object is locked	saltado
C:\WINDOWS\WindowsUpdate.log	Object is locked	saltado
C:\WINDOWS\wiadebug.log	Object is locked	saltado
C:\WINDOWS\Internet Logs\tvDebug.log	Object is locked	saltado
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	saltado
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat	Object is locked	saltado
C:\Documents and Settings\NetworkService\ntuser.dat.LOG	Object is locked	saltado
C:\Documents and Settings\NetworkService\NTUSER.DAT	Object is locked	saltado
C:\Documents and Settings\LocalService\Configuración local\Historial\History.IE5\index.dat	Object is locked	saltado
C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat	Object is locked	saltado
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	saltado
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat	Object is locked	saltado
C:\Documents and Settings\LocalService\Cookies\index.dat	Object is locked	saltado
C:\Documents and Settings\LocalService\ntuser.dat.LOG	Object is locked	saltado
C:\Documents and Settings\LocalService\NTUSER.DAT	Object is locked	saltado
C:\Documents and Settings\Albert_2\NTUSER.DAT	Object is locked	saltado
C:\Documents and Settings\Albert_2\ntuser.dat.LOG	Object is locked	saltado
C:\Documents and Settings\Albert_2\Configuración local\Historial\History.IE5\index.dat	Object is locked	saltado
C:\Documents and Settings\Albert_2\Configuración local\Historial\History.IE5\MSHist012009060920090610\index.dat	Object is locked	saltado
C:\Documents and Settings\Albert_2\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat	Object is locked	saltado
C:\Documents and Settings\Albert_2\Configuración local\Archivos temporales de Internet\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat	Object is locked	saltado
C:\Documents and Settings\Albert_2\Configuración local\Datos de programa\Acer Arcade\Trace.log	Object is locked	saltado
C:\Documents and Settings\Albert_2\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	saltado
C:\Documents and Settings\Albert_2\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat	Object is locked	saltado
C:\Documents and Settings\Albert_2\Cookies\index.dat	Object is locked	saltado
C:\Archivos de programa\Alwil Software\Avast4\DATA\report\Protección residente.txt	Object is locked	saltado
C:\Archivos de programa\Alwil Software\Avast4\DATA\log\nshield.log	Object is locked	saltado
C:\Archivos de programa\Alwil Software\Avast4\DATA\log\aswMaiSv.log	Object is locked	saltado
C:\Archivos de programa\Alwil Software\Avast4\DATA\log\AshWebSv.ws	Object is locked	saltado
C:\Archivos de programa\Alwil Software\Avast4\DATA\log\selfdef.log	Object is locked	saltado
C:\Archivos de programa\Alwil Software\Avast4\DATA\aswResp.dat	Object is locked	saltado
C:\Archivos de programa\Alwil Software\Avast4\DATA\Avast4.db	Object is locked	saltado
C:\Archivos de programa\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\LOG\ERRORLOG	Object is locked	saltado
C:\Archivos de programa\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\master.mdf	Object is locked	saltado
C:\Archivos de programa\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\mastlog.ldf	Object is locked	saltado
C:\Archivos de programa\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\model.mdf	Object is locked	saltado
C:\Archivos de programa\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\modellog.ldf	Object is locked	saltado
C:\Archivos de programa\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\tempdb.mdf	Object is locked	saltado
C:\Archivos de programa\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\templog.ldf	Object is locked	saltado
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLML_MAIN\CLML.db	Object is locked	saltado
C:\autorun.inf\lpt3.This folder was created by Flash_Disinfector	Object is locked	saltado
D:\autorun.inf\lpt3.This folder was created by Flash_Disinfector	Object is locked	saltado

Análisis completado.

:files
C:\WINDOWS\system32\nmdfgds0.dll
:commands
[emptytemp]
[purity]
[Reboot]

========== FILES ==========
DllUnregisterServer procedure not found in C:\WINDOWS\system32\nmdfgds0.dll
C:\WINDOWS\system32\nmdfgds0.dll NOT unregistered.
C:\WINDOWS\system32\nmdfgds0.dll moved successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\CLML_AGENT_LOG1.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_478.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_Alj3YvVSggiGjEW scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_8f8.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
File delete failed. C:\Documents and Settings\Albert_2\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\14gfc3y5.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Albert_2\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\14gfc3y5.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Albert_2\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\14gfc3y5.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Albert_2\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\14gfc3y5.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Albert_2\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\14gfc3y5.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
 
OTM by OldTimer - Version 2.1.0.0 log created on 06092009_153142

Files moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\CLML_AGENT_LOG1.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_478.dat moved successfully.
File C:\WINDOWS\temp\sqlite_Alj3YvVSggiGjEW not found!
File C:\WINDOWS\temp\Perflib_Perfdata_8f8.dat not found!
C:\Documents and Settings\Albert_2\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\14gfc3y5.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Albert_2\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\14gfc3y5.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Albert_2\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\14gfc3y5.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Albert_2\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\14gfc3y5.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Albert_2\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\14gfc3y5.default\urlclassifier3.sqlite moved successfully.

Registry entries deleted on Reboot...