Foro de InfoSpyware - Foro de Hijackthis - Foro de Virus

;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-10-29 19:03:25
PROTECTIONS: 1
MALWARE: 22
SUSPECTS: 10
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description                                  Version                       Active    Updated
;===================================================================================================================================================================================
AntiVir Desktop                              9.0.1.32                      No        No
;===================================================================================================================================================================================
MALWARE
Id        Description                        Type                Active    Severity  Disinfectable  Disinfected Location
;===================================================================================================================================================================================
00139061  Cookie/Doubleclick                 TrackingCookie      No        0         Yes            No           c:\documents and settings\josemi a\application data\phoenix\profiles\default\3ktb3vhm.slt\cookies.txt[.doubleclick.net/]
00139061  Cookie/Doubleclick                 TrackingCookie      No        0         Yes            No           c:\documents and settings\mamá\cookies\mamá@doubleclick[1].txt
00139064  Cookie/Atlas DMT                   TrackingCookie      No        0         Yes            No           c:\documents and settings\mamá\cookies\mamá@atdmt[1].txt
00139064  Cookie/Atlas DMT                   TrackingCookie      No        0         Yes            No           c:\documents and settings\josemi a\application data\phoenix\profiles\default\3ktb3vhm.slt\cookies.txt[.atdmt.com/]
00139064  Cookie/Atlas DMT                   TrackingCookie      No        0         Yes            No           c:\documents and settings\josemi a\cookies\josemi_a@atdmt[1].txt
00145457  Cookie/FastClick                   TrackingCookie      No        0         Yes            No           c:\documents and settings\josemi a\application data\phoenix\profiles\default\3ktb3vhm.slt\cookies.txt[.fastclick.net/]
00145457  Cookie/FastClick                   TrackingCookie      No        0         Yes            No           c:\documents and settings\josemi a\application data\phoenix\profiles\default\3ktb3vhm.slt\cookies.txt[.fastclick.net/]
00145457  Cookie/FastClick                   TrackingCookie      No        0         Yes            No           c:\documents and settings\josemi a\application data\phoenix\profiles\default\3ktb3vhm.slt\cookies.txt[.fastclick.net/]
00145457  Cookie/FastClick                   TrackingCookie      No        0         Yes            No           c:\documents and settings\josemi a\application data\phoenix\profiles\default\3ktb3vhm.slt\cookies.txt[.fastclick.net/]
00145457  Cookie/FastClick                   TrackingCookie      No        0         Yes            No           c:\documents and settings\josemi a\application data\phoenix\profiles\default\3ktb3vhm.slt\cookies.txt[.fastclick.net/]
00145457  Cookie/FastClick                   TrackingCookie      No        0         Yes            No           c:\documents and settings\josemi a\application data\phoenix\profiles\default\3ktb3vhm.slt\cookies.txt[.fastclick.net/]
00145457  Cookie/FastClick                   TrackingCookie      No        0         Yes            No           c:\documents and settings\josemi a\application data\phoenix\profiles\default\3ktb3vhm.slt\cookies.txt[.fastclick.net/]
00145731  Cookie/Tribalfusion                TrackingCookie      No        0         Yes            No           c:\documents and settings\josemi a\application data\phoenix\profiles\default\3ktb3vhm.slt\cookies.txt[.tribalfusion.com/]
00167704  Cookie/Xiti                        TrackingCookie      No        0         Yes            No           c:\documents and settings\josemi a\application data\phoenix\profiles\default\3ktb3vhm.slt\cookies.txt[.xiti.com/]
00167738  Cookie/fe.lea.lycos                TrackingCookie      No        0         Yes            No           c:\documents and settings\josemi a\application data\phoenix\profiles\default\3ktb3vhm.slt\cookies.txt[fe.lea.lycos.es/]
00167753  Cookie/Statcounter                 TrackingCookie      No        0         Yes            No           c:\documents and settings\josemi a\application data\phoenix\profiles\default\3ktb3vhm.slt\cookies.txt[.statcounter.com/]
00167753  Cookie/Statcounter                 TrackingCookie      No        0         Yes            No           c:\documents and settings\josemi a\application data\phoenix\profiles\default\3ktb3vhm.slt\cookies.txt[.statcounter.com/]
00167753  Cookie/Statcounter                 TrackingCookie      No        0         Yes            No           c:\documents and settings\josemi a\application data\phoenix\profiles\default\3ktb3vhm.slt\cookies.txt[.statcounter.com/]
00167753  Cookie/Statcounter                 TrackingCookie      No        0         Yes            No           c:\documents and settings\josemi a\application data\phoenix\profiles\default\3ktb3vhm.slt\cookies.txt[.statcounter.com/]
00167753  Cookie/Statcounter                 TrackingCookie      No        0         Yes            No           c:\documents and settings\josemi a\application data\phoenix\profiles\default\3ktb3vhm.slt\cookies.txt[.statcounter.com/]
00167753  Cookie/Statcounter                 TrackingCookie      No        0         Yes            No           c:\documents and settings\josemi a\application data\phoenix\profiles\default\3ktb3vhm.slt\cookies.txt[.statcounter.com/]
00168056  Cookie/YieldManager                TrackingCookie      No        0         Yes            No           c:\documents and settings\josemi a\application data\phoenix\profiles\default\3ktb3vhm.slt\cookies.txt[ad.yieldmanager.com/]
00168056  Cookie/YieldManager                TrackingCookie      No        0         Yes            No           c:\documents and settings\josemi a\application data\phoenix\profiles\default\3ktb3vhm.slt\cookies.txt[ad.yieldmanager.com/]
00168056  Cookie/YieldManager                TrackingCookie      No        0         Yes            No           c:\documents and settings\josemi a\application data\phoenix\profiles\default\3ktb3vhm.slt\cookies.txt[ad.yieldmanager.com/]
00168056  Cookie/YieldManager                TrackingCookie      No        0         Yes            No           c:\documents and settings\josemi a\application data\phoenix\profiles\default\3ktb3vhm.slt\cookies.txt[ad.yieldmanager.com/]
00168056  Cookie/YieldManager                TrackingCookie      No        0         Yes            No           c:\documents and settings\josemi a\application data\phoenix\profiles\default\3ktb3vhm.slt\cookies.txt[ad.yieldmanager.com/]
00168056  Cookie/YieldManager                TrackingCookie      No        0         Yes            No           c:\documents and settings\josemi a\application data\phoenix\profiles\default\3ktb3vhm.slt\cookies.txt[ad.yieldmanager.com/]
00168061  Cookie/Apmebf                      TrackingCookie      No        0         Yes            No           c:\documents and settings\josemi a\application data\phoenix\profiles\default\3ktb3vhm.slt\cookies.txt[.apmebf.com/]
00168106  Cookie/Weborama                    TrackingCookie      No        0         Yes            No           c:\documents and settings\josemi a\application data\phoenix\profiles\default\3ktb3vhm.slt\cookies.txt[.weborama.fr/]
00169190  Cookie/Advertising                 TrackingCookie      No        0         Yes            No           c:\documents and settings\josemi a\application data\phoenix\profiles\default\3ktb3vhm.slt\cookies.txt[.advertising.com/]
00169190  Cookie/Advertising                 TrackingCookie      No        0         Yes            No           c:\documents and settings\josemi a\application data\phoenix\profiles\default\3ktb3vhm.slt\cookies.txt[.advertising.com/]
00169190  Cookie/Advertising                 TrackingCookie      No        0         Yes            No           c:\documents and settings\josemi a\application data\phoenix\profiles\default\3ktb3vhm.slt\cookies.txt[.advertising.com/]
00169190  Cookie/Advertising                 TrackingCookie      No        0         Yes            No           c:\documents and settings\josemi a\application data\phoenix\profiles\default\3ktb3vhm.slt\cookies.txt[.advertising.com/]
00170556  Cookie/RealMedia                   TrackingCookie      No        0         Yes            No           c:\documents and settings\josemi a\application data\phoenix\profiles\default\3ktb3vhm.slt\cookies.txt[.realmedia.com/]
00170556  Cookie/RealMedia                   TrackingCookie      No        0         Yes            No           c:\documents and settings\josemi a\application data\phoenix\profiles\default\3ktb3vhm.slt\cookies.txt[.realmedia.com/]
00286734  Cookie/Adserver                    TrackingCookie      No        0         Yes            No           c:\documents and settings\josemi a\application data\phoenix\profiles\default\3ktb3vhm.slt\cookies.txt[adserver.filefront.com/]
01024345  Trj/Keylog.LH                      Virus/Trojan        No        1         Yes            No           g:\system volume information\_restore{a1a22db1-8332-49aa-86f8-e6960c5ac86a}\rp88\a0024823.exe
01024345  Trj/Keylog.LH                      Virus/Trojan        No        1         Yes            No           g:\system volume information\_restore{a1a22db1-8332-49aa-86f8-e6960c5ac86a}\rp81\a0014658.exe
02441996  Exploit/SWF.B                      Virus/Trojan        No        0         Yes            No           c:\documents and settings\josemi a\local settings\application data\google\chrome\user data\default\cache\f_0002c3
02909956  Cookie/VirusAlarma                 TrackingCookie      No        0         Yes            No           c:\documents and settings\josemi a\application data\phoenix\profiles\default\3ktb3vhm.slt\cookies.txt[.virusalarma.es/]
02909956  Cookie/VirusAlarma                 TrackingCookie      No        0         Yes            No           c:\documents and settings\josemi a\application data\phoenix\profiles\default\3ktb3vhm.slt\cookies.txt[.virusalarma.es/]
02909956  Cookie/VirusAlarma                 TrackingCookie      No        0         Yes            No           c:\documents and settings\josemi a\application data\phoenix\profiles\default\3ktb3vhm.slt\cookies.txt[.virusalarma.es/]
02909956  Cookie/VirusAlarma                 TrackingCookie      No        0         Yes            No           c:\documents and settings\josemi a\application data\phoenix\profiles\default\3ktb3vhm.slt\cookies.txt[.virusalarma.es/]
02909956  Cookie/VirusAlarma                 TrackingCookie      No        0         Yes            No           c:\documents and settings\josemi a\application data\phoenix\profiles\default\3ktb3vhm.slt\cookies.txt[.virusalarma.es/]
02909956  Cookie/VirusAlarma                 TrackingCookie      No        0         Yes            No           c:\documents and settings\josemi a\application data\phoenix\profiles\default\3ktb3vhm.slt\cookies.txt[.virusalarma.es/]
02909956  Cookie/VirusAlarma                 TrackingCookie      No        0         Yes            No           c:\documents and settings\josemi a\application data\phoenix\profiles\default\3ktb3vhm.slt\cookies.txt[.virusalarma.es/]
02909956  Cookie/VirusAlarma                 TrackingCookie      No        0         Yes            No           c:\documents and settings\josemi a\application data\phoenix\profiles\default\3ktb3vhm.slt\cookies.txt[.virusalarma.es/]
02909956  Cookie/VirusAlarma                 TrackingCookie      No        0         Yes            No           c:\documents and settings\josemi a\application data\phoenix\profiles\default\3ktb3vhm.slt\cookies.txt[.virusalarma.es/]
02909956  Cookie/VirusAlarma                 TrackingCookie      No        0         Yes            No           c:\documents and settings\josemi a\application data\phoenix\profiles\default\3ktb3vhm.slt\cookies.txt[.virusalarma.es/]
02920262  Trj/Downloader.MDW                 Virus/Trojan        No        1         Yes            No           c:\system volume information\_restore{a1a22db1-8332-49aa-86f8-e6960c5ac86a}\rp88\a0035233.dll
02920262  Trj/Downloader.MDW                 Virus/Trojan        No        1         Yes            No           c:\system volume information\_restore{a1a22db1-8332-49aa-86f8-e6960c5ac86a}\rp88\a0035212.dll
02920262  Trj/Downloader.MDW                 Virus/Trojan        No        1         Yes            No           c:\system volume information\_restore{a1a22db1-8332-49aa-86f8-e6960c5ac86a}\rp88\a0037244.dll
02920262  Trj/Downloader.MDW                 Virus/Trojan        No        1         Yes            No           c:\system volume information\_restore{a1a22db1-8332-49aa-86f8-e6960c5ac86a}\rp88\a0036244.dll
03074964  Trj/CI.A                           Virus/Trojan        No        0         Yes            No           c:\system volume information\_restore{a1a22db1-8332-49aa-86f8-e6960c5ac86a}\rp88\a0034141.dll
03074964  Trj/CI.A                           Virus/Trojan        No        0         Yes            No           c:\system volume information\_restore{a1a22db1-8332-49aa-86f8-e6960c5ac86a}\rp88\a0034131.dll
03074964  Trj/CI.A                           Virus/Trojan        No        0         Yes            No           d:\system volume information\_restore{a1a22db1-8332-49aa-86f8-e6960c5ac86a}\rp87\a0021855.dll
03074964  Trj/CI.A                           Virus/Trojan        No        0         Yes            No           d:\system volume information\_restore{a1a22db1-8332-49aa-86f8-e6960c5ac86a}\rp87\a0021865.dll
03275706  Trj/Downloader.MDW                 Virus/Trojan        No        1         Yes            No           g:\system volume information\_restore{a1a22db1-8332-49aa-86f8-e6960c5ac86a}\rp88\a0037271.exe
03323371  W32/SlenfBot.AD.worm               Virus/Worm          No        0         Yes            No           c:\system volume information\_restore{a1a22db1-8332-49aa-86f8-e6960c5ac86a}\rp88\a0033519.exe
03323371  W32/SlenfBot.AD.worm               Virus/Worm          No        0         Yes            No           g:\system volume information\_restore{a1a22db1-8332-49aa-86f8-e6960c5ac86a}\rp88\a0034537.com
03323371  W32/SlenfBot.AD.worm               Virus/Worm          No        0         Yes            No           c:\windows\system32\avgvsm.exe
03323371  W32/SlenfBot.AD.worm               Virus/Worm          No        0         Yes            No           c:\windows\system32\avsysdb.exe
03323371  W32/SlenfBot.AD.worm               Virus/Worm          No        0         Yes            No           c:\system volume information\_restore{a1a22db1-8332-49aa-86f8-e6960c5ac86a}\rp88\a0030482.exe
03323371  W32/SlenfBot.AD.worm               Virus/Worm          No        0         Yes            No           c:\system volume information\_restore{a1a22db1-8332-49aa-86f8-e6960c5ac86a}\rp88\a0030486.exe
03323371  W32/SlenfBot.AD.worm               Virus/Worm          No        0         Yes            No           c:\system volume information\_restore{a1a22db1-8332-49aa-86f8-e6960c5ac86a}\rp88\a0030485.exe
03323371  W32/SlenfBot.AD.worm               Virus/Worm          No        0         Yes            No           c:\system volume information\_restore{a1a22db1-8332-49aa-86f8-e6960c5ac86a}\rp88\a0030484.exe
03323371  W32/SlenfBot.AD.worm               Virus/Worm          No        0         Yes            No           c:\system volume information\_restore{a1a22db1-8332-49aa-86f8-e6960c5ac86a}\rp88\a0030483.exe
03359947  Trj/Downloader.MDW                 Virus/Trojan        No        1         Yes            No           c:\system volume information\_restore{a1a22db1-8332-49aa-86f8-e6960c5ac86a}\rp88\a0037270.exe
04512739  Trj/Agent.MVA                      Virus/Trojan        No        0         Yes            No           c:\windows\system32\perfc5932.dat
;===================================================================================================================================================================================
SUSPECTS
Sent      Location
;===================================================================================================================================================================================
Yes       c:\ijji\english\u_sf\soldierfront.exe
Yes       c:\system volume information\_restore{a1a22db1-8332-49aa-86f8-e6960c5ac86a}\rp88\a0060149.exe
Yes       d:\juegos psp\guitar pro 5.0 español + crack + keygen\keygen guitar pro 5.0.exe
Yes       d:\juegos psp\guitar_pro_5.0_espa_ol___crack___keygen.rar[guitar pro 5.0 español + crack + keygen\keygen guitar pro 5.0.exe]
Yes       g:\system volume information\_restore{a1a22db1-8332-49aa-86f8-e6960c5ac86a}\rp88\a0045907.exe
Yes       g:\drift city\driftcity.exe
Yes       g:\trinity gunz\gunz.exe
Yes       g:\microsoft.age.of.empires.ii.y.conquerors._portable_\microsoft age of empires ii portable\aoe-k.exe
Yes       g:\anime\rvgtoolkit.rar[rvgtoolkit\tools\rvgpackunpack.exe]
Yes       g:\anime\viwc.exe
;===================================================================================================================================================================================
VULNERABILITIES
Id        Severity       Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================

:processes
explorer.exe
avgvsm.exe
avsysdb.exe

:files
c:\documents and settings\josemi a\local settings\application data\google\chrome\user data\default\cache\f_0002c3
c:\windows\system32\avgvsm.exe
c:\windows\system32\avsysdb.exe
c:\windows\system32\perfc5932.dat

:commands
[emptytemp]
[start explorer]
[Reboot]

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named avgvsm.exe was found!
No active process named avsysdb.exe was found!
========== FILES ==========
c:\documents and settings\josemi a\local settings\application data\google\chrome\user data\default\cache\f_0002c3 moved successfully.
c:\windows\system32\avgvsm.exe moved successfully.
c:\windows\system32\avsysdb.exe moved successfully.
c:\windows\system32\perfc5932.dat moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Josemi A
->Temp folder emptied: 102624632 bytes
->Temporary Internet Files folder emptied: 4323338 bytes
->Java cache emptied: 415742 bytes
->FireFox cache emptied: 37166557 bytes
->Google Chrome cache emptied: 85772874 bytes
->Apple Safari cache emptied: 102540458 bytes
->Opera cache emptied: 705071 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Mamá
->Temp folder emptied: 3798886 bytes
->Temporary Internet Files folder emptied: 2634552 bytes
->FireFox cache emptied: 71518948 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\32965C3709CB4391BC5C184C88CA3ACD.TMP folder deleted successfully.
C:\WINDOWS\75EDCA0273CA4A3AA842365AC2A6904C.TMP folder deleted successfully.
%systemroot% .tmp files removed: 562842 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 36371 bytes
RecycleBin emptied: 1159822 bytes
 
Total Files Cleaned = 394,21 mb
 
 
OTM by OldTimer - Version 3.0.0.6 log created on 10292009_212817

Files moved on Reboot...

Registry entries deleted on Reboot...

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/30/2009 at 11:04 PM

Application Version : 4.29.1004

Core Rules Database Version : 4215
Trace Rules Database Version: 2122

Scan type       : Complete Scan
Total Scan Time : 01:15:23

Memory items scanned      : 281
Memory threats detected   : 0
Registry items scanned    : 6357
Registry threats detected : 0
File items scanned        : 33551
File threats detected     : 3

Adware.Tracking Cookie
	C:\Documents and Settings\Mamá\Cookies\mamá@atdmt[1].txt
	C:\Documents and Settings\Mamá\Cookies\mamá@doubleclick[1].txt

Adware.Vundo/Variant-MSFake
	C:\PROGRAM FILES\NAVILOG1\REG.EXE