Foro de InfoSpyware - Foro de Hijackthis - Foro de Virus

;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-10-31 19:25:58
PROTECTIONS: 2
MALWARE: 6
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description                                  Version                       Active    Updated
;===================================================================================================================================================================================
AntiVir Desktop                              9.0.1.32                      No        Yes
ESET NOD32 Antivirus 4.0                     4.0                           No        Yes
;===================================================================================================================================================================================
MALWARE
Id        Description                        Type                Active    Severity  Disinfectable  Disinfected Location
;===================================================================================================================================================================================
00123142  Application/PerfectKeyLog.A        HackTools           No        0         Yes            No           c:\windows\system32\1028\bpkun.exe
00139061  Cookie/Doubleclick                 TrackingCookie      No        0         Yes            No           c:\documents and settings\simón\cookies\simón@doubleclick[2].txt
00139064  Cookie/Atlas DMT                   TrackingCookie      No        0         Yes            No           c:\documents and settings\simón\cookies\simón@atdmt[2].txt
00386345  adware/xpantispyware2009           Adware              No        1         Yes            No           hkey_classes_root\typelib\{9233c3c0-1472-4091-a505-5580a23bb4ac}
03074964  Trj/CI.A                           Virus/Trojan        No        0         No             No           c:\documents and settings\simón\escritorio\descargas\kacs4.rar[kacs4\adobe.all.products.v1.0.keymaker.only-core\keygen.exe][kacs4\adobe.all.products.v1.0.keymaker.only-core\keygen.exe][window~2.exe]
03074964  Trj/CI.A                           Virus/Trojan        No        0         No             No           c:\documents and settings\simón\escritorio\descargas\kacs4.rar[kacs4\adobe.all.products.v1.0.keymaker.only-core\keygen.exe]
03074964  Trj/CI.A                           Virus/Trojan        No        0         No             No           c:\archivos de programa\adobe\adobe indesign cs4\keygen.exe[c:\archivos de programa\adobe\adobe indesign cs4\keygen.exe][window~2.exe]
03074964  Trj/CI.A                           Virus/Trojan        No        0         Yes            No           c:\archivos de programa\adobe\adobe indesign cs4\keygen.exe
03437976  W32/Gaobot.OXI.worm                Virus/Worm          No        1         Yes            No           c:\windows\system32\1028\inst.bin
;===================================================================================================================================================================================
SUSPECTS
Sent      Location
;===================================================================================================================================================================================
No        c:\documents and settings\simón\escritorio\plugins\drumagog platinium v4.10\keygen\keygen.exe
;===================================================================================================================================================================================
VULNERABILITIES
Id        Severity       Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================

Malwarebytes' Anti-Malware 1.41
Versión de la Base de Datos: 3064
Windows 5.1.2600 Service Pack 3 (Safe Mode)

31/10/2009 14:39:34
mbam-log-2009-10-31 (14-39-32).txt

Tipo de examen : Examen Completo (C:\|)
Objetos examinados: 190271
Tiempo transcurrido: 13 minute(s), 36 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 8
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 5
Ficheros Infectados: 26

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{03r6y52m-kt21-ol8f-q25x-725wj688aoo0} (Generic.Bot.H) -> No action taken.
HKEY_CLASSES_ROOT\xml.xml (Worm.Allaple) -> No action taken.
HKEY_CLASSES_ROOT\xml.xml.1 (Worm.Allaple) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{9233c3c0-1472-4091-a505-5580a23bb4ac} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Worm.Allaple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500bca15-57a7-4eaf-8143-8c619470b13d} (Worm.Allaple) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\poprock (Trojan.Downloader) -> No action taken.

Valores del Registro Infectados:
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
C:\Documents and Settings\All Users\Datos de programa\MPK (Refog.Keylogger) -> No action taken.
C:\Documents and Settings\All Users\Datos de programa\MPK\1 (Refog.Keylogger) -> No action taken.
C:\Documents and Settings\All Users\Datos de programa\MPK\2 (Refog.Keylogger) -> No action taken.
C:\Documents and Settings\All Users\Datos de programa\MPK\3 (Refog.Keylogger) -> No action taken.
C:\Documents and Settings\All Users\Datos de programa\MPK\KGB Employee Monitor (Refog.Keylogger) -> No action taken.

Ficheros Infectados:
C:\WINDOWS\system32\window\WindowUpdate.exe (Generic.Bot.H) -> No action taken.
C:\Archivos de programa\Steinberg\Cubase SX 3\UNWISE.EXE (Malware.Packer.Morphine) -> No action taken.
C:\Documents and Settings\All Users\Datos de programa\MPK\mpk.db (Refog.Keylogger) -> No action taken.
C:\Documents and Settings\All Users\Datos de programa\MPK\1\I40091_1278398032 (Refog.Keylogger) -> No action taken.
C:\Documents and Settings\All Users\Datos de programa\MPK\1\I40091_1313114815 (Refog.Keylogger) -> No action taken.
C:\Documents and Settings\All Users\Datos de programa\MPK\1\I40091_1347824421 (Refog.Keylogger) -> No action taken.
C:\Documents and Settings\All Users\Datos de programa\MPK\1\I40091_1382504977 (Refog.Keylogger) -> No action taken.
C:\Documents and Settings\All Users\Datos de programa\MPK\1\I40091_1417286921 (Refog.Keylogger) -> No action taken.
C:\Documents and Settings\All Users\Datos de programa\MPK\1\I40091_1451951273 (Refog.Keylogger) -> No action taken.
C:\Documents and Settings\All Users\Datos de programa\MPK\1\I40091_1486669907 (Refog.Keylogger) -> No action taken.
C:\Documents and Settings\All Users\Datos de programa\MPK\1\I40091_1521393866 (Refog.Keylogger) -> No action taken.
C:\Documents and Settings\All Users\Datos de programa\MPK\1\I40091_1556114352 (Refog.Keylogger) -> No action taken.
C:\Documents and Settings\All Users\Datos de programa\MPK\1\I40091_1590854630 (Refog.Keylogger) -> No action taken.
C:\Documents and Settings\All Users\Datos de programa\MPK\1\I40091_1625576852 (Refog.Keylogger) -> No action taken.
C:\Documents and Settings\All Users\Datos de programa\MPK\1\I40091_1660293634 (Refog.Keylogger) -> No action taken.
C:\Documents and Settings\All Users\Datos de programa\MPK\1\I40091_1695006829 (Refog.Keylogger) -> No action taken.
C:\Documents and Settings\All Users\Datos de programa\MPK\1\I40091_1729738079 (Refog.Keylogger) -> No action taken.
C:\Documents and Settings\All Users\Datos de programa\MPK\1\I40091_1764463889 (Refog.Keylogger) -> No action taken.
C:\Documents and Settings\All Users\Datos de programa\MPK\1\I40091_1799184375 (Refog.Keylogger) -> No action taken.
C:\Documents and Settings\All Users\Datos de programa\MPK\KGB Employee Monitor\Help topics.lnk (Refog.Keylogger) -> No action taken.
C:\Documents and Settings\All Users\Datos de programa\MPK\KGB Employee Monitor\KGB Employee Monitor on the Web.url (Refog.Keylogger) -> No action taken.
C:\Documents and Settings\All Users\Datos de programa\MPK\KGB Employee Monitor\KGB Employee Monitor.lnk (Refog.Keylogger) -> No action taken.
C:\Documents and Settings\All Users\Datos de programa\MPK\KGB Employee Monitor\Order now!.url (Refog.Keylogger) -> No action taken.
C:\Documents and Settings\All Users\Datos de programa\MPK\KGB Employee Monitor\Uninstall KGB Employee Monitor.lnk (Refog.Keylogger) -> No action taken.
C:\Documents and Settings\Simón\Datos de programa\logs.dat (Bifrose.Trace) -> No action taken.
C:\Documents and Settings\Simón\Configuración local\Temp\XxX.xXx (Malware.Trace) -> No action taken.

:processes
explorer.exe

:files
c:\archivos de programa\adobe\adobe indesign cs4\keygen.exe
c:\archivos de programa\adobe\adobe indesign cs4\keygen.exe
c:\documents and settings\simón\escritorio\descargas\kacs4.rar
c:\documents and settings\simón\escritorio\descargas\kacs4.rar[kacs4\adobe.all.products.v1.0.keymaker.only-core\keygen.exe][kacs4\adobe.all.products.v1.0.keymaker.only-core\keygen.exe
c:\windows\system32\1028\bpkun.exe
c:\windows\system32\1028\inst.bin

:reg
[-hkey_classes_root\typelib\{9233c3c0-1472-4091-a505-5580a23bb4ac}]

:commands
[emptytemp]
[start explorer]
[Reboot]

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
c:\archivos de programa\adobe\adobe indesign cs4\Keygen.EXE moved successfully.
File/Folder c:\archivos de programa\adobe\adobe indesign cs4\keygen.exe not found.
c:\documents and settings\simón\escritorio\descargas\KACS4.rar moved successfully.
File/Folder c:\documents and settings\simón\escritorio\descargas\kacs4.rar[kacs4\adobe.all.products.v1.0.keymaker.only-core\keygen.exe][kacs4\adobe.all.products.v1.0.keymaker.only-core\keygen.exe not found.
c:\windows\system32\1028\bpkun.exe moved successfully.
File/Folder c:\windows\system32\1028\inst.bin not found.
========== REGISTRY ==========
Registry key hkey_classes_root\typelib\{9233c3c0-1472-4091-a505-5580a23bb4ac}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9233c3c0-1472-4091-a505-5580a23bb4ac}\ not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 362545 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33237 bytes
 
User: Simón
->Temp folder emptied: 15648290 bytes
File delete failed. C:\Documents and Settings\Simón\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 9126575 bytes
->Java cache emptied: 26328804 bytes
->FireFox cache emptied: 47926519 bytes
 
%systemdrive% .tmp files removed: 55343 bytes
C:\WINDOWS\NV30403940.TMP folder deleted successfully.
%systemroot% .tmp files removed: 17291862 bytes
%systemroot%\System32 .tmp files removed: 2909 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 111,40 mb
 
 
OTM by OldTimer - Version 3.0.0.6 log created on 10312009_213434