Foro de InfoSpyware - Foro de Hijackthis - Foro de Virus

Malwarebytes' Anti-Malware 1.37
Versión de la Base de Datos: 2268
Windows 5.1.2600 Service Pack 2

31/10/2009 22:30:54
mbam-log-2009-10-31 (22-30-54).txt

Tipo de examen : Examen Completo (C:\|)
Objetos examinados: 154934
Tiempo transcurrido: 40 minute(s), 29 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 13
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 1
Ficheros Infectados: 5

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
HKEY_CLASSES_ROOT\TypeLib\{305c6cb1-9d31-4489-881d-5a8e2dc3fe14} (Adware.Shoper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79b1445-dfea-4bef-a786-e0c0f33c863b} (Adware.Shoper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4a7c84e2-e95c-43c6-8dd3-03abcd0eb60e} (Adware.Shoper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{4a7c84e2-e95c-43c6-8dd3-03abcd0eb60e} (Adware.Shoper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{4a7c84e2-e95c-43c6-8dd3-03abcd0eb60e} (Adware.Shoper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4cf088bd-be95-40a5-be9b-677f8683edea} (Adware.Shoper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6fac4823-815e-4361-836e-46d65ed2550b} (Adware.Shoper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8bcb5337-ec01-4e38-840c-a964f174255b} (Adware.Shoper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{8bcb5337-ec01-4e38-840c-a964f174255b} (Adware.Shoper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{911f251e-34fd-465e-b6ce-df00ff49a6be} (Adware.Shoper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fe4f1649-8909-49c0-87ba-24d65120db46} (Adware.Shoper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\{d08d9f98-1c78-4704-87e6-368b0023d831} (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.

Valores del Registro Infectados:
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
C:\Archivos de programa\RelevantKnowledge (Spyware.Marketscore) -> Quarantined and deleted successfully.

Ficheros Infectados:
c:\archivos de programa\smart-shopper\Bin\2.5.1\Smrt-Shpr.dll (Adware.Shoper) -> Quarantined and deleted successfully.
c:\archivos de programa\relevantknowledge\rlls.dll (Spyware.Marketscore) -> Quarantined and deleted successfully.
c:\archivos de programa\relevantknowledge\rloci.bin (Spyware.Marketscore) -> Quarantined and deleted successfully.
c:\archivos de programa\relevantknowledge\rlservice.exe (Spyware.Marketscore) -> Quarantined and deleted successfully.
c:\archivos de programa\relevantknowledge\rlvknlg.exe (Spyware.Marketscore) -> Quarantined and deleted successfully.

ya puse el reporte gracias

No olvides el reporte de Panda

es que panda estas siempre analizando

;************************************************* ************************************************** ************************************************** ******************************
ANALYSIS: 2009-11-01 20:28:12
PROTECTIONS: 0
MALWARE: 5
SUSPECTS: 13
;************************************************* ************************************************** ************************************************** ******************************
PROTECTIONS
Description Version Active Updated
;================================================= ================================================== ================================================== ==============================
;================================================= ================================================== ================================================== ==============================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;================================================= ================================================== ================================================== ==============================
00035748 adware/alexa-toolbar Adware No 0 Yes No hkey_local_machine\software\microsoft\windows\curr entversion\internet settings\5.0\user agent\post platform\alexa toolbar
03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\alessandro\install\power dvd 9\keygen.exe
05194276 Trj/Downloader.MDW Virus/Trojan No 1 No No c:\archivos de programa\bittorrent\-zz_torrent\powerdvd 9\cyberlink.2217ad_tare38_dvd081201-04 setup.exe[c:\archivos de programa\bittorrent\-zz_torrent\powerdvd 9\cyberlink.2217ad_tare38_dvd081201-04 setup.exe][cleanup.exe]
05540102 Spyware/MarketScore Spyware No 1 No No c:\alessandro\scarico\freeaquariumfishss.exe[²öç\rkinstall.exe]
05540106 Spyware/MarketScore Spyware No 1 No No c:\alessandro\scarico\freeaquariumfishss.exe[²öç\rkverify.exe]
;================================================= ================================================== ================================================== ==============================
SUSPECTS
Sent Location
;================================================= ================================================== ================================================== ==============================
No c:\documents and settings\all users\datos de programa\weemi\weemi129.exe
No c:\alessandro\scarico\freeaquariumfishss.exe
No c:\alessandro\scarico\unlock patch.rar[unlock patch\fifa_10_unlock_patch_by_makerkz.exe]
No c:\archivos de programa\ea sports\fifa 10\unlock patch\fifa_10_unlock_patch_by_makerkz.exe
No c:\archivos de programa\ea sports\fifa 10\grasspatch_www.maker.kz.exe
No c:\archivos de programa\myconnection pc lite edition\runfile.exe
No c:\archivos de programa\weemi\weemi.exe
No c:\archivos de programa\weemi\uninstall.exe
No c:\archivos de programa\winrar\default.sfx
No c:\documents and settings\localservice\configuración local\archivos temporales de internet\content.ie5\ijermziv\upgrade[1].cab[upgrade.exe][uninstall.exe]
No c:\documents and settings\all users\datos de programa\weemi\weemi131.exe
No c:\documents and settings\localservice\configuración local\archivos temporales de internet\content.ie5\ijermziv\upgrade[1].cab[upgrade.exe]
No c:\documents and settings\localservice\configuración local\archivos temporales de internet\content.ie5\ijermziv\upgrade[1].cab[upgrade.exe][weemi.exe]
;================================================= ================================================== ================================================== ==============================
VULNERABILITIES
Id Severity Description
;================================================= ================================================== ================================================== ==============================
212530 HIGH MS09-034
211784 HIGH MS09-032
211781 HIGH MS09-029
210625 HIGH MS09-026
210624 HIGH MS09-025
210621 HIGH MS09-022
210618 HIGH MS09-019
208380 HIGH MS09-015
208379 HIGH MS09-014
208378 HIGH MS09-013
208377 HIGH MS09-012
206981 HIGH MS09-007
206980 HIGH MS09-006
204670 HIGH MS09-001
203806 HIGH MS08-078
203508 HIGH MS08-073
203505 HIGH MS08-071
202465 HIGH MS08-068
201683 HIGH MS08-067
201258 HIGH MS08-066
201256 HIGH MS08-064
201255 HIGH MS08-063
201253 HIGH MS08-061
201250 HIGH MS08-058
209275 HIGH MS08-049
209273 HIGH MS08-045
196455 MEDIUM MS08-037
194862 HIGH MS08-032
194861 HIGH MS08-031
194860 HIGH MS08-030
191618 HIGH MS08-025
191617 HIGH MS08-024
191616 HIGH MS08-023
191614 HIGH MS08-021
191613 HIGH MS08-020
187735 HIGH MS08-010
187733 HIGH MS08-008
184380 MEDIUM MS08-002
184379 MEDIUM MS08-001
182048 HIGH MS07-069
182046 HIGH MS07-067
179553 HIGH MS07-061
176383 HIGH MS07-058
176382 HIGH MS07-057
170911 HIGH MS07-050
170907 HIGH MS07-046
170906 HIGH MS07-045
170904 HIGH MS07-043
164915 HIGH MS07-035
164913 HIGH MS07-033
164911 HIGH MS07-031
160623 HIGH MS07-027
157262 HIGH MS07-022
157261 HIGH MS07-021
157260 HIGH MS07-020
157259 HIGH MS07-019
156477 HIGH MS07-017
150253 HIGH MS07-016
150249 HIGH MS07-013
150248 HIGH MS07-012
150247 HIGH MS07-011
150243 HIGH MS07-008
150242 HIGH MS07-007
150241 MEDIUM MS07-006
141033 MEDIUM MS06-075
141030 HIGH MS06-072
137571 HIGH MS06-070
137568 HIGH MS06-067
133387 MEDIUM MS06-065
133386 MEDIUM MS06-064
133385 MEDIUM MS06-063
133379 HIGH MS06-057
131654 HIGH MS06-055
129977 MEDIUM MS06-053
129976 MEDIUM MS06-052
126093 HIGH MS06-051
126092 MEDIUM MS06-050
126087 HIGH MS06-046
126086 MEDIUM MS06-045
126083 HIGH MS06-042
126082 HIGH MS06-041
126081 HIGH MS06-040
123421 HIGH MS06-036
123420 HIGH MS06-035
120825 MEDIUM MS06-032
120823 MEDIUM MS06-030
120818 HIGH MS06-025
120815 HIGH MS06-022
120814 HIGH MS06-021
117384 MEDIUM MS06-018
114666 HIGH MS06-015
114664 HIGH MS06-013
108744 MEDIUM MS06-008
108743 MEDIUM MS06-007
108742 MEDIUM MS06-006
104567 HIGH MS06-002
104237 HIGH MS06-001
96574 HIGH MS05-053
93395 HIGH MS05-051
93454 MEDIUM MS05-049

Tu Equipo esta muy infectado
Descarga

OTM

• Asegurarse que esté marcado "Unregister Dll's and Ocx's".
  
• Copiar en el recuadro "Paste instruccions for items to be moved ". lo siguiente

• Dar clic sobre el boton MoveIt!
  
• Espera hasta cuando el resultado aparezca en el marco Results. - Simultáneamente se abrirá un aviso preguntando si deseamos reiniciar el PC, pulse sobre Yes para reiniciar.si no sale ese aviso lo reinicias
  
• En tu proximo mensaje envie reporte de OTM situado sobre C: \ _ OTM\MovedFiles\***_***.log (Los *** son reemplazados por la fecha)

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder c:\alessandro\install\power dvd 9\keygen.exe not found.
File/Folder c:\archivos de programa\bittorrent\-zz_torrent\powerdvd 9\cyberlink.2217ad_tare38_dvd081201-04 setup.exe not found.
File/Folder c:\alessandro\scarico\freeaquariumfishss.exe not found.
File/Folder c:\alessandro\scarico\freeaquariumfishss.exe not found.
c:\documents and settings\all users\datos de programa\weemi\weemi129.exe moved successfully.
File/Folder c:\alessandro\scarico\freeaquariumfishss.exe not found.
c:\alessandro\scarico\Unlock Patch.rar moved successfully.
File/Folder c:\archivos de programa\ea sports\fifa 10\unlock not found.
File/Folder patch\fifa_10_unlock_patch_by_makerkz.exe not found.
c:\archivos de programa\ea sports\fifa 10\GrassPatch_www.maker.kz.exe moved successfully.
c:\archivos de programa\myconnection pc lite edition\runfile.exe moved successfully.
c:\archivos de programa\weemi\weemi.exe moved successfully.
c:\archivos de programa\weemi\uninstall.exe moved successfully.
c:\archivos de programa\winrar\default.sfx moved successfully.
c:\documents and settings\localservice\configuración local\archivos temporales de internet\content.ie5\ijermziv\upgrade[1].cab moved successfully.
File/Folder c:\documents and settings\all users\datos de programa\weemi\weemi131.exe not found.
c:\documents and settings\localservice\configuración local\archivos temporales de internet\content.ie5\ijermziv\desktop.ini moved successfully.
========== REGISTRY ==========
Registry key hkey_local_machine\software\microsoft\windows\curr entversion\internet settings\5.0\user agent\post platform\alexa toolbar\ not found.
Registry key hkey_local_machine\software\microsoft\windows\curr entversion\internet settings\5.0\user agent\post platform\alexa\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrador
->Temp folder emptied: 16511600 bytes
->Temporary Internet Files folder emptied: 1414337 bytes

User: Alessandro
File delete failed. C:\Documents and Settings\Alessandro\Configuración local\Temp\etilqs_txoE22i0sxBF23wFRSyL scheduled to be deleted on reboot.
->Temp folder emptied: 15040044 bytes
->Temporary Internet Files folder emptied: 617000 bytes
->Java cache emptied: 9275867 bytes
->FireFox cache emptied: 51961489 bytes
->Google Chrome cache emptied: 42035775 bytes
->Opera cache emptied: 4498163 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Invitado
->Temp folder emptied: 182558 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
File delete failed. C:\Documents and Settings\LocalService\Configuración local\Temp\Historial\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Configuración local\Temp\Cookies\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temp folder emptied: 65984 bytes
File delete failed. C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32902 bytes

User: Milly
->Temp folder emptied: 71915 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2114656 bytes
%systemroot%\System32 .tmp files removed: 715613 bytes
Windows Temp folder emptied: 502551 bytes
RecycleBin emptied: 2134149 bytes

Total Files Cleaned = 140,48 mb


OTM by OldTimer - Version 3.0.0.6 log created on 11012009_230103

Files moved on Reboot...
File C:\Documents and Settings\Alessandro\Configuración local\Temp\etilqs_txoE22i0sxBF23wFRSyL not found!

Registry entries deleted on Reboot...

por favor ayudeme me estoy volviendo loco


gracias

ayudeme estoy desesperado me fuma la cabeza

ayuda porfavor