• Registrarse
  • Iniciar sesión


  • Resultados 1 al 2 de 2

    virus Sirefef.gen!C.

    Hola. Antes de nada agradecerles por el foro y por la ayuda. Paso a reportarles los archivos mbar-log-2013-03-21 (18-06-59) Malwarebytes Anti-Rootkit BETA 1.01.0.1021 Malwarebytes : Free anti-malware download Database version: v2013.03.21.10 Windows 7 x64 NTFS ...

    1. #1
      Usuario Avatar de GegoX15
      Registrado
      mar 2013
      Ubicación
      España
      Mensajes
      1

      Malware virus Sirefef.gen!C.

      Hola. Antes de nada agradecerles por el foro y por la ayuda. Paso a reportarles los archivos

      mbar-log-2013-03-21 (18-06-59)

      Malwarebytes Anti-Rootkit BETA 1.01.0.1021
      Malwarebytes : Free anti-malware download

      Database version: v2013.03.21.10

      Windows 7 x64 NTFS
      Internet Explorer 9.0.8112.16421
      GegoX15 :: GEGOX15-POWERM [administrator]

      21/03/2013 18:06:59
      mbar-log-2013-03-21 (18-06-59).txt

      Scan type: Quick scan
      Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
      Scan options disabled:
      Objects scanned: 29991
      Time elapsed: 12 minute(s), 53 second(s)

      Memory Processes Detected: 0
      (No malicious items detected)

      Memory Modules Detected: 0
      (No malicious items detected)

      Registry Keys Detected: 2
      HKLM\SOFTWARE\CLASSES\APPID\IEAddon.DLL (Rogue.UnVirex) -> Delete on reboot.
      HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\IEAddon.DLL (Rogue.UnVirex) -> Delete on reboot.

      Registry Values Detected: 1
      HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|Tabs (Trojan.StartPage) -> Data: Search -> Delete on reboot.

      Registry Data Items Detected: 1
      HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page (Hijack.StartPage) -> Bad: (Search) Good: (Google) -> Delete on reboot.

      Folders Detected: 3
      c:\Program Files (x86)\RelevantKnowledge (PUP.Spyware.MarketScore) -> Delete on reboot.
      c:\Windows\Installer\{64aabd2b-74cb-fdb5-8bc1-71f2dd4b0725}\L (Backdoor.0Access) -> Delete on reboot.
      c:\Windows\Installer\{64aabd2b-74cb-fdb5-8bc1-71f2dd4b0725}\U (Backdoor.0Access) -> Delete on reboot.

      Files Detected: 26
      c:\Windows\System32\amtlib.dll (PUP.RiskwareTool.CK) -> Delete on reboot.
      c:\Windows\System32\services.exe (Rootkit.0Access) -> Delete on reboot.
      c:\Users\GegoX15\Downloads\Wondershare-Streaming-Audio-Recorder-2_0_3_0-incl-Crack-MPT.exe (PUP.Adware.Agent) -> Delete on reboot.
      c:\Users\GegoX15\Downloads\-1273-dino-master-eur_id3722798id.exe (PUP.Adware.MediaGet) -> Delete on reboot.
      c:\Users\GegoX15\Downloads\-1765-go-diego-go-safari-rescue-usa_id3722311id.exe (PUP.Adware.MediaGet) -> Delete on reboot.
      c:\Users\GegoX15\Downloads\-2622-dinosaur-king-eur_id3723002id.exe (PUP.Adware.MediaGet) -> Delete on reboot.
      c:\Users\GegoX15\Downloads\-3314-madagascar-escape-2-africa-eur_id3728544id.exe (PUP.Adware.MediaGet) -> Delete on reboot.
      c:\Users\GegoX15\Downloads\-3547-wonder-pets-save-the-animals-eur_id3728321id.exe (PUP.Adware.MediaGet) -> Delete on reboot.
      c:\Users\GegoX15\Downloads\-4088-dino-pets-usa_id3722915id.exe (PUP.Adware.MediaGet) -> Delete on reboot.
      c:\Windows\Installer\{64aabd2b-74cb-fdb5-8bc1-71f2dd4b0725}\@ (Backdoor.0Access) -> Delete on reboot.
      c:\Windows\Installer\{64aabd2b-74cb-fdb5-8bc1-71f2dd4b0725}\L\00000004.@ (Backdoor.0Access) -> Delete on reboot.
      c:\Windows\Installer\{64aabd2b-74cb-fdb5-8bc1-71f2dd4b0725}\U\00000004.@ (Backdoor.0Access) -> Delete on reboot.
      c:\Windows\Installer\{64aabd2b-74cb-fdb5-8bc1-71f2dd4b0725}\U\00000008.@ (Backdoor.0Access) -> Delete on reboot.
      c:\Windows\Installer\{64aabd2b-74cb-fdb5-8bc1-71f2dd4b0725}\U\000000cb.@ (Backdoor.0Access) -> Delete on reboot.
      c:\Windows\Installer\{64aabd2b-74cb-fdb5-8bc1-71f2dd4b0725}\U\80000000.@ (Backdoor.0Access) -> Delete on reboot.
      c:\Windows\Installer\{64aabd2b-74cb-fdb5-8bc1-71f2dd4b0725}\U\80000032.@ (Backdoor.0Access) -> Delete on reboot.
      c:\Windows\Installer\{64aabd2b-74cb-fdb5-8bc1-71f2dd4b0725}\U\80000064.@ (Backdoor.0Access) -> Delete on reboot.
      c:\Windows\assembly\GAC_32\Desktop.ini (Rootkit.0access) -> Delete on reboot.
      c:\Windows\assembly\GAC_64\Desktop.ini (Rootkit.0access) -> Delete on reboot.
      c:\Windows\SysWOW64\Smart.dll (Trojan.Agent) -> Delete on reboot.
      c:\Program Files (x86)\RelevantKnowledge\rlls.dll (PUP.Spyware.MarketScore) -> Delete on reboot.
      c:\Program Files (x86)\RelevantKnowledge\rlls64.dll (PUP.Spyware.MarketScore) -> Delete on reboot.
      c:\Program Files (x86)\RelevantKnowledge\rloci.bin (PUP.Spyware.MarketScore) -> Delete on reboot.
      c:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe (PUP.Spyware.MarketScore) -> Delete on reboot.
      c:\Windows\Installer\{64aabd2b-74cb-fdb5-8bc1-71f2dd4b0725}\L\201d3dde (Backdoor.0Access) -> Delete on reboot.
      c:\Windows\Installer\{64aabd2b-74cb-fdb5-8bc1-71f2dd4b0725}\L\76603ac3 (Backdoor.0Access) -> Delete on reboot.

      (end)


      system-log


      ---------------------------------------
      Malwarebytes Anti-Rootkit BETA 1.01.0.1021

      (c) Malwarebytes Corporation 2011-2012

      OS version: 6.1.7600 Windows 7 x64

      Account is Administrative

      Internet Explorer version: 9.0.8112.16421

      File system is: NTFS
      Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
      CPU speed: 3.000000 GHz
      Memory total: 8566165504, free: 4255047680

      ------------ Kernel report ------------
      03/21/2013 17:53:12
      ------------ Loaded modules -----------
      \SystemRoot\system32\ntoskrnl.exe
      \SystemRoot\system32\hal.dll
      \SystemRoot\system32\kdcom.dll
      \SystemRoot\system32\mcupdate_AuthenticAMD.dll
      \SystemRoot\system32\PSHED.dll
      \SystemRoot\system32\CLFS.SYS
      \SystemRoot\system32\CI.dll
      \SystemRoot\system32\drivers\Wdf01000.sys
      \SystemRoot\system32\drivers\WDFLDR.SYS
      \SystemRoot\System32\Drivers\spaq.sys
      \SystemRoot\System32\Drivers\WMILIB.SYS
      \SystemRoot\System32\Drivers\SCSIPORT.SYS
      \SystemRoot\system32\DRIVERS\ACPI.sys
      \SystemRoot\system32\DRIVERS\msisadrv.sys
      \SystemRoot\system32\DRIVERS\vdrvroot.sys
      \SystemRoot\system32\DRIVERS\pci.sys
      \SystemRoot\System32\drivers\partmgr.sys
      \SystemRoot\system32\DRIVERS\volmgr.sys
      \SystemRoot\System32\drivers\volmgrx.sys
      \SystemRoot\system32\DRIVERS\pciide.sys
      \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
      \SystemRoot\System32\drivers\mountmgr.sys
      \SystemRoot\system32\DRIVERS\atapi.sys
      \SystemRoot\system32\DRIVERS\ataport.SYS
      \SystemRoot\system32\DRIVERS\amdxata.sys
      \SystemRoot\system32\drivers\fltmgr.sys
      \SystemRoot\system32\drivers\fileinfo.sys
      \SystemRoot\System32\Drivers\Ntfs.sys
      \SystemRoot\System32\Drivers\msrpc.sys
      \SystemRoot\System32\Drivers\ksecdd.sys
      \SystemRoot\System32\Drivers\cng.sys
      \SystemRoot\System32\drivers\pcw.sys
      \SystemRoot\System32\Drivers\Fs_Rec.sys
      \SystemRoot\system32\drivers\ndis.sys
      \SystemRoot\system32\drivers\NETIO.SYS
      \SystemRoot\System32\Drivers\ksecpkg.sys
      \SystemRoot\System32\drivers\tcpip.sys
      \SystemRoot\System32\drivers\fwpkclnt.sys
      \SystemRoot\system32\DRIVERS\vmstorfl.sys
      \SystemRoot\system32\DRIVERS\volsnap.sys
      \SystemRoot\System32\Drivers\spldr.sys
      \SystemRoot\System32\drivers\rdyboost.sys
      \SystemRoot\system32\DRIVERS\NBVol.sys
      \SystemRoot\system32\DRIVERS\NBVolUp.sys
      \SystemRoot\System32\Drivers\mup.sys
      \SystemRoot\System32\drivers\hwpolicy.sys
      \SystemRoot\System32\DRIVERS\fvevol.sys
      \SystemRoot\system32\DRIVERS\disk.sys
      \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
      \SystemRoot\System32\Drivers\BtHidBus.sys
      \SystemRoot\system32\DRIVERS\cdrom.sys
      \SystemRoot\System32\Drivers\Null.SYS
      \SystemRoot\System32\Drivers\Beep.SYS
      \SystemRoot\System32\drivers\vga.sys
      \SystemRoot\System32\drivers\VIDEOPRT.SYS
      \SystemRoot\System32\drivers\watchdog.sys
      \SystemRoot\System32\DRIVERS\RDPCDD.sys
      \SystemRoot\system32\drivers\rdpencdd.sys
      \SystemRoot\system32\drivers\rdprefmp.sys
      \SystemRoot\System32\Drivers\Msfs.SYS
      \SystemRoot\System32\Drivers\Npfs.SYS
      \SystemRoot\system32\DRIVERS\tdx.sys
      \SystemRoot\system32\DRIVERS\TDI.SYS
      \SystemRoot\system32\drivers\afd.sys
      \SystemRoot\System32\DRIVERS\netbt.sys
      \SystemRoot\system32\DRIVERS\wfplwf.sys
      \SystemRoot\system32\DRIVERS\pacer.sys
      \SystemRoot\system32\DRIVERS\vwififlt.sys
      \SystemRoot\system32\DRIVERS\netbios.sys
      \SystemRoot\system32\DRIVERS\wanarp.sys
      \SystemRoot\system32\DRIVERS\termdd.sys
      \SystemRoot\system32\DRIVERS\rdbss.sys
      \SystemRoot\system32\drivers\nsiproxy.sys
      \SystemRoot\system32\DRIVERS\mssmbios.sys
      \SystemRoot\System32\drivers\discache.sys
      \SystemRoot\system32\drivers\csc.sys
      \SystemRoot\System32\Drivers\dfsc.sys
      \SystemRoot\system32\DRIVERS\blbdrive.sys
      \SystemRoot\SysWow64\drivers\AsUpIO.sys
      \SystemRoot\SysWow64\drivers\AsIO.sys
      \SystemRoot\system32\DRIVERS\tunnel.sys
      \SystemRoot\system32\DRIVERS\atikmpag.sys
      \SystemRoot\system32\DRIVERS\atikmdag.sys
      \SystemRoot\System32\drivers\dxgkrnl.sys
      \SystemRoot\System32\drivers\dxgmms1.sys
      \SystemRoot\system32\DRIVERS\HDAudBus.sys
      \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
      \SystemRoot\SysWow64\drivers\AiCharger.sys
      \SystemRoot\system32\DRIVERS\usbohci.sys
      \SystemRoot\system32\DRIVERS\USBPORT.SYS
      \SystemRoot\system32\DRIVERS\usbehci.sys
      \SystemRoot\system32\DRIVERS\Rt64win7.sys
      \SystemRoot\System32\Drivers\ajnio1mt.SYS
      \SystemRoot\system32\DRIVERS\amdppm.sys
      \SystemRoot\system32\DRIVERS\wmiacpi.sys
      \SystemRoot\System32\Drivers\btnetBus.sys
      \SystemRoot\System32\Drivers\btcombus.sys
      \SystemRoot\System32\Drivers\IvtBtBus.sys
      \SystemRoot\system32\DRIVERS\CompositeBus.sys
      \SystemRoot\system32\drivers\WsAudioDevice_383S(1).sys
      \SystemRoot\system32\drivers\portcls.sys
      \SystemRoot\system32\drivers\drmk.sys
      \SystemRoot\system32\drivers\ks.sys
      \SystemRoot\system32\drivers\ksthunk.sys
      \SystemRoot\system32\DRIVERS\AgileVpn.sys
      \SystemRoot\system32\DRIVERS\rasl2tp.sys
      \SystemRoot\system32\DRIVERS\ndistapi.sys
      \SystemRoot\system32\DRIVERS\ndiswan.sys
      \SystemRoot\system32\DRIVERS\raspppoe.sys
      \SystemRoot\system32\DRIVERS\raspptp.sys
      \SystemRoot\system32\DRIVERS\rassstp.sys
      \SystemRoot\system32\DRIVERS\rdpbus.sys
      \SystemRoot\system32\DRIVERS\kbdclass.sys
      \SystemRoot\system32\DRIVERS\mouclass.sys
      \SystemRoot\system32\DRIVERS\swenum.sys
      \SystemRoot\system32\DRIVERS\amdiox64.sys
      \SystemRoot\system32\DRIVERS\MarvinBus64.sys
      \SystemRoot\system32\DRIVERS\umbus.sys
      \SystemRoot\system32\DRIVERS\usbhub.sys
      \SystemRoot\System32\Drivers\NDProxy.SYS
      \SystemRoot\system32\drivers\AtihdW76.sys
      \SystemRoot\system32\drivers\HdAudio.sys
      \SystemRoot\system32\DRIVERS\cdfs.sys
      \SystemRoot\system32\DRIVERS\usbccgp.sys
      \SystemRoot\system32\DRIVERS\USBD.SYS
      \SystemRoot\system32\DRIVERS\hidusb.sys
      \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
      \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
      \SystemRoot\system32\DRIVERS\kbdhid.sys
      \SystemRoot\system32\DRIVERS\mouhid.sys
      \SystemRoot\System32\Drivers\crashdmp.sys
      \SystemRoot\System32\Drivers\dump_dumpata.sys
      \SystemRoot\System32\Drivers\dump_atapi.sys
      \SystemRoot\System32\Drivers\dump_dumpfve.sys
      \SystemRoot\System32\win32k.sys
      \SystemRoot\System32\drivers\Dxapi.sys
      \SystemRoot\system32\DRIVERS\monitor.sys
      \SystemRoot\System32\TSDDD.dll
      \SystemRoot\System32\ATMFD.DLL
      \SystemRoot\System32\cdd.dll
      \SystemRoot\system32\drivers\luafv.sys
      \SystemRoot\system32\drivers\WudfPf.sys
      \??\C:\Windows\system32\drivers\uxpatch.sys
      \SystemRoot\system32\DRIVERS\lltdio.sys
      \SystemRoot\system32\DRIVERS\nwifi.sys
      \SystemRoot\system32\DRIVERS\ndisuio.sys
      \SystemRoot\system32\DRIVERS\rspndr.sys
      \SystemRoot\system32\drivers\HTTP.sys
      \SystemRoot\System32\DRIVERS\srvnet.sys
      \SystemRoot\system32\DRIVERS\bowser.sys
      \SystemRoot\system32\DRIVERS\mrxsmb.sys
      \SystemRoot\system32\DRIVERS\mrxsmb10.sys
      \SystemRoot\system32\DRIVERS\mrxsmb20.sys
      \SystemRoot\System32\DRIVERS\srv2.sys
      \SystemRoot\System32\DRIVERS\srv.sys
      \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
      \SystemRoot\system32\DRIVERS\btcomport.sys
      \SystemRoot\system32\DRIVERS\btnetdrv.sys
      \SystemRoot\system32\drivers\peauth.sys
      \SystemRoot\System32\Drivers\secdrv.SYS
      \SystemRoot\System32\drivers\tcpipreg.sys
      \SystemRoot\System32\Drivers\btcusb.sys
      \SystemRoot\system32\drivers\spsys.sys
      \SystemRoot\system32\DRIVERS\udfs.sys
      \SystemRoot\System32\Drivers\fastfat.SYS
      \??\C:\Windows\system32\drivers\mbamchameleon.sys
      \??\C:\Windows\system32\drivers\mbamswissarmy.sys
      \Windows\System32\ntdll.dll
      \Windows\System32\smss.exe
      \Windows\System32\apisetschema.dll
      \Windows\System32\autochk.exe
      ----------- End -----------
      <<<1>>>
      Upper Device Name: \Device\Harddisk1\DR1
      Upper Device Object: 0xfffffa8007e40060
      Upper Device Driver Name: \Driver\Disk\
      Lower Device Name: \Device\Ide\IdeDeviceP1T1L0-5\
      Lower Device Object: 0xfffffa8007b70680
      Lower Device Driver Name: \Driver\atapi\
      Driver name found: atapi
      Initialization returned 0x0
      Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
      Load Function returned 0x0
      <<<1>>>
      Upper Device Name: \Device\Harddisk0\DR0
      Upper Device Object: 0xfffffa8007e3f060
      Upper Device Driver Name: \Driver\Disk\
      Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
      Lower Device Object: 0xfffffa8007b6c060
      Lower Device Driver Name: \Driver\atapi\
      Driver name found: atapi
      Downloaded database version: v2013.03.21.10
      Initializing...
      Done!
      <<<2>>>
      Device number: 0, partition: 1
      Physical Sector Size: 512
      Drive: 0, DevicePointer: 0xfffffa8007e3f060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
      --------- Disk Stack ------
      DevicePointer: 0xfffffa8007c719a0, DeviceName: Unknown, DriverName: \Driver\partmgr\
      DevicePointer: 0xfffffa8007e3f060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
      DevicePointer: 0xfffffa8007b64670, DeviceName: Unknown, DriverName: \Driver\ACPI\
      DevicePointer: 0xfffffa8007b6c060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
      ------------ End ----------
      Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
      Upper DeviceData: 0xfffff8a0150c5c90, 0xfffffa8007e3f060, 0xfffffa80071b76c0
      Lower DeviceData: 0xfffff8a00bbbd4c0, 0xfffffa8007b6c060, 0xfffffa80076a8c00
      <<<3>>>
      Volume: C:
      File system type: NTFS
      SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
      Scanning directory: C:\Windows\system32\drivers...
      <<<2>>>
      Device number: 0, partition: 1
      <<<3>>>
      Volume: C:
      File system type: NTFS
      SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
      File user open failed: C:\Windows\system32\drivers\sptd.sys (0x00000020)
      Done!
      Drive 0
      Scanning MBR on drive 0...
      Inspecting partition table:
      MBR Signature: 55AA
      Disk Signature: 5FF5E76A

      Partition information:

      Partition 0 type is Primary (0x7)
      Partition is ACTIVE.
      Partition starts at LBA: 64 Numsec = 724869152
      Partition file system is NTFS
      Partition is bootable

      Partition 1 type is Extended with LBA (0xf)
      Partition is NOT ACTIVE.
      Partition starts at LBA: 724869248 Numsec = 251903904

      Partition 2 type is Empty (0x0)
      Partition is NOT ACTIVE.
      Partition starts at LBA: 0 Numsec = 0

      Partition 3 type is Empty (0x0)
      Partition is NOT ACTIVE.
      Partition starts at LBA: 0 Numsec = 0

      Disk Size: 500107862016 bytes
      Sector size: 512 bytes

      Scanning physical sectors of unpartitioned space on drive 0 (1-63-976753168-976773168)...
      Physical Sector Size: 512
      Drive: 1, DevicePointer: 0xfffffa8007e40060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
      --------- Disk Stack ------
      DevicePointer: 0xfffffa8007e3f970, DeviceName: Unknown, DriverName: \Driver\partmgr\
      DevicePointer: 0xfffffa8007e40060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
      DevicePointer: 0xfffffa8007b5e670, DeviceName: Unknown, DriverName: \Driver\ACPI\
      DevicePointer: 0xfffffa8007b70680, DeviceName: \Device\Ide\IdeDeviceP1T1L0-5\, DriverName: \Driver\atapi\
      ------------ End ----------
      Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
      Upper DeviceData: 0xfffff8a00128a5f0, 0xfffffa8007e40060, 0xfffffa800afbc790
      Lower DeviceData: 0xfffff8a0144485b0, 0xfffffa8007b70680, 0xfffffa8006fbd700
      Drive 1
      Scanning MBR on drive 1...
      Inspecting partition table:
      MBR Signature: 55AA
      Disk Signature: CF836EF0

      Partition information:

      Partition 0 type is Primary (0x7)
      Partition is NOT ACTIVE.
      Partition starts at LBA: 2048 Numsec = 3907024896

      Partition 1 type is Empty (0x0)
      Partition is NOT ACTIVE.
      Partition starts at LBA: 0 Numsec = 0

      Partition 2 type is Empty (0x0)
      Partition is NOT ACTIVE.
      Partition starts at LBA: 0 Numsec = 0

      Partition 3 type is Empty (0x0)
      Partition is NOT ACTIVE.
      Partition starts at LBA: 0 Numsec = 0

      Disk Size: 2000398934016 bytes
      Sector size: 512 bytes

      Done!
      Performing system, memory and registry scan...
      Infected: c:\Windows\System32\amtlib.dll --> [PUP.RiskwareTool.CK]
      Infected: c:\Windows\System32\services.exe --> [Rootkit.0Access]
      Backup file found for a file c:\Windows\System32\services.exe
      Infected: c:\Users\GegoX15\Downloads\Wondershare-Streaming-Audio-Recorder-2_0_3_0-incl-Crack-MPT.exe --> [PUP.Adware.Agent]
      Infected: c:\Users\GegoX15\Downloads\-1273-dino-master-eur_id3722798id.exe --> [PUP.Adware.MediaGet]
      Infected: c:\Users\GegoX15\Downloads\-1765-go-diego-go-safari-rescue-usa_id3722311id.exe --> [PUP.Adware.MediaGet]
      Infected: c:\Users\GegoX15\Downloads\-2622-dinosaur-king-eur_id3723002id.exe --> [PUP.Adware.MediaGet]
      Infected: c:\Users\GegoX15\Downloads\-3314-madagascar-escape-2-africa-eur_id3728544id.exe --> [PUP.Adware.MediaGet]
      Infected: c:\Users\GegoX15\Downloads\-3547-wonder-pets-save-the-animals-eur_id3728321id.exe --> [PUP.Adware.MediaGet]
      Infected: c:\Users\GegoX15\Downloads\-4088-dino-pets-usa_id3722915id.exe --> [PUP.Adware.MediaGet]
      Infected: c:\Windows\Installer\{64aabd2b-74cb-fdb5-8bc1-71f2dd4b0725}\@ --> [Backdoor.0Access]
      Infected: c:\Windows\Installer\{64aabd2b-74cb-fdb5-8bc1-71f2dd4b0725}\L\00000004.@ --> [Backdoor.0Access]
      Infected: c:\Windows\Installer\{64aabd2b-74cb-fdb5-8bc1-71f2dd4b0725}\U\00000004.@ --> [Backdoor.0Access]
      Infected: c:\Windows\Installer\{64aabd2b-74cb-fdb5-8bc1-71f2dd4b0725}\U\00000008.@ --> [Backdoor.0Access]
      Infected: c:\Windows\Installer\{64aabd2b-74cb-fdb5-8bc1-71f2dd4b0725}\U\000000cb.@ --> [Backdoor.0Access]
      Infected: c:\Windows\Installer\{64aabd2b-74cb-fdb5-8bc1-71f2dd4b0725}\U\80000000.@ --> [Backdoor.0Access]
      Infected: c:\Windows\Installer\{64aabd2b-74cb-fdb5-8bc1-71f2dd4b0725}\U\80000032.@ --> [Backdoor.0Access]
      Infected: c:\Windows\Installer\{64aabd2b-74cb-fdb5-8bc1-71f2dd4b0725}\U\80000064.@ --> [Backdoor.0Access]
      Infected: c:\Windows\assembly\GAC_32\Desktop.ini --> [Rootkit.0access]
      Infected: c:\Windows\assembly\GAC_64\Desktop.ini --> [Rootkit.0access]
      Infected: c:\Windows\SysWOW64\Smart.dll --> [Trojan.Agent]
      Infected: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|Tabs --> [Trojan.StartPage]
      Infected: HKLM\SOFTWARE\CLASSES\APPID\IEAddon.DLL --> [Rogue.UnVirex]
      Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\IEAddon.DLL --> [Rogue.UnVirex]
      Infected: c:\Program Files (x86)\RelevantKnowledge --> [PUP.Spyware.MarketScore]
      Infected: c:\Program Files (x86)\RelevantKnowledge\rlls.dll --> [PUP.Spyware.MarketScore]
      Infected: c:\Program Files (x86)\RelevantKnowledge\rlls64.dll --> [PUP.Spyware.MarketScore]
      Infected: c:\Program Files (x86)\RelevantKnowledge\rloci.bin --> [PUP.Spyware.MarketScore]
      Infected: c:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe --> [PUP.Spyware.MarketScore]
      Infected: c:\Windows\Installer\{64aabd2b-74cb-fdb5-8bc1-71f2dd4b0725}\L --> [Backdoor.0Access]
      Infected: c:\Windows\Installer\{64aabd2b-74cb-fdb5-8bc1-71f2dd4b0725}\L\201d3dde --> [Backdoor.0Access]
      Infected: c:\Windows\Installer\{64aabd2b-74cb-fdb5-8bc1-71f2dd4b0725}\L\76603ac3 --> [Backdoor.0Access]
      Infected: c:\Windows\Installer\{64aabd2b-74cb-fdb5-8bc1-71f2dd4b0725}\U --> [Backdoor.0Access]
      Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page --> [Hijack.StartPage]
      Done!
      Scan finished
      Creating System Restore point...
      Scheduling clean up...
      <<<2>>>
      Device number: 0, partition: 1
      <<<3>>>
      Volume: C:
      File system type: NTFS
      SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
      Removal scheduling successful. System shutdown needed.
      System shutdown occurred
      =======================================


      ---------------------------------------
      Malwarebytes Anti-Rootkit BETA 1.01.0.1021

      (c) Malwarebytes Corporation 2011-2012

      OS version: 6.1.7600 Windows 7 x64

      Account is Administrative

      Internet Explorer version: 9.0.8112.16421

      File system is: NTFS
      Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
      CPU speed: 3.000000 GHz
      Memory total: 8566165504, free: 7221243904

      Removal queue found; removal started
      Removing c:\Windows\System32\amtlib.dll...
      Removing c:\Users\GegoX15\Downloads\Wondershare-Streaming-Audio-Recorder-2_0_3_0-incl-Crack-MPT.exe...
      Removing c:\Users\GegoX15\Downloads\-1273-dino-master-eur_id3722798id.exe...
      Removing c:\Users\GegoX15\Downloads\-1765-go-diego-go-safari-rescue-usa_id3722311id.exe...
      Removing c:\Users\GegoX15\Downloads\-2622-dinosaur-king-eur_id3723002id.exe...
      Removing c:\Users\GegoX15\Downloads\-3314-madagascar-escape-2-africa-eur_id3728544id.exe...
      Removing c:\Users\GegoX15\Downloads\-3547-wonder-pets-save-the-animals-eur_id3728321id.exe...
      Removing c:\Users\GegoX15\Downloads\-4088-dino-pets-usa_id3722915id.exe...
      Removing c:\Windows\Installer\{64aabd2b-74cb-fdb5-8bc1-71f2dd4b0725}\@...
      Removing c:\Windows\Installer\{64aabd2b-74cb-fdb5-8bc1-71f2dd4b0725}\L\00000004.@...
      Removing c:\Windows\Installer\{64aabd2b-74cb-fdb5-8bc1-71f2dd4b0725}\U\00000004.@...
      Removing c:\Windows\Installer\{64aabd2b-74cb-fdb5-8bc1-71f2dd4b0725}\U\00000008.@...
      Removing c:\Windows\Installer\{64aabd2b-74cb-fdb5-8bc1-71f2dd4b0725}\U\000000cb.@...
      Removing c:\Windows\Installer\{64aabd2b-74cb-fdb5-8bc1-71f2dd4b0725}\U\80000000.@...
      Removing c:\Windows\Installer\{64aabd2b-74cb-fdb5-8bc1-71f2dd4b0725}\U\80000032.@...
      Removing c:\Windows\Installer\{64aabd2b-74cb-fdb5-8bc1-71f2dd4b0725}\U\80000064.@...
      Removing c:\Windows\assembly\GAC_32\Desktop.ini...
      Removing c:\Windows\assembly\GAC_64\Desktop.ini...
      Removing c:\Windows\SysWOW64\Smart.dll...
      Removing c:\Program Files (x86)\RelevantKnowledge...
      Removing c:\Program Files (x86)\RelevantKnowledge\rlls.dll...
      Removing c:\Program Files (x86)\RelevantKnowledge\rlls64.dll...
      Removing c:\Program Files (x86)\RelevantKnowledge\rloci.bin...
      Removing c:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe...
      Removing c:\Windows\Installer\{64aabd2b-74cb-fdb5-8bc1-71f2dd4b0725}\L...
      Removing c:\Windows\Installer\{64aabd2b-74cb-fdb5-8bc1-71f2dd4b0725}\L\201d3dde...
      Removing c:\Windows\Installer\{64aabd2b-74cb-fdb5-8bc1-71f2dd4b0725}\L\76603ac3...
      Removing c:\Windows\Installer\{64aabd2b-74cb-fdb5-8bc1-71f2dd4b0725}\U...
      Removal finished
      =======================================


      Espero vuestra respuesta

    2. #2
      Ex-Colaboradora Avatar de @SanMar
      Registrado
      jun 2008
      Ubicación
      Argentina
      Mensajes
      22.290

      Re: Ayuda con virus Sirefef.gen!C.

      Hola GegoX15

      al Foro.

      Consejos para antes de publicar un nuevo mensaje

      Políticas del Foro de InfoSpyware

      Políticas Foro Oficial de HijackThis en español
      --------------------------------------------------


      Realiza lo siguiente:

      Paso 1.- Descarga a tu escritorio las siguientes herramientas:





      Paso 2.- Ejecutar CCleaner usando primero su opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos, y luego usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad).


      Paso 3.- Ejecuta Combofix de la siguiente manera:


      • Desactiva temporalmente el Antivirus y/o Antispyware.
      • Cierra todas las ventanas abiertas.
      • Haz doble clic al archivo ComboFix.exe y sigue las instrucciones.
      • Si te pide actualizar, Aceptas.
      • Cuando termine, generará un registro en C:\ComboFix.txt.
        • *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
        • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.
      Atención!! No use ComboFix a menos que se le haya indicado específicamente en su mensaje por un integrante de nuestro Staff. Es una herramienta de gran alcance destinada por su creador a ser usada bajo la orientación y supervisión de un experto, no para uso privado. El uso de ComboFix incorrectamente podría generar problemas en su sistema. Por favor, lea las "Negaciones de la Garantía" de ComboFix.

      Luego de reiniciar nos pegas el reporte de C:\ComboFix.txt en tu próximo mensaje.


      Saludos.

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.