...y mas infecciones

YouTube · Mensaje por **LeThe** » Jue Abr 23, 2009 12:04 pm

Malwarebytes' Anti-Malware 1.36
Database version: 2026
Windows 5.1.2600 Service Pack 3

4/22/2009 10:46:35 AM
mbam-log-2009-04-22 (10-46-35).txt

Scan type: Quick Scan
Objects scanned: 77343
Time elapsed: 4 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 43
Registry Values Infected: 8
Registry Data Items Infected: 4
Folders Infected: 24
Files Infected: 40

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Program Files\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{23624bd0-2a69-4f91-be6a-9f1f22b72c13} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5c3f6257-3e00-45c2-88d5-cb0f3a17bf0e} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f87f145-dc2d-4766-af03-3a3b96ffad98} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6b5cfd66-1f55-4fc2-b5af-36b66e7cfe6a} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{18cb1a7b-94cd-4582-8022-ada16851e44b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\CleanPCTool (Rogue.CleanPCTool) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\CleanPCTool (Rogue.CleanPCTool) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ugac (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Live.com (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\e405.e405mgr (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\b8b81d6f (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\rdomain (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\prodname (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\compname (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\nltide1 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\searchmigrateddefaulturl (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger.H) -> Data: kdths.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q=" onclick="window.open(this.href);return false;%s) Good: (http://www.google.com/" onclick="window.open(this.href);return false;) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q=" onclick="window.open(this.href);return false;{searchTerms}) Good: (http://www.google.com/" onclick="window.open(this.href);return false;) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\SalesMon (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMon\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\WinSecureAv (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\WinSecureAv\Logs (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\VirusHeat 4.4 (Rogue.VirusHeat) -> Quarantined and deleted successfully.
C:\Program Files\CleanPCTool (Rogue.CleanPCTool) -> Quarantined and deleted successfully.
C:\Program Files\CleanPCTool\Res (Rogue.CleanPCTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CleanPCTool (Rogue.CleanPCTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CleanPCTool\Data (Rogue.CleanPCTool) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\CleanPCTool (Rogue.CleanPCTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\FunWebProducts (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\FunWebProducts\Data (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\FunWebProducts\Data\user (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Program Files\Antivirus 2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Start Menu\Antivirus 2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\247880 (Trojan.BHO) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\1DE857DD.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\WinSecureAv\Logs\threats.log (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\WinSecureAv\Logs\update.log (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\VirusHeat 4.4\ignored.lst (Rogue.VirusHeat) -> Quarantined and deleted successfully.
C:\Program Files\VirusHeat 4.4\vpp.ini (Rogue.VirusHeat) -> Quarantined and deleted successfully.
C:\Program Files\CleanPCTool\atl71.dll (Rogue.CleanPCTool) -> Quarantined and deleted successfully.
C:\Program Files\CleanPCTool\kernel.dll (Rogue.CleanPCTool) -> Quarantined and deleted successfully.
C:\Program Files\CleanPCTool\License.rtf (Rogue.CleanPCTool) -> Quarantined and deleted successfully.
C:\Program Files\CleanPCTool\mfc71.dll (Rogue.CleanPCTool) -> Quarantined and deleted successfully.
C:\Program Files\CleanPCTool\msvcp71.dll (Rogue.CleanPCTool) -> Quarantined and deleted successfully.
C:\Program Files\CleanPCTool\msvcr71.dll (Rogue.CleanPCTool) -> Quarantined and deleted successfully.
C:\Program Files\CleanPCTool\Readme.rtf (Rogue.CleanPCTool) -> Quarantined and deleted successfully.
C:\Program Files\CleanPCTool\rm.url (Rogue.CleanPCTool) -> Quarantined and deleted successfully.
C:\Program Files\CleanPCTool\sr.log (Rogue.CleanPCTool) -> Quarantined and deleted successfully.
C:\Program Files\CleanPCTool\swupd.log (Rogue.CleanPCTool) -> Quarantined and deleted successfully.
C:\Program Files\CleanPCTool\SysRep.exe (Rogue.CleanPCTool) -> Quarantined and deleted successfully.
C:\Program Files\CleanPCTool\SysRep.exe.Log (Rogue.CleanPCTool) -> Quarantined and deleted successfully.
C:\Program Files\CleanPCTool\SysRep.exe.xml (Rogue.CleanPCTool) -> Quarantined and deleted successfully.
C:\Program Files\CleanPCTool\SysRep.url (Rogue.CleanPCTool) -> Quarantined and deleted successfully.
C:\Program Files\CleanPCTool\transpaid.exe (Rogue.CleanPCTool) -> Quarantined and deleted successfully.
C:\Program Files\CleanPCTool\ucookw.exe (Rogue.CleanPCTool) -> Quarantined and deleted successfully.
C:\Program Files\CleanPCTool\unins000.dat (Rogue.CleanPCTool) -> Quarantined and deleted successfully.
C:\Program Files\CleanPCTool\unins000.exe (Rogue.CleanPCTool) -> Quarantined and deleted successfully.
C:\Program Files\CleanPCTool\urls.ini (Rogue.CleanPCTool) -> Quarantined and deleted successfully.
C:\Program Files\CleanPCTool\Res\Main.ico (Rogue.CleanPCTool) -> Quarantined and deleted successfully.
C:\Program Files\CleanPCTool\Res\RecycleBin.ico (Rogue.CleanPCTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CleanPCTool\Data\ac (Rogue.CleanPCTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CleanPCTool\Data\ActivationDomain (Rogue.CleanPCTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CleanPCTool\Data\CleanPCTool.exe.cer (Rogue.CleanPCTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CleanPCTool\Data\em (Rogue.CleanPCTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CleanPCTool\Data\oid (Rogue.CleanPCTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CleanPCTool\Data\save2.db (Rogue.CleanPCTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CleanPCTool\Data\user (Rogue.CleanPCTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Start Menu\Antivirus 2009\Antivirus 2009.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Start Menu\Antivirus 2009\Uninstall Antivirus 2009.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\syssetub.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

betelgeuse · Mensaje por **betelgeuse** » Dom Abr 26, 2009 8:33 pm

Hola amigo Lethe, como estas?
Sabes? se me cambia la pagina de inicio, o se me cuelga internet o se cierran paginas, algo raro pasa en mi compu. Pase Malwarebytes, Spyboot Search and destroy y AVG y no detecta nada.
Bah! AVG detecto macros ¿que son? Son malos?
Un beso grande

YouTube · Mensaje por **LeThe** » Dom Abr 26, 2009 8:39 pm

Puedes leer sobre los Macros aqui: http://es.wikipedia.org/wiki/Macro" onclick="window.open(this.href);return false;

Si, pueden ser muy malos. Otra cosa cual te puedo recomendar es escanear el disco desde otra computadora. Asegura actualizar todas las definiciones primero.

Foro de LeThe Online y Joshua Marius