Malwarebytes' Anti-Malware 1.36
Database version: 2026
Windows 5.1.2600 Service Pack 3
4/22/2009 10:46:35 AM
mbam-log-2009-04-22 (10-46-35).txt
Scan type: Quick Scan
Objects scanned: 77343
Time elapsed: 4 minute(s), 14 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 43
Registry Values Infected: 8
Registry Data Items Infected: 4
Folders Infected: 24
Files Infected: 40
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\Program Files\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> Delete on reboot.
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{23624bd0-2a69-4f91-be6a-9f1f22b72c13} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5c3f6257-3e00-45c2-88d5-cb0f3a17bf0e} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f87f145-dc2d-4766-af03-3a3b96ffad98} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6b5cfd66-1f55-4fc2-b5af-36b66e7cfe6a} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{18cb1a7b-94cd-4582-8022-ada16851e44b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\CleanPCTool (Rogue.CleanPCTool) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\CleanPCTool (Rogue.CleanPCTool) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ugac (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Live.com (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\e405.e405mgr (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\b8b81d6f (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\rdomain (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\prodname (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\compname (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\nltide1 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\searchmigrateddefaulturl (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger.H) -> Data: kdths.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q=" onclick="window.open(this.href);return false;%s) Good: (http://www.google.com/" onclick="window.open(this.href);return false;) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q=" onclick="window.open(this.href);return false;{searchTerms}) Good: (http://www.google.com/" onclick="window.open(this.href);return false;) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\Documents and Settings\All Users\Application Data\SalesMon (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMon\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\WinSecureAv (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\WinSecureAv\Logs (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\VirusHeat 4.4 (Rogue.VirusHeat) -> Quarantined and deleted successfully.
C:\Program Files\CleanPCTool (Rogue.CleanPCTool) -> Quarantined and deleted successfully.
C:\Program Files\CleanPCTool\Res (Rogue.CleanPCTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CleanPCTool (Rogue.CleanPCTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CleanPCTool\Data (Rogue.CleanPCTool) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\CleanPCTool (Rogue.CleanPCTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\FunWebProducts (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\FunWebProducts\Data (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\FunWebProducts\Data\user (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Program Files\Antivirus 2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Start Menu\Antivirus 2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\247880 (Trojan.BHO) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\1DE857DD.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\WinSecureAv\Logs\threats.log (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\WinSecureAv\Logs\update.log (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\VirusHeat 4.4\ignored.lst (Rogue.VirusHeat) -> Quarantined and deleted successfully.
C:\Program Files\VirusHeat 4.4\vpp.ini (Rogue.VirusHeat) -> Quarantined and deleted successfully.
C:\Program Files\CleanPCTool\atl71.dll (Rogue.CleanPCTool) -> Quarantined and deleted successfully.
C:\Program Files\CleanPCTool\kernel.dll (Rogue.CleanPCTool) -> Quarantined and deleted successfully.
C:\Program Files\CleanPCTool\License.rtf (Rogue.CleanPCTool) -> Quarantined and deleted successfully.
C:\Program Files\CleanPCTool\mfc71.dll (Rogue.CleanPCTool) -> Quarantined and deleted successfully.
C:\Program Files\CleanPCTool\msvcp71.dll (Rogue.CleanPCTool) -> Quarantined and deleted successfully.
C:\Program Files\CleanPCTool\msvcr71.dll (Rogue.CleanPCTool) -> Quarantined and deleted successfully.
C:\Program Files\CleanPCTool\Readme.rtf (Rogue.CleanPCTool) -> Quarantined and deleted successfully.
C:\Program Files\CleanPCTool\rm.url (Rogue.CleanPCTool) -> Quarantined and deleted successfully.
C:\Program Files\CleanPCTool\sr.log (Rogue.CleanPCTool) -> Quarantined and deleted successfully.
C:\Program Files\CleanPCTool\swupd.log (Rogue.CleanPCTool) -> Quarantined and deleted successfully.
C:\Program Files\CleanPCTool\SysRep.exe (Rogue.CleanPCTool) -> Quarantined and deleted successfully.
C:\Program Files\CleanPCTool\SysRep.exe.Log (Rogue.CleanPCTool) -> Quarantined and deleted successfully.
C:\Program Files\CleanPCTool\SysRep.exe.xml (Rogue.CleanPCTool) -> Quarantined and deleted successfully.
C:\Program Files\CleanPCTool\SysRep.url (Rogue.CleanPCTool) -> Quarantined and deleted successfully.
C:\Program Files\CleanPCTool\transpaid.exe (Rogue.CleanPCTool) -> Quarantined and deleted successfully.
C:\Program Files\CleanPCTool\ucookw.exe (Rogue.CleanPCTool) -> Quarantined and deleted successfully.
C:\Program Files\CleanPCTool\unins000.dat (Rogue.CleanPCTool) -> Quarantined and deleted successfully.
C:\Program Files\CleanPCTool\unins000.exe (Rogue.CleanPCTool) -> Quarantined and deleted successfully.
C:\Program Files\CleanPCTool\urls.ini (Rogue.CleanPCTool) -> Quarantined and deleted successfully.
C:\Program Files\CleanPCTool\Res\Main.ico (Rogue.CleanPCTool) -> Quarantined and deleted successfully.
C:\Program Files\CleanPCTool\Res\RecycleBin.ico (Rogue.CleanPCTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CleanPCTool\Data\ac (Rogue.CleanPCTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CleanPCTool\Data\ActivationDomain (Rogue.CleanPCTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CleanPCTool\Data\CleanPCTool.exe.cer (Rogue.CleanPCTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CleanPCTool\Data\em (Rogue.CleanPCTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CleanPCTool\Data\oid (Rogue.CleanPCTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CleanPCTool\Data\save2.db (Rogue.CleanPCTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CleanPCTool\Data\user (Rogue.CleanPCTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Start Menu\Antivirus 2009\Antivirus 2009.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Start Menu\Antivirus 2009\Uninstall Antivirus 2009.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\syssetub.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
...y mas infecciones
- LeThe
- Site Admin
- Mensajes: 7046
- Registrado: Vie Jun 15, 2007 5:11 pm
- Ubicación: Florida, Estados Unidos
- Contactar:
...y mas infecciones
Ing. Joshua Marius
Windows 10 Pro x64 20H2
Intel Core i7-3770K, 4.5 Ghz
ASUS P8Z68-V LX
Disco 1: Samsung SSD 850 EVO 500 GB
RAID 1: Seagate ST3000DM001 3TB
CORSAIR Vengeance 16 GB DDR3 1600
NVIDIA GeForce GTX 1060
Windows 10 Pro x64 20H2
Intel Core i7-3770K, 4.5 Ghz
ASUS P8Z68-V LX
Disco 1: Samsung SSD 850 EVO 500 GB
RAID 1: Seagate ST3000DM001 3TB
CORSAIR Vengeance 16 GB DDR3 1600
NVIDIA GeForce GTX 1060
- betelgeuse
- Mensajes: 82
- Registrado: Sab Ene 10, 2009 2:14 pm
- Ubicación: Argentina
Re: ...y mas infecciones
Hola amigo Lethe, como estas?
Sabes? se me cambia la pagina de inicio, o se me cuelga internet o se cierran paginas, algo raro pasa en mi compu. Pase Malwarebytes, Spyboot Search and destroy y AVG y no detecta nada.
Bah! AVG detecto macros ¿que son? Son malos?
Un beso grande
Sabes? se me cambia la pagina de inicio, o se me cuelga internet o se cierran paginas, algo raro pasa en mi compu. Pase Malwarebytes, Spyboot Search and destroy y AVG y no detecta nada.
Bah! AVG detecto macros ¿que son? Son malos?
Un beso grande
Betelgeuse
- LeThe
- Site Admin
- Mensajes: 7046
- Registrado: Vie Jun 15, 2007 5:11 pm
- Ubicación: Florida, Estados Unidos
- Contactar:
Re: ...y mas infecciones
Puedes leer sobre los Macros aqui: http://es.wikipedia.org/wiki/Macro" onclick="window.open(this.href);return false;
Si, pueden ser muy malos. Otra cosa cual te puedo recomendar es escanear el disco desde otra computadora. Asegura actualizar todas las definiciones primero.
Si, pueden ser muy malos. Otra cosa cual te puedo recomendar es escanear el disco desde otra computadora. Asegura actualizar todas las definiciones primero.
Ing. Joshua Marius
Windows 10 Pro x64 20H2
Intel Core i7-3770K, 4.5 Ghz
ASUS P8Z68-V LX
Disco 1: Samsung SSD 850 EVO 500 GB
RAID 1: Seagate ST3000DM001 3TB
CORSAIR Vengeance 16 GB DDR3 1600
NVIDIA GeForce GTX 1060
Windows 10 Pro x64 20H2
Intel Core i7-3770K, 4.5 Ghz
ASUS P8Z68-V LX
Disco 1: Samsung SSD 850 EVO 500 GB
RAID 1: Seagate ST3000DM001 3TB
CORSAIR Vengeance 16 GB DDR3 1600
NVIDIA GeForce GTX 1060