| blink555 |  |
|
2008-08-12 08:08 - Respuestas: 1 - Tema nº: 2535799
Características: Windows XP Profesional 159 gigabytes .
vi ke pedin la informacion y ps me salio esto chekenlo x fa
Ad-Aware SE Build 1.06r1
Logfile Created on:Martes, 12 de Agosto de 2008 12:35:57 a.m.
Using definitions file:SE1R277 06.08.2008
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adware.Agent(TAC index:5):4 total references
AntiSpyCheck(TAC index:3):2 total references
Win32.Trojandownloader.Zlob(TAC index:10):18 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
Set : Unload recognized processes & modules during scan
Set : Ignore spanned files when scanning cab archives
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Block pop-ups aggressively
Set : Automatically select problematic objects in results lists
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Show splash screen
Set : Backup current definitions file before updating
Set : Play sound at scan completion if scan locates critical objects
12-08-2008 12:35:57 a.m. - Scan started. (Full System Scan)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 504
ThreadCreationTime : 12-08-2008 05:28:51 a.m.
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 556
ThreadCreationTime : 12-08-2008 05:28:55 a.m.
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 580
ThreadCreationTime : 12-08-2008 05:28:55 a.m.
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 624
ThreadCreationTime : 12-08-2008 05:28:58 a.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDes-c-r-i-p-tion : Aplicación de servicios y controlador
InternalName : services.exe
LegalCopyright : Copyright (C) Microsoft Corporation. Reservados todos los derechos.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 636
ThreadCreationTime : 12-08-2008 05:28:58 a.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDes-c-r-i-p-tion : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 788
ThreadCreationTime : 12-08-2008 05:28:59 a.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDes-c-r-i-p-tion : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 852
ThreadCreationTime : 12-08-2008 05:29:00 a.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDes-c-r-i-p-tion : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 960
ThreadCreationTime : 12-08-2008 05:29:00 a.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDes-c-r-i-p-tion : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 972
ThreadCreationTime : 12-08-2008 05:29:00 a.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDes-c-r-i-p-tion : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1020
ThreadCreationTime : 12-08-2008 05:29:01 a.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDes-c-r-i-p-tion : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1368
ThreadCreationTime : 12-08-2008 05:29:08 a.m.
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDes-c-r-i-p-tion : Explorador de Windows
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Reservados todos los derechos.
OriginalFilename : EXPLORER.EXE
Win32.Trojandownloader.Zlob Object Recognized!
Type : Process
Data : zgyhw.dll
TAC Rating : 10
Category : Malware
Comment : kfcpnd.dll.dmp
Object : C:\WINDOWS\system32\
Warning! Win32.Trojandownloader.Zlob Object found in memory(C:\WINDOWS\system32\zgyhw.dll)
#:12 [ares.exe]
FilePath : C:\Archivos de programa\Ares Destiny\
ProcessID : 520
ThreadCreationTime : 12-08-2008 05:30:52 a.m.
BasePriority : Normal
FileVersion : 3.0.0.3805
ProductVersion : 3.0
ProductName : Ares p2p for windows
CompanyName : Ares Development Group
FileDes-c-r-i-p-tion : Ares p2p for windows
InternalName : ares.exe
LegalCopyright : GPL product
LegalTrademarks : Ares Development Team
OriginalFilename : ares.exe
Comments : http://aresgalaxy.sourceforge.net
#:13 [ad-aware.exe]
FilePath : C:\ARCHIV~1\Lavasoft\AD-AWA~1\
ProcessID : 1412
ThreadCreationTime : 12-08-2008 05:34:01 a.m.
BasePriority : Normal
FileVersion : 6.2.0.238
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDes-c-r-i-p-tion : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
#:14 [hh.exe]
FilePath : C:\WINDOWS\
ProcessID : 1420
ThreadCreationTime : 12-08-2008 05:34:01 a.m.
BasePriority : Normal
FileVersion : 5.2.3790.2453 (srv03_sp1_qfe.050525-1536)
ProductVersion : 5.2.3790.2453
ProductName : HTML Help
CompanyName : Microsoft Corporation
FileDes-c-r-i-p-tion : Microsoft® HTML Help Executable
InternalName : HH 1.41
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : HH.exe
#:15 [helpsvc.exe]
FilePath : C:\WINDOWS\PCHealth\HelpCtr\Binaries\
ProcessID : 1756
ThreadCreationTime : 12-08-2008 05:35:44 a.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDes-c-r-i-p-tion : Microsoft Help Center Service
InternalName : HELPSVC.EXE
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : HELPSVC.EXE
#:16 [wmiprvse.exe]
FilePath : C:\WINDOWS\system32\wbem\
ProcessID : 1832
ThreadCreationTime : 12-08-2008 05:35:45 a.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDes-c-r-i-p-tion : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adware.Agent Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{a8954909-1f0f-41a5-a7fa-3b376d69e226}
Adware.Agent Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{967a494a-6aec-4555-9caf-fa6eb00acf91}
Adware.Agent Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{9692be2f-eb8f-49d9-a11c-c24c1ef734d5}
AntiSpyCheck Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{d2608046-dd09-a225-01bf-70c1edd8b2e8}
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-789336058-308236825-725345543-500\software\microsoft\internet explorer\searchscopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302}
Win32.Trojandownloader.Zlob Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-789336058-308236825-725345543-500\software\microsoft\internet explorer\searchscopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302}
Value : DisplayName
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-789336058-308236825-725345543-500\software\microsoft\windows\currentversion\ext\stats\{9034a523-d068-4be8-a284-9df278be776e}
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{9034a523-d068-4be8-a284-9df278be776e}
Win32.Trojandownloader.Zlob Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{9034a523-d068-4be8-a284-9df278be776e}
Value : Exec
Win32.Trojandownloader.Zlob Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{9034a523-d068-4be8-a284-9df278be776e}
Value : CLSID
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 10
Objects found so far: 11
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 11
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 11
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 11
Deep scanning and examining files (E:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for E:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 11
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 11
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : multimediacontrols.chl
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\windows safety alert
Win32.Trojandownloader.Zlob Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\windows safety alert
Value : UninstallString
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\iebrowse tool
Win32.Trojandownloader.Zlob Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\iebrowse tool
Value : UninstallString
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\iexplorer bar
Win32.Trojandownloader.Zlob Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\iexplorer bar
Value : UninstallString
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\warning center
Win32.Trojandownloader.Zlob Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\warning center
Value : UninstallString
Win32.Trojandownloader.Zlob Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows\currentversion\run
Value : aspyc
Win32.Trojandownloader.Zlob Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\policies\explorer\run
Value : some
Adware.Agent Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Adware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : statusbarweb
AntiSpyCheck Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aspyc
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 13
Objects found so far: 24
12:42:37 a.m. Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:06:39.172
Objects scanned:150904
Objects identified:23
Objects ignored:0
New critical objects:23
Comentarios adicionales: El problema surgió justo despues de instalar un programa. | |
|
