Utilizamos Cookies de terceros para generar estadísticas de audiencia y mostrar publicidad personalizada analizando tu navegación. Si sigues navegando estarás aceptando su uso. Más información X
PortadaForo AyudaTutoriales
InicioForosForo Virus

No se si tengo virus

Bristow
2005-08-26 09:09 - Respuestas: 20 - Tema nº: 36131


Holas gente¡¡¡

Seguí los pasos que me describís arriba, todo bien excepto los procesos ??chost.exe y cmad.exe que voy a finalizarlos y no los encuentro en la lista, no estan activos. Tampoco encontre para borrar esta carpeta, ni el archivo exe ni nada: C:\Documents and Settings\Vicente Gabaldón\Datos de programa\mtmu.exe

Bueno volví hacer todos los procesos que me indicais y ahora el avast¡ me sigue sacando el mismo virus y ayer me decía que tenía otro colega que se ha echado un Troyan Horse, sin embargo hoy volví a pasar el avast y solo me saca el mismo de siempre:

File name: C:\WINDOWS\System32\??chost.exe
Malware name: Win32:Adware-gen. [Adw]
Malware type: Adware

Y ahora el log:
Logfile of HijackThis v1.99.1
Scan saved at 16:02:37, on 25/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Archivos de programa\Ahead\InCD\InCD.exe
C:\Archivos de programa\Java\jre1.5.0_02\bin\jusched.exe
C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Registry Cleaner Trial\RegClean.exe
C:\WINDOWS\system32\rundll32.exe
C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe
C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\Archivos de programa\Ares\Ares.exe
C:\Documents and Settings\Vicente Gabaldón\Escritorio\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Archivos de programa\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [InCD] C:\Archivos de programa\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Archivos de programa\Registry Cleaner Trial\RegClean.exe"
O4 - Startup: Arranque automatico Mayordomo.lnk = C:\Archivos de programa\Mayordomo Virtual\mayordomo.exe
O4 - Global Startup: Inicio rápido de Adobe Reader.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1104109003408
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{20656AB7-DC18-4A37-9B33-64EE64E65F00}: NameServer = 213.250.128.144 213.250.128.150
O17 - HKLM\System\CS3\Services\Tcpip\..\{20656AB7-DC18-4A37-9B33-64EE64E65F00}: NameServer = 213.250.128.144 213.250.128.150
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: GuiHook - Unknown owner - C:\ARCHIV~1\NETSUP~1\guihook.exe (file missing)
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Archivos de programa\Ahead\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Muchas gracias¡¡¡




Posibles soluciones:
No se si tengo virusNo se si tengo virus
Tengo el virus  myzor como puedo sacarlo , no tengoTengo el virus myzor como puedo sacarlo , no tengo
Tengo un virus troyano tengo nod32 y no los elimina Tengo un virus troyano tengo nod32 y no los elimina
Tengo 1 problema:creo que tengo un virus:o varios.yo que se.Tengo 1 problema:creo que tengo un virus:o varios.yo que se.
Tengo un virus?????Tengo un virus?????
tordanxa

Re: No se si tengo virus - 2005-08-26 09:18 - Respuesta 17

El log está limpio.

Dos cosas:

¿Que bicho te detecta el avast?
¿En el Ad-Aware estás eliminando lo que sale? (lo digo por tu primer post)

Saludos
Bristow

Re: No se si tengo virus - 2005-08-26 19:36 - Respuesta 18

Hola rachel, el bicho que me detecta es este:

File name: C:\WINDOWS\System32\??chost.exe
Malware name: Win32:Adware-gen. [Adw]
Malware type: Adware
VPS version: 0534-0, 22/08/2005
es lo que me dice el avast, no se si te referias a otra cosa.

Y sobre lo del adware, es cierto que no se tocarle, mas bien no me atrevo por miedo a eliminar algo que pueda fastidiar el pc, pongo el Logfile, aunque es bastante largo, lo siento¡¡¡¡


Ad-Aware SE Build 1.06r1
Logfile Created on:viernes, 26 de agosto de 2005 16:06:29
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R62 17.08.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BargainBuddy(TAC index::1 total references
ClickSpring(TAC index:6):2 total references
EzuLa(TAC index:6):10 total references
Favoriteman(TAC index::5 total references
HungryHands BHO(TAC index:3):5 total references
MRU List(TAC index:0):36 total references
NavExcel(TAC index:7):1 total references
StatBlaster(TAC index::4 total references
Tracking Cookie(TAC index:3):37 total references
WebSpeacials(TAC index:6):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings

Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings

Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


26-08-2005 16:06:29 - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : S-1-5-21-1060284298-1580818891-1343024091-1003\software\microsoft\direct3d\mostrecentapplication
Des-c-r-i-p-tion : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Des-c-r-i-p-tion : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : S-1-5-21-1060284298-1580818891-1343024091-1003\software\microsoft\direct3d\mostrecentapplication
Des-c-r-i-p-tion : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Des-c-r-i-p-tion : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Des-c-r-i-p-tion : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-1060284298-1580818891-1343024091-1003\software\microsoft\directinput\mostrecentapplication
Des-c-r-i-p-tion : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-1060284298-1580818891-1343024091-1003\software\microsoft\directinput\mostrecentapplication
Des-c-r-i-p-tion : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-1060284298-1580818891-1343024091-1003\software\microsoft\internet explorer
Des-c-r-i-p-tion : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1060284298-1580818891-1343024091-1003\software\microsoft\internet explorer\main
Des-c-r-i-p-tion : last save directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1060284298-1580818891-1343024091-1003\software\microsoft\internet explorer\typedurls
Des-c-r-i-p-tion : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1060284298-1580818891-1343024091-1003\software\microsoft\mediaplayer\medialibraryui
Des-c-r-i-p-tion : last selected node in the microsoft windows media player media library


MRU List Object Recognized!
Location: : S-1-5-21-1060284298-1580818891-1343024091-1003\software\microsoft\mediaplayer\player\recentfilelist
Des-c-r-i-p-tion : list of recently used files in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1060284298-1580818891-1343024091-1003\software\microsoft\mediaplayer\preferences
Des-c-r-i-p-tion : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Des-c-r-i-p-tion : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\mediaplayer\preferences
Des-c-r-i-p-tion : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-19\software\microsoft\mediaplayer\preferences
Des-c-r-i-p-tion : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-20\software\microsoft\mediaplayer\preferences
Des-c-r-i-p-tion : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1060284298-1580818891-1343024091-1003\software\microsoft\mediaplayer\preferences
Des-c-r-i-p-tion : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1060284298-1580818891-1343024091-1003\software\microsoft\ntbackup\log files
Des-c-r-i-p-tion : list of recent logfiles in microsoft backup


MRU List Object Recognized!
Location: : S-1-5-21-1060284298-1580818891-1343024091-1003\software\microsoft\office\10.0\excel\recent files
Des-c-r-i-p-tion : list of recent files used by microsoft excel


MRU List Object Recognized!
Location: : S-1-5-21-1060284298-1580818891-1343024091-1003\software\microsoft\office\10.0\powerpoint\recent file list
Des-c-r-i-p-tion : list of recent files used by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-1060284298-1580818891-1343024091-1003\software\microsoft\search assistant\acmru
Des-c-r-i-p-tion : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-1060284298-1580818891-1343024091-1003\software\microsoft\windows\currentversion\applets\paint\recent file list
Des-c-r-i-p-tion : list of files recently opened using microsoft paint


MRU List Object Recognized!
Location: : S-1-5-21-1060284298-1580818891-1343024091-1003\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Des-c-r-i-p-tion : list of recent files opened using wordpad


MRU List Object Recognized!
Location: : S-1-5-21-1060284298-1580818891-1343024091-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Des-c-r-i-p-tion : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-1060284298-1580818891-1343024091-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Des-c-r-i-p-tion : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-1060284298-1580818891-1343024091-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Des-c-r-i-p-tion : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-1060284298-1580818891-1343024091-1003\software\microsoft\windows\currentversion\explorer\runmru
Des-c-r-i-p-tion : mru list for items opened in start | run


MRU List Object Recognized!
Location: : S-1-5-21-1060284298-1580818891-1343024091-1003\software\nvidia corporation\global\nview\windowmanagement
Des-c-r-i-p-tion : nvidia nview cached application window positions


MRU List Object Recognized!
Location: : S-1-5-21-1060284298-1580818891-1343024091-1003\software\realnetworks\realplayer\6.0\preferences
Des-c-r-i-p-tion : list of recent skins in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-1060284298-1580818891-1343024091-1003\software\realnetworks\realplayer\6.0\preferences
Des-c-r-i-p-tion : list of recent clips in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-1060284298-1580818891-1343024091-1003\software\realnetworks\realplayer\6.0\preferences
Des-c-r-i-p-tion : last login time in realplayer


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Des-c-r-i-p-tion : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Des-c-r-i-p-tion : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-1060284298-1580818891-1343024091-1003\software\microsoft\windows media\wmsdk\general
Des-c-r-i-p-tion : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-1060284298-1580818891-1343024091-1003\software\winrar\dialogedithistory\extrpath
Des-c-r-i-p-tion : winrar "extract-to" history


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 424
ThreadCreationTime : 26-08-2005 7:08:26
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 492
ThreadCreationTime : 26-08-2005 7:08:32
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 516
ThreadCreationTime : 26-08-2005 7:08:32
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 560
ThreadCreationTime : 26-08-2005 7:08:32
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-215
ProductVersion : 5.1.2600.2180
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDes-c-r-i-p-tion : Aplicación de servicios y controlador
InternalName : services.exe
LegalCopyright : Copyright (C) Microsoft Corporation. Reservados todos los derechos.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 572
ThreadCreationTime : 26-08-2005 7:08:33
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-215
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDes-c-r-i-p-tion : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 724
ThreadCreationTime : 26-08-2005 7:08:33
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-215
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDes-c-r-i-p-tion : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 780
ThreadCreationTime : 26-08-2005 7:08:33
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-215
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDes-c-r-i-p-tion : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 848
ThreadCreationTime : 26-08-2005 7:08:33
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-215
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDes-c-r-i-p-tion : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [incdsrv.exe]
FilePath : C:\Archivos de programa\Ahead\InCD\
ProcessID : 868
ThreadCreationTime : 26-08-2005 7:08:33
BasePriority : Normal
FileVersion : 4, 2, 4, 1
ProductVersion : 4, 2, 4, 1
ProductName : Ahead Software AG incdsrv
CompanyName : Ahead Software AG
FileDes-c-r-i-p-tion : incdsrv
InternalName : incdsrv
LegalCopyright : Copyright 1995-2004 Ahead Software AG and its licensors. All Rights Reserved.
LegalTrademarks : InCD is a trademark of Ahead Software AG
OriginalFilename : incdsrv.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1056
ThreadCreationTime : 26-08-2005 7:08:35
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-215
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDes-c-r-i-p-tion : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1204
ThreadCreationTime : 26-08-2005 7:08:35
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-215
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDes-c-r-i-p-tion : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1224
ThreadCreationTime : 26-08-2005 7:08:35
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-215
ProductVersion : 6.00.2900.2180
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDes-c-r-i-p-tion : Explorador de Windows
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Reservados todos los derechos.
OriginalFilename : EXPLORER.EXE

#:13 [lexbces.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1356
ThreadCreationTime : 26-08-2005 7:08:35
BasePriority : Normal
FileVersion : 8.29
ProductVersion : 8.29
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDes-c-r-i-p-tion : LexBce Service
InternalName : LexBce Service
LegalCopyright : (C) 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:14 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1380
ThreadCreationTime : 26-08-2005 7:08:35
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDes-c-r-i-p-tion : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:15 [lexpps.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1392
ThreadCreationTime : 26-08-2005 7:08:35
BasePriority : Normal
FileVersion : 8.29
ProductVersion : 8.29
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDes-c-r-i-p-tion : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : (C) 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)

#:16 [incd.exe]
FilePath : C:\Archivos de programa\Ahead\InCD\
ProcessID : 1632
ThreadCreationTime : 26-08-2005 7:08:38
BasePriority : Normal
FileVersion : 4, 2, 4, 1
ProductVersion : 4, 2, 4, 1
ProductName : Ahead Software AG InCD
CompanyName : Ahead Software AG
FileDes-c-r-i-p-tion : InCD
InternalName : InCD
LegalCopyright : Copyright 1995-2004 Ahead Software AG and its licensors. All Rights Reserved.
LegalTrademarks : InCD is a trademark of Ahead Software AG
OriginalFilename : InCD.exe

#:17 [jusched.exe]
FilePath : C:\Archivos de programa\Java\jre1.5.0_02\bin\
ProcessID : 1640
ThreadCreationTime : 26-08-2005 7:08:38
BasePriority : Normal


#:18 [realsched.exe]
FilePath : C:\Archivos de programa\Archivos comunes\Real\Update_OB\
ProcessID : 1652
ThreadCreationTime : 26-08-2005 7:08:38
BasePriority : Normal
FileVersion : 0.1.0.3292
ProductVersion : 0.1.0.3292
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDes-c-r-i-p-tion : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:19 [ashdisp.exe]
FilePath : C:\ARCHIV~1\ALWILS~1\Avast4\
ProcessID : 1660
ThreadCreationTime : 26-08-2005 7:08:38
BasePriority : Normal
FileVersion : 4, 6, 665, 0
ProductVersion : 4, 6, 0, 0
ProductName : avast! Antivirus
FileDes-c-r-i-p-tion : avast! service GUI component
InternalName : aswDisp
LegalCopyright : Copyright (c) 2005 ALWIL Software
OriginalFilename : aswDisp.exe

#:20 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1688
ThreadCreationTime : 26-08-2005 7:08:38
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-215
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDes-c-r-i-p-tion : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:21 [regclean.exe]
FilePath : C:\Archivos de programa\Registry Cleaner Trial\
ProcessID : 1712
ThreadCreationTime : 26-08-2005 7:08:38
BasePriority : Normal
FileVersion : 1.0.2.446
ProductVersion : 1.0.2.384
ProductName : Registry Cleaner
CompanyName : RegistryOptimizer.com
FileDes-c-r-i-p-tion : Registry Cleaner by www.registryoptimizer.com
LegalCopyright : © RegistryOptimizer.com

#:22 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1732
ThreadCreationTime : 26-08-2005 7:08:38
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-215
ProductVersion : 5.1.2600.2180
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDes-c-r-i-p-tion : Ejecutar un archivo DLL como una aplicación
InternalName : rundll
LegalCopyright : © Microsoft Corporation. Reservados todos los derechos.
OriginalFilename : RUNDLL.EXE

#:23 [aswupdsv.exe]
FilePath : C:\Archivos de programa\Alwil Software\Avast4\
ProcessID : 1128
ThreadCreationTime : 26-08-2005 7:09:44
BasePriority : Normal


#:24 [ashserv.exe]
FilePath : C:\Archivos de programa\Alwil Software\Avast4\
ProcessID : 1168
ThreadCreationTime : 26-08-2005 7:09:44
BasePriority : High
FileVersion : 4, 6, 665, 0
ProductVersion : 4, 6, 0, 0
ProductName : avast! Antivirus
FileDes-c-r-i-p-tion : avast! antivirus service
InternalName : aswServ
LegalCopyright : Copyright (c) 2005 ALWIL Software
OriginalFilename : aswServ.exe

#:25 [mdm.exe]
FilePath : C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\
ProcessID : 1416
ThreadCreationTime : 26-08-2005 7:09:44
BasePriority : Normal
FileVersion : 7.00.9064.9150
ProductVersion : 7.00.9064.9150
ProductName : Microsoft Development Environment
CompanyName : Microsoft Corporation
FileDes-c-r-i-p-tion : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1997-2000
OriginalFilename : mdm.exe

#:26 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1516
ThreadCreationTime : 26-08-2005 7:09:45
BasePriority : Normal
FileVersion : 6.14.10.4523
ProductVersion : 6.14.10.4523
ProductName : NVIDIA Driver Helper Service, Version 45.23
CompanyName : NVIDIA Corporation
FileDes-c-r-i-p-tion : NVIDIA Driver Helper Service, Version 45.23
InternalName : NVSVC
LegalCopyright : (C) NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:27 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 888
ThreadCreationTime : 26-08-2005 7:09:45
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-215
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDes-c-r-i-p-tion : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:28 [ashmaisv.exe]
FilePath : C:\Archivos de programa\Alwil Software\Avast4\
ProcessID : 2424
ThreadCreationTime : 26-08-2005 7:10:07
BasePriority : Normal


#:29 [ashwebsv.exe]
FilePath : C:\Archivos de programa\Alwil Software\Avast4\
ProcessID : 2464
ThreadCreationTime : 26-08-2005 7:10:08
BasePriority : Normal


#:30 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2644
ThreadCreationTime : 26-08-2005 7:10:09
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-215
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDes-c-r-i-p-tion : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:31 [setup.ovr]
FilePath : C:\Archivos de programa\Alwil Software\Avast4\setup\
ProcessID : 3740
ThreadCreationTime : 26-08-2005 14:04:43
BasePriority : Normal


#:32 [ad-aware.exe]
FilePath : C:\Archivos de programa\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3180
ThreadCreationTime : 26-08-2005 14:06:11
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDes-c-r-i-p-tion : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 36


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{68831d00-169e-4feb-89b9-e099df439321}

HungryHands BHO Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\hungryhands.dll

HungryHands BHO Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\{03f8822f-8877-4002-8bcd-b532d53d8471}

HungryHands BHO Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : hungryhands.hungrybho

HungryHands BHO Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : hungryhands.hungrybho.1

HungryHands BHO Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{f8fb4ea2-6c05-4de5-8cd0-625b03f48e22}

ClickSpring Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\clickspring

StatBlaster Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wildmedia\licensestores

StatBlaster Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wildmedia\licensestores
Value : temp_key

StatBlaster Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wildmedia\licensestores
Value : temp_overpro

Favoriteman Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment : "Counter"
Rootkey : HKEY_USERS
Object : S-1-5-21-1060284298-1580818891-1343024091-1003\software\microsoft\windows
Value : Counter

Favoriteman Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment : "Server"
Rootkey : HKEY_USERS
Object : S-1-5-21-1060284298-1580818891-1343024091-1003\software\microsoft\windows
Value : Server

Favoriteman Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment : "Object"
Rootkey : HKEY_USERS
Object : S-1-5-21-1060284298-1580818891-1343024091-1003\software\microsoft\windows
Value : Object

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 13
Objects found so far: 49


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 49

NavExcel Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1060284298-1580818891-1343024091-1003\software\microsoft\internet explorer\toolbar\Webbrowser
Value : {5aa06644-bc46-4220-a460-47a6eb47c96d}


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@as-eu.falkag[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:45
Value : Cookie:vicente gabaldón@as-eu.falkag.net/
Expires : 29-07-2006 20:20:26
LastSync : Hits:45
UseCount : 0
Hits : 45

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@tradedoubler[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:vicente gabaldón@tradedoubler.com/
Expires : 25-08-2005 7:04:48
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@cgi-bin[5].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:vicente gabaldón@www1.addfreestats.com/cgi-bin
Expires : 28-02-2015 2:00:00
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@revenue[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:38
Value : Cookie:vicente gabaldón@revenue.net/
Expires : 10-06-2022 7:05:42
LastSync : Hits:38
UseCount : 0
Hits : 38

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@findwhat[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:vicente gabaldón@findwhat.com/
Expires : 01-01-2020 2:00:02
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@adtech[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:vicente gabaldón@adtech.de/
Expires : 22-08-2015 18:01:58
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@qksrv[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:vicente gabaldón@qksrv.net/
Expires : 08-08-2010 0:15:38
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@cgi-bin[3].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:20
Value : Cookie:vicente gabaldón@imrworldwide.com/cgi-bin
Expires : 23-08-2015 20:17:16
LastSync : Hits:20
UseCount : 0
Hits : 20

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@oinadserve[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:19
Value : Cookie:vicente gabaldón@oinadserve.com/
Expires : 01-01-2021 2:00:00
LastSync : Hits:19
UseCount : 0
Hits : 19

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@apmebf[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:vicente gabaldón@apmebf.com/
Expires : 08-08-2010 0:15:36
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@casalemedia[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:66
Value : Cookie:vicente gabaldón@casalemedia.com/
Expires : 09-08-2006 5:34:08
LastSync : Hits:66
UseCount : 0
Hits : 66

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@zedo[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:vicente gabaldón@zedo.com/
Expires : 21-08-2015 9:09:12
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@adserver.planetatv[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:vicente gabaldón@adserver.planetatv.com/
Expires : 18-08-2015 16:30:36
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@hc2.humanclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:vicente gabaldón@hc2.humanclick.com/
Expires : 05-08-2006 17:42:36
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@cgi-bin[4].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:vicente gabaldón@www4.addfreestats.com/cgi-bin
Expires : 28-02-2015 2:00:00
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@as1.falkag[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:171
Value : Cookie:vicente gabaldón@as1.falkag.de/
Expires : 23-09-2005 13:57:24
LastSync : Hits:171
UseCount : 0
Hits : 171

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@real[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:102
Value : Cookie:vicente gabaldón@real.com/
Expires : 27-07-2035 20:31:16
LastSync : Hits:102
UseCount : 0
Hits : 102

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@adserver.livedoor[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:26
Value : Cookie:vicente gabaldón@adserver.livedoor.es/
Expires : 31-12-2015 1:00:00
LastSync : Hits:26
UseCount : 0
Hits : 26

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@overture[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:vicente gabaldón@overture.com/
Expires : 07-08-2015 16:15:32
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@adserver.terra[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:11
Value : Cookie:vicente gabaldón@adserver.terra.es/
Expires : 12-09-2073 23:31:28
LastSync : Hits:11
UseCount : 0
Hits : 11

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:vicente gabaldón@2o7.net/
Expires : 06-08-2010 16:22:00
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@cgi-bin[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:10
Value : Cookie:vicente gabaldón@www2.3dstats.com/cgi-bin
Expires : 28-02-2015 2:00:00
LastSync : Hits:10
UseCount : 0
Hits : 10

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@tribalfusion[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:9
Value : Cookie:vicente gabaldón@tribalfusion.com/
Expires : 01-01-2038 2:00:00
LastSync : Hits:9
UseCount : 0
Hits : 9

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 23
Objects found so far: 73



Deep scanning and examining files (C
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

BargainBuddy Object Recognized!
Type : File
Data : cdt_bbi8016.exe
TAC Rating : 8
Category : Malware
Comment :
Object : C:\Documents and Settings\Vicente Gabaldón\Configuración local\Temp\
FileVersion : 8.0.2.9
ProductName : BargainBuddy Decoupling Package
CompanyName : eXact Advertising
FileDes-c-r-i-p-tion : BargainBuddy Decoupling Package
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
LegalTrademarks : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
Comments : BargainBuddy Decoupling Package


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@adserver.livedoor[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Vicente Gabaldón\Configuración local\Temp\Cookies\vicente gabaldón@adserver.livedoor[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@advertising[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Vicente Gabaldón\Configuración local\Temp\Cookies\vicente gabaldón@advertising[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@as-eu.falkag[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Vicente Gabaldón\Configuración local\Temp\Cookies\vicente gabaldón@as-eu.falkag[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Vicente Gabaldón\Configuración local\Temp\Cookies\vicente gabaldón@atdmt[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@cgi-bin[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Vicente Gabaldón\Configuración local\Temp\Cookies\vicente gabaldón@cgi-bin[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Vicente Gabaldón\Configuración local\Temp\Cookies\vicente gabaldón@doubleclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@ehg-deltatre.hitbox[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Vicente Gabaldón\Configuración local\Temp\Cookies\vicente gabaldón@ehg-deltatre.hitbox[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@hitbox[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Vicente Gabaldón\Configuración local\Temp\Cookies\vicente gabaldón@hitbox[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@oinadserve[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Vicente Gabaldón\Configuración local\Temp\Cookies\vicente gabaldón@oinadserve[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@real[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Vicente Gabaldón\Configuración local\Temp\Cookies\vicente gabaldón@real[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@revenue[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Vicente Gabaldón\Configuración local\Temp\Cookies\vicente gabaldón@revenue[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@servedby.advertising[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Vicente Gabaldón\Configuración local\Temp\Cookies\vicente gabaldón@servedby.advertising[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@tradedoubler[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Vicente Gabaldón\Configuración local\Temp\Cookies\vicente gabaldón@tradedoubler[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@tribalfusion[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Vicente Gabaldón\Configuración local\Temp\Cookies\vicente gabaldón@tribalfusion[1].txt

StatBlaster Object Recognized!
Type : File
Data : overpro.exe
TAC Rating : 8
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Vicente Gabaldón\Configuración local\Temp\



WebSpeacials Object Recognized!
Type : File
Data : TMP63.tmp
TAC Rating : 6
Category : Malware
Comment :
Object : C:\Documents and Settings\Vicente Gabaldón\Configuración local\Temp\



WebSpeacials Object Recognized!
Type : File
Data : TMP64.tmp
TAC Rating : 6
Category : Malware
Comment :
Object : C:\Documents and Settings\Vicente Gabaldón\Configuración local\Temp\



Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 91


Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\downloadmanager

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wildmedia

EzuLa Object Recognized!
Type : File
Data : AcsProxy.lib
TAC Rating : 6
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\



EzuLa Object Recognized!
Type : File
Data : chat.dat
TAC Rating : 6
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\



EzuLa Object Recognized!
Type : File
Data : ezines.dat
TAC Rating : 6
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\



EzuLa Object Recognized!
Type : File
Data : home.dat
TAC Rating : 6
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\



EzuLa Object Recognized!
Type : File
Data : paysites.dat
TAC Rating : 6
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\



EzuLa Object Recognized!
Type : File
Data : pics.dat
TAC Rating : 6
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\



EzuLa Object Recognized!
Type : File
Data : videos.dat
TAC Rating : 6
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\



ClickSpring Object Recognized!
Type : File
Data : wnscptr.exe
TAC Rating : 6
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



Favoriteman Object Recognized!
Type : File
Data : hosts.bho
TAC Rating : 8
Category : Malware
Comment :
Object : C:\WINDOWS\system32\drivers\etc\



Favoriteman Object Recognized!
Type : File
Data : im64.dll
TAC Rating : 8
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 12
Objects found so far: 103

16:15:26 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:08:56.993
Objects scanned:102421
Objects identified:67
Objects ignored:0
New critical objects:67


No me caso de daros las gracias¡¡¡ ta lego¡¡¡

tordanxa

Re: No se si tengo virus - 2005-08-26 19:50 - Respuesta 19

Mira enel adware, selecciona todo lo que salga en objetos críticos con el botón derecho del ratón y le das a siguiente para que te los elimine.

Una vez hecho eso vuelve a pegar el log del hijachthis, bueno antes elimina archivos innecesarios con el easycleaner

Saludos
Bristow

Re: No se si tengo virus - 2005-08-31 11:09 - Respuesta 20

Wenos dias¡¡¡
Rahel hize todo lo que me decía y aún así el avast me saca el mismo virus, voy a salir loca¡¡

El log:

Logfile of HijackThis v1.99.1
Scan saved at 11:06:24, on 31/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Archivos de programa\Lexmark X1100 Series\lxbkbmgr.exe
C:\Archivos de programa\Ahead\InCD\InCD.exe
C:\Archivos de programa\Java\jre1.5.0_02\bin\jusched.exe
C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\Archivos de programa\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Registry Cleaner Trial\RegClean.exe
C:\Archivos de programa\Mayordomo Virtual\mayordomo.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe
C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe
C:\Archivos de programa\eMule\emule.exe
C:\Archivos de programa\Ares\Ares.exe
C:\Documents and Settings\Vicente Gabaldón\Escritorio\HijackThis\HijackThis.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Archivos de programa\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [InCD] C:\Archivos de programa\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Archivos de programa\Registry Cleaner Trial\RegClean.exe"
O4 - Startup: Arranque automatico Mayordomo.lnk = C:\Archivos de programa\Mayordomo Virtual\mayordomo.exe
O4 - Global Startup: Inicio rápido de Adobe Reader.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1104109003408
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{20656AB7-DC18-4A37-9B33-64EE64E65F00}: NameServer = 213.250.128.144 213.250.128.150
O17 - HKLM\System\CS3\Services\Tcpip\..\{20656AB7-DC18-4A37-9B33-64EE64E65F00}: NameServer = 213.250.128.144 213.250.128.150
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: GuiHook - Unknown owner - C:\ARCHIV~1\NETSUP~1\guihook.exe (file missing)
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Archivos de programa\Ahead\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Página:Anterior4 Siguiente

Respuestas relacionadas:

Tengo un virusTengo un virusForo
Tengo con los virusTengo con los virusForo
¿tengo un virus?¿tengo un virus?Foro
Tengo un virus gayTengo un virus gayForo
Tengo un virusTengo un virusForo
Tengo un virusTengo un virusForo
Tengo un virus\'Tengo un virus\'Foro
Tengo un virus en mi pcTengo un virus en mi pcForo
Tengo virus please help meTengo virus please help meForo
Tengo un virusTengo un virusForo
InicioSecciones
^ SubirAviso legal
Política Privacidad
Configurarequipos23 Diciembre 2024