| Bristow |  |
|
2005-08-26 09:09 - Respuestas: 20 - Tema nº: 36131
Holas gente¡¡¡
Seguí los pasos que me describís arriba, todo bien excepto los procesos ??chost.exe y cmad.exe que voy a finalizarlos y no los encuentro en la lista, no estan activos. Tampoco encontre para borrar esta carpeta, ni el archivo exe ni nada: C:\Documents and Settings\Vicente Gabaldón\Datos de programa\mtmu.exe
Bueno volví hacer todos los procesos que me indicais y ahora el avast¡ me sigue sacando el mismo virus y ayer me decía que tenía otro colega que se ha echado un Troyan Horse, sin embargo hoy volví a pasar el avast y solo me saca el mismo de siempre:
File name: C:\WINDOWS\System32\??chost.exe
Malware name: Win32:Adware-gen. [Adw]
Malware type: Adware
Y ahora el log:
Logfile of HijackThis v1.99.1
Scan saved at 16:02:37, on 25/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Archivos de programa\Ahead\InCD\InCD.exe
C:\Archivos de programa\Java\jre1.5.0_02\bin\jusched.exe
C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Registry Cleaner Trial\RegClean.exe
C:\WINDOWS\system32\rundll32.exe
C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe
C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\Archivos de programa\Ares\Ares.exe
C:\Documents and Settings\Vicente Gabaldón\Escritorio\HijackThis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Archivos de programa\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [InCD] C:\Archivos de programa\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Archivos de programa\Registry Cleaner Trial\RegClean.exe"
O4 - Startup: Arranque automatico Mayordomo.lnk = C:\Archivos de programa\Mayordomo Virtual\mayordomo.exe
O4 - Global Startup: Inicio rápido de Adobe Reader.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1104109003408
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{20656AB7-DC18-4A37-9B33-64EE64E65F00}: NameServer = 213.250.128.144 213.250.128.150
O17 - HKLM\System\CS3\Services\Tcpip\..\{20656AB7-DC18-4A37-9B33-64EE64E65F00}: NameServer = 213.250.128.144 213.250.128.150
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: GuiHook - Unknown owner - C:\ARCHIV~1\NETSUP~1\guihook.exe (file missing)
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Archivos de programa\Ahead\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Muchas gracias¡¡¡
| |
|
|
| tordanxa |  |
|
Re: No se si tengo virus - 2005-08-26 09:18 - Respuesta 17
El log está limpio.
Dos cosas:
¿Que bicho te detecta el avast?
¿En el Ad-Aware estás eliminando lo que sale? (lo digo por tu primer post)
Saludos | |
|
|
| Bristow | |
|
Re: No se si tengo virus - 2005-08-26 19:36 - Respuesta 18
Hola rachel, el bicho que me detecta es este:
File name: C:\WINDOWS\System32\??chost.exe
Malware name: Win32:Adware-gen. [Adw]
Malware type: Adware
VPS version: 0534-0, 22/08/2005
es lo que me dice el avast, no se si te referias a otra cosa.
Y sobre lo del adware, es cierto que no se tocarle, mas bien no me atrevo por miedo a eliminar algo que pueda fastidiar el pc, pongo el Logfile, aunque es bastante largo, lo siento¡¡¡¡
Ad-Aware SE Build 1.06r1
Logfile Created on:viernes, 26 de agosto de 2005 16:06:29
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R62 17.08.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BargainBuddy(TAC index::1 total references
ClickSpring(TAC index:6):2 total references
EzuLa(TAC index:6):10 total references
Favoriteman(TAC index::5 total references
HungryHands BHO(TAC index:3):5 total references
MRU List(TAC index:0):36 total references
NavExcel(TAC index:7):1 total references
StatBlaster(TAC index::4 total references
Tracking Cookie(TAC index:3):37 total references
WebSpeacials(TAC index:6):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
26-08-2005 16:06:29 - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-1580818891-1343024091-1003\software\microsoft\direct3d\mostrecentapplication
Des-c-r-i-p-tion : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Des-c-r-i-p-tion : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-1580818891-1343024091-1003\software\microsoft\direct3d\mostrecentapplication
Des-c-r-i-p-tion : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Des-c-r-i-p-tion : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Des-c-r-i-p-tion : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-1580818891-1343024091-1003\software\microsoft\directinput\mostrecentapplication
Des-c-r-i-p-tion : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-1580818891-1343024091-1003\software\microsoft\directinput\mostrecentapplication
Des-c-r-i-p-tion : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-1580818891-1343024091-1003\software\microsoft\internet explorer
Des-c-r-i-p-tion : last download directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-1580818891-1343024091-1003\software\microsoft\internet explorer\main
Des-c-r-i-p-tion : last save directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-1580818891-1343024091-1003\software\microsoft\internet explorer\typedurls
Des-c-r-i-p-tion : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-1580818891-1343024091-1003\software\microsoft\mediaplayer\medialibraryui
Des-c-r-i-p-tion : last selected node in the microsoft windows media player media library
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-1580818891-1343024091-1003\software\microsoft\mediaplayer\player\recentfilelist
Des-c-r-i-p-tion : list of recently used files in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-1580818891-1343024091-1003\software\microsoft\mediaplayer\preferences
Des-c-r-i-p-tion : last playlist index loaded in microsoft windows media player
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Des-c-r-i-p-tion : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\mediaplayer\preferences
Des-c-r-i-p-tion : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-19\software\microsoft\mediaplayer\preferences
Des-c-r-i-p-tion : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-20\software\microsoft\mediaplayer\preferences
Des-c-r-i-p-tion : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-1580818891-1343024091-1003\software\microsoft\mediaplayer\preferences
Des-c-r-i-p-tion : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-1580818891-1343024091-1003\software\microsoft\ntbackup\log files
Des-c-r-i-p-tion : list of recent logfiles in microsoft backup
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-1580818891-1343024091-1003\software\microsoft\office\10.0\excel\recent files
Des-c-r-i-p-tion : list of recent files used by microsoft excel
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-1580818891-1343024091-1003\software\microsoft\office\10.0\powerpoint\recent file list
Des-c-r-i-p-tion : list of recent files used by microsoft powerpoint
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-1580818891-1343024091-1003\software\microsoft\search assistant\acmru
Des-c-r-i-p-tion : list of recent search terms used with the search assistant
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-1580818891-1343024091-1003\software\microsoft\windows\currentversion\applets\paint\recent file list
Des-c-r-i-p-tion : list of files recently opened using microsoft paint
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-1580818891-1343024091-1003\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Des-c-r-i-p-tion : list of recent files opened using wordpad
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-1580818891-1343024091-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Des-c-r-i-p-tion : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-1580818891-1343024091-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Des-c-r-i-p-tion : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-1580818891-1343024091-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Des-c-r-i-p-tion : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-1580818891-1343024091-1003\software\microsoft\windows\currentversion\explorer\runmru
Des-c-r-i-p-tion : mru list for items opened in start | run
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-1580818891-1343024091-1003\software\nvidia corporation\global\nview\windowmanagement
Des-c-r-i-p-tion : nvidia nview cached application window positions
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-1580818891-1343024091-1003\software\realnetworks\realplayer\6.0\preferences
Des-c-r-i-p-tion : list of recent skins in realplayer
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-1580818891-1343024091-1003\software\realnetworks\realplayer\6.0\preferences
Des-c-r-i-p-tion : list of recent clips in realplayer
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-1580818891-1343024091-1003\software\realnetworks\realplayer\6.0\preferences
Des-c-r-i-p-tion : last login time in realplayer
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Des-c-r-i-p-tion : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Des-c-r-i-p-tion : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-1580818891-1343024091-1003\software\microsoft\windows media\wmsdk\general
Des-c-r-i-p-tion : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-1580818891-1343024091-1003\software\winrar\dialogedithistory\extrpath
Des-c-r-i-p-tion : winrar "extract-to" history
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 424
ThreadCreationTime : 26-08-2005 7:08:26
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 492
ThreadCreationTime : 26-08-2005 7:08:32
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 516
ThreadCreationTime : 26-08-2005 7:08:32
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 560
ThreadCreationTime : 26-08-2005 7:08:32
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-215
ProductVersion : 5.1.2600.2180
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDes-c-r-i-p-tion : Aplicación de servicios y controlador
InternalName : services.exe
LegalCopyright : Copyright (C) Microsoft Corporation. Reservados todos los derechos.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 572
ThreadCreationTime : 26-08-2005 7:08:33
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-215
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDes-c-r-i-p-tion : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 724
ThreadCreationTime : 26-08-2005 7:08:33
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-215
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDes-c-r-i-p-tion : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 780
ThreadCreationTime : 26-08-2005 7:08:33
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-215
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDes-c-r-i-p-tion : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 848
ThreadCreationTime : 26-08-2005 7:08:33
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-215
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDes-c-r-i-p-tion : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [incdsrv.exe]
FilePath : C:\Archivos de programa\Ahead\InCD\
ProcessID : 868
ThreadCreationTime : 26-08-2005 7:08:33
BasePriority : Normal
FileVersion : 4, 2, 4, 1
ProductVersion : 4, 2, 4, 1
ProductName : Ahead Software AG incdsrv
CompanyName : Ahead Software AG
FileDes-c-r-i-p-tion : incdsrv
InternalName : incdsrv
LegalCopyright : Copyright 1995-2004 Ahead Software AG and its licensors. All Rights Reserved.
LegalTrademarks : InCD is a trademark of Ahead Software AG
OriginalFilename : incdsrv.exe
#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1056
ThreadCreationTime : 26-08-2005 7:08:35
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-215
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDes-c-r-i-p-tion : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1204
ThreadCreationTime : 26-08-2005 7:08:35
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-215
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDes-c-r-i-p-tion : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:12 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1224
ThreadCreationTime : 26-08-2005 7:08:35
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-215
ProductVersion : 6.00.2900.2180
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDes-c-r-i-p-tion : Explorador de Windows
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Reservados todos los derechos.
OriginalFilename : EXPLORER.EXE
#:13 [lexbces.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1356
ThreadCreationTime : 26-08-2005 7:08:35
BasePriority : Normal
FileVersion : 8.29
ProductVersion : 8.29
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDes-c-r-i-p-tion : LexBce Service
InternalName : LexBce Service
LegalCopyright : (C) 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LexBceS.exe
#:14 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1380
ThreadCreationTime : 26-08-2005 7:08:35
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDes-c-r-i-p-tion : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:15 [lexpps.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1392
ThreadCreationTime : 26-08-2005 7:08:35
BasePriority : Normal
FileVersion : 8.29
ProductVersion : 8.29
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDes-c-r-i-p-tion : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : (C) 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)
#:16 [incd.exe]
FilePath : C:\Archivos de programa\Ahead\InCD\
ProcessID : 1632
ThreadCreationTime : 26-08-2005 7:08:38
BasePriority : Normal
FileVersion : 4, 2, 4, 1
ProductVersion : 4, 2, 4, 1
ProductName : Ahead Software AG InCD
CompanyName : Ahead Software AG
FileDes-c-r-i-p-tion : InCD
InternalName : InCD
LegalCopyright : Copyright 1995-2004 Ahead Software AG and its licensors. All Rights Reserved.
LegalTrademarks : InCD is a trademark of Ahead Software AG
OriginalFilename : InCD.exe
#:17 [jusched.exe]
FilePath : C:\Archivos de programa\Java\jre1.5.0_02\bin\
ProcessID : 1640
ThreadCreationTime : 26-08-2005 7:08:38
BasePriority : Normal
#:18 [realsched.exe]
FilePath : C:\Archivos de programa\Archivos comunes\Real\Update_OB\
ProcessID : 1652
ThreadCreationTime : 26-08-2005 7:08:38
BasePriority : Normal
FileVersion : 0.1.0.3292
ProductVersion : 0.1.0.3292
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDes-c-r-i-p-tion : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe
#:19 [ashdisp.exe]
FilePath : C:\ARCHIV~1\ALWILS~1\Avast4\
ProcessID : 1660
ThreadCreationTime : 26-08-2005 7:08:38
BasePriority : Normal
FileVersion : 4, 6, 665, 0
ProductVersion : 4, 6, 0, 0
ProductName : avast! Antivirus
FileDes-c-r-i-p-tion : avast! service GUI component
InternalName : aswDisp
LegalCopyright : Copyright (c) 2005 ALWIL Software
OriginalFilename : aswDisp.exe
#:20 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1688
ThreadCreationTime : 26-08-2005 7:08:38
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-215
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDes-c-r-i-p-tion : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:21 [regclean.exe]
FilePath : C:\Archivos de programa\Registry Cleaner Trial\
ProcessID : 1712
ThreadCreationTime : 26-08-2005 7:08:38
BasePriority : Normal
FileVersion : 1.0.2.446
ProductVersion : 1.0.2.384
ProductName : Registry Cleaner
CompanyName : RegistryOptimizer.com
FileDes-c-r-i-p-tion : Registry Cleaner by www.registryoptimizer.com
LegalCopyright : © RegistryOptimizer.com
#:22 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1732
ThreadCreationTime : 26-08-2005 7:08:38
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-215
ProductVersion : 5.1.2600.2180
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDes-c-r-i-p-tion : Ejecutar un archivo DLL como una aplicación
InternalName : rundll
LegalCopyright : © Microsoft Corporation. Reservados todos los derechos.
OriginalFilename : RUNDLL.EXE
#:23 [aswupdsv.exe]
FilePath : C:\Archivos de programa\Alwil Software\Avast4\
ProcessID : 1128
ThreadCreationTime : 26-08-2005 7:09:44
BasePriority : Normal
#:24 [ashserv.exe]
FilePath : C:\Archivos de programa\Alwil Software\Avast4\
ProcessID : 1168
ThreadCreationTime : 26-08-2005 7:09:44
BasePriority : High
FileVersion : 4, 6, 665, 0
ProductVersion : 4, 6, 0, 0
ProductName : avast! Antivirus
FileDes-c-r-i-p-tion : avast! antivirus service
InternalName : aswServ
LegalCopyright : Copyright (c) 2005 ALWIL Software
OriginalFilename : aswServ.exe
#:25 [mdm.exe]
FilePath : C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\
ProcessID : 1416
ThreadCreationTime : 26-08-2005 7:09:44
BasePriority : Normal
FileVersion : 7.00.9064.9150
ProductVersion : 7.00.9064.9150
ProductName : Microsoft Development Environment
CompanyName : Microsoft Corporation
FileDes-c-r-i-p-tion : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1997-2000
OriginalFilename : mdm.exe
#:26 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1516
ThreadCreationTime : 26-08-2005 7:09:45
BasePriority : Normal
FileVersion : 6.14.10.4523
ProductVersion : 6.14.10.4523
ProductName : NVIDIA Driver Helper Service, Version 45.23
CompanyName : NVIDIA Corporation
FileDes-c-r-i-p-tion : NVIDIA Driver Helper Service, Version 45.23
InternalName : NVSVC
LegalCopyright : (C) NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe
#:27 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 888
ThreadCreationTime : 26-08-2005 7:09:45
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-215
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDes-c-r-i-p-tion : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:28 [ashmaisv.exe]
FilePath : C:\Archivos de programa\Alwil Software\Avast4\
ProcessID : 2424
ThreadCreationTime : 26-08-2005 7:10:07
BasePriority : Normal
#:29 [ashwebsv.exe]
FilePath : C:\Archivos de programa\Alwil Software\Avast4\
ProcessID : 2464
ThreadCreationTime : 26-08-2005 7:10:08
BasePriority : Normal
#:30 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2644
ThreadCreationTime : 26-08-2005 7:10:09
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-215
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDes-c-r-i-p-tion : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:31 [setup.ovr]
FilePath : C:\Archivos de programa\Alwil Software\Avast4\setup\
ProcessID : 3740
ThreadCreationTime : 26-08-2005 14:04:43
BasePriority : Normal
#:32 [ad-aware.exe]
FilePath : C:\Archivos de programa\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3180
ThreadCreationTime : 26-08-2005 14:06:11
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDes-c-r-i-p-tion : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 36
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{68831d00-169e-4feb-89b9-e099df439321}
HungryHands BHO Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\hungryhands.dll
HungryHands BHO Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\{03f8822f-8877-4002-8bcd-b532d53d8471}
HungryHands BHO Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : hungryhands.hungrybho
HungryHands BHO Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : hungryhands.hungrybho.1
HungryHands BHO Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{f8fb4ea2-6c05-4de5-8cd0-625b03f48e22}
ClickSpring Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\clickspring
StatBlaster Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wildmedia\licensestores
StatBlaster Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wildmedia\licensestores
Value : temp_key
StatBlaster Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wildmedia\licensestores
Value : temp_overpro
Favoriteman Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment : "Counter"
Rootkey : HKEY_USERS
Object : S-1-5-21-1060284298-1580818891-1343024091-1003\software\microsoft\windows
Value : Counter
Favoriteman Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment : "Server"
Rootkey : HKEY_USERS
Object : S-1-5-21-1060284298-1580818891-1343024091-1003\software\microsoft\windows
Value : Server
Favoriteman Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment : "Object"
Rootkey : HKEY_USERS
Object : S-1-5-21-1060284298-1580818891-1343024091-1003\software\microsoft\windows
Value : Object
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 13
Objects found so far: 49
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 49
NavExcel Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1060284298-1580818891-1343024091-1003\software\microsoft\internet explorer\toolbar\Webbrowser
Value : {5aa06644-bc46-4220-a460-47a6eb47c96d}
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@as-eu.falkag[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:45
Value : Cookie:vicente gabaldón@as-eu.falkag.net/
Expires : 29-07-2006 20:20:26
LastSync : Hits:45
UseCount : 0
Hits : 45
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@tradedoubler[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:vicente gabaldón@tradedoubler.com/
Expires : 25-08-2005 7:04:48
LastSync : Hits:7
UseCount : 0
Hits : 7
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@cgi-bin[5].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:vicente gabaldón@www1.addfreestats.com/cgi-bin
Expires : 28-02-2015 2:00:00
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@revenue[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:38
Value : Cookie:vicente gabaldón@revenue.net/
Expires : 10-06-2022 7:05:42
LastSync : Hits:38
UseCount : 0
Hits : 38
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@findwhat[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:vicente gabaldón@findwhat.com/
Expires : 01-01-2020 2:00:02
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@adtech[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:vicente gabaldón@adtech.de/
Expires : 22-08-2015 18:01:58
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@qksrv[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:vicente gabaldón@qksrv.net/
Expires : 08-08-2010 0:15:38
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@cgi-bin[3].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:20
Value : Cookie:vicente gabaldón@imrworldwide.com/cgi-bin
Expires : 23-08-2015 20:17:16
LastSync : Hits:20
UseCount : 0
Hits : 20
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@oinadserve[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:19
Value : Cookie:vicente gabaldón@oinadserve.com/
Expires : 01-01-2021 2:00:00
LastSync : Hits:19
UseCount : 0
Hits : 19
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@apmebf[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:vicente gabaldón@apmebf.com/
Expires : 08-08-2010 0:15:36
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@casalemedia[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:66
Value : Cookie:vicente gabaldón@casalemedia.com/
Expires : 09-08-2006 5:34:08
LastSync : Hits:66
UseCount : 0
Hits : 66
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@zedo[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:vicente gabaldón@zedo.com/
Expires : 21-08-2015 9:09:12
LastSync : Hits:7
UseCount : 0
Hits : 7
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@adserver.planetatv[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:vicente gabaldón@adserver.planetatv.com/
Expires : 18-08-2015 16:30:36
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@hc2.humanclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:vicente gabaldón@hc2.humanclick.com/
Expires : 05-08-2006 17:42:36
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@cgi-bin[4].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:vicente gabaldón@www4.addfreestats.com/cgi-bin
Expires : 28-02-2015 2:00:00
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@as1.falkag[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:171
Value : Cookie:vicente gabaldón@as1.falkag.de/
Expires : 23-09-2005 13:57:24
LastSync : Hits:171
UseCount : 0
Hits : 171
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@real[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:102
Value : Cookie:vicente gabaldón@real.com/
Expires : 27-07-2035 20:31:16
LastSync : Hits:102
UseCount : 0
Hits : 102
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@adserver.livedoor[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:26
Value : Cookie:vicente gabaldón@adserver.livedoor.es/
Expires : 31-12-2015 1:00:00
LastSync : Hits:26
UseCount : 0
Hits : 26
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@overture[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:vicente gabaldón@overture.com/
Expires : 07-08-2015 16:15:32
LastSync : Hits:5
UseCount : 0
Hits : 5
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@adserver.terra[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:11
Value : Cookie:vicente gabaldón@adserver.terra.es/
Expires : 12-09-2073 23:31:28
LastSync : Hits:11
UseCount : 0
Hits : 11
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:vicente gabaldón@2o7.net/
Expires : 06-08-2010 16:22:00
LastSync : Hits:6
UseCount : 0
Hits : 6
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@cgi-bin[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:10
Value : Cookie:vicente gabaldón@www2.3dstats.com/cgi-bin
Expires : 28-02-2015 2:00:00
LastSync : Hits:10
UseCount : 0
Hits : 10
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@tribalfusion[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:9
Value : Cookie:vicente gabaldón@tribalfusion.com/
Expires : 01-01-2038 2:00:00
LastSync : Hits:9
UseCount : 0
Hits : 9
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 23
Objects found so far: 73
Deep scanning and examining files (C
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BargainBuddy Object Recognized!
Type : File
Data : cdt_bbi8016.exe
TAC Rating : 8
Category : Malware
Comment :
Object : C:\Documents and Settings\Vicente Gabaldón\Configuración local\Temp\
FileVersion : 8.0.2.9
ProductName : BargainBuddy Decoupling Package
CompanyName : eXact Advertising
FileDes-c-r-i-p-tion : BargainBuddy Decoupling Package
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
LegalTrademarks : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
Comments : BargainBuddy Decoupling Package
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@adserver.livedoor[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Vicente Gabaldón\Configuración local\Temp\Cookies\vicente gabaldón@adserver.livedoor[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@advertising[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Vicente Gabaldón\Configuración local\Temp\Cookies\vicente gabaldón@advertising[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@as-eu.falkag[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Vicente Gabaldón\Configuración local\Temp\Cookies\vicente gabaldón@as-eu.falkag[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Vicente Gabaldón\Configuración local\Temp\Cookies\vicente gabaldón@atdmt[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@cgi-bin[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Vicente Gabaldón\Configuración local\Temp\Cookies\vicente gabaldón@cgi-bin[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Vicente Gabaldón\Configuración local\Temp\Cookies\vicente gabaldón@doubleclick[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@ehg-deltatre.hitbox[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Vicente Gabaldón\Configuración local\Temp\Cookies\vicente gabaldón@ehg-deltatre.hitbox[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@hitbox[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Vicente Gabaldón\Configuración local\Temp\Cookies\vicente gabaldón@hitbox[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@oinadserve[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Vicente Gabaldón\Configuración local\Temp\Cookies\vicente gabaldón@oinadserve[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@real[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Vicente Gabaldón\Configuración local\Temp\Cookies\vicente gabaldón@real[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@revenue[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Vicente Gabaldón\Configuración local\Temp\Cookies\vicente gabaldón@revenue[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@servedby.advertising[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Vicente Gabaldón\Configuración local\Temp\Cookies\vicente gabaldón@servedby.advertising[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@tradedoubler[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Vicente Gabaldón\Configuración local\Temp\Cookies\vicente gabaldón@tradedoubler[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : vicente gabaldón@tribalfusion[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Vicente Gabaldón\Configuración local\Temp\Cookies\vicente gabaldón@tribalfusion[1].txt
StatBlaster Object Recognized!
Type : File
Data : overpro.exe
TAC Rating : 8
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Vicente Gabaldón\Configuración local\Temp\
WebSpeacials Object Recognized!
Type : File
Data : TMP63.tmp
TAC Rating : 6
Category : Malware
Comment :
Object : C:\Documents and Settings\Vicente Gabaldón\Configuración local\Temp\
WebSpeacials Object Recognized!
Type : File
Data : TMP64.tmp
TAC Rating : 6
Category : Malware
Comment :
Object : C:\Documents and Settings\Vicente Gabaldón\Configuración local\Temp\
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 91
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\downloadmanager
EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wildmedia
EzuLa Object Recognized!
Type : File
Data : AcsProxy.lib
TAC Rating : 6
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\
EzuLa Object Recognized!
Type : File
Data : chat.dat
TAC Rating : 6
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\
EzuLa Object Recognized!
Type : File
Data : ezines.dat
TAC Rating : 6
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\
EzuLa Object Recognized!
Type : File
Data : home.dat
TAC Rating : 6
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\
EzuLa Object Recognized!
Type : File
Data : paysites.dat
TAC Rating : 6
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\
EzuLa Object Recognized!
Type : File
Data : pics.dat
TAC Rating : 6
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\
EzuLa Object Recognized!
Type : File
Data : videos.dat
TAC Rating : 6
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\
ClickSpring Object Recognized!
Type : File
Data : wnscptr.exe
TAC Rating : 6
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
Favoriteman Object Recognized!
Type : File
Data : hosts.bho
TAC Rating : 8
Category : Malware
Comment :
Object : C:\WINDOWS\system32\drivers\etc\
Favoriteman Object Recognized!
Type : File
Data : im64.dll
TAC Rating : 8
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 12
Objects found so far: 103
16:15:26 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:08:56.993
Objects scanned:102421
Objects identified:67
Objects ignored:0
New critical objects:67
No me caso de daros las gracias¡¡¡ ta lego¡¡¡
| |
|
|
| tordanxa | |
|
Re: No se si tengo virus - 2005-08-26 19:50 - Respuesta 19
Mira enel adware, selecciona todo lo que salga en objetos críticos con el botón derecho del ratón y le das a siguiente para que te los elimine.
Una vez hecho eso vuelve a pegar el log del hijachthis, bueno antes elimina archivos innecesarios con el easycleaner
Saludos | |
|
|
| Bristow | |
|
Re: No se si tengo virus - 2005-08-31 11:09 - Respuesta 20
Wenos dias¡¡¡
Rahel hize todo lo que me decía y aún así el avast me saca el mismo virus, voy a salir loca¡¡
El log:
Logfile of HijackThis v1.99.1
Scan saved at 11:06:24, on 31/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Archivos de programa\Lexmark X1100 Series\lxbkbmgr.exe
C:\Archivos de programa\Ahead\InCD\InCD.exe
C:\Archivos de programa\Java\jre1.5.0_02\bin\jusched.exe
C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\Archivos de programa\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Registry Cleaner Trial\RegClean.exe
C:\Archivos de programa\Mayordomo Virtual\mayordomo.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe
C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe
C:\Archivos de programa\eMule\emule.exe
C:\Archivos de programa\Ares\Ares.exe
C:\Documents and Settings\Vicente Gabaldón\Escritorio\HijackThis\HijackThis.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Archivos de programa\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [InCD] C:\Archivos de programa\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Archivos de programa\Registry Cleaner Trial\RegClean.exe"
O4 - Startup: Arranque automatico Mayordomo.lnk = C:\Archivos de programa\Mayordomo Virtual\mayordomo.exe
O4 - Global Startup: Inicio rápido de Adobe Reader.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1104109003408
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{20656AB7-DC18-4A37-9B33-64EE64E65F00}: NameServer = 213.250.128.144 213.250.128.150
O17 - HKLM\System\CS3\Services\Tcpip\..\{20656AB7-DC18-4A37-9B33-64EE64E65F00}: NameServer = 213.250.128.144 213.250.128.150
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: GuiHook - Unknown owner - C:\ARCHIV~1\NETSUP~1\guihook.exe (file missing)
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Archivos de programa\Ahead\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
| |
|
|
|
