Autor Tema: No se como quitarme unos troyanos de encima, podeis ayudarme (Leído 4427 veces)

jl · « **en:** 15 de Abril de 2005, 02:25:41 pm »

Voy a empezar por el principio. Reconocidos tengo virus de 2 tipos data miner tracking cookie, y regkey tracking cookie, que hacen salir de vez en cuando una cookie de un casino, ademas de alterar el sistema operativo, ya que no permiten abrir distintas paginas. De manera que aunque en principio y por lo que he averiguado son inofesivos, hay ciertas paginas a las que no tengo acceso.
He scaneado con el ad-aware y me aparece lo siguiente:

El log es el siguiente:
Listing running processes
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 15-04-2005 11:17:09
BasePriority : Normal

#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 15-04-2005 11:17:10
BasePriority : High

#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 15-04-2005 11:17:10
BasePriority : Normal
FileSize : 99 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
Copyright : Copyright (C) Microsoft Corporation. Reservados todos los derechos.
CompanyName : Microsoft Corporation
FileDescription : Aplicaci n de servicios y controlador
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Sistema operativo Microsoft Windows
Created on : 24/08/2001 15:00:00
Last accessed : 15/04/2005 11:17:09
Last modified : 24/08/2001 15:00:00

#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 15-04-2005 11:17:10
BasePriority : Normal
FileSize : 11 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
Copyright : Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft Windows Operating System
Created on : 24/08/2001 15:00:00
Last accessed : 15/04/2005 11:17:09
Last modified : 24/08/2001 15:00:00

#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 15-04-2005 11:17:11
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
Copyright : Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft Windows Operating System
Created on : 24/08/2001 15:00:00
Last accessed : 15/04/2005 11:17:09
Last modified : 24/08/2001 15:00:00

#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 15-04-2005 11:17:11
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
Copyright : Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft Windows Operating System
Created on : 24/08/2001 15:00:00
Last accessed : 15/04/2005 11:17:09
Last modified : 24/08/2001 15:00:00

#:7 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 15-04-2005 11:17:13
BasePriority : Normal
FileSize : 980 KB
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
Copyright : Microsoft Corporation. Reservados todos los derechos.
CompanyName : Microsoft Corporation
FileDescription : Explorador de Windows
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Sistema operativo Microsoft Windows
Created on : 24/08/2001 15:00:00
Last accessed : 15/04/2005 11:17:36
Last modified : 24/08/2001 15:00:00

#:8 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 15-04-2005 11:17:13
BasePriority : Normal
FileSize : 50 KB
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
Copyright : Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft Windows Operating System
Created on : 24/08/2001 15:00:00
Last accessed : 15/04/2005 11:17:09
Last modified : 24/08/2001 15:00:00

#:9 [mcvsshld.exe]
FilePath : C:\ARCHIV~1\mcafee.com\vso\
ThreadCreationTime : 15-04-2005 11:17:15
BasePriority : Normal
FileSize : 176 KB
FileVersion : 9, 0, 0, 7
ProductVersion : 9, 0, 0, 0
Copyright : Copyright 1998-2003 Networks Associates Technology, Inc
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan ActiveShield Resource
InternalName : msvcshld
OriginalFilename : mcvsshld.exe
ProductName : McAfee VirusScan
Created on : 23/02/2005 19:02:07
Last accessed : 15/04/2005 11:17:15
Last modified : 17/08/2004 15:55:08

#:10 [mcagent.exe]
FilePath : C:\ARCHIV~1\mcafee.com\agent\
ThreadCreationTime : 15-04-2005 11:17:15
BasePriority : Normal
FileSize : 240 KB
FileVersion : 5, 0, 0, 2
ProductVersion : 5, 0, 0, 0
Copyright : Copyright 2004 Networks Associates Technology, Inc.
CompanyName : McAfee, Inc
FileDescription : McAfee SecurityCenter Agent
InternalName : mcagent
OriginalFilename : mcagent.exe
ProductName : McAfee SecurityCenter
Created on : 23/02/2005 21:38:21
Last accessed : 15/04/2005 11:17:09
Last modified : 17/08/2004 17:26:38

#:11 [mpftray.exe]
FilePath : C:\ARCHIV~1\McAfee.com\PERSON~1\
ThreadCreationTime : 15-04-2005 11:17:15
BasePriority : Normal
FileSize : 1296 KB
FileVersion : 6.0.0.14
ProductVersion : 6.0.0.14
Copyright : Copyright 2000-2004 Networks Associates Technologies, Inc.
CompanyName : McAfee Security
FileDescription : McAfee Personal Firewall Tray Monitor
InternalName : MpfTray
OriginalFilename : MPFTRAY.EXE
ProductName : McAfee Personal Firewall (MPF)
Created on : 08/03/2005 22:52:17
Last accessed : 15/04/2005 11:17:09
Last modified : 22/08/2004 14:31:28

#:12 [navapp.exe]
FilePath : C:\Archivos de programa\NavExcel\NavHelper\v2.0.4d\
ThreadCreationTime : 15-04-2005 11:17:15
BasePriority : Normal
FileSize : 164 KB
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
Copyright : Copyright 2004
FileDescription : navapp Module
InternalName : navapp
OriginalFilename : navapp.exe
ProductName : navapp Module
Created on : 08/12/2004 9:40:14
Last accessed : 15/04/2005 11:17:09
Last modified : 08/12/2004 9:40:14

#:13 [msnmessag.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 15-04-2005 11:17:15
BasePriority : Normal
FileSize : 89 KB
Created on : 24/08/2001 15:00:00
Last accessed : 15/04/2005 11:17:15
Last modified : 24/08/2001 15:00:00

#:14 [ctfmon.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 15-04-2005 11:17:15
BasePriority : Normal
FileSize : 13 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
Copyright : Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
OriginalFilename : CTFMON.EXE
ProductName : Microsoft Windows Operating System
Created on : 24/08/2001 15:00:00
Last accessed : 15/04/2005 11:17:09
Last modified : 24/08/2001 15:00:00

#:15 [msmsgs.exe]
FilePath : C:\Archivos de programa\Messenger\
ThreadCreationTime : 15-04-2005 11:17:15
BasePriority : Normal
FileSize : 1052 KB
FileVersion : 4.0.0155
ProductVersion : Version 4.0
Copyright : Copyright (c) Microsoft Corporation 1997-2001
CompanyName : Microsoft Corporation
FileDescription : Messenger Client
InternalName : msmsgs
OriginalFilename : msmsgs.exe
ProductName : Messenger
Created on : 23/02/2005 16:54:27
Last accessed : 15/04/2005 11:17:46
Last modified : 02/08/2001 6:14:34

#:16 [msnmsgr.exe]
FilePath : C:\Archivos de programa\MSN Messenger\
ThreadCreationTime : 15-04-2005 11:17:15
BasePriority : Normal
FileSize : 6656 KB
FileVersion : 7.0.0777
ProductVersion : 7.0.0777
Copyright : Copyright (c) Microsoft Corporation 1997-2004
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
OriginalFilename : msnmsgr.exe
ProductName : MSN Messenger
Created on : 30/03/2005 0:28:00
Last accessed : 15/04/2005 11:17:09
Last modified : 30/03/2005 0:28:00

#:17 [ares.exe]
FilePath : C:\Archivos de programa\Ares\
ThreadCreationTime : 15-04-2005 11:17:15
BasePriority : Normal
FileSize : 1174 KB
FileVersion : 1.8.1.2960
ProductVersion : 1.8.1
CompanyName : Ares Development Group
FileDescription : Ares
InternalName : Ares
OriginalFilename : ARES.EXE
ProductName : Ares for windows
Created on : 23/02/2005 2:52:20
Last accessed : 15/04/2005 11:17:09
Last modified : 23/02/2005 2:52:20

#:18 [mcvsescn.exe]
FilePath : c:\archiv~1\mcafee.com\vso\
ThreadCreationTime : 15-04-2005 11:17:15
BasePriority : Normal
FileSize : 456 KB
FileVersion : 9, 0, 0, 7
ProductVersion : 9, 0, 0, 0
Copyright : Copyright 1998-2003 Networks Associates Technology, Inc
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan E-mail Scan Module
InternalName : mcvsescn
OriginalFilename : mcvsescn.EXE
ProductName : McAfee VirusScan
Created on : 23/02/2005 19:02:11
Last accessed : 15/04/2005 11:17:09
Last modified : 19/08/2004 11:31:36

#:19 [mpfagent.exe]
FilePath : C:\ARCHIV~1\McAfee.com\PERSON~1\
ThreadCreationTime : 15-04-2005 11:17:19
BasePriority : Normal
FileSize : 556 KB
FileVersion : 6.0.0.14
ProductVersion : 6.0.0.14
Copyright : Copyright 2000-2004 Networks Associates Technologies, Inc.
CompanyName : McAfee Security
FileDescription : McAfee Personal Firewall Agent Interface
InternalName : MpfAgent
OriginalFilename : MPFAGENT.EXE
ProductName : McAfee Personal Firewall (MPF)
Created on : 08/03/2005 22:52:16
Last accessed : 15/04/2005 11:17:09
Last modified : 22/08/2004 14:32:56

#:20 [atievxx.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 15-04-2005 11:17:20
BasePriority : Normal
FileSize : 36 KB
FileVersion : 5.1.2482.0 (Lab01_N(ericks).010524-2202)
ProductVersion : 5.1.2482.0
Copyright : Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : ATI Hotkey polling utility
InternalName : atievxx.exe
OriginalFilename : atievxx.exe
ProductName : Microsoft Windows Operating System
Created on : 23/02/2005 16:19:18
Last accessed : 15/04/2005 11:17:09
Last modified : 22/08/2001 21:15:26

#:21 [mcvsrte.exe]
FilePath : c:\ARCHIV~1\mcafee.com\vso\
ThreadCreationTime : 15-04-2005 11:17:21
BasePriority : Normal
FileSize : 120 KB
FileVersion : 9, 0, 0, 10
ProductVersion : 9, 0, 0, 0
Copyright : Copyright 1998-2003 Networks Associates Technology, Inc
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan Real-time Engine
InternalName : mcvsrte
OriginalFilename : mcvsrte.exe
ProductName : McAfee VirusScan
Created on : 23/02/2005 19:02:07
Last accessed : 15/04/2005 11:17:09
Last modified : 26/08/2004 16:57:22

#:22 [mdm.exe]
FilePath : C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\
ThreadCreationTime : 15-04-2005 11:17:22
BasePriority : Normal
FileSize : 264 KB
FileVersion : 7.00.9064.9150
ProductVersion : 7.00.9064.9150
Copyright : Copyright (C) Microsoft Corp. 1997-2000
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
OriginalFilename : mdm.exe
ProductName : Microsoft Development Environment
Created on : 23/02/2001 9:07:30
Last accessed : 15/04/2005 11:17:09
Last modified : 23/02/2001 9:07:30

#:23 [mcvsftsn.exe]
FilePath : c:\archiv~1\mcafee.com\vso\
ThreadCreationTime : 15-04-2005 11:17:22
BasePriority : Normal
FileSize : 232 KB
FileVersion : 9, 0, 0, 0
ProductVersion : 9, 0, 0, 0
Copyright : Copyright 1998-2003 Networks Associates Technology, Inc
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan Instant Messenger Scan Module
InternalName : mcvsftsn
OriginalFilename : mcvsftsn.EXE
ProductName : McAfee VirusScan
Created on : 23/02/2005 19:02:13
Last accessed : 15/04/2005 11:17:09
Last modified : 01/07/2004 14:16:20

#:24 [mpfservice.exe]
FilePath : C:\ARCHIV~1\McAfee.com\PERSON~1\
ThreadCreationTime : 15-04-2005 11:17:25
BasePriority : Normal
FileSize : 564 KB
FileVersion : 6.0.0.14
ProductVersion : 6.0.0.14
Copyright : Copyright 2000-2004 Networks Associates Technologies, Inc.
CompanyName : McAfee Corporation
FileDescription : McAfee Personal Firewall Service
InternalName : MPFService
OriginalFilename : MpfService.exe
ProductName : McAfee Personal Firewall
Created on : 08/03/2005 22:52:15
Last accessed : 15/04/2005 11:17:09
Last modified : 22/08/2004 14:31:44

#:25 [mcshield.exe]
FilePath : c:\ARCHIV~1\mcafee.com\vso\
ThreadCreationTime : 15-04-2005 11:17:29
BasePriority : High
FileSize : 220 KB
Created on : 23/02/2005 21:38:27
Last accessed : 15/04/2005 11:17:09
Last modified : 13/03/2002 7:50:34

#:26 [wuauclt.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 15-04-2005 11:18:26
BasePriority : Normal
FileSize : 112 KB
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
Copyright : Microsoft Corporation. Reservados todos los derechos.
CompanyName : Microsoft Corporation
FileDescription : Actualizaciones autom ticas
InternalName : wuauclt.exe
OriginalFilename : wuauclt.exe
ProductName : Sistema operativo Microsoft Windows
Created on : 23/02/2005 16:53:51
Last accessed : 15/04/2005 11:17:26
Last modified : 03/08/2004 13:01:08

#:27 [iexplore.exe]
FilePath : C:\Archivos de programa\Internet Explorer\
ThreadCreationTime : 15-04-2005 11:30:56
BasePriority : Normal
FileSize : 89 KB
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
Copyright : Microsoft Corporation. Reservados todos los derechos.
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
OriginalFilename : IEXPLORE.EXE
ProductName : Sistema operativo Microsoft Windows
Created on : 23/02/2005 16:55:40
Last accessed : 15/04/2005 11:33:35
Last modified : 24/08/2001 15:00:00

#:28 [ad-aware.exe]
FilePath : C:\Archivos de programa\Lavasoft\Ad-aware 6\
ThreadCreationTime : 15-04-2005 11:42:59
BasePriority : Normal
FileSize : 645 KB
FileVersion : 6.0.1.165
ProductVersion : 6.0.0.0
Copyright : Copyright Lavasoft Sweden
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 23/02/2005 18:29:58
Last accessed : 15/04/2005 11:42:59
Last modified : 08/02/2003 20:50:52

Memory scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Started registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Gator Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}

Alexa Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}

Registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 2
Objects found so far: 2

Started deep registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Deep registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 2

Deep scanning and examining files (C:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Tracking Cookie Object recognized!
Type : File
Data : [email protected][2].txt
Object : C:\Documents and Settings\Administrador\Cookies\

Created on : 14/04/2005 22:21:22
Last accessed : 15/04/2005 11:48:26
Last modified : 23/03/2005 13:27:40

Tracking Cookie Object recognized!
Type : File
Data : [email protected][2].txt
Object : C:\Documents and Settings\Administrador\Cookies\

Created on : 14/04/2005 22:21:22
Last accessed : 15/04/2005 11:48:26
Last modified : 04/04/2005 13:19:58

Tracking Cookie Object recognized!
Type : File
Data : [email protected][1].txt
Object : C:\Documents and Settings\Administrador\Cookies\

Created on : 14/04/2005 22:21:22
Last accessed : 15/04/2005 11:18:56
Last modified : 09/03/2005 21:27:50

Tracking Cookie Object recognized!
Type : File
Data : administrador@adserver[2].txt
Object : C:\Documents and Settings\Administrador\Cookies\

Created on : 14/04/2005 22:21:22
Last accessed : 15/04/2005 11:48:26
Last modified : 12/04/2005 12:17:10

Tracking Cookie Object recognized!
Type : File
Data : administrador@adserver[3].txt
Object : C:\Documents and Settings\Administrador\Cookies\

Created on : 14/04/2005 22:21:22
Last accessed : 15/04/2005 11:48:26
Last modified : 13/04/2005 11:24:40

Tracking Cookie Object recognized!
Type : File
Data : administrador@adtech[2].txt
Object : C:\Documents and Settings\Administrador\Cookies\

Created on : 14/04/2005 22:21:22
Last accessed : 15/04/2005 11:48:26
Last modified : 28/03/2005 6:59:04

Tracking Cookie Object recognized!
Type : File
Data : administrador@advertising[1].txt
Object : C:\Documents and Settings\Administrador\Cookies\

Created on : 14/04/2005 22:21:22
Last accessed : 15/04/2005 11:48:26
Last modified : 24/02/2005 14:44:16

Tracking Cookie Object recognized!
Type : File
Data : administrador@atdmt[1].txt
Object : C:\Documents and Settings\Administrador\Cookies\

Created on : 14/04/2005 22:21:22
Last accessed : 15/04/2005 11:48:26
Last modified : 07/03/2005 12:02:00

Tracking Cookie Object recognized!
Type : File
Data : administrador@bfast[2].txt
Object : C:\Documents and Settings\Administrador\Cookies\

Created on : 14/04/2005 22:21:22
Last accessed : 15/04/2005 11:48:26
Last modified : 24/02/2005 20:06:12

Tracking Cookie Object recognized!
Type : File
Data : administrador@bravenet[1].txt
Object : C:\Documents and Settings\Administrador\Cookies\

Created on : 14/04/2005 22:21:22
Last accessed : 15/04/2005 11:48:26
Last modified : 11/04/2005 12:43:38

Tracking Cookie Object recognized!
Type : File
Data : administrador@centrport[2].txt
Object : C:\Documents and Settings\Administrador\Cookies\

Created on : 14/04/2005 22:21:22
Last accessed : 15/04/2005 11:48:26
Last modified : 04/03/2005 14:01:22

Tracking Cookie Object recognized!
Type : File
Data : [email protected][2].txt
Object : C:\Documents and Settings\Administrador\Cookies\

Created on : 14/04/2005 22:21:22
Last accessed : 15/04/2005 11:48:27
Last modified : 07/03/2005 11:51:36

Tracking Cookie Object recognized!
Type : File
Data : administrador@doubleclick[1].txt
Object : C:\Documents and Settings\Administrador\Cookies\

Created on : 14/04/2005 22:21:02
Last accessed : 15/04/2005 11:48:27
Last modified : 23/02/2005 21:23:02

Tracking Cookie Object recognized!
Type : File
Data : administrador@doubleclick[3].txt
Object : C:\Documents and Settings\Administrador\Cookies\

Created on : 15/04/2005 11:26:50
Last accessed : 15/04/2005 11:33:55
Last modified : 15/04/2005 11:33:55

Tracking Cookie Object recognized!
Type : File
Data : [email protected][1].txt
Object : C:\Documents and Settings\Administrador\Cookies\
FileSize : 1 KB
Created on : 14/04/2005 22:21:22
Last accessed : 15/04/2005 11:48:27
Last modified : 11/03/2005 23:22:20

Tracking Cookie Object recognized!
Type : File
Data : [email protected][2].txt
Object : C:\Documents and Settings\Administrador\Cookies\

Created on : 14/04/2005 22:21:22
Last accessed : 15/04/2005 11:48:27
Last modified : 14/04/2005 15:02:08

Tracking Cookie Object recognized!
Type : File
Data : [email protected][1].txt
Object : C:\Documents and Settings\Administrador\Cookies\
FileSize : 4 KB
Created on : 14/04/2005 22:21:22
Last accessed : 15/04/2005 11:48:27
Last modified : 05/04/2005 13:06:30

Tracking Cookie Object recognized!
Type : File
Data : [email protected][1].txt
Object : C:\Documents and Settings\Administrador\Cookies\

Created on : 14/04/2005 22:21:22
Last accessed : 15/04/2005 11:48:27
Last modified : 13/03/2005 11:48:26

Tracking Cookie Object recognized!
Type : File
Data : [email protected][2].txt
Object : C:\Documents and Settings\Administrador\Cookies\

Created on : 14/04/2005 22:21:22
Last accessed : 15/04/2005 11:48:27
Last modified : 13/04/2005 11:14:40

Tracking Cookie Object recognized!
Type : File
Data : administrador@fastclick[2].txt
Object : C:\Documents and Settings\Administrador\Cookies\

Created on : 14/04/2005 22:21:22
Last accessed : 15/04/2005 11:48:27
Last modified : 13/04/2005 11:14:02

Tracking Cookie Object recognized!
Type : File
Data : administrador@hitbox[1].txt
Object : C:\Documents and Settings\Administrador\Cookies\

Created on : 14/04/2005 22:21:22
Last accessed : 15/04/2005 11:48:28
Last modified : 14/04/2005 15:02:08

Tracking Cookie Object recognized!
Type : File
Data : administrador@internetfuel[2].txt
Object : C:\Documents and Settings\Administrador\Cookies\

Created on : 14/04/2005 22:21:22
Last accessed : 15/04/2005 11:48:28
Last modified : 24/02/2005 12:04:38

Tracking Cookie Object recognized!
Type : File
Data : administrador@linksynergy[1].txt
Object : C:\Documents and Settings\Administrador\Cookies\

Created on : 14/04/2005 22:21:22
Last accessed : 15/04/2005 11:48:28
Last modified : 13/04/2005 11:01:00

Tracking Cookie Object recognized!
Type : File
Data : administrador@mediaplex[1].txt
Object : C:\Documents and Settings\Administrador\Cookies\

Created on : 14/04/2005 22:21:22
Last accessed : 15/04/2005 11:48:28
Last modified : 23/02/2005 21:23:02

Tracking Cookie Object recognized!
Type : File
Data : [email protected][1].txt
Object : C:\Documents and Settings\Administrador\Cookies\

Created on : 14/04/2005 22:21:22
Last accessed : 15/04/2005 11:48:28
Last modified : 24/02/2005 14:23:32

Tracking Cookie Object recognized!
Type : File
Data : administrador@qksrv[2].txt
Object : C:\Documents and Settings\Administrador\Cookies\

Created on : 14/04/2005 22:21:22
Last accessed : 15/04/2005 11:48:29
Last modified : 24/02/2005 14:22:08

Tracking Cookie Object recognized!
Type : File
Data : [email protected][2].txt
Object : C:\Documents and Settings\Administrador\Cookies\
FileSize : 2 KB
Created on : 14/04/2005 22:21:22
Last accessed : 15/04/2005 11:48:29
Last modified : 14/04/2005 14:51:52

Tracking Cookie Object recognized!
Type : File
Data : administrador@targetnet[2].txt
Object : C:\Documents and Settings\Administrador\Cookies\

Created on : 14/04/2005 22:21:22
Last accessed : 15/04/2005 11:48:29
Last modified : 13/04/2005 11:08:06

Tracking Cookie Object recognized!
Type : File
Data : administrador@tradedoubler[2].txt
Object : C:\Documents and Settings\Administrador\Cookies\

Created on : 14/04/2005 22:21:22
Last accessed : 15/04/2005 11:48:29
Last modified : 12/04/2005 21:54:50

Tracking Cookie Object recognized!
Type : File
Data : administrador@valueclick[2].txt
Object : C:\Documents and Settings\Administrador\Cookies\

Created on : 14/04/2005 22:21:23
Last accessed : 15/04/2005 11:48:29
Last modified : 24/02/2005 22:11:16

Tracking Cookie Object recognized!
Type : File
Data : administrador@weborama[1].txt
Object : C:\Documents and Settings\Administrador\Cookies\

Created on : 14/04/2005 22:21:23
Last accessed : 15/04/2005 11:48:29
Last modified : 03/04/2005 21:53:42

Tracking Cookie Object recognized!
Type : File
Data : [email protected][1].txt
Object : C:\Documents and Settings\Administrador\Cookies\

Created on : 14/04/2005 22:21:23
Last accessed : 15/04/2005 11:48:31
Last modified : 14/04/2005 14:51:56

Disk scan result for C:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 34

13:52:00 Scan complete

Summary of this scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Total scanning time :00:08:40:658
Objects scanned :91703
Objects identified :34
Objects ignored :0
New objects :34

Les agradezco su ayuda por adelantado, estoy perdido pues soy un novato y no se los pasos a dar. Tengo la intuición de que hay que ponerlos en quarentena. Pero, no se los pasos a dar, realmente, muchas gracias por todo. Saludos Javier.

destroyer · « **Respuesta #1 en:** 15 de Abril de 2005, 02:29:58 pm »

Hola:
Bienvenido al foro..

Puesdes mandar todos a cuarentena sin mayor problema.. A continuacion vacia temporales de internet y las cookies, arranca el pc en modo a prueba de fallos y escanea nuevamente con el ad aware Se 1.05 actualizado, y cuelgas aqui el LOG completo que te muestra.. Incluido el encabezado que en este caso no has puesto ..
Ya nos comentas..

Un saludo

jl · « **Respuesta #2 en:** 15 de Abril de 2005, 04:34:28 pm »

Hola de nuevo, al actualizarlo y volver a scanear, me ha salido un zoologico, tengo bastantes virus de diversas clases, llegan al centenar de 8 clases diferentes.

Ad-Aware SE Build 1.05
Logfile Created on:viernes, 15 de abril de 2005 16:25:39
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R38 11.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Alexa(TAC index:5):11 total references
Claria(TAC index:7):4 total references
Elitum.ElitebarBHO(TAC index:5):6 total references
MRU List(TAC index:0):26 total references
NavExcel(TAC index:5):37 total references
Possible Browser Hijack attempt(TAC index:3):4 total references
Search Miracle(TAC index:5):7 total references
Tracking Cookie(TAC index:3):41 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects

15-04-2005 16:25:39 - Scan started. (Smart mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 436
ThreadCreationTime : 15-04-2005 11:17:09
BasePriority : Normal

#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 484
ThreadCreationTime : 15-04-2005 11:17:10
BasePriority : Normal

#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 508
ThreadCreationTime : 15-04-2005 11:17:10
BasePriority : High

#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 552
ThreadCreationTime : 15-04-2005 11:17:10
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Aplicación de servicios y controlador
InternalName : services.exe
LegalCopyright : Copyright (C) Microsoft Corporation. Reservados todos los derechos.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 564
ThreadCreationTime : 15-04-2005 11:17:10
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 728
ThreadCreationTime : 15-04-2005 11:17:11
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 780
ThreadCreationTime : 15-04-2005 11:17:11
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 876
ThreadCreationTime : 15-04-2005 11:17:12
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 948
ThreadCreationTime : 15-04-2005 11:17:12
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1176
ThreadCreationTime : 15-04-2005 11:17:13
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Explorador de Windows
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Reservados todos los derechos.
OriginalFilename : EXPLORER.EXE

#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1236
ThreadCreationTime : 15-04-2005 11:17:13
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [mcvsshld.exe]
FilePath : C:\ARCHIV~1\mcafee.com\vso\
ProcessID : 1352
ThreadCreationTime : 15-04-2005 11:17:15
BasePriority : Normal
FileVersion : 9, 0, 0, 7
ProductVersion : 9, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan ActiveShield Resource
InternalName : msvcshld
LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc
OriginalFilename : mcvsshld.exe
Comments : McAfee VirusScan ActiveShield Resource

#:13 [mcagent.exe]
FilePath : C:\ARCHIV~1\mcafee.com\agent\
ProcessID : 1360
ThreadCreationTime : 15-04-2005 11:17:15
BasePriority : Normal
FileVersion : 5, 0, 0, 2
ProductVersion : 5, 0, 0, 0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc
FileDescription : McAfee SecurityCenter Agent
InternalName : mcagent
LegalCopyright : Copyright © 2004 Networks Associates Technology, Inc.
OriginalFilename : mcagent.exe

#:14 [mpftray.exe]
FilePath : C:\ARCHIV~1\McAfee.com\PERSON~1\
ProcessID : 1384
ThreadCreationTime : 15-04-2005 11:17:15
BasePriority : Normal
FileVersion : 6.0.0.14
ProductVersion : 6.0.0.14
ProductName : McAfee Personal Firewall (MPF)
CompanyName : McAfee Security
FileDescription : McAfee Personal Firewall Tray Monitor
InternalName : MpfTray
LegalCopyright : Copyright © 2000-2004 Networks Associates Technologies, Inc.
OriginalFilename : MPFTRAY.EXE
Comments : Tray Icon for McAfee Personal Firewall

#:15 [navapp.exe]
FilePath : C:\Archivos de programa\NavExcel\NavHelper\v2.0.4d\
ProcessID : 1392
ThreadCreationTime : 15-04-2005 11:17:15
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : navapp Module
FileDescription : navapp Module
InternalName : navapp
LegalCopyright : Copyright 2004
OriginalFilename : navapp.exe

#:16 [msnmessag.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1400
ThreadCreationTime : 15-04-2005 11:17:15
BasePriority : Normal

#:17 [ctfmon.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1408
ThreadCreationTime : 15-04-2005 11:17:15
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:18 [msmsgs.exe]
FilePath : C:\Archivos de programa\Messenger\
ProcessID : 1416
ThreadCreationTime : 15-04-2005 11:17:15
BasePriority : Normal
FileVersion : 4.0.0155
ProductVersion : Version 4.0
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger Client
InternalName : msmsgs
LegalCopyright : Copyright (c) Microsoft Corporation 1997-2001
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:19 [msnmsgr.exe]
FilePath : C:\Archivos de programa\MSN Messenger\
ProcessID : 1424
ThreadCreationTime : 15-04-2005 11:17:15
BasePriority : Normal
FileVersion : 7.0.0777
ProductVersion : 7.0.0777
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright (c) Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:20 [ares.exe]
FilePath : C:\Archivos de programa\Ares\
ProcessID : 1448
ThreadCreationTime : 15-04-2005 11:17:15
BasePriority : Normal
FileVersion : 1.8.1.2960
ProductVersion : 1.8.1
ProductName : Ares for windows
CompanyName : Ares Development Group
FileDescription : Ares
InternalName : Ares
OriginalFilename : ARES.EXE
Comments : http://www.aresgalaxy.org

#:21 [mcvsescn.exe]
FilePath : c:\archiv~1\mcafee.com\vso\
ProcessID : 1480
ThreadCreationTime : 15-04-2005 11:17:15
BasePriority : Normal
FileVersion : 9, 0, 0, 7
ProductVersion : 9, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan E-mail Scan Module
InternalName : mcvsescn
LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc
OriginalFilename : mcvsescn.EXE
Comments : McAfee VirusScan E-mail Scan Module

#:22 [mpfagent.exe]
FilePath : C:\ARCHIV~1\McAfee.com\PERSON~1\
ProcessID : 1672
ThreadCreationTime : 15-04-2005 11:17:19
BasePriority : Normal
FileVersion : 6.0.0.14
ProductVersion : 6.0.0.14
ProductName : McAfee Personal Firewall (MPF)
CompanyName : McAfee Security
FileDescription : McAfee Personal Firewall Agent Interface
InternalName : MpfAgent
LegalCopyright : Copyright © 2000-2004 Networks Associates Technologies, Inc.
OriginalFilename : MPFAGENT.EXE
Comments : McAfee Personal Firewall Security Center Module

#:23 [atievxx.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1768
ThreadCreationTime : 15-04-2005 11:17:20
BasePriority : Normal
FileVersion : 5.1.2482.0 (Lab01_N(ericks).010524-2202)
ProductVersion : 5.1.2482.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : ATI Hotkey polling utility
InternalName : atievxx.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : atievxx.exe

#:24 [mcvsrte.exe]
FilePath : c:\ARCHIV~1\mcafee.com\vso\
ProcessID : 1820
ThreadCreationTime : 15-04-2005 11:17:21
BasePriority : Normal
FileVersion : 9, 0, 0, 10
ProductVersion : 9, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan Real-time Engine
InternalName : mcvsrte
LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc
OriginalFilename : mcvsrte.exe
Comments : McAfee VirusScan Real-time Engine

#:25 [mdm.exe]
FilePath : C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\
ProcessID : 1840
ThreadCreationTime : 15-04-2005 11:17:22
BasePriority : Normal
FileVersion : 7.00.9064.9150
ProductVersion : 7.00.9064.9150
ProductName : Microsoft Development Environment
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1997-2000
OriginalFilename : mdm.exe

#:26 [mcvsftsn.exe]
FilePath : c:\archiv~1\mcafee.com\vso\
ProcessID : 1860
ThreadCreationTime : 15-04-2005 11:17:22
BasePriority : Normal
FileVersion : 9, 0, 0, 0
ProductVersion : 9, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan Instant Messenger Scan Module
InternalName : mcvsftsn
LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc
OriginalFilename : mcvsftsn.EXE
Comments : McAfee VirusScan Instant Messenger Scan Module

#:27 [mpfservice.exe]
FilePath : C:\ARCHIV~1\McAfee.com\PERSON~1\
ProcessID : 2040
ThreadCreationTime : 15-04-2005 11:17:25
BasePriority : Normal
FileVersion : 6.0.0.14
ProductVersion : 6.0.0.14
ProductName : McAfee Personal Firewall
CompanyName : McAfee Corporation
FileDescription : McAfee Personal Firewall Service
InternalName : MPFService
LegalCopyright : Copyright © 2000-2004 Networks Associates Technologies, Inc.
OriginalFilename : MpfService.exe
Comments : McAfee Personal Firewall Service

#:28 [mcshield.exe]
FilePath : c:\ARCHIV~1\mcafee.com\vso\
ProcessID : 720
ThreadCreationTime : 15-04-2005 11:17:29
BasePriority : High

#:29 [wuauclt.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2220
ThreadCreationTime : 15-04-2005 11:18:26
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Actualizaciones automáticas
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. Reservados todos los derechos.
OriginalFilename : wuauclt.exe

#:30 [iexplore.exe]
FilePath : C:\Archivos de programa\Internet Explorer\
ProcessID : 3728
ThreadCreationTime : 15-04-2005 11:30:56
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. Reservados todos los derechos.
OriginalFilename : IEXPLORE.EXE

#:31 [iexplore.exe]
FilePath : C:\Archivos de programa\Internet Explorer\
ProcessID : 3060
ThreadCreationTime : 15-04-2005 14:08:54
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. Reservados todos los derechos.
OriginalFilename : IEXPLORE.EXE

#:32 [ad-aware.exe]
FilePath : C:\Archivos de programa\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2724
ThreadCreationTime : 15-04-2005 14:24:55
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Claria Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}

Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Value : Instalador

Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Value : uets

Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Value : GEF

Elitum.ElitebarBHO Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{be8d0059-d24d-4919-b76f-99f4a2203647}

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{be8d0059-d24d-4919-b76f-99f4a2203647}
Value :

Elitum.ElitebarBHO Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{ed103d9f-3070-4580-ab1e-e5c179c1ae41}

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{ed103d9f-3070-4580-ab1e-e5c179c1ae41}
Value :

Elitum.ElitebarBHO Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{0a1d22c3-37be-470c-9c29-e3074ee0574b}

NavExcel Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\{710bcb5b-8c6c-483e-a4f5-faf083b13184}

NavExcel Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\{710bcb5b-8c6c-483e-a4f5-faf083b13184}
Value :

NavExcel Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{20f36af3-3486-4bb6-8bcb-f1f8abe74d07}

NavExcel Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{20f36af3-3486-4bb6-8bcb-f1f8abe74d07}
Value :

NavExcel Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : navexcel.navhelper

NavExcel Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : navexcel.navhelper
Value :

NavExcel Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : navexcel.navhelper.1

NavExcel Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : navexcel.navhelper.1
Value :

NavExcel Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{fa4de133-d3c3-4ed4-92d1-cd4dde839ab3}

NavExcel Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{209b1cea-8b2e-4596-9b35-a4a7db611eb2}

NavExcel Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{5aa06644-bc46-4220-a460-47a6eb47c96d}

NavExcel Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{5aa06644-bc46-4220-a460-47a6eb47c96d}
Value :

NavExcel Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{d80c4e21-c346-4e21-8e64-20746aa20aeb}

NavExcel Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{d80c4e21-c346-4e21-8e64-20746aa20aeb}
Value :

NavExcel Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{4d6ced50-d6ae-40da-b87f-235593fc1f28}

NavExcel Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{4d6ced50-d6ae-40da-b87f-235593fc1f28}
Value :

Search Miracle Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{a74cd7dd-ea6f-11d4-abf3-000102378429}

Search Miracle Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{02c20140-76f8-4763-83d5-b660107babcd}

Search Miracle Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{02c20140-76f8-4763-83d5-b660107babcd}
Value :

NavExcel Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-796845957-1708537768-1957994488-500\software\navexcel ltd

Alexa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : MenuText

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : MenuStatusBar

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : Script

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : clsid

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : Icon

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : HotIcon

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : ButtonText

NavExcel Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\navhelper

NavExcel Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\navhelper
Value : DisplayName

NavExcel Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\navhelper
Value : UninstallString

NavExcel Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\navhelper
Value : HelpLink

NavExcel Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\navexcel

NavExcel Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\navexcel search toolbar

NavExcel Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\navexcel search toolbar
Value : DisplayName

NavExcel Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\navexcel search toolbar
Value : UninstallString

NavExcel Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\navexcel search toolbar
Value : NoModify

NavExcel Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\navexcel search toolbar
Value : NoRepair

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-21-796845957-1708537768-1957994488-500\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

NavExcel Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "{5AA06644-BC46-4220-A460-47A6EB47C96D}"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\toolbar
Value : {5AA06644-BC46-4220-A460-47A6EB47C96D}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 51
Objects found so far: 51

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt : v3cab (http://searchmiracle.com/cab/2.cab)

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Possible Browser Hijack attempt : http://searchmiracle.com/cab/2.cab
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Code Store Database\Distribution Units\v3cab

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Possible Browser Hijack attempt : http://searchmiracle.com/cab/2.cab
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Code Store Database\Distribution Units\v3cab
Value :

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Possible Browser Hijack attempt : http://searchmiracle.com/cab/2.cab
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Code Store Database\Distribution Units\v3cab
Value : SystemComponent

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Possible Browser Hijack attempt : http://searchmiracle.com/cab/2.cab
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Code Store Database\Distribution Units\v3cab
Value : Installer

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 55

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:[email protected]/
Expires : 03-05-2073 19:35:42
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrador@versiontracker[2].txt
Category : Data Miner
Comment : Hits:8
Value : Cookie:[email protected]/
Expires : 15-04-2007 16:20:02
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrador@cgi-bin[2].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:[email protected]/cgi-bin
Expires : 13-04-2015 16:21:34
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrador@tribalfusion[2].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/
Expires : 01-01-2038 2:00:00
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrador@bluestreak[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 13-04-2015 12:16:32
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrador@atdmt[2].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 14-04-2010 2:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrador@adtech[3].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/
Expires : 13-04-2015 16:17:38
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:[email protected]/
Expires : 22-04-2005 16:25:24
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrador@doubleclick[2].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/
Expires : 14-04-2008 16:20:14
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:7
Value : Cookie:[email protected]/
Expires : 15-04-2006 16:17:54
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrador\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrador\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrador\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrador@adserver[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrador\Cookies\administrador@adserver[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrador@adserver[3].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrador\Cookies\administrador@adserver[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrador@adtech[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrador\Cookies\administrador@adtech[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrador@advertising[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrador\Cookies\administrador@advertising[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrador@atdmt[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrador\Cookies\administrador@atdmt[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrador@bfast[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrador\Cookies\administrador@bfast[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrador@bravenet[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrador\Cookies\administrador@bravenet[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrador@centrport[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrador\Cookies\administrador@centrport[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrador\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrador@doubleclick[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrador\Cookies\administrador@doubleclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrador\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrador\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrador\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrador\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrador\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrador@fastclick[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrador\Cookies\administrador@fastclick[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrador@hitbox[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrador\Cookies\administrador@hitbox[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrador@internetfuel[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrador\Cookies\administrador@internetfuel[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrador@linksynergy[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrador\Cookies\administrador@linksynergy[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrador@mediaplex[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrador\Cookies\administrador@mediaplex[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrador\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrador@qksrv[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrador\Cookies\administrador@qksrv[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrador\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrador@targetnet[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrador\Cookies\administrador@targetnet[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrador@tradedoubler[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrador\Cookies\administrador@tradedoubler[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrador@valueclick[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrador\Cookies\administrador@valueclick[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrador@weborama[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrador\Cookies\administrador@weborama[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrador\Cookies\[email protected][1].txt

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 41
Objects found so far: 96

Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 96

Disk Scan Result for C:\WINDOWS\System32
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 96

Disk Scan Result for C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 96

Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 96

MRU List Object Recognized!
Location: : S-1-5-21-796845957-1708537768-1957994488-500\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint

MRU List Object Recognized!
Location: : S-1-5-21-796845957-1708537768-1957994488-500\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant

MRU List Object Recognized!
Location: : S-1-5-21-796845957-1708537768-1957994488-500\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension

MRU List Object Recognized!
Location: : S-1-5-21-796845957-1708537768-1957994488-500\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened

MRU List Object Recognized!
Location: : S-1-5-21-796845957-1708537768-1957994488-500\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened

MRU List Object Recognized!
Location: : S-1-5-21-796845957-1708537768-1957994488-500\software\microsoft\office\10.0\excel\recent files
Description : list of recent files used by microsoft excel

MRU List Object Recognized!
Location: : S-1-5-21-796845957-1708537768-1957994488-500\software\microsoft\office\10.0\powerpoint\recent file list
Description : list of recent files used by microsoft powerpoint

MRU List Object Recognized!
Location: : S-1-5-21-796845957-1708537768-1957994488-500\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-21-796845957-1708537768-1957994488-500\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer

MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw

MRU List Object Recognized!
Location: : S-1-5-21-796845957-1708537768-1957994488-500\software\ahead\nero - burning rom\recent file list
Description : list of recently used files in nero burning rom

MRU List Object Recognized!
Location: : S-1-5-21-796845957-1708537768-1957994488-500\software\microsoft\office\10.0\common\general
Description : list of recently used symbols in microsoft office

MRU List Object Recognized!
Location: : S-1-5-21-796845957-1708537768-1957994488-500\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer

MRU List Object Recognized!
Location: : S-1-5-21-796845957-1708537768-1957994488-500\software\adobe\acrobat reader\5.0\avgeneral\crecentfiles
Description : list of recently used files in adobe reader

MRU List Object Recognized!
Location: : S-1-5-21-796845957-1708537768-1957994488-500\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d

MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-19\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-20\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-21-796845957-1708537768-1957994488-500\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X

MRU List Object Recognized!
Location: : S-1-5-21-796845957-1708537768-1957994488-500\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history

MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

MRU List Object Recognized!
Location: : S-1-5-21-796845957-1708537768-1957994488-500\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Elitum.ElitebarBHO Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\elitum

NavExcel Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment

jl · « **Respuesta #3 en:** 15 de Abril de 2005, 07:36:58 pm »

Me gustaria comentar que he arreglado algo la cosa. Agradezco tu ayuda.

jl · « **Respuesta #4 en:** 15 de Abril de 2005, 07:39:10 pm »

Pero me sigue apareciendo una cookie que no me la localiza ni el ad-aware SE 1,05 ni el Spyboot, asi como el antivirus. Sabes como podría localizar los virus restantes que se han quedado colgando.
Gracias.

destroyer · « **Respuesta #5 en:** 15 de Abril de 2005, 07:40:44 pm »

Hola:
Pues si has puesto en cuarentena lo que te mostraba anteriormente , vaciado temporales y eliminado las cookies, vuelve a hacer otro scan y cuelgas nuevamente el log a ver si puede comentarte algo sobre él, Fats o algun compañero..
No esatría de mas que hicieses un escaneo con algun antivirus online..
En ESTE ENLACE tienes varios..

Un saludo

Danae · « **Respuesta #6 en:** 15 de Abril de 2005, 07:47:36 pm »

El navexcel search toolbar, desde agregar o quitar programas lo puedes desinstalar, supongo que usas Ares,y te lo ha colado.

Para el resto, seguimos investigando

jl · « **Respuesta #7 en:** 15 de Abril de 2005, 11:57:11 pm »

Hola,
No me ha dejado el sistema quitar el NavExcel, no se porque, eso que es un archivo que unicamente se puede quitar.
He vuelto a hacer scan al sistema a traves de Ad-aware y he encontrado un troyano, luego he encontrado otro virus a traves del spybot de diferente tipo.
He removido todos los virus, no se si asi he podido cargarme algun fichero de importancia dado que algunos estaban en ficheros ejecutables.
Ahora, como se puede terminar con un troyano? Cuando esta dando sus ultimos coletazos. Gracias.

Noticias:

Autor Tema: No se como quitarme unos troyanos de encima, podeis ayudarme (Leído 4427 veces)