SEGURIDAD INFORMATICA, Firewall, parches, vacunas, antivirus, anti troyanos, spyware etc > Seguridad Informatica - Firewall - Virus - Troyanos - Spyware - Ad Aware - Malware
trojan-spy.html.smitfraud.c ?
FatsGordon:
Sip, fijate lo que dice destroyer, por las dudas, pero el log aparece limpio. :D
Mi cabeza no es lo que era... Debería haber empezado por el Ad-Aware desde un principio y nos ahorrábamos mucho tiempo...
Mis sinceras disculpas! :oops:
FatsGordon:
Por curiosidad quisiera ver el log del Ad-Aware. Abrí el Ad-Aware, hacé click en el icono del engranaje y ahí en General Settings dice Write logfiles to:. Ahí está el lugar en tu disco donde se guardan los logs. Buscalo, abrilo, copialo y pegalo aquí. Tal vez necesites de más de una vez para pegarlo completo, pero te lo voy a agradecer.
Es más, de ese análisis puede que surja la necesidad de un nuevo log.
cherry09:
Hola, aqui está el log del ultimo escaneo con el ad aware:
ahh y a lo que dijo destroyer, no tengo ningun ISearch o Desktop search en Agregar/quitar programas :S...
Ad-Aware SE Build 1.06r1
Logfile Created on:viernes, 10 de junio de 2005 22:28:33
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R49 31.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):8 total references
Tracking Cookie(TAC index:3):5 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
10-06-2005 22:28:39 - Scan started. (Smart mode)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 444
ThreadCreationTime : 10-06-2005 18:32:28
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 500
ThreadCreationTime : 10-06-2005 18:32:29
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 524
ThreadCreationTime : 10-06-2005 18:32:30
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 568
ThreadCreationTime : 10-06-2005 18:32:31
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Aplicación de servicios y controlador
InternalName : services.exe
LegalCopyright : Copyright (C) Microsoft Corporation. Reservados todos los derechos.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 580
ThreadCreationTime : 10-06-2005 18:32:31
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 748
ThreadCreationTime : 10-06-2005 18:32:32
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 820
ThreadCreationTime : 10-06-2005 18:32:32
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 948
ThreadCreationTime : 10-06-2005 18:32:33
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 964
ThreadCreationTime : 10-06-2005 18:32:33
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [lexbces.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1080
ThreadCreationTime : 10-06-2005 18:32:33
BasePriority : Normal
FileVersion : 9.37
ProductVersion : 9.37
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : (C) 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LexBceS.exe
#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1104
ThreadCreationTime : 10-06-2005 18:32:34
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:12 [lexpps.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1140
ThreadCreationTime : 10-06-2005 18:32:34
BasePriority : Normal
FileVersion : 9.37
ProductVersion : 9.37
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : (C) 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)
#:13 [apache.exe]
FilePath : C:\AppServ\Apache\
ProcessID : 1276
ThreadCreationTime : 10-06-2005 18:32:37
BasePriority : Normal
#:14 [apache.exe]
FilePath : C:\AppServ\Apache\
ProcessID : 1336
ThreadCreationTime : 10-06-2005 18:32:37
BasePriority : Normal
#:15 [mysqld-nt.exe]
FilePath : C:\AppServ\mysql\bin\
ProcessID : 1364
ThreadCreationTime : 10-06-2005 18:32:43
BasePriority : Normal
#:16 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1680
ThreadCreationTime : 10-06-2005 18:32:43
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:17 [wdfmgr.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1712
ThreadCreationTime : 10-06-2005 18:32:44
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe
#:18 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 792
ThreadCreationTime : 10-06-2005 18:34:15
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Explorador de Windows
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Reservados todos los derechos.
OriginalFilename : EXPLORER.EXE
#:19 [jusched.exe]
FilePath : C:\Archivos de programa\Java\jre1.5.0_01\bin\
ProcessID : 1248
ThreadCreationTime : 10-06-2005 18:34:37
BasePriority : Normal
#:20 [msmsgs.exe]
FilePath : C:\Archivos de programa\Messenger\
ProcessID : 1612
ThreadCreationTime : 10-06-2005 18:34:44
BasePriority : Normal
FileVersion : 4.7.2010
ProductVersion : Version 4.7
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
LegalCopyright : Copyright (c) Microsoft Corporation 1997-2003
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe
#:21 [wuauclt.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1644
ThreadCreationTime : 10-06-2005 18:34:47
BasePriority : Normal
FileVersion : 5.4.2600.0 (XPClient.010817-1148)
ProductVersion : 5.4.2600.0
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Cliente de actualización automática de Windows Update
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. Reservados todos los derechos.
OriginalFilename : wuauclt.exe
#:22 [quiencierrayabre.exe]
FilePath : C:\Documents and Settings\Sarahí\Escritorio\
ProcessID : 3532
ThreadCreationTime : 10-06-2005 19:41:02
BasePriority : Normal
FileVersion : 1.01
ProductVersion : 1.01
ProductName : UserHasLeftOrJoined
CompanyName : PortalMes.CO
InternalName : userhasjoinedorleft
OriginalFilename : userhasjoinedorleft.exe
Comments : ecko_complex
#:23 [iexplore.exe]
FilePath : C:\Archivos de programa\Internet Explorer\
ProcessID : 3136
ThreadCreationTime : 10-06-2005 21:29:33
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. Reservados todos los derechos.
OriginalFilename : IEXPLORE.EXE
#:24 [msnmsgr.exe]
FilePath : C:\Archivos de programa\MSN Messenger\
ProcessID : 1600
ThreadCreationTime : 11-06-2005 0:31:21
BasePriority : Normal
FileVersion : 7.0.0813
ProductVersion : 7.0.0813
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright (c) Microsoft Corporation 1997-2005
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe
#:25 [ad-aware.exe]
FilePath : C:\Archivos de programa\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3572
ThreadCreationTime : 11-06-2005 2:41:27
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
#:26 [winamp.exe]
FilePath : C:\Archivos de programa\Winamp\
ProcessID : 2296
ThreadCreationTime : 11-06-2005 5:27:12
BasePriority : Normal
FileVersion : 5.092
ProductVersion : 5.092
ProductName : Winamp
CompanyName : Nullsoft
FileDescription : Winamp
InternalName : WINAMP
LegalCopyright : Copyright © 1997-2005, Nullsoft, Inc.
LegalTrademarks : Nullsoft and Winamp are trademarks of Nullsoft, Inc.
OriginalFilename : Winamp.exe
Comments : Visit http://www.winamp.com/ for updates.
#:27 [firefox.exe]
FilePath : C:\Archivos de programa\Mozilla Firefox\
ProcessID : 2720
ThreadCreationTime : 11-06-2005 5:27:36
BasePriority : Normal
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sarahí@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:sarahí@doubleclick.net/
Expires : 07-06-2008 21:55:34
LastSync : Hits:6
UseCount : 0
Hits : 6
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sarahí@ehg-quepasacorp.hitbox[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:15
Value : Cookie:sarahí@ehg-quepasacorp.hitbox.com/
Expires : 10-06-2006 16:22:22
LastSync : Hits:15
UseCount : 0
Hits : 15
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sarahí@hitbox[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:30
Value : Cookie:sarahí@hitbox.com/
Expires : 10-06-2006 16:22:22
LastSync : Hits:30
UseCount : 0
Hits : 30
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sarahí@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:23
Value : Cookie:sarahí@atdmt.com/
Expires : 07-06-2010 17:00:00
LastSync : Hits:23
UseCount : 0
Hits : 23
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sarahí@overture[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:sarahí@overture.com/
Expires : 07-06-2015 18:39:56
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 5
Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5
Disk Scan Result for C:\WINDOWS\System32
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5
Disk Scan Result for C:\DOCUME~1\SARAH~1\CONFIG~1\Temp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 5
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-823518204-1957994488-1591305731-1003\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-823518204-1957994488-1591305731-1003\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint
MRU List Object Recognized!
Location: : S-1-5-21-823518204-1957994488-1591305731-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-823518204-1957994488-1591305731-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-823518204-1957994488-1591305731-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-823518204-1957994488-1591305731-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-21-823518204-1957994488-1591305731-1003\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13
22:38:37 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:09:57.970
Objects scanned:61238
Objects identified:5
Objects ignored:0
New critical objects:5
1 saludo ciao ;D
»‡«§Ã®ÃH뇫
FatsGordon:
Hola, y gracias por el log, que se ve limpio.
Te voy a pedir un favor extra: actualizá el Ad-Aware y correlo en modo Full system scan (el segundo de los dos), así salimos de dudas.
Obviamente si encuentra algo limpialo. Y luego publicá el log resultante.
Muchas gracias!
cherry09:
Hola! perdon por la demora, aqui esta el log de full scan:
Ad-Aware SE Build 1.06r1
Logfile Created on:domingo, 19 de junio de 2005 21:25:41
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R50 13.06.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
AdvertBar(TAC index:5):1 total references
MRU List(TAC index:0):11 total references
Tracking Cookie(TAC index:3):9 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
19-06-2005 21:25:41 - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-823518204-1957994488-1591305731-1003\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-823518204-1957994488-1591305731-1003\software\microsoft\office\9.0\powerpoint\recent file list
Description : list of recent files used by microsoft powerpoint
MRU List Object Recognized!
Location: : S-1-5-21-823518204-1957994488-1591305731-1003\software\microsoft\visual basic\6.0\recentfiles
Description : list of recently used files in microsoft visual basic
MRU List Object Recognized!
Location: : S-1-5-21-823518204-1957994488-1591305731-1003\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint
MRU List Object Recognized!
Location: : S-1-5-21-823518204-1957994488-1591305731-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-823518204-1957994488-1591305731-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-823518204-1957994488-1591305731-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-823518204-1957994488-1591305731-1003\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 388
ThreadCreationTime : 19-06-2005 20:06:04
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 436
ThreadCreationTime : 19-06-2005 20:06:06
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 460
ThreadCreationTime : 19-06-2005 20:06:07
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 504
ThreadCreationTime : 19-06-2005 20:06:07
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Aplicación de servicios y controlador
InternalName : services.exe
LegalCopyright : Copyright (C) Microsoft Corporation. Reservados todos los derechos.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 516
ThreadCreationTime : 19-06-2005 20:06:07
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 684
ThreadCreationTime : 19-06-2005 20:06:08
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 736
ThreadCreationTime : 19-06-2005 20:06:08
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 900
ThreadCreationTime : 19-06-2005 20:06:09
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 928
ThreadCreationTime : 19-06-2005 20:06:10
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [lexbces.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1020
ThreadCreationTime : 19-06-2005 20:06:10
BasePriority : Normal
FileVersion : 9.37
ProductVersion : 9.37
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : (C) 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LexBceS.exe
#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1044
ThreadCreationTime : 19-06-2005 20:06:10
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:12 [lexpps.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1052
ThreadCreationTime : 19-06-2005 20:06:10
BasePriority : Normal
FileVersion : 9.37
ProductVersion : 9.37
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : (C) 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)
#:13 [apache.exe]
FilePath : C:\AppServ\Apache\
ProcessID : 1192
ThreadCreationTime : 19-06-2005 20:06:12
BasePriority : Normal
#:14 [apache.exe]
FilePath : C:\AppServ\Apache\
ProcessID : 1260
ThreadCreationTime : 19-06-2005 20:06:13
BasePriority : Normal
#:15 [mysqld-nt.exe]
FilePath : C:\AppServ\mysql\bin\
ProcessID : 1284
ThreadCreationTime : 19-06-2005 20:06:18
BasePriority : Normal
#:16 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1580
ThreadCreationTime : 19-06-2005 20:06:18
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:17 [wdfmgr.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1624
ThreadCreationTime : 19-06-2005 20:06:19
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe
#:18 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1292
ThreadCreationTime : 19-06-2005 21:05:13
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Explorador de Windows
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Reservados todos los derechos.
OriginalFilename : EXPLORER.EXE
#:19 [jusched.exe]
FilePath : C:\Archivos de programa\Java\jre1.5.0_01\bin\
ProcessID : 1780
ThreadCreationTime : 19-06-2005 21:05:15
BasePriority : Normal
#:20 [msmsgs.exe]
FilePath : C:\Archivos de programa\Messenger\
ProcessID : 1912
ThreadCreationTime : 19-06-2005 21:05:16
BasePriority : Normal
FileVersion : 4.7.2010
ProductVersion : Version 4.7
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
LegalCopyright : Copyright (c) Microsoft Corporation 1997-2003
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe
#:21 [msnmsgr.exe]
FilePath : C:\Archivos de programa\MSN Messenger\
ProcessID : 148
ThreadCreationTime : 19-06-2005 21:05:17
BasePriority : Normal
FileVersion : 7.0.0813
ProductVersion : 7.0.0813
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright (c) Microsoft Corporation 1997-2005
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe
#:22 [wuauclt.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2176
ThreadCreationTime : 19-06-2005 21:06:02
BasePriority : Normal
FileVersion : 5.4.2600.0 (XPClient.010817-1148)
ProductVersion : 5.4.2600.0
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Cliente de actualización automática de Windows Update
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. Reservados todos los derechos.
OriginalFilename : wuauclt.exe
#:23 [winamp.exe]
FilePath : C:\Archivos de programa\Winamp\
ProcessID : 348
ThreadCreationTime : 20-06-2005 0:40:10
BasePriority : Normal
FileVersion : 5.092
ProductVersion : 5.092
ProductName : Winamp
CompanyName : Nullsoft
FileDescription : Winamp
InternalName : WINAMP
LegalCopyright : Copyright © 1997-2005, Nullsoft, Inc.
LegalTrademarks : Nullsoft and Winamp are trademarks of Nullsoft, Inc.
OriginalFilename : Winamp.exe
Comments : Visit http://www.winamp.com/ for updates.
#:24 [firefox.exe]
FilePath : C:\Archivos de programa\Mozilla Firefox\
ProcessID : 408
ThreadCreationTime : 20-06-2005 4:22:04
BasePriority : Normal
#:25 [ad-aware.exe]
FilePath : C:\Archivos de programa\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2092
ThreadCreationTime : 20-06-2005 4:23:56
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 11
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
AdvertBar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-823518204-1957994488-1591305731-1003\software\adtools, inc.
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 12
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sarahí@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:9
Value : Cookie:sarahí@doubleclick.net/
Expires : 12-06-2008 21:11:42
LastSync : Hits:9
UseCount : 0
Hits : 9
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sarahí@ads.pointroll[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:sarahí@ads.pointroll.com/
Expires : 31-12-2009 17:00:00
LastSync : Hits:5
UseCount : 0
Hits : 5
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sarahí@tribalfusion[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:sarahí@tribalfusion.com/
Expires : 31-12-2037 17:00:00
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sarahí@cgi-bin[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:sarahí@www3.addfreestats.com/cgi-bin
Expires : 27-02-2015 17:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sarahí@bravenet[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:sarahí@bravenet.com/
Expires : 13-06-2015 21:43:12
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sarahí@ehg-quepasacorp.hitbox[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:26
Value : Cookie:sarahí@ehg-quepasacorp.hitbox.com/
Expires : 17-06-2006 14:13:32
LastSync : Hits:26
UseCount : 0
Hits : 26
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sarahí@hitbox[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:51
Value : Cookie:sarahí@hitbox.com/
Expires : 17-06-2006 14:13:32
LastSync : Hits:51
UseCount : 0
Hits : 51
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sarahí@statcounter[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:sarahí@statcounter.com/
Expires : 14-06-2010 21:43:10
LastSync : Hits:6
UseCount : 0
Hits : 6
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sarahí@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:45
Value : Cookie:sarahí@atdmt.com/
Expires : 09-06-2010 17:00:00
LastSync : Hits:45
UseCount : 0
Hits : 45
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 9
Objects found so far: 21
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 21
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 21
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 21
21:49:36 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:23:54.523
Objects scanned:92036
Objects identified:10
Objects ignored:0
New critical objects:10
Navegación
[#] Página Siguiente
[*] Página Anterior
Ir a la versión completa