Autor Tema: trojan-spy.html.smitfraud.c ? (Leído 9074 veces)

FatsGordon · « **Respuesta #10 en:** 09 de Junio de 2005, 04:41:07 pm »

Sip, fijate lo que dice destroyer, por las dudas, pero el log aparece limpio. :D

Mi cabeza no es lo que era... Debería haber empezado por el Ad-Aware desde un principio y nos ahorrábamos mucho tiempo...

Mis sinceras disculpas! :oops:

FatsGordon · « **Respuesta #11 en:** 09 de Junio de 2005, 04:47:32 pm »

Por curiosidad quisiera ver el log del Ad-Aware. Abrí el Ad-Aware, hacé click en el icono del engranaje y ahí en General Settings dice Write logfiles to:. Ahí está el lugar en tu disco donde se guardan los logs. Buscalo, abrilo, copialo y pegalo aquí. Tal vez necesites de más de una vez para pegarlo completo, pero te lo voy a agradecer.

Es más, de ese análisis puede que surja la necesidad de un nuevo log.

cherry09 · « **Respuesta #12 en:** 11 de Junio de 2005, 07:46:52 am »

Hola, aqui está el log del ultimo escaneo con el ad aware:
ahh y a lo que dijo destroyer, no tengo ningun ISearch o Desktop search en Agregar/quitar programas :S...

Ad-Aware SE Build 1.06r1
Logfile Created on:viernes, 10 de junio de 2005 22:28:33
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R49 31.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):8 total references
Tracking Cookie(TAC index:3):5 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects

10-06-2005 22:28:39 - Scan started. (Smart mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 444
ThreadCreationTime : 10-06-2005 18:32:28
BasePriority : Normal

#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 500
ThreadCreationTime : 10-06-2005 18:32:29
BasePriority : Normal

#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 524
ThreadCreationTime : 10-06-2005 18:32:30
BasePriority : High

#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 568
ThreadCreationTime : 10-06-2005 18:32:31
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Aplicación de servicios y controlador
InternalName : services.exe
LegalCopyright : Copyright (C) Microsoft Corporation. Reservados todos los derechos.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 580
ThreadCreationTime : 10-06-2005 18:32:31
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 748
ThreadCreationTime : 10-06-2005 18:32:32
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 820
ThreadCreationTime : 10-06-2005 18:32:32
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 948
ThreadCreationTime : 10-06-2005 18:32:33
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 964
ThreadCreationTime : 10-06-2005 18:32:33
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [lexbces.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1080
ThreadCreationTime : 10-06-2005 18:32:33
BasePriority : Normal
FileVersion : 9.37
ProductVersion : 9.37
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : (C) 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1104
ThreadCreationTime : 10-06-2005 18:32:34
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [lexpps.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1140
ThreadCreationTime : 10-06-2005 18:32:34
BasePriority : Normal
FileVersion : 9.37
ProductVersion : 9.37
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : (C) 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)

#:13 [apache.exe]
FilePath : C:\AppServ\Apache\
ProcessID : 1276
ThreadCreationTime : 10-06-2005 18:32:37
BasePriority : Normal

#:14 [apache.exe]
FilePath : C:\AppServ\Apache\
ProcessID : 1336
ThreadCreationTime : 10-06-2005 18:32:37
BasePriority : Normal

#:15 [mysqld-nt.exe]
FilePath : C:\AppServ\mysql\bin\
ProcessID : 1364
ThreadCreationTime : 10-06-2005 18:32:43
BasePriority : Normal

#:16 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1680
ThreadCreationTime : 10-06-2005 18:32:43
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:17 [wdfmgr.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1712
ThreadCreationTime : 10-06-2005 18:32:44
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:18 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 792
ThreadCreationTime : 10-06-2005 18:34:15
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Explorador de Windows
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Reservados todos los derechos.
OriginalFilename : EXPLORER.EXE

#:19 [jusched.exe]
FilePath : C:\Archivos de programa\Java\jre1.5.0_01\bin\
ProcessID : 1248
ThreadCreationTime : 10-06-2005 18:34:37
BasePriority : Normal

#:20 [msmsgs.exe]
FilePath : C:\Archivos de programa\Messenger\
ProcessID : 1612
ThreadCreationTime : 10-06-2005 18:34:44
BasePriority : Normal
FileVersion : 4.7.2010
ProductVersion : Version 4.7
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
LegalCopyright : Copyright (c) Microsoft Corporation 1997-2003
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:21 [wuauclt.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1644
ThreadCreationTime : 10-06-2005 18:34:47
BasePriority : Normal
FileVersion : 5.4.2600.0 (XPClient.010817-1148)
ProductVersion : 5.4.2600.0
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Cliente de actualización automática de Windows Update
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. Reservados todos los derechos.
OriginalFilename : wuauclt.exe

#:22 [quiencierrayabre.exe]
FilePath : C:\Documents and Settings\Sarahí\Escritorio\
ProcessID : 3532
ThreadCreationTime : 10-06-2005 19:41:02
BasePriority : Normal
FileVersion : 1.01
ProductVersion : 1.01
ProductName : UserHasLeftOrJoined
CompanyName : PortalMes.CO
InternalName : userhasjoinedorleft
OriginalFilename : userhasjoinedorleft.exe
Comments : ecko_complex

#:23 [iexplore.exe]
FilePath : C:\Archivos de programa\Internet Explorer\
ProcessID : 3136
ThreadCreationTime : 10-06-2005 21:29:33
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. Reservados todos los derechos.
OriginalFilename : IEXPLORE.EXE

#:24 [msnmsgr.exe]
FilePath : C:\Archivos de programa\MSN Messenger\
ProcessID : 1600
ThreadCreationTime : 11-06-2005 0:31:21
BasePriority : Normal
FileVersion : 7.0.0813
ProductVersion : 7.0.0813
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright (c) Microsoft Corporation 1997-2005
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:25 [ad-aware.exe]
FilePath : C:\Archivos de programa\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3572
ThreadCreationTime : 11-06-2005 2:41:27
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:26 [winamp.exe]
FilePath : C:\Archivos de programa\Winamp\
ProcessID : 2296
ThreadCreationTime : 11-06-2005 5:27:12
BasePriority : Normal
FileVersion : 5.092
ProductVersion : 5.092
ProductName : Winamp
CompanyName : Nullsoft
FileDescription : Winamp
InternalName : WINAMP
LegalCopyright : Copyright © 1997-2005, Nullsoft, Inc.
LegalTrademarks : Nullsoft and Winamp are trademarks of Nullsoft, Inc.
OriginalFilename : Winamp.exe
Comments : Visit http://www.winamp.com/ for updates.

#:27 [firefox.exe]
FilePath : C:\Archivos de programa\Mozilla Firefox\
ProcessID : 2720
ThreadCreationTime : 11-06-2005 5:27:36
BasePriority : Normal

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sarahí@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:sarahí@doubleclick.net/
Expires : 07-06-2008 21:55:34
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sarahí@ehg-quepasacorp.hitbox[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:15
Value : Cookie:sarahí@ehg-quepasacorp.hitbox.com/
Expires : 10-06-2006 16:22:22
LastSync : Hits:15
UseCount : 0
Hits : 15

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sarahí@hitbox[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:30
Value : Cookie:sarahí@hitbox.com/
Expires : 10-06-2006 16:22:22
LastSync : Hits:30
UseCount : 0
Hits : 30

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sarahí@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:23
Value : Cookie:sarahí@atdmt.com/
Expires : 07-06-2010 17:00:00
LastSync : Hits:23
UseCount : 0
Hits : 23

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sarahí@overture[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:sarahí@overture.com/
Expires : 07-06-2015 18:39:56
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 5

Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5

Disk Scan Result for C:\WINDOWS\System32
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5

Disk Scan Result for C:\DOCUME~1\SARAH~1\CONFIG~1\Temp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5

Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 5

MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw

MRU List Object Recognized!
Location: : S-1-5-21-823518204-1957994488-1591305731-1003\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer

MRU List Object Recognized!
Location: : S-1-5-21-823518204-1957994488-1591305731-1003\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint

MRU List Object Recognized!
Location: : S-1-5-21-823518204-1957994488-1591305731-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened

MRU List Object Recognized!
Location: : S-1-5-21-823518204-1957994488-1591305731-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension

MRU List Object Recognized!
Location: : S-1-5-21-823518204-1957994488-1591305731-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened

MRU List Object Recognized!
Location: : S-1-5-21-823518204-1957994488-1591305731-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

MRU List Object Recognized!
Location: : S-1-5-21-823518204-1957994488-1591305731-1003\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13

22:38:37 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:09:57.970
Objects scanned:61238
Objects identified:5
Objects ignored:0
New critical objects:5

1 saludo ciao ;D

»‡«§Ã®ÃHÎ»‡«

FatsGordon · « **Respuesta #13 en:** 14 de Junio de 2005, 06:40:53 pm »

Hola, y gracias por el log, que se ve limpio.

Te voy a pedir un favor extra: actualizá el Ad-Aware y correlo en modo Full system scan (el segundo de los dos), así salimos de dudas.

Obviamente si encuentra algo limpialo. Y luego publicá el log resultante.

Muchas gracias!

cherry09 · « **Respuesta #14 en:** 20 de Junio de 2005, 06:53:25 am »

Hola! perdon por la demora, aqui esta el log de full scan:

Ad-Aware SE Build 1.06r1
Logfile Created on:domingo, 19 de junio de 2005 21:25:41
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R50 13.06.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
AdvertBar(TAC index:5):1 total references
MRU List(TAC index:0):11 total references
Tracking Cookie(TAC index:3):9 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects

19-06-2005 21:25:41 - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X

MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw

MRU List Object Recognized!
Location: : S-1-5-21-823518204-1957994488-1591305731-1003\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer

MRU List Object Recognized!
Location: : S-1-5-21-823518204-1957994488-1591305731-1003\software\microsoft\office\9.0\powerpoint\recent file list
Description : list of recent files used by microsoft powerpoint

MRU List Object Recognized!
Location: : S-1-5-21-823518204-1957994488-1591305731-1003\software\microsoft\visual basic\6.0\recentfiles
Description : list of recently used files in microsoft visual basic

MRU List Object Recognized!
Location: : S-1-5-21-823518204-1957994488-1591305731-1003\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint

MRU List Object Recognized!
Location: : S-1-5-21-823518204-1957994488-1591305731-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened

MRU List Object Recognized!
Location: : S-1-5-21-823518204-1957994488-1591305731-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension

MRU List Object Recognized!
Location: : S-1-5-21-823518204-1957994488-1591305731-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened

MRU List Object Recognized!
Location: : S-1-5-21-823518204-1957994488-1591305731-1003\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 388
ThreadCreationTime : 19-06-2005 20:06:04
BasePriority : Normal

#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 436
ThreadCreationTime : 19-06-2005 20:06:06
BasePriority : Normal

#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 460
ThreadCreationTime : 19-06-2005 20:06:07
BasePriority : High

#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 504
ThreadCreationTime : 19-06-2005 20:06:07
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Aplicación de servicios y controlador
InternalName : services.exe
LegalCopyright : Copyright (C) Microsoft Corporation. Reservados todos los derechos.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 516
ThreadCreationTime : 19-06-2005 20:06:07
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 684
ThreadCreationTime : 19-06-2005 20:06:08
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 736
ThreadCreationTime : 19-06-2005 20:06:08
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 900
ThreadCreationTime : 19-06-2005 20:06:09
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 928
ThreadCreationTime : 19-06-2005 20:06:10
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [lexbces.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1020
ThreadCreationTime : 19-06-2005 20:06:10
BasePriority : Normal
FileVersion : 9.37
ProductVersion : 9.37
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : (C) 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1044
ThreadCreationTime : 19-06-2005 20:06:10
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [lexpps.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1052
ThreadCreationTime : 19-06-2005 20:06:10
BasePriority : Normal
FileVersion : 9.37
ProductVersion : 9.37
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : (C) 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)

#:13 [apache.exe]
FilePath : C:\AppServ\Apache\
ProcessID : 1192
ThreadCreationTime : 19-06-2005 20:06:12
BasePriority : Normal

#:14 [apache.exe]
FilePath : C:\AppServ\Apache\
ProcessID : 1260
ThreadCreationTime : 19-06-2005 20:06:13
BasePriority : Normal

#:15 [mysqld-nt.exe]
FilePath : C:\AppServ\mysql\bin\
ProcessID : 1284
ThreadCreationTime : 19-06-2005 20:06:18
BasePriority : Normal

#:16 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1580
ThreadCreationTime : 19-06-2005 20:06:18
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:17 [wdfmgr.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1624
ThreadCreationTime : 19-06-2005 20:06:19
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:18 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1292
ThreadCreationTime : 19-06-2005 21:05:13
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Explorador de Windows
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Reservados todos los derechos.
OriginalFilename : EXPLORER.EXE

#:19 [jusched.exe]
FilePath : C:\Archivos de programa\Java\jre1.5.0_01\bin\
ProcessID : 1780
ThreadCreationTime : 19-06-2005 21:05:15
BasePriority : Normal

#:20 [msmsgs.exe]
FilePath : C:\Archivos de programa\Messenger\
ProcessID : 1912
ThreadCreationTime : 19-06-2005 21:05:16
BasePriority : Normal
FileVersion : 4.7.2010
ProductVersion : Version 4.7
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
LegalCopyright : Copyright (c) Microsoft Corporation 1997-2003
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:21 [msnmsgr.exe]
FilePath : C:\Archivos de programa\MSN Messenger\
ProcessID : 148
ThreadCreationTime : 19-06-2005 21:05:17
BasePriority : Normal
FileVersion : 7.0.0813
ProductVersion : 7.0.0813
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright (c) Microsoft Corporation 1997-2005
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:22 [wuauclt.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2176
ThreadCreationTime : 19-06-2005 21:06:02
BasePriority : Normal
FileVersion : 5.4.2600.0 (XPClient.010817-1148)
ProductVersion : 5.4.2600.0
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Cliente de actualización automática de Windows Update
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. Reservados todos los derechos.
OriginalFilename : wuauclt.exe

#:23 [winamp.exe]
FilePath : C:\Archivos de programa\Winamp\
ProcessID : 348
ThreadCreationTime : 20-06-2005 0:40:10
BasePriority : Normal
FileVersion : 5.092
ProductVersion : 5.092
ProductName : Winamp
CompanyName : Nullsoft
FileDescription : Winamp
InternalName : WINAMP
LegalCopyright : Copyright © 1997-2005, Nullsoft, Inc.
LegalTrademarks : Nullsoft and Winamp are trademarks of Nullsoft, Inc.
OriginalFilename : Winamp.exe
Comments : Visit http://www.winamp.com/ for updates.

#:24 [firefox.exe]
FilePath : C:\Archivos de programa\Mozilla Firefox\
ProcessID : 408
ThreadCreationTime : 20-06-2005 4:22:04
BasePriority : Normal

#:25 [ad-aware.exe]
FilePath : C:\Archivos de programa\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2092
ThreadCreationTime : 20-06-2005 4:23:56
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 11

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

AdvertBar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-823518204-1957994488-1591305731-1003\software\adtools, inc.

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 12

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sarahí@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:9
Value : Cookie:sarahí@doubleclick.net/
Expires : 12-06-2008 21:11:42
LastSync : Hits:9
UseCount : 0
Hits : 9

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sarahí@ads.pointroll[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:sarahí@ads.pointroll.com/
Expires : 31-12-2009 17:00:00
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sarahí@tribalfusion[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:sarahí@tribalfusion.com/
Expires : 31-12-2037 17:00:00
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sarahí@cgi-bin[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:sarahí@www3.addfreestats.com/cgi-bin
Expires : 27-02-2015 17:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sarahí@bravenet[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:sarahí@bravenet.com/
Expires : 13-06-2015 21:43:12
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sarahí@ehg-quepasacorp.hitbox[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:26
Value : Cookie:sarahí@ehg-quepasacorp.hitbox.com/
Expires : 17-06-2006 14:13:32
LastSync : Hits:26
UseCount : 0
Hits : 26

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sarahí@hitbox[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:51
Value : Cookie:sarahí@hitbox.com/
Expires : 17-06-2006 14:13:32
LastSync : Hits:51
UseCount : 0
Hits : 51

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sarahí@statcounter[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:sarahí@statcounter.com/
Expires : 14-06-2010 21:43:10
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sarahí@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:45
Value : Cookie:sarahí@atdmt.com/
Expires : 09-06-2010 17:00:00
LastSync : Hits:45
UseCount : 0
Hits : 45

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 9
Objects found so far: 21

Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 21

Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 21

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 21

21:49:36 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:23:54.523
Objects scanned:92036
Objects identified:10
Objects ignored:0
New critical objects:10

FatsGordon · « **Respuesta #15 en:** 21 de Junio de 2005, 06:19:37 pm »

Lo único realmente preocupante (y ni siquiera) es:

Citar

AdvertBar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-823518204-1957994488-1591305731-1003\software\adtools, inc.

Si lo eliminaste, ya estaría.

¿Cómo está tu máquina ahora?

FatsGordon · « **Respuesta #16 en:** 22 de Junio de 2005, 10:25:43 pm »

Y otra preguntita: ¿el fondo sigue siendo el mismo de antes o pudiste cambiarlo?

Noticias:

Autor Tema: trojan-spy.html.smitfraud.c ? (Leído 9074 veces)