Problemas con WebDialer

talgo

Member
Mensajes: 124

Problemas con WebDialer

« en: 04 de Junio de 2004, 04:13:23 pm »

Hola, llevo tres dias intentando solucionar este problema.

Desde hace tres dias que al abrir segun que paginas de internet se direccionan hacia una direccion porno (cada vez a una diferente) y ya no se como solucionarlo.

El tema del formateo preferiria dejarlo como ultimo recurso ya que tengo muchos datos y dispersos en el ordenador y, la verdad me causaria un transtorno importante.

El problema se inicio cuando en una conversacion por MSN uno de los participantes puso un enlace, resultando ser un enlace a una pagina de enlaces porno. Por curiosidad abri un par de ellas y alli empezo mi clavario.

Tengo el Adware 6.181 y detecta que tengo varios robots espia y miners y cosas de esas, que siempre me habia limpiado sin problemas.

Tambien tengo instalado el Spybot - Search & Destroy, y este me detecta el WebDialer y algun programa mas (alguno con mas de 6 entradas al registro). Cuando finaliza elk escaneo le doy a solucionar problemas, me da como que esta resuelto y cuando entro de nuevo en internert estan otra vez alli.

A partir de ese dia limpia todo pero se vuelve a instalar sin saber porque.

He intentado borarlo desde instalar y desintalar progrmas pero no veo ninguno raro.
He probado de borrar las claves que pone el Spybot directamente desde el registro (jugandomela, porque entiendo muy poco de informatica).
He probado de buscar por todos los archivos manualmente, uno a uno y tampoco me suenan ninguno (todos me suenan a chino).

Ya no se que hacer, probare de enviaros el Log del Adware aver si vosotros veis algo que pueda ayudarme.

Gracias de antemano.

Saludos

En línea

http://talgopesca.webcindario.com
Casi todos los enlaces relacionados con el mundo de la pesca y mas. (En constante renovacion)

http://www.Elanzuelo.es
El mejor foro de pesca Mar-Costa y Lance Pesado de la actualidad

FatsGordon

Pro Member
Mensajes: 815

Problemas con WebDialer

« Respuesta #1 en: 04 de Junio de 2004, 06:15:23 pm »

Hola talgo, y bienvenido al foro!

Por favor, reiniciá tu máquina y tan luego como ha levantado realizá un escaneo FULL con Ad-aware (con la segunda opción, Custom en la versión en inglés) verificando ANTES que:

1- Tengas el último archivo de referencia (el de hoy es 01R314)

2- Tengas todos los seteos como dice en http://www.daboweb.com/phpBB2/viewtopic.php?t=2443

Luego de finalizado, eliminá todo lo que encuentre. Cerrá el Ad-aware y volvé a reiniciar, pero esta vez en modo A prueba de fallos (con F8 cuando se reinicia). Volvé a escanear, volvé a eliminar, y reiniciá en modo normal. Luego realizá un tercer escaneo (siempre FULL) y publicá ese log aquí.

Puede que la publicación del log te lleve más de una vez. Fijate siempre que lo publicado haya llegado hasta Sumario. Si no es así, continuá publicando desde donde terminó hasta el final.

Muchas gracias!

En línea

http://ar.mensa.org/images/logo_phpBB.gifMensa Arg
Miembro de http://maddoktor2.com/images/asap_sm.jpg

talgo

Member
Mensajes: 124

Problemas con WebDialer

« Respuesta #2 en: 04 de Junio de 2004, 08:38:31 pm »

Empecemos por el principio:

Cuando reincie en MODO A PRUEBA DE FALLOS no me detecto nada

sin encambio al reinciiar en normal me salieron 9 entradas (mientras escaneaba en normal estab con el MSN, y mirando 2 paginas)

este es el log

Lavasoft Ad-aware Personal Build 6.181
Logfile created on :viernes, 04 de junio de 2004 20:07:59
Created with Ad-aware Personal, free for private use.
Using reference-file :01R314 02.06.2004
______________________________________________________

Reffile status:
=========================
Reference file loaded:
Reference Number : 01R314 02.06.2004
Internal build : 246
File location : C:\Archivos de programa\Lavasoft\Ad-aware 6
\reflist.ref
Total size : 1201492 Bytes
Signature data size : 1181377 Bytes
Reference data size : 20051 Bytes
Signatures total : 26331
Target categories : 10
Target families : 491

Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:42 %
Total physical memory:523760 kb
Available physical memory:215764 kb
Total page file size:1280520 kb
Available on page file:1015588 kb
Total virtual memory:2097024 kb
Available virtual memory:2047628 kb
OS:

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-aware Settings
=========================
Set : Unload recognized processes during scanning
Set : Reanalyze result after scanning, before displaying result list
Set : Run scan as background process (Low CPU usage)
Set : Include basic Ad-aware settings in logfile
Set : Include additional Ad-aware settings in logfile
Set : Let windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Always back up reference file, before updating
Set : Play sound if scan produced a result

04/06/2004 20:07:59 - Scan started. (Custom mode)

Listing running processes
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 04/06/2004 18:06:29
BasePriority : Normal

#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 04/06/2004 18:06:31
BasePriority : High

#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 04/06/2004 18:06:32
BasePriority : Normal
FileSize : 99 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
Copyright : Copyright (C) Microsoft Corporation. Reservados todos los derechos.
CompanyName : Microsoft Corporation
FileDescription : Aplicaci
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Sistema operativo Microsoft
Created on : 24/08/2001 16:00:00
Last accessed : 04/06/2004 17:09:36
Last modified : 24/08/2001 16:00:00

#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 04/06/2004 18:06:32
BasePriority : Normal
FileSize : 11 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft
Created on : 09/09/2002 17:51:32
Last accessed : 04/06/2004 17:09:36
Last modified : 09/09/2002 17:51:32

#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 04/06/2004 18:06:33
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 24/08/2001 16:00:00
Last accessed : 04/06/2004 17:26:06
Last modified : 24/08/2001 16:00:00

#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 04/06/2004 18:06:33
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 24/08/2001 16:00:00
Last accessed : 04/06/2004 17:26:06
Last modified : 24/08/2001 16:00:00

#:7 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 04/06/2004 18:06:36
BasePriority : Normal
FileSize : 50 KB
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft
Created on : 24/08/2001 16:00:00
Last accessed : 04/06/2004 17:09:36
Last modified : 24/08/2001 16:00:00

#:8 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 04/06/2004 18:06:36
BasePriority : Normal
FileSize : 983 KB
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Explorador de Windows
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Sistema operativo Microsoft
Created on : 09/09/2002 17:51:28
Last accessed : 04/06/2004 18:06:58
Last modified : 09/09/2002 17:51:28

#:9 [hpqcmon.exe]
FilePath : C:\Archivos de programa\Hewlett-Packard\Digital Imaging\Unload\
ThreadCreationTime : 04/06/2004 18:06:39
BasePriority : Normal
FileSize : 88 KB
FileVersion : 2.0.0.133
ProductVersion : 2.0.0.133
Copyright : Copyright (C) 2001
FileDescription : HpqCmon MFC Application
InternalName : HpqCmon
OriginalFilename : HpqCmon.EXE
ProductName : HpqCmon Application
Created on : 06/10/2002 22:23:20
Last accessed : 04/06/2004 18:06:29
Last modified : 06/10/2002 22:23:20

#:10 [hpgs2wnd.exe]
FilePath : C:\Archivos de programa\Hewlett-Packard\HP Share-to-Web\
ThreadCreationTime : 04/06/2004 18:06:39
BasePriority : Normal
FileSize : 68 KB
FileVersion : 2,3,0,0\
ProductVersion : 2,3,0,0\
Copyright : Copyright
CompanyName : Hewlett-Packard
FileDescription : hpgs2wnd
InternalName : hpgs2wnd
OriginalFilename : hpgs2wnd.exe
ProductName : Hewlett-Packard hpgs2wnd
Created on : 17/04/2002 8:42:56
Last accessed : 04/06/2004 18:06:29
Last modified : 17/04/2002 8:42:56

#:11 [clonecdtray.exe]
FilePath : C:\Archivos de programa\Elaborate Bytes\CloneCD\
ThreadCreationTime : 04/06/2004 18:06:39
BasePriority : Normal
FileSize : 72 KB
FileVersion : 4, 2, 0, 0
ProductVersion : 4, 2, 0, 0
Copyright : Copyright
CompanyName : Elaborate Bytes AG
FileDescription : CloneCD Tray
InternalName : CloneCDTray
OriginalFilename : CloneCDTray.exe
ProductName : CloneCD
Created on : 02/12/2002 14:17:37
Last accessed : 04/06/2004 18:07:03
Last modified : 02/12/2002 14:17:37

#:12 [qttask.exe]
FilePath : C:\Archivos de programa\QuickTime\
ThreadCreationTime : 04/06/2004 18:06:40
BasePriority : Normal
FileSize : 76 KB
FileVersion : 6.1c
ProductVersion : QuickTime 6.1c
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
OriginalFilename : QTTask.exe
ProductName : QuickTime
Created on : 29/06/2003 18:13:55
Last accessed : 04/06/2004 18:06:29
Last modified : 29/06/2003 18:13:55

#:13 [lvcoms.exe]
FilePath : C:\Archivos de programa\Archivos comunes\Logitech\QCDriver3\
ThreadCreationTime : 04/06/2004 18:06:40
BasePriority : Normal
FileSize : 124 KB
FileVersion : 7.3.0.1113
ProductVersion : 7.3.0.1113
Copyright : (c) 1996-2002 Logitech. All rights reserved.
CompanyName : Logitech Inc.
FileDescription : LVCom Server
InternalName : LVComS.exe
OriginalFilename : LVComS.exe
ProductName : Logitech ImageStudio
Created on : 25/12/2003 14:40:01
Last accessed : 04/06/2004 18:06:29
Last modified : 10/12/2002 16:54:04

#:14 [logitray.exe]
FilePath : C:\Archivos de programa\Logitech\ImageStudio\
ThreadCreationTime : 04/06/2004 18:06:40
BasePriority : Normal
FileSize : 60 KB
FileVersion : 7.3.0.1113
ProductVersion : 7.3.0.1113
Copyright : (c) 1996-2002 Logitech. All rights reserved.
CompanyName : Logitech Inc.
FileDescription : ImageStudio Tray Application
InternalName : LogiTray.exe
OriginalFilename : LogiTray.exe
ProductName : Logitech ImageStudio
Created on : 10/12/2002 17:31:34
Last accessed : 04/06/2004 18:06:29
Last modified : 10/12/2002 17:31:34

#:15 [winampa.exe]
FilePath : C:\Archivos de programa\Winamp\
ThreadCreationTime : 04/06/2004 18:06:40
BasePriority : Normal
FileSize : 33 KB
Created on : 13/12/2003 0:50:34
Last accessed : 04/06/2004 18:06:29
Last modified : 13/12/2003 0:50:34

#:16 [realsched.exe]
FilePath : C:\Archivos de programa\Archivos comunes\Real\Update_OB\
ThreadCreationTime : 04/06/2004 18:06:40
BasePriority : Normal
FileSize : 148 KB
FileVersion : 0.1.0.1622
ProductVersion : 0.1.0.1622
Copyright : Copyright
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
OriginalFilename : realsched.exe
ProductName : RealOne Player (32-bit)
Created on : 05/02/2004 16:10:02
Last accessed : 04/06/2004 18:06:29
Last modified : 05/02/2004 16:10:02

#:17 [msgplus.exe]
FilePath : C:\Archivos de programa\Messenger Plus! 3\
ThreadCreationTime : 04/06/2004 18:06:40
BasePriority : Normal
FileSize : 156 KB
FileVersion : 3, 0, 0, 92
ProductVersion : 3, 0, 0, 92
Copyright : Copyright (C) 2001-2004
CompanyName : Patchou
FileDescription : Messenger Plus!
InternalName : MsgPlus
OriginalFilename : MsgPlus.exe
ProductName : Messenger Plus! 3
Created on : 30/05/2004 16:41:30
Last accessed : 04/06/2004 18:06:40
Last modified : 30/05/2004 16:41:39

#:18 [pccguide.exe]
FilePath : C:\Archivos de programa\Trend Micro\Internet Security\
ThreadCreationTime : 04/06/2004 18:06:41
BasePriority : Normal
FileSize : 920 KB
FileVersion : 11.0.0.1295
ProductVersion : 11.0.0
Copyright : Copyright (C) 1995-2003 Trend Micro Incorporated. All rights reserved.
CompanyName : Trend Micro Incorporated.
FileDescription : PCCGuide
InternalName : PCCGuide
OriginalFilename : PCCGuide
ProductName : Trend Pc-cillin 11
Created on : 14/11/2003 17:44:44
Last accessed : 04/06/2004 18:06:29
Last modified : 14/11/2003 17:44:44

#:19 [pcclient.exe]
FilePath : C:\Archivos de programa\Trend Micro\Internet Security\
ThreadCreationTime : 04/06/2004 18:06:41
BasePriority : Normal
FileSize : 620 KB
FileVersion : 11.0.0.1295
ProductVersion : 11.0.0
Copyright : Copyright (C) 1995-2003 Trend Micro Incorporated. All rights reserved.
CompanyName : Trend Micro Incorporated.
FileDescription : PCClient
InternalName : PCClient
OriginalFilename : PCClient
ProductName : Trend Pc-cillin 11
Created on : 14/11/2003 17:44:18
Last accessed : 04/06/2004 18:06:29
Last modified : 14/11/2003 17:44:18

#:20 [tmoagent.exe]
FilePath : C:\Archivos de programa\Trend Micro\Internet Security\
ThreadCreationTime : 04/06/2004 18:06:41
BasePriority : Normal
FileSize : 284 KB
FileVersion : 11.0.0.1295
ProductVersion : 11.0.0
Copyright : Copyright (C) 1995-2003 Trend Micro Incorporated. All rights reserved.
CompanyName : Trend Micro Incorporated.
FileDescription : TrendMicro Outbreak agent
InternalName : TMOAgent
OriginalFilename : TMOAgent.EXE
ProductName : Trend Pc-cillin 11
Created on : 14/11/2003 17:43:06
Last accessed : 04/06/2004 18:06:29
Last modified : 14/11/2003 17:43:06

#:21 [navapw32.exe]
FilePath : C:\ARCHIV~1\NORTON~1\
ThreadCreationTime : 04/06/2004 18:06:41
BasePriority : Normal
FileSize : 77 KB
FileVersion : 8.07.17
ProductVersion : 8.07.17
Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Agent
InternalName : NAVAPW32
OriginalFilename : NAVAPW32.EXE
ProductName : Norton AntiVirus
Created on : 25/03/2002 11:25:26
Last accessed : 04/06/2004 18:06:29
Last modified : 25/03/2002 11:25:26

#:22 [ad-aware.exe]
FilePath : C:\Archivos de programa\Lavasoft\Ad-aware 6\
ThreadCreationTime : 04/06/2004 18:06:42
BasePriority : Idle
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 22/07/2003 11:30:07
Last accessed : 04/06/2004 18:06:29
Last modified : 12/07/2003 20:00:20

#:23 [ctfmon.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 04/06/2004 18:06:42
BasePriority : Normal
FileSize : 13 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
OriginalFilename : CTFMON.EXE
ProductName : Microsoft
Created on : 09/09/2002 17:51:26
Last accessed : 04/06/2004 18:06:29
Last modified : 09/09/2002 17:51:26

#:24 [service.exe]
FilePath : C:\docume~1\toni\datosd~1\
ThreadCreationTime : 04/06/2004 18:06:43
BasePriority : Normal
FileSize : 12 KB
Created on : 03/06/2004 22:34:54
Last accessed : 04/06/2004 18:06:29
Last modified : 03/06/2004 22:34:54

#:25 [backweb-8876480.exe]
FilePath : C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\
ThreadCreationTime : 04/06/2004 18:06:43
BasePriority : Normal
FileSize : 16 KB
Created on : 17/04/2004 5:51:08
Last accessed : 04/06/2004 18:06:29
Last modified : 17/04/2004 4:30:36

#:26 [navapsvc.exe]
FilePath : C:\Archivos de programa\Norton AntiVirus\
ThreadCreationTime : 04/06/2004 18:06:45
BasePriority : Normal
FileSize : 113 KB
FileVersion : 8.07.17
ProductVersion : 8.07.17
Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
OriginalFilename : NAVAPSVC.EXE
ProductName : Norton AntiVirus
Created on : 25/03/2002 11:26:12
Last accessed : 04/06/2004 18:06:29
Last modified : 25/03/2002 11:26:12

#:27 [hpgs2wnf.exe]
FilePath : C:\Archivos de programa\Hewlett-Packard\HP Share-to-Web\
ThreadCreationTime : 04/06/2004 18:06:46
BasePriority : Normal
FileSize : 76 KB
FileVersion : 2, 6, 0,
ProductVersion : 2, 6, 0,
Copyright : Copyright 2001
FileDescription : hpgs2wnf Module
InternalName : hpgs2wnf
OriginalFilename : hpgs2wnf.EXE
ProductName : hpgs2wnf Module
Created on : 17/04/2002 8:49:16
Last accessed : 04/06/2004 18:06:29
Last modified : 17/04/2002 8:49:16

#:28 [calcheck.exe]
FilePath : C:\Archivos de programa\Ulead Systems\Ulead Photo Express 4.0 SE\
ThreadCreationTime : 04/06/2004 18:06:46
BasePriority : Normal
FileSize : 56 KB
FileVersion : 4, 0, 0, 0
ProductVersion : 1, 0, 0, 1
Copyright : Copyright (C) 1992-1999.Ulead Systems, Inc.
CompanyName : Ulead Systems, Inc.
FileDescription : Photo Express -- Calendar Checker
InternalName : CalCheck
OriginalFilename : CalCheck.EXE
ProductName : Calendar Checker Application
Created on : 21/10/2003 18:48:47
Last accessed : 04/06/2004 18:07:09
Last modified : 15/03/2001 9:50:56

#:29 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 04/06/2004 18:06:48
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 24/08/2001 16:00:00
Last accessed : 04/06/2004 17:26:06
Last modified : 24/08/2001 16:00:00

#:30 [tmntsrv.exe]
FilePath : C:\Archivos de programa\Trend Micro\Internet Security\
ThreadCreationTime : 04/06/2004 18:06:52
BasePriority : Normal
FileSize : 236 KB
FileVersion : 11.0.0.1295
ProductVersion : 11.0.0
Copyright : Copyright (C) 1995-2003 Trend Micro Incorporated. All rights reserved.
CompanyName : Trend Micro Incorporated.
FileDescription : Tmntsrv
InternalName : Tmntsrv
OriginalFilename : Tmntsrv.exe
ProductName : Trend Pc-cillin 11
Created on : 14/11/2003 17:50:16
Last accessed : 04/06/2004 17:09:37
Last modified : 14/11/2003 17:50:16

#:31 [tmproxy.exe]
FilePath : C:\Archivos de programa\Trend Micro\Internet Security\
ThreadCreationTime : 04/06/2004 18:06:53
BasePriority : Normal
FileSize : 200 KB
FileVersion : 11.0.0.1295
ProductVersion : 11.0.0
Copyright : Copyright (C) 1995-2003 Trend Micro Incorporated. All rights reserved.
CompanyName : Trend Micro Incorporated.
FileDescription : TmProxy.exe
InternalName : TmProxy.exe
OriginalFilename : TmProxy.exe
ProductName : Trend Pc-cillin 11
Created on : 14/11/2003 17:51:24
Last accessed : 04/06/2004 18:06:29
Last modified : 14/11/2003 17:51:24

#:32 [pccpfw.exe]
FilePath : C:\Archivos de programa\Trend Micro\Internet Security\
ThreadCreationTime : 04/06/2004 18:06:57
BasePriority : Normal
FileSize : 684 KB
FileVersion : 11.0.0.1295
ProductVersion : 11.0.0
Copyright : Copyright (C) 1995-2003 Trend Micro Incorporated. All rights reserved.
CompanyName : Trend Micro Incorporated.
FileDescription : PCCPFW
InternalName : PCCPFW
OriginalFilename : PCCPFW.exe
ProductName : Trend Pc-cillin 11
Created on : 14/11/2003 17:47:28
Last accessed : 04/06/2004 18:06:29
Last modified : 14/11/2003 17:47:28

#:33 [lowlight.exe]
FilePath : C:\Archivos de programa\Logitech\ImageStudio\
ThreadCreationTime : 04/06/2004 18:07:35
BasePriority : Normal
FileSize : 52 KB
FileVersion : 7.3.0.1113
ProductVersion : 7.3.0.1113
Copyright : (c) 1996-2002 Logitech. All rights reserved.
CompanyName : Logitech Inc.
FileDescription : Automatic Low Light Module
InternalName : LowLight.exe
OriginalFilename : LowLight.exe
ProductName : Logitech ImageStudio
Created on : 10/12/2002 17:33:42
Last accessed : 04/06/2004 18:07:33
Last modified : 10/12/2002 17:33:42

Memory scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Started registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

CoolWebSearch Object recognized!
Type : RegValue
Data :
Category : Malware
Comment : "HOMEOldSP"
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Internet Explorer\Main
Value : HOMEOldSP

Registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 1
Objects found so far: 1

Started deep registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pageabout:blank

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "about:blank"
Category : Malware
Comment : Possible browser hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "about:blank"

Possible browser hijack attempt : .Default\Software\Microsoft\Internet Explorer\MainStart Pageabout:blank

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "about:blank"
Category : Malware
Comment : Possible browser hijack attempt
Rootkey : HKEY_USERS
Object : .Default\Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "about:blank"

CoolWebSearch Object recognized!
Type : RegKey
Data :
Category : Malware
Comment : c:\windows\system32\pcojba.dll
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{0D5D2B02-4BB3-493A-A808-A80140384D9B}

CoolWebSearch Object recognized!
Type : File
Data : pcojba.dll
Category : Malware
Comment :
Object : c:\windows\system32\
FileSize : 30 KB
Created on : 04/06/2004 18:07:49
Last accessed : 04/06/2004 18:07:49
Last modified : 04/06/2004 18:07:49

CoolWebSearch Object recognized!
Type : RegKey
Data :
Category : Malware
Comment : c:\windows\system32\pcojba.dll
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{AC6B826F-9851-444B-A14C-CBDE1D09A500}

CoolWebSearch Object recognized!
Type : RegKey
Data :
Category : Malware
Comment : c:\windows\system32\pcojba.dll
Rootkey : HKEY_CLASSES_ROOT
Object : PROTOCOLS\Filter\text/html

CoolWebSearch Object recognized!
Type : RegKey
Data :
Category : Malware
Comment : c:\windows\system32\pcojba.dll
Rootkey : HKEY_CLASSES_ROOT
Object : PROTOCOLS\Filter\text/plain

CoolWebSearch Object recognized!
Type : RegKey
Data :
Category : Malware
Comment : c:\windows\system32\pcojba.dll
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0D5D2B02-4BB3-493A-A808-A80140384D9B}

Deep registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 7
Objects found so far: 9

Deep scanning and examining files (C:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Disk scan result for C:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 9

Scanning Hosts file(C:\WINDOWS\System32\drivers\etc\hosts)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Hosts file scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
1 entries scanned.
New objects :0
Objects found so far: 9

Performing conditional scans..
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Conditional scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 9

Reanalyzing scan result
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
No objects have been removed from the result list.

20:32:00 Scan complete

Summary of this scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Total scanning time :00:24:00:625
Objects scanned :180379
Objects identified :9
Objects ignored :0
New objects :9

En línea

FatsGordon

Pro Member
Mensajes: 815

Problemas con WebDialer

« Respuesta #3 en: 04 de Junio de 2004, 09:34:12 pm »

Ok. Si ponés todo eso en cuarentena, y después reiniciás la máquina (es importantísimo reiniciar) y volvés a pasar el Ad-aware, ¿qué sucede? ¿Sale límpio?

En línea

http://ar.mensa.org/images/logo_phpBB.gifMensa Arg
Miembro de http://maddoktor2.com/images/asap_sm.jpg

Dabo

Administrator
Mensajes: 15348

Problemas con WebDialer

« Respuesta #4 en: 05 de Junio de 2004, 01:08:15 am »

bienvenido amigo, sientete en tu casa

otro pescata :wink: un saludo

a ver si nos contesta fats :wink:

En línea

Hacking, computing, are in my blood, are a part of me, a part of my life...Debian GNU/Linux rules.

Twitter; https://twitter.com/daboblog
Instagram: @daboblog

www.daboblog.com | www.debianhackers.net | www.caborian.com | www.apachectl.com | www.davidhernandez

talgo

Member
Mensajes: 124

Problemas con WebDialer

« Respuesta #5 en: 06 de Junio de 2004, 11:55:15 am »

Hoy cuando llegue de trabajar le he pasado el Adware y le he puesto los archivos en cuarentena y reinicie el ordenador.

Volvia a pasar el Adware y mientras estuve visitando un par de paginas, como me daba muchos objetos volvi a guardarlos y reinicie de nuevo.

Cuando reinicio me salta la alerta de Norton diciendo que tengo un scrip dañino, pero no lo reconoce ningun antivirus, ni Norton, ni Panda On-line. Los avisos son los siguientes:

Fecha: 06/06/2004, Hora: 10:48:36, Toni
Análisis de virus iniciado.

Fecha: 06/06/2004, Hora: 10:48:36, Toni
Análisis de virus finalizado.
Registros de arranque maestro:
   Analizados:      0
   Infectados:      0
   Reparados:      0
Registros de arranque:
   Analizados:      0
   Infectados:      0
   Reparados:      0
Archivos:
   Analizados:      1
   Infectados:      0
   Reparados:      0
   En cuarentena:      0
   Borrados:         0

Fecha: 06/06/2004, Hora: 10:56:54, Toni en PEPINO-NTML9537
El archivo
C:\WINDOWS\odbc.hta
está infectado por el virus VBS.StartPage.C.
No es posible reparar este archivo.

Fecha: 06/06/2004, Hora: 10:56:56, Toni en PEPINO-NTML9537
El archivo
C:\WINDOWS\odbc.hta
está infectado por el virus VBS.StartPage.C.
Se ha denegado el acceso al archivo.

Fecha: 06/06/2004, Hora: 11:03:58, Toni en PEPINO-NTML9537
El bloqueo de secuencias de comandos detectó una actividad sospechosa.
Archivo: C:\WINDOWS\odbc.hta
Objeto: FileSystem Object
Actividad: GetSpecialFolder
Se detuvo la secuencia de comandos.

He buscado el archivo odbc.hta y no esta en el directorio de windows, lo he buscado con la herramienta buscar y tampoco aparece nada de ese archivo.

Ahora os pongo los tres ultimos archivos del Adware, durante el ultimo no se toca el ordenador para nada, se reinicia y se deja que acabe el proceso del Adware:

Lavasoft Ad-aware Personal Build 6.181
Logfile created on :domingo, 06 de junio de 2004 9:48:04
Created with Ad-aware Personal, free for private use.
Using reference-file :01R314 02.06.2004
______________________________________________________

Reffile status:
=========================
Reference file loaded:
Reference Number : 01R314 02.06.2004
Internal build : 246
File location : C:\Archivos de programa\Lavasoft\Ad-aware 6
\reflist.ref
Total size : 1201492 Bytes
Signature data size : 1181377 Bytes
Reference data size : 20051 Bytes
Signatures total : 26331
Target categories : 10
Target families : 491

Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:41 %
Total physical memory:523760 kb
Available physical memory:211608 kb
Total page file size:1280520 kb
Available on page file:1021204 kb
Total virtual memory:2097024 kb
Available virtual memory:2047728 kb
OS:

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-aware Settings
=========================
Set : Unload recognized processes during scanning
Set : Reanalyze result after scanning, before displaying result list
Set : Run scan as background process (Low CPU usage)
Set : Include basic Ad-aware settings in logfile
Set : Include additional Ad-aware settings in logfile
Set : Let windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Always back up reference file, before updating
Set : Play sound if scan produced a result

06/06/2004 9:48:04 - Scan started. (Custom mode)

Listing running processes
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 06/06/2004 7:47:01
BasePriority : Normal

#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 06/06/2004 7:47:03
BasePriority : High

#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 06/06/2004 7:47:04
BasePriority : Normal
FileSize : 99 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
Copyright : Copyright (C) Microsoft Corporation. Reservados todos los derechos.
CompanyName : Microsoft Corporation
FileDescription : Aplicaci
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Sistema operativo Microsoft
Created on : 24/08/2001 16:00:00
Last accessed : 06/06/2004 7:47:01
Last modified : 24/08/2001 16:00:00

#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 06/06/2004 7:47:04
BasePriority : Normal
FileSize : 11 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft
Created on : 09/09/2002 17:51:32
Last accessed : 06/06/2004 7:47:01
Last modified : 09/09/2002 17:51:32

#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 06/06/2004 7:47:05
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 24/08/2001 16:00:00
Last accessed : 06/06/2004 7:47:01
Last modified : 24/08/2001 16:00:00

#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 06/06/2004 7:47:05
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 24/08/2001 16:00:00
Last accessed : 06/06/2004 7:47:01
Last modified : 24/08/2001 16:00:00

#:7 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 06/06/2004 7:47:08
BasePriority : Normal
FileSize : 983 KB
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Explorador de Windows
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Sistema operativo Microsoft
Created on : 09/09/2002 17:51:28
Last accessed : 06/06/2004 7:47:20
Last modified : 09/09/2002 17:51:28

#:8 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 06/06/2004 7:47:09
BasePriority : Normal
FileSize : 50 KB
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft
Created on : 24/08/2001 16:00:00
Last accessed : 06/06/2004 7:47:01
Last modified : 24/08/2001 16:00:00

#:9 [hpqcmon.exe]
FilePath : C:\Archivos de programa\Hewlett-Packard\Digital Imaging\Unload\
ThreadCreationTime : 06/06/2004 7:47:11
BasePriority : Normal
FileSize : 88 KB
FileVersion : 2.0.0.133
ProductVersion : 2.0.0.133
Copyright : Copyright (C) 2001
FileDescription : HpqCmon MFC Application
InternalName : HpqCmon
OriginalFilename : HpqCmon.EXE
ProductName : HpqCmon Application
Created on : 06/10/2002 22:23:20
Last accessed : 06/06/2004 7:47:01
Last modified : 06/10/2002 22:23:20

#:10 [hpgs2wnd.exe]
FilePath : C:\Archivos de programa\Hewlett-Packard\HP Share-to-Web\
ThreadCreationTime : 06/06/2004 7:47:11
BasePriority : Normal
FileSize : 68 KB
FileVersion : 2,3,0,0\
ProductVersion : 2,3,0,0\
Copyright : Copyright
CompanyName : Hewlett-Packard
FileDescription : hpgs2wnd
InternalName : hpgs2wnd
OriginalFilename : hpgs2wnd.exe
ProductName : Hewlett-Packard hpgs2wnd
Created on : 17/04/2002 8:42:56
Last accessed : 06/06/2004 7:47:01
Last modified : 17/04/2002 8:42:56

#:11 [clonecdtray.exe]
FilePath : C:\Archivos de programa\Elaborate Bytes\CloneCD\
ThreadCreationTime : 06/06/2004 7:47:11
BasePriority : Normal
FileSize : 72 KB
FileVersion : 4, 2, 0, 0
ProductVersion : 4, 2, 0, 0
Copyright : Copyright
CompanyName : Elaborate Bytes AG
FileDescription : CloneCD Tray
InternalName : CloneCDTray
OriginalFilename : CloneCDTray.exe
ProductName : CloneCD
Created on : 02/12/2002 14:17:37
Last accessed : 06/06/2004 7:47:11
Last modified : 02/12/2002 14:17:37

#:12 [qttask.exe]
FilePath : C:\Archivos de programa\QuickTime\
ThreadCreationTime : 06/06/2004 7:47:11
BasePriority : Normal
FileSize : 76 KB
FileVersion : 6.1c
ProductVersion : QuickTime 6.1c
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
OriginalFilename : QTTask.exe
ProductName : QuickTime
Created on : 29/06/2003 18:13:55
Last accessed : 06/06/2004 7:47:01
Last modified : 29/06/2003 18:13:55

#:13 [lvcoms.exe]
FilePath : C:\Archivos de programa\Archivos comunes\Logitech\QCDriver3\
ThreadCreationTime : 06/06/2004 7:47:11
BasePriority : Normal
FileSize : 124 KB
FileVersion : 7.3.0.1113
ProductVersion : 7.3.0.1113
Copyright : (c) 1996-2002 Logitech. All rights reserved.
CompanyName : Logitech Inc.
FileDescription : LVCom Server
InternalName : LVComS.exe
OriginalFilename : LVComS.exe
ProductName : Logitech ImageStudio
Created on : 25/12/2003 14:40:01
Last accessed : 06/06/2004 7:47:01
Last modified : 10/12/2002 16:54:04

#:14 [logitray.exe]
FilePath : C:\Archivos de programa\Logitech\ImageStudio\
ThreadCreationTime : 06/06/2004 7:47:12
BasePriority : Normal
FileSize : 60 KB
FileVersion : 7.3.0.1113
ProductVersion : 7.3.0.1113
Copyright : (c) 1996-2002 Logitech. All rights reserved.
CompanyName : Logitech Inc.
FileDescription : ImageStudio Tray Application
InternalName : LogiTray.exe
OriginalFilename : LogiTray.exe
ProductName : Logitech ImageStudio
Created on : 10/12/2002 17:31:34
Last accessed : 06/06/2004 7:47:01
Last modified : 10/12/2002 17:31:34

#:15 [winampa.exe]
FilePath : C:\Archivos de programa\Winamp\
ThreadCreationTime : 06/06/2004 7:47:12
BasePriority : Normal
FileSize : 33 KB
Created on : 13/12/2003 0:50:34
Last accessed : 06/06/2004 7:47:01
Last modified : 13/12/2003 0:50:34

#:16 [realsched.exe]
FilePath : C:\Archivos de programa\Archivos comunes\Real\Update_OB\
ThreadCreationTime : 06/06/2004 7:47:12
BasePriority : Normal
FileSize : 148 KB
FileVersion : 0.1.0.1622
ProductVersion : 0.1.0.1622
Copyright : Copyright
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
OriginalFilename : realsched.exe
ProductName : RealOne Player (32-bit)
Created on : 05/02/2004 16:10:02
Last accessed : 06/06/2004 7:47:01
Last modified : 05/02/2004 16:10:02

#:17 [msgplus.exe]
FilePath : C:\Archivos de programa\Messenger Plus! 3\
ThreadCreationTime : 06/06/2004 7:47:12
BasePriority : Normal
FileSize : 156 KB
FileVersion : 3, 0, 0, 92
ProductVersion : 3, 0, 0, 92
Copyright : Copyright (C) 2001-2004
CompanyName : Patchou
FileDescription : Messenger Plus!
InternalName : MsgPlus
OriginalFilename : MsgPlus.exe
ProductName : Messenger Plus! 3
Created on : 30/05/2004 16:41:30
Last accessed : 06/06/2004 7:47:12
Last modified : 30/05/2004 16:41:39

#:18 [pccguide.exe]
FilePath : C:\Archivos de programa\Trend Micro\Internet Security\
ThreadCreationTime : 06/06/2004 7:47:13
BasePriority : Normal
FileSize : 920 KB
FileVersion : 11.0.0.1295
ProductVersion : 11.0.0
Copyright : Copyright (C) 1995-2003 Trend Micro Incorporated. All rights reserved.
CompanyName : Trend Micro Incorporated.
FileDescription : PCCGuide
InternalName : PCCGuide
OriginalFilename : PCCGuide
ProductName : Trend Pc-cillin 11
Created on : 14/11/2003 17:44:44
Last accessed : 06/06/2004 7:47:01
Last modified : 14/11/2003 17:44:44

#:19 [pcclient.exe]
FilePath : C:\Archivos de programa\Trend Micro\Internet Security\
ThreadCreationTime : 06/06/2004 7:47:13
BasePriority : Normal
FileSize : 620 KB
FileVersion : 11.0.0.1295
ProductVersion : 11.0.0
Copyright : Copyright (C) 1995-2003 Trend Micro Incorporated. All rights reserved.
CompanyName : Trend Micro Incorporated.
FileDescription : PCClient
InternalName : PCClient
OriginalFilename : PCClient
ProductName : Trend Pc-cillin 11
Created on : 14/11/2003 17:44:18
Last accessed : 06/06/2004 7:47:01
Last modified : 14/11/2003 17:44:18

#:20 [tmoagent.exe]
FilePath : C:\Archivos de programa\Trend Micro\Internet Security\
ThreadCreationTime : 06/06/2004 7:47:13
BasePriority : Normal
FileSize : 284 KB
FileVersion : 11.0.0.1295
ProductVersion : 11.0.0
Copyright : Copyright (C) 1995-2003 Trend Micro Incorporated. All rights reserved.
CompanyName : Trend Micro Incorporated.
FileDescription : TrendMicro Outbreak agent
InternalName : TMOAgent
OriginalFilename : TMOAgent.EXE
ProductName : Trend Pc-cillin 11
Created on : 14/11/2003 17:43:06
Last accessed : 06/06/2004 7:47:01
Last modified : 14/11/2003 17:43:06

#:21 [navapw32.exe]
FilePath : C:\ARCHIV~1\NORTON~1\
ThreadCreationTime : 06/06/2004 7:47:13
BasePriority : Normal
FileSize : 77 KB
FileVersion : 8.07.17
ProductVersion : 8.07.17
Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Agent
InternalName : NAVAPW32
OriginalFilename : NAVAPW32.EXE
ProductName : Norton AntiVirus
Created on : 25/03/2002 11:25:26
Last accessed : 06/06/2004 7:47:01
Last modified : 25/03/2002 11:25:26

#:22 [ad-aware.exe]
FilePath : C:\Archivos de programa\Lavasoft\Ad-aware 6\
ThreadCreationTime : 06/06/2004 7:47:14
BasePriority : Idle
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 22/07/2003 11:30:07
Last accessed : 06/06/2004 7:47:01
Last modified : 12/07/2003 20:00:20

#:23 [ctfmon.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 06/06/2004 7:47:14
BasePriority : Normal
FileSize : 13 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
OriginalFilename : CTFMON.EXE
ProductName : Microsoft
Created on : 09/09/2002 17:51:26
Last accessed : 06/06/2004 7:47:01
Last modified : 09/09/2002 17:51:26

#:24 [service.exe]
FilePath : C:\docume~1\toni\datosd~1\
ThreadCreationTime : 06/06/2004 7:47:15
BasePriority : Normal
FileSize : 12 KB
Created on : 03/06/2004 22:34:54
Last accessed : 06/06/2004 7:47:01
Last modified : 03/06/2004 22:34:54

#:25 [realevent.exe]
FilePath : C:\Archivos de programa\Archivos comunes\Real\Update_OB\
ThreadCreationTime : 06/06/2004 7:47:15
BasePriority : Idle
FileSize : 52 KB
FileVersion : 0.1.0.1622
ProductVersion : 0.1.0.1622
Copyright : Copyright
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Event Launcher
InternalName : wrapperapp
OriginalFilename : realevent.exe
ProductName : RealOne Player (32-bit)
Created on : 05/02/2004 16:10:02
Last accessed : 06/06/2004 7:27:25
Last modified : 05/02/2004 16:10:02

#:26 [backweb-8876480.exe]
FilePath : C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\
ThreadCreationTime : 06/06/2004 7:47:16
BasePriority : Normal
FileSize : 16 KB
Created on : 17/04/2004 5:51:08
Last accessed : 06/06/2004 7:47:01
Last modified : 17/04/2004 4:30:36

#:27 [calcheck.exe]
FilePath : C:\Archivos de programa\Ulead Systems\Ulead Photo Express 4.0 SE\
ThreadCreationTime : 06/06/2004 7:47:17
BasePriority : Normal
FileSize : 56 KB
FileVersion : 4, 0, 0, 0
ProductVersion : 1, 0, 0, 1
Copyright : Copyright (C) 1992-1999.Ulead Systems, Inc.
CompanyName : Ulead Systems, Inc.
FileDescription : Photo Express -- Calendar Checker
InternalName : CalCheck
OriginalFilename : CalCheck.EXE
ProductName : Calendar Checker Application
Created on : 21/10/2003 18:48:47
Last accessed : 06/06/2004 7:47:23
Last modified : 15/03/2001 9:50:56

#:28 [navapsvc.exe]
FilePath : C:\Archivos de programa\Norton AntiVirus\
ThreadCreationTime : 06/06/2004 7:47:18
BasePriority : Normal
FileSize : 113 KB
FileVersion : 8.07.17
ProductVersion : 8.07.17
Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
OriginalFilename : NAVAPSVC.EXE
ProductName : Norton AntiVirus
Created on : 25/03/2002 11:26:12
Last accessed : 06/06/2004 7:47:01
Last modified : 25/03/2002 11:26:12

#:29 [hpgs2wnf.exe]
FilePath : C:\Archivos de programa\Hewlett-Packard\HP Share-to-Web\
ThreadCreationTime : 06/06/2004 7:47:18
BasePriority : Normal
FileSize : 76 KB
FileVersion : 2, 6, 0,
ProductVersion : 2, 6, 0,
Copyright : Copyright 2001
FileDescription : hpgs2wnf Module
InternalName : hpgs2wnf
OriginalFilename : hpgs2wnf.EXE
ProductName : hpgs2wnf Module
Created on : 17/04/2002 8:49:16
Last accessed : 06/06/2004 7:47:01
Last modified : 17/04/2002 8:49:16

#:30 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 06/06/2004 7:47:21
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 24/08/2001 16:00:00
Last accessed : 06/06/2004 7:47:01
Last modified : 24/08/2001 16:00:00

#:31 [taskmgr.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 06/06/2004 7:47:21
BasePriority : High
FileSize : 131 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : Administrador de tareas de Windows
InternalName : taskmgr
OriginalFilename : taskmgr.exe
ProductName : Sistema operativo Microsoft
Created on : 09/09/2002 17:51:38
Last accessed : 06/06/2004 7:47:29
Last modified : 09/09/2002 17:51:38

#:32 [tmntsrv.exe]
FilePath : C:\Archivos de programa\Trend Micro\Internet Security\
ThreadCreationTime : 06/06/2004 7:47:22
BasePriority : Normal
FileSize : 236 KB
FileVersion : 11.0.0.1295
ProductVersion : 11.0.0
Copyright : Copyright (C) 1995-2003 Trend Micro Incorporated. All rights reserved.
CompanyName : Trend Micro Incorporated.
FileDescription : Tmntsrv
InternalName : Tmntsrv
OriginalFilename : Tmntsrv.exe
ProductName : Trend Pc-cillin 11
Created on : 14/11/2003 17:50:16
Last accessed : 06/06/2004 7:47:01
Last modified : 14/11/2003 17:50:16

#:33 [tmproxy.exe]
FilePath : C:\Archivos de programa\Trend Micro\Internet Security\
ThreadCreationTime : 06/06/2004 7:47:26
BasePriority : Normal
FileSize : 200 KB
FileVersion : 11.0.0.1295
ProductVersion : 11.0.0
Copyright : Copyright (C) 1995-2003 Trend Micro Incorporated. All rights reserved.
CompanyName : Trend Micro Incorporated.
FileDescription : TmProxy.exe
InternalName : TmProxy.exe
OriginalFilename : TmProxy.exe
ProductName : Trend Pc-cillin 11
Created on : 14/11/2003 17:51:24
Last accessed : 06/06/2004 7:42:59
Last modified : 14/11/2003 17:51:24

#:34 [pccpfw.exe]
FilePath : C:\Archivos de programa\Trend Micro\Internet Security\
ThreadCreationTime : 06/06/2004 7:47:29
BasePriority : Normal
FileSize : 684 KB
FileVersion : 11.0.0.1295
ProductVersion : 11.0.0
Copyright : Copyright (C) 1995-2003 Trend Micro Incorporated. All rights reserved.
CompanyName : Trend Micro Incorporated.
FileDescription : PCCPFW
InternalName : PCCPFW
OriginalFilename : PCCPFW.exe
ProductName : Trend Pc-cillin 11
Created on : 14/11/2003 17:47:28
Last accessed : 06/06/2004 7:47:01
Last modified : 14/11/2003 17:47:28

Memory scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Started registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

CoolWebSearch Object recognized!
Type : RegValue
Data :
Category : Malware
Comment : "HOMEOldSP"
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Internet Explorer\Main
Value : HOMEOldSP

Registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 1
Objects found so far: 1

Started deep registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pageabout:blank

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "about:blank"
Category : Malware
Comment : Possible browser hijack attempt
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "about:blank"

Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pageabout:blank

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "about:blank"
Category : Malware
Comment : Possible browser hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "about:blank"

CoolWebSearch Object recognized!
Type : RegKey
Data :
Category : Malware
Comment : c:\windows\system32\hodhp.dll
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{53E09742-A1D4-4C57-93C3-85464BB2114C}

CoolWebSearch Object recognized!
Type : File
Data : hodhp.dll
Category : Malware
Comment :
Object : c:\windows\system32\
FileSize : 30 KB
Created on : 05/06/2004 12:01:59
Last accessed : 06/06/2004 7:42:17
Last modified : 05/06/2004 12:01:59

CoolWebSearch Object recognized!
Type : RegKey
Data :
Category : Malware
Comment : c:\windows\system32\hodhp.dll
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{EB4F4160-1493-4DA0-9180-D450B96F5D1F}

Trusted zone presumably compromised : 63.219.181.7

Possible Browser Hijack attempt Object recognized!
Type : RegKey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : 63.219.181.7
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\63.219.181.7

CoolWebSearch Object recognized!
Type : RegKey
Data :
Category : Malware
Comment : c:\windows\system32\hodhp.dll
Rootkey : HKEY_CLASSES_ROOT
Object : PROTOCOLS\Filter\text/html

CoolWebSearch Object recognized!
Type : RegKey
Data :
Category : Malware
Comment : c:\windows\system32\hodhp.dll
Rootkey : HKEY_CLASSES_ROOT
Object : PROTOCOLS\Filter\text/plain

CoolWebSearch Object recognized!
Type : RegKey
Data :
Category : Malware
Comment : c:\windows\system32\hodhp.dll
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53E09742-A1D4-4C57-93C3-85464BB2114C}

Deep registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 8
Objects found so far: 10

Deep scanning and examining files (C:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Disk scan result for C:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 10

Scanning Hosts file(C:\WINDOWS\System32\drivers\etc\hosts)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Hosts file scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
1 entries scanned.
New objects :0
Objects found so far: 10

Performing conditional scans..
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

CoolWebSearch Object recognized!
Type : File
Data : reg32.exe
Category : Malware
Comment :
Object : c:\windows\system32\
FileSize : 3 KB
Created on : 04/06/2004 21:09:25
Last accessed : 06/06/2004 8:11:26
Last modified : 04/06/2004 21:09:25

Conditional scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 1
Objects found so far: 11

Reanalyzing scan result
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
No objects have been removed from the result list.

10:11:28 Scan complete

Summary of this scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Total scanning time :00:23:22:391
Objects scanned :178646
Objects identified :11
Objects ignored :0
New objects :11

Lavasoft Ad-aware Personal Build 6.181
Logfile created on :domingo, 06 de junio de 2004 10:25:12
Created with Ad-aware Personal, free for private use.
Using reference-file :01R314 02.06.2004
______________________________________________________

Reffile status:
=========================
Reference file loaded:
Reference Number : 01R314 02.06.2004
Internal build : 246
File location : C:\Archivos de programa\Lavasoft\Ad-aware 6
\reflist.ref
Total size : 1201492 Bytes
Signature data size : 1181377 Bytes
Reference data size : 20051 Bytes
Signatures total : 26331
Target categories : 10
Target families : 491

Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:14 %
Total physical memory:523760 kb
Available physical memory:71744 kb
Total page file size:1280520 kb
Available on page file:589368 kb
Total virtual memory:2097024 kb
Available virtual memory:2047728 kb
OS:

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-aware Settings
=========================
Set : Unload recognized processes during scanning
Set : Reanalyze result after scanning, before displaying result list
Set : Run scan as background process (Low CPU usage)
Set : Include basic Ad-aware settings in logfile
Set : Include additional Ad-aware settings in logfile
Set : Let windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Always back up reference file, before updating
Set : Play sound if scan produced a result

06-06-2004 10:25:12 - Scan started. (Custom mode)

Listing running processes
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 06-06-2004 7:47:01
BasePriority : Normal

#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 06-06-2004 7:47:03
BasePriority : High

#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 06-06-2004 7:47:04
BasePriority : Normal
FileSize : 99 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
Copyright : Copyright (C) Microsoft Corporation. Reservados todos los derechos.
CompanyName : Microsoft Corporation
FileDescription : Aplicaci
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Sistema operativo Microsoft
Created on : 24/08/2001 16:00:00
Last accessed : 06/06/2004 7:47:01
Last modified : 24/08/2001 16:00:00

#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 06-06-2004 7:47:04
BasePriority : Normal
FileSize : 11 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft
Created on : 09/09/2002 17:51:32
Last accessed : 06/06/2004 7:47:01
Last modified : 09/09/2002 17:51:32

#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 06-06-2004 7:47:05
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 24/08/2001 16:00:00
Last accessed : 06/06/2004 7:47:01
Last modified : 24/08/2001 16:00:00

#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 06-06-2004 7:47:05
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 24/08/2001 16:00:00
Last accessed : 06/06/2004 7:47:01
Last modified : 24/08/2001 16:00:00

#:7 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 06-06-2004 7:47:08
BasePriority : Normal
FileSize : 983 KB
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Explorador de Windows
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Sistema operativo Microsoft
Created on : 09/09/2002 17:51:28
Last accessed : 06/06/2004 8:20:02
Last modified : 09/09/2002 17:51:28

#:8 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 06-06-2004 7:47:09
BasePriority : Normal
FileSize : 50 KB
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft
Created on : 24/08/2001 16:00:00
Last accessed : 06/06/2004 7:47:01
Last modified : 24/08/2001 16:00:00

#:9 [hpqcmon.exe]
FilePath : C:\Archivos de programa\Hewlett-Packard\Digital Imaging\Unload\
ThreadCreationTime : 06-06-2004 7:47:11
BasePriority : Normal
FileSize : 88 KB
FileVersion : 2.0.0.133
ProductVersion : 2.0.0.133
Copyright : Copyright (C) 2001
FileDescription : HpqCmon MFC Application
InternalName : HpqCmon
OriginalFilename : HpqCmon.EXE
ProductName : HpqCmon Application
Created on : 06/10/2002 22:23:20
Last accessed : 06/06/2004 7:47:01
Last modified : 06/10/2002 22:23:20

#:10 [hpgs2wnd.exe]
FilePath : C:\Archivos de programa\Hewlett-Packard\HP Share-to-Web\
ThreadCreationTime : 06-06-2004 7:47:11
BasePriority : Normal
FileSize : 68 KB
FileVersion : 2,3,0,0\
ProductVersion : 2,3,0,0\
Copyright : Copyright
CompanyName : Hewlett-Packard
FileDescription : hpgs2wnd
InternalName : hpgs2wnd
OriginalFilename : hpgs2wnd.exe
ProductName : Hewlett-Packard hpgs2wnd
Created on : 17/04/2002 8:42:56
Last accessed : 06/06/2004 7:47:01
Last modified : 17/04/2002 8:42:56

#:11 [clonecdtray.exe]
FilePath : C:\Archivos de programa\Elaborate Bytes\CloneCD\
ThreadCreationTime : 06-06-2004 7:47:11
BasePriority : Normal
FileSize : 72 KB
FileVersion : 4, 2, 0, 0
ProductVersion : 4, 2, 0, 0
Copyright : Copyright
CompanyName : Elaborate Bytes AG
FileDescription : CloneCD Tray
InternalName : CloneCDTray
OriginalFilename : CloneCDTray.exe
ProductName : CloneCD
Created on : 02/12/2002 14:17:37
Last accessed : 06/06/2004 7:47:11
Last modified : 02/12/2002 14:17:37

#:12 [qttask.exe]
FilePath : C:\Archivos de programa\QuickTime\
ThreadCreationTime : 06-06-2004 7:47:11
BasePriority : Normal
FileSize : 76 KB
FileVersion : 6.1c
ProductVersion : QuickTime 6.1c
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
OriginalFilename : QTTask.exe
ProductName : QuickTime
Created on : 29/06/2003 18:13:55
Last accessed : 06/06/2004 7:47:01
Last modified : 29/06/2003 18:13:55

#:13 [lvcoms.exe]
FilePath : C:\Archivos de programa\Archivos comunes\Logitech\QCDriver3\
ThreadCreationTime : 06-06-2004 7:47:11
BasePriority : Normal
FileSize : 124 KB
FileVersion : 7.3.0.1113
ProductVersion : 7.3.0.1113
Copyright : (c) 1996-2002 Logitech. All rights reserved.
CompanyName : Logitech Inc.
FileDescription : LVCom Server
InternalName : LVComS.exe
OriginalFilename : LVComS.exe
ProductName : Logitech ImageStudio
Created on : 25/12/2003 14:40:01
Last accessed : 06/06/2004 7:47:01
Last modified : 10/12/2002 16:54:04

#:14 [logitray.exe]
FilePath : C:\Archivos de programa\Logitech\ImageStudio\
ThreadCreationTime : 06-06-2004 7:47:12
BasePriority : Normal
FileSize : 60 KB
FileVersion : 7.3.0.1113
ProductVersion : 7.3.0.1113
Copyright : (c) 1996-2002 Logitech. All rights reserved.
CompanyName : Logitech Inc.
FileDescription : ImageStudio Tray Application
InternalName : LogiTray.exe
OriginalFilename : LogiTray.exe
ProductName : Logitech ImageStudio
Created on : 10/12/2002 17:31:34
Last accessed : 06/06/2004 7:47:01
Last modified : 10/12/2002 17:31:34

#:15 [winampa.exe]
FilePath : C:\Archivos de programa\Winamp\
ThreadCreationTime : 06-06-2004 7:47:12
BasePriority : Normal
FileSize : 33 KB
Created on : 13/12/2003 0:50:34
Last accessed : 06/06/2004 7:47:01
Last modified : 13/12/2003 0:50:34

#:16 [realsched.exe]
FilePath : C:\Archivos de programa\Archivos comunes\Real\Update_OB\
ThreadCreationTime : 06-06-2004 7:47:12
BasePriority : Normal
FileSize : 148 KB
FileVersion : 0.1.0.1622
ProductVersion : 0.1.0.1622
Copyright : Copyright
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
OriginalFilename : realsched.exe
ProductName : RealOne Player (32-bit)
Created on : 05/02/2004 16:10:02
Last accessed : 06/06/2004 7:47:01
Last modified : 05/02/2004 16:10:02

#:17 [msgplus.exe]
FilePath : C:\Archivos de programa\Messenger Plus! 3\
ThreadCreationTime : 06-06-2004 7:47:12
BasePriority : Normal
FileSize : 156 KB
FileVersion : 3, 0, 0, 92
ProductVersion : 3, 0, 0, 92
Copyright : Copyright (C) 2001-2004
CompanyName : Patchou
FileDescription : Messenger Plus!
InternalName : MsgPlus
OriginalFilename : MsgPlus.exe
ProductName : Messenger Plus! 3
Created on : 30/05/2004 16:41:30
Last accessed : 06/06/2004 7:47:12
Last modified : 30/05/2004 16:41:39

#:18 [pccguide.exe]
FilePath : C:\Archivos de programa\Trend Micro\Internet Security\
ThreadCreationTime : 06-06-2004 7:47:13
BasePriority : Normal
FileSize : 920 KB
FileVersion : 11.0.0.1295
ProductVersion : 11.0.0
Copyright : Copyright (C) 1995-2003 Trend Micro Incorporated. All rights reserved.
CompanyName : Trend Micro Incorporated.
FileDescription : PCCGuide
InternalName : PCCGuide
OriginalFilename : PCCGuide
ProductName : Trend Pc-cillin 11
Created on : 14/11/2003 17:44:44
Last accessed : 06/06/2004 7:47:01
Last modified : 14/11/2003 17:44:44

#:19 [pcclient.exe]
FilePath : C:\Archivos de programa\Trend Micro\Internet Security\
ThreadCreationTime : 06-06-2004 7:47:13
BasePriority : Normal
FileSize : 620 KB
FileVersion : 11.0.0.1295
ProductVersion : 11.0.0
Copyright : Copyright (C) 1995-2003 Trend Micro Incorporated. All rights reserved.
CompanyName : Trend Micro Incorporated.
FileDescription : PCClient
InternalName : PCClient
OriginalFilename : PCClient
ProductName : Trend Pc-cillin 11
Created on : 14/11/2003 17:44:18
Last accessed : 06/06/2004 7:47:01
Last modified : 14/11/2003 17:44:18

#:20 [tmoagent.exe]
FilePath : C:\Archivos de programa\Trend Micro\Internet Security\
ThreadCreationTime : 06-06-2004 7:47:13
BasePriority : Normal
FileSize : 284 KB
FileVersion : 11.0.0.1295
ProductVersion : 11.0.0
Copyright : Copyright (C) 1995-2003 Trend Micro Incorporated. All rights reserved.
CompanyName : Trend Micro Incorporated.
FileDescription : TrendMicro Outbreak agent
InternalName : TMOAgent
OriginalFilename : TMOAgent.EXE
ProductName : Trend Pc-cillin 11
Created on : 14/11/2003 17:43:06
Last accessed : 06/06/2004 7:47:01
Last modified : 14/11/2003 17:43:06

#:21 [navapw32.exe]
FilePath : C:\ARCHIV~1\NORTON~1\
ThreadCreationTime : 06-06-2004 7:47:13
BasePriority : Normal
FileSize : 77 KB
FileVersion : 8.07.17
ProductVersion : 8.07.17
Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Agent
InternalName : NAVAPW32
OriginalFilename : NAVAPW32.EXE
ProductName : Norton AntiVirus
Created on : 25/03/2002 11:25:26
Last accessed : 06/06/2004 7:47:01
Last modified : 25/03/2002 11:25:26

#:22 [ctfmon.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 06-06-2004 7:47:14
BasePriority : Normal
FileSize : 13 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
OriginalFilename : CTFMON.EXE
ProductName : Microsoft
Created on : 09/09/2002 17:51:26
Last accessed : 06/06/2004 7:47:01
Last modified : 09/09/2002 17:51:26

#:23 [service.exe]
FilePath : C:\docume~1\toni\datosd~1\
ThreadCreationTime : 06-06-2004 7:47:15
BasePriority : Normal
FileSize : 12 KB
Created on : 03/06/2004 22:34:54
Last accessed : 06/06/2004 7:47:01
Last modified : 03/06/2004 22:34:54

#:24 [backweb-8876480.exe]
FilePath : C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\
ThreadCreationTime : 06-06-2004 7:47:16
BasePriority : Normal
FileSize : 16 KB
Created on : 17/04/2004 5:51:08
Last accessed : 06/06/2004 7:47:01
Last modified : 17/04/2004 4:30:36

#:25 [calcheck.exe]
FilePath : C:\Archivos de programa\Ulead Systems\Ulead Photo Express 4.0 SE\
ThreadCreationTime : 06-06-2004 7:47:17
BasePriority : Normal
FileSize : 56 KB
FileVersion : 4, 0, 0, 0
ProductVersion : 1, 0, 0, 1
Copyright : Copyright (C) 1992-1999.Ulead Systems, Inc.
CompanyName : Ulead Systems, Inc.
FileDescription : Photo Express -- Calendar Checker
InternalName : CalCheck
OriginalFilename : CalCheck.EXE
ProductName : Calendar Checker Application
Created on : 21/10/2003 18:48:47
Last accessed : 06/06/2004 7:47:23
Last modified : 15/03/2001 9:50:56

#:26 [navapsvc.exe]
FilePath : C:\Archivos de programa\Norton AntiVirus\
ThreadCreationTime : 06-06-2004 7:47:18
BasePriority : Normal
FileSize : 113 KB
FileVersion : 8.07.17
ProductVersion : 8.07.17
Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
OriginalFilename : NAVAPSVC.EXE
ProductName : Norton AntiVirus
Created on : 25/03/2002 11:26:12
Last accessed : 06/06/2004 7:47:01
Last modified : 25/03/2002 11:26:12

#:27 [hpgs2wnf.exe]
FilePath : C:\Archivos de programa\Hewlett-Packard\HP Share-to-Web\
ThreadCreationTime : 06-06-2004 7:47:18
BasePriority : Normal
FileSize : 76 KB
FileVersion : 2, 6, 0,
ProductVersion : 2, 6, 0,
Copyright : Copyright 2001
FileDescription : hpgs2wnf Module
InternalName : hpgs2wnf
OriginalFilename : hpgs2wnf.EXE
ProductName : hpgs2wnf Module
Created on : 17/04/2002 8:49:16
Last accessed : 06/06/2004 7:47:01
Last modified : 17/04/2002 8:49:16

#:28 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 06-06-2004 7:47:21
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 24/08/2001 16:00:00
Last accessed : 06/06/2004 7:47:01
Last modified : 24/08/2001 16:00:00

#:29 [taskmgr.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 06-06-2004 7:47:21
BasePriority : High
FileSize : 131 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : Administrador de tareas de Windows
InternalName : taskmgr
OriginalFilename : taskmgr.exe
ProductName : Sistema operativo Microsoft
Created on : 09/09/2002 17:51:38
Last accessed : 06/06/2004 7:47:29
Last modified : 09/09/2002 17:51:38

#:30 [tmntsrv.exe]
FilePath : C:\Archivos de programa\Trend Micro\Internet Security\
ThreadCreationTime : 06-06-2004 7:47:22
BasePriority : Normal
FileSize : 236 KB
FileVersion : 11.0.0.1295
ProductVersion : 11.0.0
Copyright : Copyright (C) 1995-2003 Trend Micro Incorporated. All rights reserved.
CompanyName : Trend Micro Incorporated.
FileDescription : Tmntsrv
InternalName : Tmntsrv
OriginalFilename : Tmntsrv.exe
ProductName : Trend Pc-cillin 11
Created on : 14/11/2003 17:50:16
Last accessed : 06/06/2004 7:47:01
Last modified : 14/11/2003 17:50:16

#:31 [tmproxy.exe]
FilePath : C:\Archivos de programa\Trend Micro\Internet Security\
ThreadCreationTime : 06-06-2004 7:47:26
BasePriority : Normal
FileSize : 200 KB
FileVersion : 11.0.0.1295
ProductVersion : 11.0.0
Copyright : Copyright (C) 1995-2003 Trend Micro Incorporated. All rights reserved.
CompanyName : Trend Micro Incorporated.
FileDescription : TmProxy.exe
InternalName : TmProxy.exe
OriginalFilename : TmProxy.exe
ProductName : Trend Pc-cillin 11
Created on : 14/11/2003 17:51:24
Last accessed : 06/06/2004 7:42:59
Last modified : 14/11/2003 17:51:24

#:32 [pccpfw.exe]
FilePath : C:\Archivos de programa\Trend Micro\Internet Security\
ThreadCreationTime : 06-06-2004 7:47:29
BasePriority : Normal
FileSize : 684 KB
FileVersion : 11.0.0.1295
ProductVersion : 11.0.0
Copyright : Copyright (C) 1995-2003 Trend Micro Incorporated. All rights reserved.
CompanyName : Trend Micro Incorporated.
FileDescription : PCCPFW
InternalName : PCCPFW
OriginalFilename : PCCPFW.exe
ProductName : Trend Pc-cillin 11
Created on : 14/11/2003 17:47:28
Last accessed : 06/06/2004 7:47:01
Last modified : 14/11/2003 17:47:28

#:33 [lowlight.exe]
FilePath : C:\Archivos de programa\Logitech\ImageStudio\
ThreadCreationTime : 06-06-2004 7:48:11
BasePriority : Normal
FileSize : 52 KB
FileVersion : 7.3.0.1113
ProductVersion : 7.3.0.1113
Copyright : (c) 1996-2002 Logitech. All rights reserved.
CompanyName : Logitech Inc.
FileDescription : Automatic Low Light Module
InternalName : LowLight.exe
OriginalFilename : LowLight.exe
ProductName : Logitech ImageStudio
Created on : 10/12/2002 17:33:42
Last accessed : 06/06/2004 7:48:09
Last modified : 10/12/2002 17:33:42

#:34 [iexplore.exe]
FilePath : C:\Archivos de programa\Internet Explorer\
ThreadCreationTime : 06-06-2004 7:52:29
BasePriority : Normal
FileSize : 89 KB
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
OriginalFilename : IEXPLORE.EXE
ProductName : Sistema operativo Microsoft
Created on : 19/06/2003 19:16:06
Last accessed : 06/06/2004 7:52:38
Last modified : 09/09/2002 17:51:30

#:35 [excel.exe]
FilePath : C:\Archivos de programa\Microsoft Office\Office\
ThreadCreationTime : 06-06-2004 8:06:34
BasePriority : Normal
FileSize : 6984 KB
FileVersion : 9.0.2719
ProductVersion : 9.0.2719
Copyright : Copyright
CompanyName : Microsoft Corporation
FileDescription : Microsoft Excel for Windows
InternalName : Excel
OriginalFilename : Excel.exe
ProductName : Microsoft Office 2000
Created on : 20/03/1999 20:54:56
Last accessed : 06/06/2004 8:06:31
Last modified : 20/03/1999 20:54:56

#:36 [ad-aware.exe]
FilePath : C:\Archivos de programa\Lavasoft\Ad-aware 6\
ThreadCreationTime : 06-06-2004 8:24:37
BasePriority : Idle
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 22/07/2003 11:30:07
Last accessed : 06/06/2004 8:24:37
Last modified : 12/07/2003 20:00:20

Memory scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Started registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

CoolWebSearch Object recognized!
Type : RegValue
Data :
Category : Malware
Comment : "HOMEOldSP"
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Internet Explorer\Main
Value : HOMEOldSP

Registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 1
Objects found so far: 1

Started deep registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pageabout:blank

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "about:blank"
Category : Malware
Comment : Possible browser hijack attempt
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "about:blank"

Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pageabout:blank

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "about:blank"
Category : Malware
Comment : Possible browser hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "about:blank"

CoolWebSearch Object recognized!
Type : RegKey
Data :
Category : Malware
Comment : c:\windows\system32\hodhp.dll
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{53E09742-A1D4-4C57-93C3-85464BB2114C}

CoolWebSearch Object recognized!
Type : File
Data : hodhp.dll
Category : Malware
Comment :
Object : c:\windows\system32\
FileSize : 30 KB
Created on : 05/06/2004 12:01:59
Last accessed : 06/06/2004 7:42:17
Last modified : 05/06/2004 12:01:59

CoolWebSearch Object recognized!
Type : RegKey
Data :
Category : Malware
Comment : c:\windows\system32\hodhp.dll
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{EB4F4160-1493-4DA0-9180-D450B96F5D1F}

Trusted zone presumably compromised : 63.219.181.7

Possible Browser Hijack attempt Object recognized!
Type : RegKey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : 63.219.181.7
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\63.219.181.7

CoolWebSearch Object recognized!
Type : RegKey
Data :
Category : Malware
Comment : c:\windows\system32\hodhp.dll
Rootkey : HKEY_CLASSES_ROOT
Obje

En línea

talgo

Member
Mensajes: 124

Problemas con WebDialer

« Respuesta #6 en: 06 de Junio de 2004, 09:00:27 pm »

ontinuacion del post anterior//

#:7 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 06-06-2004 9:02:28
BasePriority : Normal
FileSize : 50 KB
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft
Created on : 24/08/2001 16:00:00
Last accessed : 06/06/2004 8:53:03
Last modified : 24/08/2001 16:00:00

#:8 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 06-06-2004 9:02:28
BasePriority : Normal
FileSize : 983 KB
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Explorador de Windows
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Sistema operativo Microsoft
Created on : 09/09/2002 17:51:28
Last accessed : 06/06/2004 9:03:13
Last modified : 09/09/2002 17:51:28

#:9 [hpqcmon.exe]
FilePath : C:\Archivos de programa\Hewlett-Packard\Digital Imaging\Unload\
ThreadCreationTime : 06-06-2004 9:02:31
BasePriority : Normal
FileSize : 88 KB
FileVersion : 2.0.0.133
ProductVersion : 2.0.0.133
Copyright : Copyright (C) 2001
FileDescription : HpqCmon MFC Application
InternalName : HpqCmon
OriginalFilename : HpqCmon.EXE
ProductName : HpqCmon Application
Created on : 06/10/2002 22:23:20
Last accessed : 06/06/2004 9:02:21
Last modified : 06/10/2002 22:23:20

#:10 [hpgs2wnd.exe]
FilePath : C:\Archivos de programa\Hewlett-Packard\HP Share-to-Web\
ThreadCreationTime : 06-06-2004 9:02:31
BasePriority : Normal
FileSize : 68 KB
FileVersion : 2,3,0,0\
ProductVersion : 2,3,0,0\
Copyright : Copyright
CompanyName : Hewlett-Packard
FileDescription : hpgs2wnd
InternalName : hpgs2wnd
OriginalFilename : hpgs2wnd.exe
ProductName : Hewlett-Packard hpgs2wnd
Created on : 17/04/2002 8:42:56
Last accessed : 06/06/2004 9:02:21
Last modified : 17/04/2002 8:42:56

#:11 [clonecdtray.exe]
FilePath : C:\Archivos de programa\Elaborate Bytes\CloneCD\
ThreadCreationTime : 06-06-2004 9:02:31
BasePriority : Normal
FileSize : 72 KB
FileVersion : 4, 2, 0, 0
ProductVersion : 4, 2, 0, 0
Copyright : Copyright
CompanyName : Elaborate Bytes AG
FileDescription : CloneCD Tray
InternalName : CloneCDTray
OriginalFilename : CloneCDTray.exe
ProductName : CloneCD
Created on : 02/12/2002 14:17:37
Last accessed : 06/06/2004 9:02:31
Last modified : 02/12/2002 14:17:37

#:12 [qttask.exe]
FilePath : C:\Archivos de programa\QuickTime\
ThreadCreationTime : 06-06-2004 9:02:31
BasePriority : Normal
FileSize : 76 KB
FileVersion : 6.1c
ProductVersion : QuickTime 6.1c
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
OriginalFilename : QTTask.exe
ProductName : QuickTime
Created on : 29/06/2003 18:13:55
Last accessed : 06/06/2004 9:02:21
Last modified : 29/06/2003 18:13:55

#:13 [lvcoms.exe]
FilePath : C:\Archivos de programa\Archivos comunes\Logitech\QCDriver3\
ThreadCreationTime : 06-06-2004 9:02:32
BasePriority : Normal
FileSize : 124 KB
FileVersion : 7.3.0.1113
ProductVersion : 7.3.0.1113
Copyright : (c) 1996-2002 Logitech. All rights reserved.
CompanyName : Logitech Inc.
FileDescription : LVCom Server
InternalName : LVComS.exe
OriginalFilename : LVComS.exe
ProductName : Logitech ImageStudio
Created on : 25/12/2003 14:40:01
Last accessed : 06/06/2004 9:02:21
Last modified : 10/12/2002 16:54:04

#:14 [logitray.exe]
FilePath : C:\Archivos de programa\Logitech\ImageStudio\
ThreadCreationTime : 06-06-2004 9:02:32
BasePriority : Normal
FileSize : 60 KB
FileVersion : 7.3.0.1113
ProductVersion : 7.3.0.1113
Copyright : (c) 1996-2002 Logitech. All rights reserved.
CompanyName : Logitech Inc.
FileDescription : ImageStudio Tray Application
InternalName : LogiTray.exe
OriginalFilename : LogiTray.exe
ProductName : Logitech ImageStudio
Created on : 10/12/2002 17:31:34
Last accessed : 06/06/2004 9:02:21
Last modified : 10/12/2002 17:31:34

#:15 [winampa.exe]
FilePath : C:\Archivos de programa\Winamp\
ThreadCreationTime : 06-06-2004 9:02:32
BasePriority : Normal
FileSize : 33 KB
Created on : 13/12/2003 0:50:34
Last accessed : 06/06/2004 9:02:21
Last modified : 13/12/2003 0:50:34

#:16 [realsched.exe]
FilePath : C:\Archivos de programa\Archivos comunes\Real\Update_OB\
ThreadCreationTime : 06-06-2004 9:02:32
BasePriority : Normal
FileSize : 148 KB
FileVersion : 0.1.0.1622
ProductVersion : 0.1.0.1622
Copyright : Copyright
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
OriginalFilename : realsched.exe
ProductName : RealOne Player (32-bit)
Created on : 05/02/2004 16:10:02
Last accessed : 06/06/2004 9:02:21
Last modified : 05/02/2004 16:10:02

#:17 [msgplus.exe]
FilePath : C:\Archivos de programa\Messenger Plus! 3\
ThreadCreationTime : 06-06-2004 9:02:33
BasePriority : Normal
FileSize : 156 KB
FileVersion : 3, 0, 0, 92
ProductVersion : 3, 0, 0, 92
Copyright : Copyright (C) 2001-2004
CompanyName : Patchou
FileDescription : Messenger Plus!
InternalName : MsgPlus
OriginalFilename : MsgPlus.exe
ProductName : Messenger Plus! 3
Created on : 30/05/2004 16:41:30
Last accessed : 06/06/2004 9:02:33
Last modified : 30/05/2004 16:41:39

#:18 [pccguide.exe]
FilePath : C:\Archivos de programa\Trend Micro\Internet Security\
ThreadCreationTime : 06-06-2004 9:02:33
BasePriority : Normal
FileSize : 920 KB
FileVersion : 11.0.0.1295
ProductVersion : 11.0.0
Copyright : Copyright (C) 1995-2003 Trend Micro Incorporated. All rights reserved.
CompanyName : Trend Micro Incorporated.
FileDescription : PCCGuide
InternalName : PCCGuide
OriginalFilename : PCCGuide
ProductName : Trend Pc-cillin 11
Created on : 14/11/2003 17:44:44
Last accessed : 06/06/2004 9:02:21
Last modified : 14/11/2003 17:44:44

#:19 [pcclient.exe]
FilePath : C:\Archivos de programa\Trend Micro\Internet Security\
ThreadCreationTime : 06-06-2004 9:02:33
BasePriority : Normal
FileSize : 620 KB
FileVersion : 11.0.0.1295
ProductVersion : 11.0.0
Copyright : Copyright (C) 1995-2003 Trend Micro Incorporated. All rights reserved.
CompanyName : Trend Micro Incorporated.
FileDescription : PCClient
InternalName : PCClient
OriginalFilename : PCClient
ProductName : Trend Pc-cillin 11
Created on : 14/11/2003 17:44:18
Last accessed : 06/06/2004 9:02:21
Last modified : 14/11/2003 17:44:18

#:20 [tmoagent.exe]
FilePath : C:\Archivos de programa\Trend Micro\Internet Security\
ThreadCreationTime : 06-06-2004 9:02:33
BasePriority : Normal
FileSize : 284 KB
FileVersion : 11.0.0.1295
ProductVersion : 11.0.0
Copyright : Copyright (C) 1995-2003 Trend Micro Incorporated. All rights reserved.
CompanyName : Trend Micro Incorporated.
FileDescription : TrendMicro Outbreak agent
InternalName : TMOAgent
OriginalFilename : TMOAgent.EXE
ProductName : Trend Pc-cillin 11
Created on : 14/11/2003 17:43:06
Last accessed : 06/06/2004 9:02:21
Last modified : 14/11/2003 17:43:06

#:21 [navapw32.exe]
FilePath : C:\ARCHIV~1\NORTON~1\
ThreadCreationTime : 06-06-2004 9:02:34
BasePriority : Normal
FileSize : 77 KB
FileVersion : 8.07.17
ProductVersion : 8.07.17
Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Agent
InternalName : NAVAPW32
OriginalFilename : NAVAPW32.EXE
ProductName : Norton AntiVirus
Created on : 25/03/2002 11:25:26
Last accessed : 06/06/2004 9:02:21
Last modified : 25/03/2002 11:25:26

#:22 [ctfmon.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 06-06-2004 9:02:34
BasePriority : Normal
FileSize : 13 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
OriginalFilename : CTFMON.EXE
ProductName : Microsoft
Created on : 09/09/2002 17:51:26
Last accessed : 06/06/2004 9:02:21
Last modified : 09/09/2002 17:51:26

#:23 [service.exe]
FilePath : C:\docume~1\toni\datosd~1\
ThreadCreationTime : 06-06-2004 9:02:35
BasePriority : Normal
FileSize : 12 KB
Created on : 03/06/2004 22:34:54
Last accessed : 06/06/2004 9:02:21
Last modified : 03/06/2004 22:34:54

#:24 [backweb-8876480.exe]
FilePath : C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\
ThreadCreationTime : 06-06-2004 9:02:35
BasePriority : Normal
FileSize : 16 KB
Created on : 17/04/2004 5:51:08
Last accessed : 06/06/2004 9:02:21
Last modified : 17/04/2004 4:30:36

#:25 [navapsvc.exe]
FilePath : C:\Archivos de programa\Norton AntiVirus\
ThreadCreationTime : 06-06-2004 9:02:37
BasePriority : Normal
FileSize : 113 KB
FileVersion : 8.07.17
ProductVersion : 8.07.17
Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
OriginalFilename : NAVAPSVC.EXE
ProductName : Norton AntiVirus
Created on : 25/03/2002 11:26:12
Last accessed : 06/06/2004 8:51:19
Last modified : 25/03/2002 11:26:12

#:26 [hpgs2wnf.exe]
FilePath : C:\Archivos de programa\Hewlett-Packard\HP Share-to-Web\
ThreadCreationTime : 06-06-2004 9:02:38
BasePriority : Normal
FileSize : 76 KB
FileVersion : 2, 6, 0,
ProductVersion : 2, 6, 0,
Copyright : Copyright 2001
FileDescription : hpgs2wnf Module
InternalName : hpgs2wnf
OriginalFilename : hpgs2wnf.EXE
ProductName : hpgs2wnf Module
Created on : 17/04/2002 8:49:16
Last accessed : 06/06/2004 8:53:03
Last modified : 17/04/2002 8:49:16

#:27 [calcheck.exe]
FilePath : C:\Archivos de programa\Ulead Systems\Ulead Photo Express 4.0 SE\
ThreadCreationTime : 06-06-2004 9:02:39
BasePriority : Normal
FileSize : 56 KB
FileVersion : 4, 0, 0, 0
ProductVersion : 1, 0, 0, 1
Copyright : Copyright (C) 1992-1999.Ulead Systems, Inc.
CompanyName : Ulead Systems, Inc.
FileDescription : Photo Express -- Calendar Checker
InternalName : CalCheck
OriginalFilename : CalCheck.EXE
ProductName : Calendar Checker Application
Created on : 21/10/2003 18:48:47
Last accessed : 06/06/2004 9:03:00
Last modified : 15/03/2001 9:50:56

#:28 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 06-06-2004 9:02:40
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 24/08/2001 16:00:00
Last accessed : 06/06/2004 8:53:03
Last modified : 24/08/2001 16:00:00

#:29 [tmntsrv.exe]
FilePath : C:\Archivos de programa\Trend Micro\Internet Security\
ThreadCreationTime : 06-06-2004 9:02:45
BasePriority : Normal
FileSize : 236 KB
FileVersion : 11.0.0.1295
ProductVersion : 11.0.0
Copyright : Copyright (C) 1995-2003 Trend Micro Incorporated. All rights reserved.
CompanyName : Trend Micro Incorporated.
FileDescription : Tmntsrv
InternalName : Tmntsrv
OriginalFilename : Tmntsrv.exe
ProductName : Trend Pc-cillin 11
Created on : 14/11/2003 17:50:16
Last accessed : 06/06/2004 8:53:03
Last modified : 14/11/2003 17:50:16

#:30 [tmproxy.exe]
FilePath : C:\Archivos de programa\Trend Micro\Internet Security\
ThreadCreationTime : 06-06-2004 9:02:46
BasePriority : Normal
FileSize : 200 KB
FileVersion : 11.0.0.1295
ProductVersion : 11.0.0
Copyright : Copyright (C) 1995-2003 Trend Micro Incorporated. All rights reserved.
CompanyName : Trend Micro Incorporated.
FileDescription : TmProxy.exe
InternalName : TmProxy.exe
OriginalFilename : TmProxy.exe
ProductName : Trend Pc-cillin 11
Created on : 14/11/2003 17:51:24
Last accessed : 06/06/2004 8:53:03
Last modified : 14/11/2003 17:51:24

#:31 [pccpfw.exe]
FilePath : C:\Archivos de programa\Trend Micro\Internet Security\
ThreadCreationTime : 06-06-2004 9:02:48
BasePriority : Normal
FileSize : 684 KB
FileVersion : 11.0.0.1295
ProductVersion : 11.0.0
Copyright : Copyright (C) 1995-2003 Trend Micro Incorporated. All rights reserved.
CompanyName : Trend Micro Incorporated.
FileDescription : PCCPFW
InternalName : PCCPFW
OriginalFilename : PCCPFW.exe
ProductName : Trend Pc-cillin 11
Created on : 14/11/2003 17:47:28
Last accessed : 06/06/2004 8:53:03
Last modified : 14/11/2003 17:47:28

#:32 [lowlight.exe]
FilePath : C:\Archivos de programa\Logitech\ImageStudio\
ThreadCreationTime : 06-06-2004 9:03:29
BasePriority : Normal
FileSize : 52 KB
FileVersion : 7.3.0.1113
ProductVersion : 7.3.0.1113
Copyright : (c) 1996-2002 Logitech. All rights reserved.
CompanyName : Logitech Inc.
FileDescription : Automatic Low Light Module
InternalName : LowLight.exe
OriginalFilename : LowLight.exe
ProductName : Logitech ImageStudio
Created on : 10/12/2002 17:33:42
Last accessed : 06/06/2004 9:03:26
Last modified : 10/12/2002 17:33:42

#:33 [ad-aware.exe]
FilePath : C:\Archivos de programa\Lavasoft\Ad-aware 6\
ThreadCreationTime : 06-06-2004 9:05:02
BasePriority : Idle
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 22/07/2003 11:30:07
Last accessed : 06/06/2004 9:03:13
Last modified : 12/07/2003 20:00:20

Memory scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Started registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

CoolWebSearch Object recognized!
Type : RegValue
Data :
Category : Malware
Comment : "HOMEOldSP"
Rootkey : HKEY_CURRENT_USER
Object : SOFTWARE\Microsoft\Internet Explorer\Main
Value : HOMEOldSP

Registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 1
Objects found so far: 1

Started deep registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Deep registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 1

Deep scanning and examining files (C:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Disk scan result for C:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 1

Scanning Hosts file(C:\WINDOWS\System32\drivers\etc\hosts)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Hosts file scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
1 entries scanned.
New objects :0
Objects found so far: 1

Performing conditional scans..
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Conditional scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 1

Reanalyzing scan result
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
No objects have been removed from the result list.

11:23:29 Scan complete

Summary of this scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Total scanning time :00:18:20:110
Objects scanned :178504
Objects identified :1
Objects ignored :0
New objects :1

En línea

FatsGordon

Pro Member
Mensajes: 815

Problemas con WebDialer

« Respuesta #7 en: 08 de Junio de 2004, 12:03:25 am »

Ok, vas a ir a http://www.spywareinfo.com/~merijn/files/HijackThis.exe y te vas a bajar el HijackThis. Poenlo en una carpeta propia, como C:\HijackThis. Luego abrilo, apretá Scan, luego Save log, luego dale Save y luego copiá TODO lo que está en el Bloc de notas y pegalo acá.

En línea

http://ar.mensa.org/images/logo_phpBB.gifMensa Arg
Miembro de http://maddoktor2.com/images/asap_sm.jpg

Goonie

Junior Member
Mensajes: 46

Problemas con WebDialer

« Respuesta #8 en: 08 de Junio de 2004, 12:23:42 am »

Otra cosina... si usas windows XP o windows Millenium debes de desactivar previamente al escaneo del pc y desinfección la opción de "Restaurar sistema". Después reiniciando en modo a prueba de fallos o modo seguro no deberías de tener problema para escanear el pc conn los programas que te han recomendado y con el antivirus y eliminar los resultados que te aparezcan. Eso si, asegurate muy mucho de actualizar la base de datos de los programas antivirus y antyspy antes de los escaneos. Si no de poco servirán.

Cuando finalices el análisis y desinfección vuelve a activar la opción restaurar sistema.

A ver si hay suerte!!

PD:
* Para iniciar el pc en modo a prueba de fallos (diferentes métodos) :
http://www.alerta-antivirus.es/seguridad/ver_pag.html?tema=V&articulo=11&pagina=1
http://www.aclantis.com/article3006.html

* Restaurar sistema en XP :
http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/sldocid/20020515173946924
* Restaurar sistema en Me:
http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/sldocid/20020515174221924

En línea

FatsGordon

Pro Member
Mensajes: 815

Problemas con WebDialer

« Respuesta #9 en: 08 de Junio de 2004, 12:53:13 am »

Gracias Goonie!

Tiene XP.

En línea

http://ar.mensa.org/images/logo_phpBB.gifMensa Arg
Miembro de http://maddoktor2.com/images/asap_sm.jpg

Noticias:

Autor Tema: Problemas con WebDialer (Leído 16128 veces)

talgo

Problemas con WebDialer

FatsGordon

Problemas con WebDialer

talgo

Problemas con WebDialer

FatsGordon

Problemas con WebDialer

Dabo

Problemas con WebDialer

talgo

Problemas con WebDialer

talgo

Problemas con WebDialer

FatsGordon

Problemas con WebDialer

Goonie

Problemas con WebDialer

FatsGordon

Problemas con WebDialer