SEGURIDAD INFORMATICA, Firewall, parches, vacunas, antivirus, anti troyanos, spyware etc > Seguridad Informatica - Firewall - Virus - Troyanos - Spyware - Ad Aware - Malware
Problemas con WebDialer
talgo:
Hola, llevo tres dias intentando solucionar este problema.
Desde hace tres dias que al abrir segun que paginas de internet se direccionan hacia una direccion porno (cada vez a una diferente) y ya no se como solucionarlo.
El tema del formateo preferiria dejarlo como ultimo recurso ya que tengo muchos datos y dispersos en el ordenador y, la verdad me causaria un transtorno importante.
El problema se inicio cuando en una conversacion por MSN uno de los participantes puso un enlace, resultando ser un enlace a una pagina de enlaces porno. Por curiosidad abri un par de ellas y alli empezo mi clavario.
Tengo el Adware 6.181 y detecta que tengo varios robots espia y miners y cosas de esas, que siempre me habia limpiado sin problemas.
Tambien tengo instalado el Spybot - Search & Destroy, y este me detecta el WebDialer y algun programa mas (alguno con mas de 6 entradas al registro). Cuando finaliza elk escaneo le doy a solucionar problemas, me da como que esta resuelto y cuando entro de nuevo en internert estan otra vez alli.
A partir de ese dia limpia todo pero se vuelve a instalar sin saber porque.
He intentado borarlo desde instalar y desintalar progrmas pero no veo ninguno raro.
He probado de borrar las claves que pone el Spybot directamente desde el registro (jugandomela, porque entiendo muy poco de informatica).
He probado de buscar por todos los archivos manualmente, uno a uno y tampoco me suenan ninguno (todos me suenan a chino).
Ya no se que hacer, probare de enviaros el Log del Adware aver si vosotros veis algo que pueda ayudarme.
Gracias de antemano.
Saludos
FatsGordon:
Hola talgo, y bienvenido al foro!
Por favor, reiniciá tu máquina y tan luego como ha levantado realizá un escaneo FULL con Ad-aware (con la segunda opción, Custom en la versión en inglés) verificando ANTES que:
1- Tengas el último archivo de referencia (el de hoy es 01R314)
2- Tengas todos los seteos como dice en http://www.daboweb.com/phpBB2/viewtopic.php?t=2443
Luego de finalizado, eliminá todo lo que encuentre. Cerrá el Ad-aware y volvé a reiniciar, pero esta vez en modo A prueba de fallos (con F8 cuando se reinicia). Volvé a escanear, volvé a eliminar, y reiniciá en modo normal. Luego realizá un tercer escaneo (siempre FULL) y publicá ese log aquí.
Puede que la publicación del log te lleve más de una vez. Fijate siempre que lo publicado haya llegado hasta Sumario. Si no es así, continuá publicando desde donde terminó hasta el final.
Muchas gracias!
talgo:
Empecemos por el principio:
Cuando reincie en MODO A PRUEBA DE FALLOS no me detecto nada
sin encambio al reinciiar en normal me salieron 9 entradas (mientras escaneaba en normal estab con el MSN, y mirando 2 paginas)
este es el log
Lavasoft Ad-aware Personal Build 6.181
Logfile created on :viernes, 04 de junio de 2004 20:07:59
Created with Ad-aware Personal, free for private use.
Using reference-file :01R314 02.06.2004
______________________________________________________
Reffile status:
=========================
Reference file loaded:
Reference Number : 01R314 02.06.2004
Internal build : 246
File location : C:\Archivos de programa\Lavasoft\Ad-aware 6
\reflist.ref
Total size : 1201492 Bytes
Signature data size : 1181377 Bytes
Reference data size : 20051 Bytes
Signatures total : 26331
Target categories : 10
Target families : 491
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:42 %
Total physical memory:523760 kb
Available physical memory:215764 kb
Total page file size:1280520 kb
Available on page file:1015588 kb
Total virtual memory:2097024 kb
Available virtual memory:2047628 kb
OS:
Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-aware Settings
=========================
Set : Unload recognized processes during scanning
Set : Reanalyze result after scanning, before displaying result list
Set : Run scan as background process (Low CPU usage)
Set : Include basic Ad-aware settings in logfile
Set : Include additional Ad-aware settings in logfile
Set : Let windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Always back up reference file, before updating
Set : Play sound if scan produced a result
04/06/2004 20:07:59 - Scan started. (Custom mode)
Listing running processes
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 04/06/2004 18:06:29
BasePriority : Normal
#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 04/06/2004 18:06:31
BasePriority : High
#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 04/06/2004 18:06:32
BasePriority : Normal
FileSize : 99 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
Copyright : Copyright (C) Microsoft Corporation. Reservados todos los derechos.
CompanyName : Microsoft Corporation
FileDescription : Aplicaci
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Sistema operativo Microsoft
Created on : 24/08/2001 16:00:00
Last accessed : 04/06/2004 17:09:36
Last modified : 24/08/2001 16:00:00
#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 04/06/2004 18:06:32
BasePriority : Normal
FileSize : 11 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft
Created on : 09/09/2002 17:51:32
Last accessed : 04/06/2004 17:09:36
Last modified : 09/09/2002 17:51:32
#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 04/06/2004 18:06:33
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 24/08/2001 16:00:00
Last accessed : 04/06/2004 17:26:06
Last modified : 24/08/2001 16:00:00
#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 04/06/2004 18:06:33
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 24/08/2001 16:00:00
Last accessed : 04/06/2004 17:26:06
Last modified : 24/08/2001 16:00:00
#:7 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 04/06/2004 18:06:36
BasePriority : Normal
FileSize : 50 KB
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft
Created on : 24/08/2001 16:00:00
Last accessed : 04/06/2004 17:09:36
Last modified : 24/08/2001 16:00:00
#:8 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 04/06/2004 18:06:36
BasePriority : Normal
FileSize : 983 KB
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Explorador de Windows
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Sistema operativo Microsoft
Created on : 09/09/2002 17:51:28
Last accessed : 04/06/2004 18:06:58
Last modified : 09/09/2002 17:51:28
#:9 [hpqcmon.exe]
FilePath : C:\Archivos de programa\Hewlett-Packard\Digital Imaging\Unload\
ThreadCreationTime : 04/06/2004 18:06:39
BasePriority : Normal
FileSize : 88 KB
FileVersion : 2.0.0.133
ProductVersion : 2.0.0.133
Copyright : Copyright (C) 2001
FileDescription : HpqCmon MFC Application
InternalName : HpqCmon
OriginalFilename : HpqCmon.EXE
ProductName : HpqCmon Application
Created on : 06/10/2002 22:23:20
Last accessed : 04/06/2004 18:06:29
Last modified : 06/10/2002 22:23:20
#:10 [hpgs2wnd.exe]
FilePath : C:\Archivos de programa\Hewlett-Packard\HP Share-to-Web\
ThreadCreationTime : 04/06/2004 18:06:39
BasePriority : Normal
FileSize : 68 KB
FileVersion : 2,3,0,0\
ProductVersion : 2,3,0,0\
Copyright : Copyright
CompanyName : Hewlett-Packard
FileDescription : hpgs2wnd
InternalName : hpgs2wnd
OriginalFilename : hpgs2wnd.exe
ProductName : Hewlett-Packard hpgs2wnd
Created on : 17/04/2002 8:42:56
Last accessed : 04/06/2004 18:06:29
Last modified : 17/04/2002 8:42:56
#:11 [clonecdtray.exe]
FilePath : C:\Archivos de programa\Elaborate Bytes\CloneCD\
ThreadCreationTime : 04/06/2004 18:06:39
BasePriority : Normal
FileSize : 72 KB
FileVersion : 4, 2, 0, 0
ProductVersion : 4, 2, 0, 0
Copyright : Copyright
CompanyName : Elaborate Bytes AG
FileDescription : CloneCD Tray
InternalName : CloneCDTray
OriginalFilename : CloneCDTray.exe
ProductName : CloneCD
Created on : 02/12/2002 14:17:37
Last accessed : 04/06/2004 18:07:03
Last modified : 02/12/2002 14:17:37
#:12 [qttask.exe]
FilePath : C:\Archivos de programa\QuickTime\
ThreadCreationTime : 04/06/2004 18:06:40
BasePriority : Normal
FileSize : 76 KB
FileVersion : 6.1c
ProductVersion : QuickTime 6.1c
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
OriginalFilename : QTTask.exe
ProductName : QuickTime
Created on : 29/06/2003 18:13:55
Last accessed : 04/06/2004 18:06:29
Last modified : 29/06/2003 18:13:55
#:13 [lvcoms.exe]
FilePath : C:\Archivos de programa\Archivos comunes\Logitech\QCDriver3\
ThreadCreationTime : 04/06/2004 18:06:40
BasePriority : Normal
FileSize : 124 KB
FileVersion : 7.3.0.1113
ProductVersion : 7.3.0.1113
Copyright : (c) 1996-2002 Logitech. All rights reserved.
CompanyName : Logitech Inc.
FileDescription : LVCom Server
InternalName : LVComS.exe
OriginalFilename : LVComS.exe
ProductName : Logitech ImageStudio
Created on : 25/12/2003 14:40:01
Last accessed : 04/06/2004 18:06:29
Last modified : 10/12/2002 16:54:04
#:14 [logitray.exe]
FilePath : C:\Archivos de programa\Logitech\ImageStudio\
ThreadCreationTime : 04/06/2004 18:06:40
BasePriority : Normal
FileSize : 60 KB
FileVersion : 7.3.0.1113
ProductVersion : 7.3.0.1113
Copyright : (c) 1996-2002 Logitech. All rights reserved.
CompanyName : Logitech Inc.
FileDescription : ImageStudio Tray Application
InternalName : LogiTray.exe
OriginalFilename : LogiTray.exe
ProductName : Logitech ImageStudio
Created on : 10/12/2002 17:31:34
Last accessed : 04/06/2004 18:06:29
Last modified : 10/12/2002 17:31:34
#:15 [winampa.exe]
FilePath : C:\Archivos de programa\Winamp\
ThreadCreationTime : 04/06/2004 18:06:40
BasePriority : Normal
FileSize : 33 KB
Created on : 13/12/2003 0:50:34
Last accessed : 04/06/2004 18:06:29
Last modified : 13/12/2003 0:50:34
#:16 [realsched.exe]
FilePath : C:\Archivos de programa\Archivos comunes\Real\Update_OB\
ThreadCreationTime : 04/06/2004 18:06:40
BasePriority : Normal
FileSize : 148 KB
FileVersion : 0.1.0.1622
ProductVersion : 0.1.0.1622
Copyright : Copyright
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
OriginalFilename : realsched.exe
ProductName : RealOne Player (32-bit)
Created on : 05/02/2004 16:10:02
Last accessed : 04/06/2004 18:06:29
Last modified : 05/02/2004 16:10:02
#:17 [msgplus.exe]
FilePath : C:\Archivos de programa\Messenger Plus! 3\
ThreadCreationTime : 04/06/2004 18:06:40
BasePriority : Normal
FileSize : 156 KB
FileVersion : 3, 0, 0, 92
ProductVersion : 3, 0, 0, 92
Copyright : Copyright (C) 2001-2004
CompanyName : Patchou
FileDescription : Messenger Plus!
InternalName : MsgPlus
OriginalFilename : MsgPlus.exe
ProductName : Messenger Plus! 3
Created on : 30/05/2004 16:41:30
Last accessed : 04/06/2004 18:06:40
Last modified : 30/05/2004 16:41:39
#:18 [pccguide.exe]
FilePath : C:\Archivos de programa\Trend Micro\Internet Security\
ThreadCreationTime : 04/06/2004 18:06:41
BasePriority : Normal
FileSize : 920 KB
FileVersion : 11.0.0.1295
ProductVersion : 11.0.0
Copyright : Copyright (C) 1995-2003 Trend Micro Incorporated. All rights reserved.
CompanyName : Trend Micro Incorporated.
FileDescription : PCCGuide
InternalName : PCCGuide
OriginalFilename : PCCGuide
ProductName : Trend Pc-cillin 11
Created on : 14/11/2003 17:44:44
Last accessed : 04/06/2004 18:06:29
Last modified : 14/11/2003 17:44:44
#:19 [pcclient.exe]
FilePath : C:\Archivos de programa\Trend Micro\Internet Security\
ThreadCreationTime : 04/06/2004 18:06:41
BasePriority : Normal
FileSize : 620 KB
FileVersion : 11.0.0.1295
ProductVersion : 11.0.0
Copyright : Copyright (C) 1995-2003 Trend Micro Incorporated. All rights reserved.
CompanyName : Trend Micro Incorporated.
FileDescription : PCClient
InternalName : PCClient
OriginalFilename : PCClient
ProductName : Trend Pc-cillin 11
Created on : 14/11/2003 17:44:18
Last accessed : 04/06/2004 18:06:29
Last modified : 14/11/2003 17:44:18
#:20 [tmoagent.exe]
FilePath : C:\Archivos de programa\Trend Micro\Internet Security\
ThreadCreationTime : 04/06/2004 18:06:41
BasePriority : Normal
FileSize : 284 KB
FileVersion : 11.0.0.1295
ProductVersion : 11.0.0
Copyright : Copyright (C) 1995-2003 Trend Micro Incorporated. All rights reserved.
CompanyName : Trend Micro Incorporated.
FileDescription : TrendMicro Outbreak agent
InternalName : TMOAgent
OriginalFilename : TMOAgent.EXE
ProductName : Trend Pc-cillin 11
Created on : 14/11/2003 17:43:06
Last accessed : 04/06/2004 18:06:29
Last modified : 14/11/2003 17:43:06
#:21 [navapw32.exe]
FilePath : C:\ARCHIV~1\NORTON~1\
ThreadCreationTime : 04/06/2004 18:06:41
BasePriority : Normal
FileSize : 77 KB
FileVersion : 8.07.17
ProductVersion : 8.07.17
Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Agent
InternalName : NAVAPW32
OriginalFilename : NAVAPW32.EXE
ProductName : Norton AntiVirus
Created on : 25/03/2002 11:25:26
Last accessed : 04/06/2004 18:06:29
Last modified : 25/03/2002 11:25:26
#:22 [ad-aware.exe]
FilePath : C:\Archivos de programa\Lavasoft\Ad-aware 6\
ThreadCreationTime : 04/06/2004 18:06:42
BasePriority : Idle
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 22/07/2003 11:30:07
Last accessed : 04/06/2004 18:06:29
Last modified : 12/07/2003 20:00:20
#:23 [ctfmon.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 04/06/2004 18:06:42
BasePriority : Normal
FileSize : 13 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
OriginalFilename : CTFMON.EXE
ProductName : Microsoft
Created on : 09/09/2002 17:51:26
Last accessed : 04/06/2004 18:06:29
Last modified : 09/09/2002 17:51:26
#:24 [service.exe]
FilePath : C:\docume~1\toni\datosd~1\
ThreadCreationTime : 04/06/2004 18:06:43
BasePriority : Normal
FileSize : 12 KB
Created on : 03/06/2004 22:34:54
Last accessed : 04/06/2004 18:06:29
Last modified : 03/06/2004 22:34:54
#:25 [backweb-8876480.exe]
FilePath : C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\
ThreadCreationTime : 04/06/2004 18:06:43
BasePriority : Normal
FileSize : 16 KB
Created on : 17/04/2004 5:51:08
Last accessed : 04/06/2004 18:06:29
Last modified : 17/04/2004 4:30:36
#:26 [navapsvc.exe]
FilePath : C:\Archivos de programa\Norton AntiVirus\
ThreadCreationTime : 04/06/2004 18:06:45
BasePriority : Normal
FileSize : 113 KB
FileVersion : 8.07.17
ProductVersion : 8.07.17
Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
OriginalFilename : NAVAPSVC.EXE
ProductName : Norton AntiVirus
Created on : 25/03/2002 11:26:12
Last accessed : 04/06/2004 18:06:29
Last modified : 25/03/2002 11:26:12
#:27 [hpgs2wnf.exe]
FilePath : C:\Archivos de programa\Hewlett-Packard\HP Share-to-Web\
ThreadCreationTime : 04/06/2004 18:06:46
BasePriority : Normal
FileSize : 76 KB
FileVersion : 2, 6, 0,
ProductVersion : 2, 6, 0,
Copyright : Copyright 2001
FileDescription : hpgs2wnf Module
InternalName : hpgs2wnf
OriginalFilename : hpgs2wnf.EXE
ProductName : hpgs2wnf Module
Created on : 17/04/2002 8:49:16
Last accessed : 04/06/2004 18:06:29
Last modified : 17/04/2002 8:49:16
#:28 [calcheck.exe]
FilePath : C:\Archivos de programa\Ulead Systems\Ulead Photo Express 4.0 SE\
ThreadCreationTime : 04/06/2004 18:06:46
BasePriority : Normal
FileSize : 56 KB
FileVersion : 4, 0, 0, 0
ProductVersion : 1, 0, 0, 1
Copyright : Copyright (C) 1992-1999.Ulead Systems, Inc.
CompanyName : Ulead Systems, Inc.
FileDescription : Photo Express -- Calendar Checker
InternalName : CalCheck
OriginalFilename : CalCheck.EXE
ProductName : Calendar Checker Application
Created on : 21/10/2003 18:48:47
Last accessed : 04/06/2004 18:07:09
Last modified : 15/03/2001 9:50:56
#:29 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 04/06/2004 18:06:48
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 24/08/2001 16:00:00
Last accessed : 04/06/2004 17:26:06
Last modified : 24/08/2001 16:00:00
#:30 [tmntsrv.exe]
FilePath : C:\Archivos de programa\Trend Micro\Internet Security\
ThreadCreationTime : 04/06/2004 18:06:52
BasePriority : Normal
FileSize : 236 KB
FileVersion : 11.0.0.1295
ProductVersion : 11.0.0
Copyright : Copyright (C) 1995-2003 Trend Micro Incorporated. All rights reserved.
CompanyName : Trend Micro Incorporated.
FileDescription : Tmntsrv
InternalName : Tmntsrv
OriginalFilename : Tmntsrv.exe
ProductName : Trend Pc-cillin 11
Created on : 14/11/2003 17:50:16
Last accessed : 04/06/2004 17:09:37
Last modified : 14/11/2003 17:50:16
#:31 [tmproxy.exe]
FilePath : C:\Archivos de programa\Trend Micro\Internet Security\
ThreadCreationTime : 04/06/2004 18:06:53
BasePriority : Normal
FileSize : 200 KB
FileVersion : 11.0.0.1295
ProductVersion : 11.0.0
Copyright : Copyright (C) 1995-2003 Trend Micro Incorporated. All rights reserved.
CompanyName : Trend Micro Incorporated.
FileDescription : TmProxy.exe
InternalName : TmProxy.exe
OriginalFilename : TmProxy.exe
ProductName : Trend Pc-cillin 11
Created on : 14/11/2003 17:51:24
Last accessed : 04/06/2004 18:06:29
Last modified : 14/11/2003 17:51:24
#:32 [pccpfw.exe]
FilePath : C:\Archivos de programa\Trend Micro\Internet Security\
ThreadCreationTime : 04/06/2004 18:06:57
BasePriority : Normal
FileSize : 684 KB
FileVersion : 11.0.0.1295
ProductVersion : 11.0.0
Copyright : Copyright (C) 1995-2003 Trend Micro Incorporated. All rights reserved.
CompanyName : Trend Micro Incorporated.
FileDescription : PCCPFW
InternalName : PCCPFW
OriginalFilename : PCCPFW.exe
ProductName : Trend Pc-cillin 11
Created on : 14/11/2003 17:47:28
Last accessed : 04/06/2004 18:06:29
Last modified : 14/11/2003 17:47:28
#:33 [lowlight.exe]
FilePath : C:\Archivos de programa\Logitech\ImageStudio\
ThreadCreationTime : 04/06/2004 18:07:35
BasePriority : Normal
FileSize : 52 KB
FileVersion : 7.3.0.1113
ProductVersion : 7.3.0.1113
Copyright : (c) 1996-2002 Logitech. All rights reserved.
CompanyName : Logitech Inc.
FileDescription : Automatic Low Light Module
InternalName : LowLight.exe
OriginalFilename : LowLight.exe
ProductName : Logitech ImageStudio
Created on : 10/12/2002 17:33:42
Last accessed : 04/06/2004 18:07:33
Last modified : 10/12/2002 17:33:42
Memory scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0
Started registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
CoolWebSearch Object recognized!
Type : RegValue
Data :
Category : Malware
Comment : "HOMEOldSP"
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Internet Explorer\Main
Value : HOMEOldSP
Registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 1
Objects found so far: 1
Started deep registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pageabout:blank
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "about:blank"
Category : Malware
Comment : Possible browser hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "about:blank"
Possible browser hijack attempt : .Default\Software\Microsoft\Internet Explorer\MainStart Pageabout:blank
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "about:blank"
Category : Malware
Comment : Possible browser hijack attempt
Rootkey : HKEY_USERS
Object : .Default\Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "about:blank"
CoolWebSearch Object recognized!
Type : RegKey
Data :
Category : Malware
Comment : c:\windows\system32\pcojba.dll
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{0D5D2B02-4BB3-493A-A808-A80140384D9B}
CoolWebSearch Object recognized!
Type : File
Data : pcojba.dll
Category : Malware
Comment :
Object : c:\windows\system32\
FileSize : 30 KB
Created on : 04/06/2004 18:07:49
Last accessed : 04/06/2004 18:07:49
Last modified : 04/06/2004 18:07:49
CoolWebSearch Object recognized!
Type : RegKey
Data :
Category : Malware
Comment : c:\windows\system32\pcojba.dll
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{AC6B826F-9851-444B-A14C-CBDE1D09A500}
CoolWebSearch Object recognized!
Type : RegKey
Data :
Category : Malware
Comment : c:\windows\system32\pcojba.dll
Rootkey : HKEY_CLASSES_ROOT
Object : PROTOCOLS\Filter\text/html
CoolWebSearch Object recognized!
Type : RegKey
Data :
Category : Malware
Comment : c:\windows\system32\pcojba.dll
Rootkey : HKEY_CLASSES_ROOT
Object : PROTOCOLS\Filter\text/plain
CoolWebSearch Object recognized!
Type : RegKey
Data :
Category : Malware
Comment : c:\windows\system32\pcojba.dll
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0D5D2B02-4BB3-493A-A808-A80140384D9B}
Deep registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 7
Objects found so far: 9
Deep scanning and examining files (C:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Disk scan result for C:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 9
Scanning Hosts file(C:\WINDOWS\System32\drivers\etc\hosts)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Hosts file scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
1 entries scanned.
New objects :0
Objects found so far: 9
Performing conditional scans..
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Conditional scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 9
Reanalyzing scan result
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
No objects have been removed from the result list.
20:32:00 Scan complete
Summary of this scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Total scanning time :00:24:00:625
Objects scanned :180379
Objects identified :9
Objects ignored :0
New objects :9
FatsGordon:
Ok. Si ponés todo eso en cuarentena, y después reiniciás la máquina (es importantísimo reiniciar) y volvés a pasar el Ad-aware, ¿qué sucede? ¿Sale límpio?
Dabo:
bienvenido amigo, sientete en tu casa
otro pescata :wink: un saludo
a ver si nos contesta fats :wink:
Navegación
[#] Página Siguiente
Ir a la versión completa