Hoy cuando llegue de trabajar le he pasado el Adware y le he puesto los archivos en cuarentena y reinicie el ordenador.
Volvia a pasar el Adware y mientras estuve visitando un par de paginas, como me daba muchos objetos volvi a guardarlos y reinicie de nuevo.
Cuando reinicio me salta la alerta de Norton diciendo que tengo un scrip dañino, pero no lo reconoce ningun antivirus, ni Norton, ni Panda On-line. Los avisos son los siguientes:
Fecha: 06/06/2004, Hora: 10:48:36, Toni
Análisis de virus iniciado.
Fecha: 06/06/2004, Hora: 10:48:36, Toni
Análisis de virus finalizado.
Registros de arranque maestro:
Analizados: 0
Infectados: 0
Reparados: 0
Registros de arranque:
Analizados: 0
Infectados: 0
Reparados: 0
Archivos:
Analizados: 1
Infectados: 0
Reparados: 0
En cuarentena: 0
Borrados: 0
Fecha: 06/06/2004, Hora: 10:56:54, Toni en PEPINO-NTML9537
El archivo
C:\WINDOWS\odbc.hta
está infectado por el virus VBS.StartPage.C.
No es posible reparar este archivo.
Fecha: 06/06/2004, Hora: 10:56:56, Toni en PEPINO-NTML9537
El archivo
C:\WINDOWS\odbc.hta
está infectado por el virus VBS.StartPage.C.
Se ha denegado el acceso al archivo.
Fecha: 06/06/2004, Hora: 11:03:58, Toni en PEPINO-NTML9537
El bloqueo de secuencias de comandos detectó una actividad sospechosa.
Archivo: C:\WINDOWS\odbc.hta
Objeto: FileSystem Object
Actividad: GetSpecialFolder
Se detuvo la secuencia de comandos.
He buscado el archivo odbc.hta y no esta en el directorio de windows, lo he buscado con la herramienta buscar y tampoco aparece nada de ese archivo.
Ahora os pongo los tres ultimos archivos del Adware, durante el ultimo no se toca el ordenador para nada, se reinicia y se deja que acabe el proceso del Adware:
Lavasoft Ad-aware Personal Build 6.181
Logfile created on :domingo, 06 de junio de 2004 9:48:04
Created with Ad-aware Personal, free for private use.
Using reference-file :01R314 02.06.2004
______________________________________________________
Reffile status:
=========================
Reference file loaded:
Reference Number : 01R314 02.06.2004
Internal build : 246
File location : C:\Archivos de programa\Lavasoft\Ad-aware 6
\reflist.ref
Total size : 1201492 Bytes
Signature data size : 1181377 Bytes
Reference data size : 20051 Bytes
Signatures total : 26331
Target categories : 10
Target families : 491
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:41 %
Total physical memory:523760 kb
Available physical memory:211608 kb
Total page file size:1280520 kb
Available on page file:1021204 kb
Total virtual memory:2097024 kb
Available virtual memory:2047728 kb
OS:
Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-aware Settings
=========================
Set : Unload recognized processes during scanning
Set : Reanalyze result after scanning, before displaying result list
Set : Run scan as background process (Low CPU usage)
Set : Include basic Ad-aware settings in logfile
Set : Include additional Ad-aware settings in logfile
Set : Let windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Always back up reference file, before updating
Set : Play sound if scan produced a result
06/06/2004 9:48:04 - Scan started. (Custom mode)
Listing running processes
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 06/06/2004 7:47:01
BasePriority : Normal
#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 06/06/2004 7:47:03
BasePriority : High
#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 06/06/2004 7:47:04
BasePriority : Normal
FileSize : 99 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
Copyright : Copyright (C) Microsoft Corporation. Reservados todos los derechos.
CompanyName : Microsoft Corporation
FileDescription : Aplicaci
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Sistema operativo Microsoft
Created on : 24/08/2001 16:00:00
Last accessed : 06/06/2004 7:47:01
Last modified : 24/08/2001 16:00:00
#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 06/06/2004 7:47:04
BasePriority : Normal
FileSize : 11 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft
Created on : 09/09/2002 17:51:32
Last accessed : 06/06/2004 7:47:01
Last modified : 09/09/2002 17:51:32
#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 06/06/2004 7:47:05
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 24/08/2001 16:00:00
Last accessed : 06/06/2004 7:47:01
Last modified : 24/08/2001 16:00:00
#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 06/06/2004 7:47:05
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 24/08/2001 16:00:00
Last accessed : 06/06/2004 7:47:01
Last modified : 24/08/2001 16:00:00
#:7 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 06/06/2004 7:47:08
BasePriority : Normal
FileSize : 983 KB
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Explorador de Windows
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Sistema operativo Microsoft
Created on : 09/09/2002 17:51:28
Last accessed : 06/06/2004 7:47:20
Last modified : 09/09/2002 17:51:28
#:8 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 06/06/2004 7:47:09
BasePriority : Normal
FileSize : 50 KB
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft
Created on : 24/08/2001 16:00:00
Last accessed : 06/06/2004 7:47:01
Last modified : 24/08/2001 16:00:00
#:9 [hpqcmon.exe]
FilePath : C:\Archivos de programa\Hewlett-Packard\Digital Imaging\Unload\
ThreadCreationTime : 06/06/2004 7:47:11
BasePriority : Normal
FileSize : 88 KB
FileVersion : 2.0.0.133
ProductVersion : 2.0.0.133
Copyright : Copyright (C) 2001
FileDescription : HpqCmon MFC Application
InternalName : HpqCmon
OriginalFilename : HpqCmon.EXE
ProductName : HpqCmon Application
Created on : 06/10/2002 22:23:20
Last accessed : 06/06/2004 7:47:01
Last modified : 06/10/2002 22:23:20
#:10 [hpgs2wnd.exe]
FilePath : C:\Archivos de programa\Hewlett-Packard\HP Share-to-Web\
ThreadCreationTime : 06/06/2004 7:47:11
BasePriority : Normal
FileSize : 68 KB
FileVersion : 2,3,0,0\
ProductVersion : 2,3,0,0\
Copyright : Copyright
CompanyName : Hewlett-Packard
FileDescription : hpgs2wnd
InternalName : hpgs2wnd
OriginalFilename : hpgs2wnd.exe
ProductName : Hewlett-Packard hpgs2wnd
Created on : 17/04/2002 8:42:56
Last accessed : 06/06/2004 7:47:01
Last modified : 17/04/2002 8:42:56
#:11 [clonecdtray.exe]
FilePath : C:\Archivos de programa\Elaborate Bytes\CloneCD\
ThreadCreationTime : 06/06/2004 7:47:11
BasePriority : Normal
FileSize : 72 KB
FileVersion : 4, 2, 0, 0
ProductVersion : 4, 2, 0, 0
Copyright : Copyright
CompanyName : Elaborate Bytes AG
FileDescription : CloneCD Tray
InternalName : CloneCDTray
OriginalFilename : CloneCDTray.exe
ProductName : CloneCD
Created on : 02/12/2002 14:17:37
Last accessed : 06/06/2004 7:47:11
Last modified : 02/12/2002 14:17:37
#:12 [qttask.exe]
FilePath : C:\Archivos de programa\QuickTime\
ThreadCreationTime : 06/06/2004 7:47:11
BasePriority : Normal
FileSize : 76 KB
FileVersion : 6.1c
ProductVersion : QuickTime 6.1c
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
OriginalFilename : QTTask.exe
ProductName : QuickTime
Created on : 29/06/2003 18:13:55
Last accessed : 06/06/2004 7:47:01
Last modified : 29/06/2003 18:13:55
#:13 [lvcoms.exe]
FilePath : C:\Archivos de programa\Archivos comunes\Logitech\QCDriver3\
ThreadCreationTime : 06/06/2004 7:47:11
BasePriority : Normal
FileSize : 124 KB
FileVersion : 7.3.0.1113
ProductVersion : 7.3.0.1113
Copyright : (c) 1996-2002 Logitech. All rights reserved.
CompanyName : Logitech Inc.
FileDescription : LVCom Server
InternalName : LVComS.exe
OriginalFilename : LVComS.exe
ProductName : Logitech ImageStudio
Created on : 25/12/2003 14:40:01
Last accessed : 06/06/2004 7:47:01
Last modified : 10/12/2002 16:54:04
#:14 [logitray.exe]
FilePath : C:\Archivos de programa\Logitech\ImageStudio\
ThreadCreationTime : 06/06/2004 7:47:12
BasePriority : Normal
FileSize : 60 KB
FileVersion : 7.3.0.1113
ProductVersion : 7.3.0.1113
Copyright : (c) 1996-2002 Logitech. All rights reserved.
CompanyName : Logitech Inc.
FileDescription : ImageStudio Tray Application
InternalName : LogiTray.exe
OriginalFilename : LogiTray.exe
ProductName : Logitech ImageStudio
Created on : 10/12/2002 17:31:34
Last accessed : 06/06/2004 7:47:01
Last modified : 10/12/2002 17:31:34
#:15 [winampa.exe]
FilePath : C:\Archivos de programa\Winamp\
ThreadCreationTime : 06/06/2004 7:47:12
BasePriority : Normal
FileSize : 33 KB
Created on : 13/12/2003 0:50:34
Last accessed : 06/06/2004 7:47:01
Last modified : 13/12/2003 0:50:34
#:16 [realsched.exe]
FilePath : C:\Archivos de programa\Archivos comunes\Real\Update_OB\
ThreadCreationTime : 06/06/2004 7:47:12
BasePriority : Normal
FileSize : 148 KB
FileVersion : 0.1.0.1622
ProductVersion : 0.1.0.1622
Copyright : Copyright
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
OriginalFilename : realsched.exe
ProductName : RealOne Player (32-bit)
Created on : 05/02/2004 16:10:02
Last accessed : 06/06/2004 7:47:01
Last modified : 05/02/2004 16:10:02
#:17 [msgplus.exe]
FilePath : C:\Archivos de programa\Messenger Plus! 3\
ThreadCreationTime : 06/06/2004 7:47:12
BasePriority : Normal
FileSize : 156 KB
FileVersion : 3, 0, 0, 92
ProductVersion : 3, 0, 0, 92
Copyright : Copyright (C) 2001-2004
CompanyName : Patchou
FileDescription : Messenger Plus!
InternalName : MsgPlus
OriginalFilename : MsgPlus.exe
ProductName : Messenger Plus! 3
Created on : 30/05/2004 16:41:30
Last accessed : 06/06/2004 7:47:12
Last modified : 30/05/2004 16:41:39
#:18 [pccguide.exe]
FilePath : C:\Archivos de programa\Trend Micro\Internet Security\
ThreadCreationTime : 06/06/2004 7:47:13
BasePriority : Normal
FileSize : 920 KB
FileVersion : 11.0.0.1295
ProductVersion : 11.0.0
Copyright : Copyright (C) 1995-2003 Trend Micro Incorporated. All rights reserved.
CompanyName : Trend Micro Incorporated.
FileDescription : PCCGuide
InternalName : PCCGuide
OriginalFilename : PCCGuide
ProductName : Trend Pc-cillin 11
Created on : 14/11/2003 17:44:44
Last accessed : 06/06/2004 7:47:01
Last modified : 14/11/2003 17:44:44
#:19 [pcclient.exe]
FilePath : C:\Archivos de programa\Trend Micro\Internet Security\
ThreadCreationTime : 06/06/2004 7:47:13
BasePriority : Normal
FileSize : 620 KB
FileVersion : 11.0.0.1295
ProductVersion : 11.0.0
Copyright : Copyright (C) 1995-2003 Trend Micro Incorporated. All rights reserved.
CompanyName : Trend Micro Incorporated.
FileDescription : PCClient
InternalName : PCClient
OriginalFilename : PCClient
ProductName : Trend Pc-cillin 11
Created on : 14/11/2003 17:44:18
Last accessed : 06/06/2004 7:47:01
Last modified : 14/11/2003 17:44:18
#:20 [tmoagent.exe]
FilePath : C:\Archivos de programa\Trend Micro\Internet Security\
ThreadCreationTime : 06/06/2004 7:47:13
BasePriority : Normal
FileSize : 284 KB
FileVersion : 11.0.0.1295
ProductVersion : 11.0.0
Copyright : Copyright (C) 1995-2003 Trend Micro Incorporated. All rights reserved.
CompanyName : Trend Micro Incorporated.
FileDescription : TrendMicro Outbreak agent
InternalName : TMOAgent
OriginalFilename : TMOAgent.EXE
ProductName : Trend Pc-cillin 11
Created on : 14/11/2003 17:43:06
Last accessed : 06/06/2004 7:47:01
Last modified : 14/11/2003 17:43:06
#:21 [navapw32.exe]
FilePath : C:\ARCHIV~1\NORTON~1\
ThreadCreationTime : 06/06/2004 7:47:13
BasePriority : Normal
FileSize : 77 KB
FileVersion : 8.07.17
ProductVersion : 8.07.17
Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Agent
InternalName : NAVAPW32
OriginalFilename : NAVAPW32.EXE
ProductName : Norton AntiVirus
Created on : 25/03/2002 11:25:26
Last accessed : 06/06/2004 7:47:01
Last modified : 25/03/2002 11:25:26
#:22 [ad-aware.exe]
FilePath : C:\Archivos de programa\Lavasoft\Ad-aware 6\
ThreadCreationTime : 06/06/2004 7:47:14
BasePriority : Idle
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 22/07/2003 11:30:07
Last accessed : 06/06/2004 7:47:01
Last modified : 12/07/2003 20:00:20
#:23 [ctfmon.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 06/06/2004 7:47:14
BasePriority : Normal
FileSize : 13 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
OriginalFilename : CTFMON.EXE
ProductName : Microsoft
Created on : 09/09/2002 17:51:26
Last accessed : 06/06/2004 7:47:01
Last modified : 09/09/2002 17:51:26
#:24 [service.exe]
FilePath : C:\docume~1\toni\datosd~1\
ThreadCreationTime : 06/06/2004 7:47:15
BasePriority : Normal
FileSize : 12 KB
Created on : 03/06/2004 22:34:54
Last accessed : 06/06/2004 7:47:01
Last modified : 03/06/2004 22:34:54
#:25 [realevent.exe]
FilePath : C:\Archivos de programa\Archivos comunes\Real\Update_OB\
ThreadCreationTime : 06/06/2004 7:47:15
BasePriority : Idle
FileSize : 52 KB
FileVersion : 0.1.0.1622
ProductVersion : 0.1.0.1622
Copyright : Copyright
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Event Launcher
InternalName : wrapperapp
OriginalFilename : realevent.exe
ProductName : RealOne Player (32-bit)
Created on : 05/02/2004 16:10:02
Last accessed : 06/06/2004 7:27:25
Last modified : 05/02/2004 16:10:02
#:26 [backweb-8876480.exe]
FilePath : C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\
ThreadCreationTime : 06/06/2004 7:47:16
BasePriority : Normal
FileSize : 16 KB
Created on : 17/04/2004 5:51:08
Last accessed : 06/06/2004 7:47:01
Last modified : 17/04/2004 4:30:36
#:27 [calcheck.exe]
FilePath : C:\Archivos de programa\Ulead Systems\Ulead Photo Express 4.0 SE\
ThreadCreationTime : 06/06/2004 7:47:17
BasePriority : Normal
FileSize : 56 KB
FileVersion : 4, 0, 0, 0
ProductVersion : 1, 0, 0, 1
Copyright : Copyright (C) 1992-1999.Ulead Systems, Inc.
CompanyName : Ulead Systems, Inc.
FileDescription : Photo Express -- Calendar Checker
InternalName : CalCheck
OriginalFilename : CalCheck.EXE
ProductName : Calendar Checker Application
Created on : 21/10/2003 18:48:47
Last accessed : 06/06/2004 7:47:23
Last modified : 15/03/2001 9:50:56
#:28 [navapsvc.exe]
FilePath : C:\Archivos de programa\Norton AntiVirus\
ThreadCreationTime : 06/06/2004 7:47:18
BasePriority : Normal
FileSize : 113 KB
FileVersion : 8.07.17
ProductVersion : 8.07.17
Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
OriginalFilename : NAVAPSVC.EXE
ProductName : Norton AntiVirus
Created on : 25/03/2002 11:26:12
Last accessed : 06/06/2004 7:47:01
Last modified : 25/03/2002 11:26:12
#:29 [hpgs2wnf.exe]
FilePath : C:\Archivos de programa\Hewlett-Packard\HP Share-to-Web\
ThreadCreationTime : 06/06/2004 7:47:18
BasePriority : Normal
FileSize : 76 KB
FileVersion : 2, 6, 0,
ProductVersion : 2, 6, 0,
Copyright : Copyright 2001
FileDescription : hpgs2wnf Module
InternalName : hpgs2wnf
OriginalFilename : hpgs2wnf.EXE
ProductName : hpgs2wnf Module
Created on : 17/04/2002 8:49:16
Last accessed : 06/06/2004 7:47:01
Last modified : 17/04/2002 8:49:16
#:30 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 06/06/2004 7:47:21
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 24/08/2001 16:00:00
Last accessed : 06/06/2004 7:47:01
Last modified : 24/08/2001 16:00:00
#:31 [taskmgr.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 06/06/2004 7:47:21
BasePriority : High
FileSize : 131 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : Administrador de tareas de Windows
InternalName : taskmgr
OriginalFilename : taskmgr.exe
ProductName : Sistema operativo Microsoft
Created on : 09/09/2002 17:51:38
Last accessed : 06/06/2004 7:47:29
Last modified : 09/09/2002 17:51:38
#:32 [tmntsrv.exe]
FilePath : C:\Archivos de programa\Trend Micro\Internet Security\
ThreadCreationTime : 06/06/2004 7:47:22
BasePriority : Normal
FileSize : 236 KB
FileVersion : 11.0.0.1295
ProductVersion : 11.0.0
Copyright : Copyright (C) 1995-2003 Trend Micro Incorporated. All rights reserved.
CompanyName : Trend Micro Incorporated.
FileDescription : Tmntsrv
InternalName : Tmntsrv
OriginalFilename : Tmntsrv.exe
ProductName : Trend Pc-cillin 11
Created on : 14/11/2003 17:50:16
Last accessed : 06/06/2004 7:47:01
Last modified : 14/11/2003 17:50:16
#:33 [tmproxy.exe]
FilePath : C:\Archivos de programa\Trend Micro\Internet Security\
ThreadCreationTime : 06/06/2004 7:47:26
BasePriority : Normal
FileSize : 200 KB
FileVersion : 11.0.0.1295
ProductVersion : 11.0.0
Copyright : Copyright (C) 1995-2003 Trend Micro Incorporated. All rights reserved.
CompanyName : Trend Micro Incorporated.
FileDescription : TmProxy.exe
InternalName : TmProxy.exe
OriginalFilename : TmProxy.exe
ProductName : Trend Pc-cillin 11
Created on : 14/11/2003 17:51:24
Last accessed : 06/06/2004 7:42:59
Last modified : 14/11/2003 17:51:24
#:34 [pccpfw.exe]
FilePath : C:\Archivos de programa\Trend Micro\Internet Security\
ThreadCreationTime : 06/06/2004 7:47:29
BasePriority : Normal
FileSize : 684 KB
FileVersion : 11.0.0.1295
ProductVersion : 11.0.0
Copyright : Copyright (C) 1995-2003 Trend Micro Incorporated. All rights reserved.
CompanyName : Trend Micro Incorporated.
FileDescription : PCCPFW
InternalName : PCCPFW
OriginalFilename : PCCPFW.exe
ProductName : Trend Pc-cillin 11
Created on : 14/11/2003 17:47:28
Last accessed : 06/06/2004 7:47:01
Last modified : 14/11/2003 17:47:28
Memory scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0
Started registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
CoolWebSearch Object recognized!
Type : RegValue
Data :
Category : Malware
Comment : "HOMEOldSP"
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Internet Explorer\Main
Value : HOMEOldSP
Registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 1
Objects found so far: 1
Started deep registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pageabout:blank
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "about:blank"
Category : Malware
Comment : Possible browser hijack attempt
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "about:blank"
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pageabout:blank
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "about:blank"
Category : Malware
Comment : Possible browser hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "about:blank"
CoolWebSearch Object recognized!
Type : RegKey
Data :
Category : Malware
Comment : c:\windows\system32\hodhp.dll
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{53E09742-A1D4-4C57-93C3-85464BB2114C}
CoolWebSearch Object recognized!
Type : File
Data : hodhp.dll
Category : Malware
Comment :
Object : c:\windows\system32\
FileSize : 30 KB
Created on : 05/06/2004 12:01:59
Last accessed : 06/06/2004 7:42:17
Last modified : 05/06/2004 12:01:59
CoolWebSearch Object recognized!
Type : RegKey
Data :
Category : Malware
Comment : c:\windows\system32\hodhp.dll
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{EB4F4160-1493-4DA0-9180-D450B96F5D1F}
Trusted zone presumably compromised : 63.219.181.7
Possible Browser Hijack attempt Object recognized!
Type : RegKey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : 63.219.181.7
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\63.219.181.7
CoolWebSearch Object recognized!
Type : RegKey
Data :
Category : Malware
Comment : c:\windows\system32\hodhp.dll
Rootkey : HKEY_CLASSES_ROOT
Object : PROTOCOLS\Filter\text/html
CoolWebSearch Object recognized!
Type : RegKey
Data :
Category : Malware
Comment : c:\windows\system32\hodhp.dll
Rootkey : HKEY_CLASSES_ROOT
Object : PROTOCOLS\Filter\text/plain
CoolWebSearch Object recognized!
Type : RegKey
Data :
Category : Malware
Comment : c:\windows\system32\hodhp.dll
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53E09742-A1D4-4C57-93C3-85464BB2114C}
Deep registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 8
Objects found so far: 10
Deep scanning and examining files (C:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Disk scan result for C:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 10
Scanning Hosts file(C:\WINDOWS\System32\drivers\etc\hosts)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Hosts file scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
1 entries scanned.
New objects :0
Objects found so far: 10
Performing conditional scans..
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
CoolWebSearch Object recognized!
Type : File
Data : reg32.exe
Category : Malware
Comment :
Object : c:\windows\system32\
FileSize : 3 KB
Created on : 04/06/2004 21:09:25
Last accessed : 06/06/2004 8:11:26
Last modified : 04/06/2004 21:09:25
Conditional scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 1
Objects found so far: 11
Reanalyzing scan result
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
No objects have been removed from the result list.
10:11:28 Scan complete
Summary of this scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Total scanning time :00:23:22:391
Objects scanned :178646
Objects identified :11
Objects ignored :0
New objects :11
Lavasoft Ad-aware Personal Build 6.181
Logfile created on :domingo, 06 de junio de 2004 10:25:12
Created with Ad-aware Personal, free for private use.
Using reference-file :01R314 02.06.2004
______________________________________________________
Reffile status:
=========================
Reference file loaded:
Reference Number : 01R314 02.06.2004
Internal build : 246
File location : C:\Archivos de programa\Lavasoft\Ad-aware 6
\reflist.ref
Total size : 1201492 Bytes
Signature data size : 1181377 Bytes
Reference data size : 20051 Bytes
Signatures total : 26331
Target categories : 10
Target families : 491
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:14 %
Total physical memory:523760 kb
Available physical memory:71744 kb
Total page file size:1280520 kb
Available on page file:589368 kb
Total virtual memory:2097024 kb
Available virtual memory:2047728 kb
OS:
Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-aware Settings
=========================
Set : Unload recognized processes during scanning
Set : Reanalyze result after scanning, before displaying result list
Set : Run scan as background process (Low CPU usage)
Set : Include basic Ad-aware settings in logfile
Set : Include additional Ad-aware settings in logfile
Set : Let windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Always back up reference file, before updating
Set : Play sound if scan produced a result
06-06-2004 10:25:12 - Scan started. (Custom mode)
Listing running processes
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 06-06-2004 7:47:01
BasePriority : Normal
#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 06-06-2004 7:47:03
BasePriority : High
#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 06-06-2004 7:47:04
BasePriority : Normal
FileSize : 99 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
Copyright : Copyright (C) Microsoft Corporation. Reservados todos los derechos.
CompanyName : Microsoft Corporation
FileDescription : Aplicaci
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Sistema operativo Microsoft
Created on : 24/08/2001 16:00:00
Last accessed : 06/06/2004 7:47:01
Last modified : 24/08/2001 16:00:00
#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 06-06-2004 7:47:04
BasePriority : Normal
FileSize : 11 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft
Created on : 09/09/2002 17:51:32
Last accessed : 06/06/2004 7:47:01
Last modified : 09/09/2002 17:51:32
#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 06-06-2004 7:47:05
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 24/08/2001 16:00:00
Last accessed : 06/06/2004 7:47:01
Last modified : 24/08/2001 16:00:00
#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 06-06-2004 7:47:05
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 24/08/2001 16:00:00
Last accessed : 06/06/2004 7:47:01
Last modified : 24/08/2001 16:00:00
#:7 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 06-06-2004 7:47:08
BasePriority : Normal
FileSize : 983 KB
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Explorador de Windows
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Sistema operativo Microsoft
Created on : 09/09/2002 17:51:28
Last accessed : 06/06/2004 8:20:02
Last modified : 09/09/2002 17:51:28
#:8 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 06-06-2004 7:47:09
BasePriority : Normal
FileSize : 50 KB
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft
Created on : 24/08/2001 16:00:00
Last accessed : 06/06/2004 7:47:01
Last modified : 24/08/2001 16:00:00
#:9 [hpqcmon.exe]
FilePath : C:\Archivos de programa\Hewlett-Packard\Digital Imaging\Unload\
ThreadCreationTime : 06-06-2004 7:47:11
BasePriority : Normal
FileSize : 88 KB
FileVersion : 2.0.0.133
ProductVersion : 2.0.0.133
Copyright : Copyright (C) 2001
FileDescription : HpqCmon MFC Application
InternalName : HpqCmon
OriginalFilename : HpqCmon.EXE
ProductName : HpqCmon Application
Created on : 06/10/2002 22:23:20
Last accessed : 06/06/2004 7:47:01
Last modified : 06/10/2002 22:23:20
#:10 [hpgs2wnd.exe]
FilePath : C:\Archivos de programa\Hewlett-Packard\HP Share-to-Web\
ThreadCreationTime : 06-06-2004 7:47:11
BasePriority : Normal
FileSize : 68 KB
FileVersion : 2,3,0,0\
ProductVersion : 2,3,0,0\
Copyright : Copyright
CompanyName : Hewlett-Packard
FileDescription : hpgs2wnd
InternalName : hpgs2wnd
OriginalFilename : hpgs2wnd.exe
ProductName : Hewlett-Packard hpgs2wnd
Created on : 17/04/2002 8:42:56
Last accessed : 06/06/2004 7:47:01
Last modified : 17/04/2002 8:42:56
#:11 [clonecdtray.exe]
FilePath : C:\Archivos de programa\Elaborate Bytes\CloneCD\
ThreadCreationTime : 06-06-2004 7:47:11
BasePriority : Normal
FileSize : 72 KB
FileVersion : 4, 2, 0, 0
ProductVersion : 4, 2, 0, 0
Copyright : Copyright
CompanyName : Elaborate Bytes AG
FileDescription : CloneCD Tray
InternalName : CloneCDTray
OriginalFilename : CloneCDTray.exe
ProductName : CloneCD
Created on : 02/12/2002 14:17:37
Last accessed : 06/06/2004 7:47:11
Last modified : 02/12/2002 14:17:37
#:12 [qttask.exe]
FilePath : C:\Archivos de programa\QuickTime\
ThreadCreationTime : 06-06-2004 7:47:11
BasePriority : Normal
FileSize : 76 KB
FileVersion : 6.1c
ProductVersion : QuickTime 6.1c
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
OriginalFilename : QTTask.exe
ProductName : QuickTime
Created on : 29/06/2003 18:13:55
Last accessed : 06/06/2004 7:47:01
Last modified : 29/06/2003 18:13:55
#:13 [lvcoms.exe]
FilePath : C:\Archivos de programa\Archivos comunes\Logitech\QCDriver3\
ThreadCreationTime : 06-06-2004 7:47:11
BasePriority : Normal
FileSize : 124 KB
FileVersion : 7.3.0.1113
ProductVersion : 7.3.0.1113
Copyright : (c) 1996-2002 Logitech. All rights reserved.
CompanyName : Logitech Inc.
FileDescription : LVCom Server
InternalName : LVComS.exe
OriginalFilename : LVComS.exe
ProductName : Logitech ImageStudio
Created on : 25/12/2003 14:40:01
Last accessed : 06/06/2004 7:47:01
Last modified : 10/12/2002 16:54:04
#:14 [logitray.exe]
FilePath : C:\Archivos de programa\Logitech\ImageStudio\
ThreadCreationTime : 06-06-2004 7:47:12
BasePriority : Normal
FileSize : 60 KB
FileVersion : 7.3.0.1113
ProductVersion : 7.3.0.1113
Copyright : (c) 1996-2002 Logitech. All rights reserved.
CompanyName : Logitech Inc.
FileDescription : ImageStudio Tray Application
InternalName : LogiTray.exe
OriginalFilename : LogiTray.exe
ProductName : Logitech ImageStudio
Created on : 10/12/2002 17:31:34
Last accessed : 06/06/2004 7:47:01
Last modified : 10/12/2002 17:31:34
#:15 [winampa.exe]
FilePath : C:\Archivos de programa\Winamp\
ThreadCreationTime : 06-06-2004 7:47:12
BasePriority : Normal
FileSize : 33 KB
Created on : 13/12/2003 0:50:34
Last accessed : 06/06/2004 7:47:01
Last modified : 13/12/2003 0:50:34
#:16 [realsched.exe]
FilePath : C:\Archivos de programa\Archivos comunes\Real\Update_OB\
ThreadCreationTime : 06-06-2004 7:47:12
BasePriority : Normal
FileSize : 148 KB
FileVersion : 0.1.0.1622
ProductVersion : 0.1.0.1622
Copyright : Copyright
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
OriginalFilename : realsched.exe
ProductName : RealOne Player (32-bit)
Created on : 05/02/2004 16:10:02
Last accessed : 06/06/2004 7:47:01
Last modified : 05/02/2004 16:10:02
#:17 [msgplus.exe]
FilePath : C:\Archivos de programa\Messenger Plus! 3\
ThreadCreationTime : 06-06-2004 7:47:12
BasePriority : Normal
FileSize : 156 KB
FileVersion : 3, 0, 0, 92
ProductVersion : 3, 0, 0, 92
Copyright : Copyright (C) 2001-2004
CompanyName : Patchou
FileDescription : Messenger Plus!
InternalName : MsgPlus
OriginalFilename : MsgPlus.exe
ProductName : Messenger Plus! 3
Created on : 30/05/2004 16:41:30
Last accessed : 06/06/2004 7:47:12
Last modified : 30/05/2004 16:41:39
#:18 [pccguide.exe]
FilePath : C:\Archivos de programa\Trend Micro\Internet Security\
ThreadCreationTime : 06-06-2004 7:47:13
BasePriority : Normal
FileSize : 920 KB
FileVersion : 11.0.0.1295
ProductVersion : 11.0.0
Copyright : Copyright (C) 1995-2003 Trend Micro Incorporated. All rights reserved.
CompanyName : Trend Micro Incorporated.
FileDescription : PCCGuide
InternalName : PCCGuide
OriginalFilename : PCCGuide
ProductName : Trend Pc-cillin 11
Created on : 14/11/2003 17:44:44
Last accessed : 06/06/2004 7:47:01
Last modified : 14/11/2003 17:44:44
#:19 [pcclient.exe]
FilePath : C:\Archivos de programa\Trend Micro\Internet Security\
ThreadCreationTime : 06-06-2004 7:47:13
BasePriority : Normal
FileSize : 620 KB
FileVersion : 11.0.0.1295
ProductVersion : 11.0.0
Copyright : Copyright (C) 1995-2003 Trend Micro Incorporated. All rights reserved.
CompanyName : Trend Micro Incorporated.
FileDescription : PCClient
InternalName : PCClient
OriginalFilename : PCClient
ProductName : Trend Pc-cillin 11
Created on : 14/11/2003 17:44:18
Last accessed : 06/06/2004 7:47:01
Last modified : 14/11/2003 17:44:18
#:20 [tmoagent.exe]
FilePath : C:\Archivos de programa\Trend Micro\Internet Security\
ThreadCreationTime : 06-06-2004 7:47:13
BasePriority : Normal
FileSize : 284 KB
FileVersion : 11.0.0.1295
ProductVersion : 11.0.0
Copyright : Copyright (C) 1995-2003 Trend Micro Incorporated. All rights reserved.
CompanyName : Trend Micro Incorporated.
FileDescription : TrendMicro Outbreak agent
InternalName : TMOAgent
OriginalFilename : TMOAgent.EXE
ProductName : Trend Pc-cillin 11
Created on : 14/11/2003 17:43:06
Last accessed : 06/06/2004 7:47:01
Last modified : 14/11/2003 17:43:06
#:21 [navapw32.exe]
FilePath : C:\ARCHIV~1\NORTON~1\
ThreadCreationTime : 06-06-2004 7:47:13
BasePriority : Normal
FileSize : 77 KB
FileVersion : 8.07.17
ProductVersion : 8.07.17
Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Agent
InternalName : NAVAPW32
OriginalFilename : NAVAPW32.EXE
ProductName : Norton AntiVirus
Created on : 25/03/2002 11:25:26
Last accessed : 06/06/2004 7:47:01
Last modified : 25/03/2002 11:25:26
#:22 [ctfmon.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 06-06-2004 7:47:14
BasePriority : Normal
FileSize : 13 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
OriginalFilename : CTFMON.EXE
ProductName : Microsoft
Created on : 09/09/2002 17:51:26
Last accessed : 06/06/2004 7:47:01
Last modified : 09/09/2002 17:51:26
#:23 [service.exe]
FilePath : C:\docume~1\toni\datosd~1\
ThreadCreationTime : 06-06-2004 7:47:15
BasePriority : Normal
FileSize : 12 KB
Created on : 03/06/2004 22:34:54
Last accessed : 06/06/2004 7:47:01
Last modified : 03/06/2004 22:34:54
#:24 [backweb-8876480.exe]
FilePath : C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\
ThreadCreationTime : 06-06-2004 7:47:16
BasePriority : Normal
FileSize : 16 KB
Created on : 17/04/2004 5:51:08
Last accessed : 06/06/2004 7:47:01
Last modified : 17/04/2004 4:30:36
#:25 [calcheck.exe]
FilePath : C:\Archivos de programa\Ulead Systems\Ulead Photo Express 4.0 SE\
ThreadCreationTime : 06-06-2004 7:47:17
BasePriority : Normal
FileSize : 56 KB
FileVersion : 4, 0, 0, 0
ProductVersion : 1, 0, 0, 1
Copyright : Copyright (C) 1992-1999.Ulead Systems, Inc.
CompanyName : Ulead Systems, Inc.
FileDescription : Photo Express -- Calendar Checker
InternalName : CalCheck
OriginalFilename : CalCheck.EXE
ProductName : Calendar Checker Application
Created on : 21/10/2003 18:48:47
Last accessed : 06/06/2004 7:47:23
Last modified : 15/03/2001 9:50:56
#:26 [navapsvc.exe]
FilePath : C:\Archivos de programa\Norton AntiVirus\
ThreadCreationTime : 06-06-2004 7:47:18
BasePriority : Normal
FileSize : 113 KB
FileVersion : 8.07.17
ProductVersion : 8.07.17
Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
OriginalFilename : NAVAPSVC.EXE
ProductName : Norton AntiVirus
Created on : 25/03/2002 11:26:12
Last accessed : 06/06/2004 7:47:01
Last modified : 25/03/2002 11:26:12
#:27 [hpgs2wnf.exe]
FilePath : C:\Archivos de programa\Hewlett-Packard\HP Share-to-Web\
ThreadCreationTime : 06-06-2004 7:47:18
BasePriority : Normal
FileSize : 76 KB
FileVersion : 2, 6, 0,
ProductVersion : 2, 6, 0,
Copyright : Copyright 2001
FileDescription : hpgs2wnf Module
InternalName : hpgs2wnf
OriginalFilename : hpgs2wnf.EXE
ProductName : hpgs2wnf Module
Created on : 17/04/2002 8:49:16
Last accessed : 06/06/2004 7:47:01
Last modified : 17/04/2002 8:49:16
#:28 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 06-06-2004 7:47:21
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 24/08/2001 16:00:00
Last accessed : 06/06/2004 7:47:01
Last modified : 24/08/2001 16:00:00
#:29 [taskmgr.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 06-06-2004 7:47:21
BasePriority : High
FileSize : 131 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : Administrador de tareas de Windows
InternalName : taskmgr
OriginalFilename : taskmgr.exe
ProductName : Sistema operativo Microsoft
Created on : 09/09/2002 17:51:38
Last accessed : 06/06/2004 7:47:29
Last modified : 09/09/2002 17:51:38
#:30 [tmntsrv.exe]
FilePath : C:\Archivos de programa\Trend Micro\Internet Security\
ThreadCreationTime : 06-06-2004 7:47:22
BasePriority : Normal
FileSize : 236 KB
FileVersion : 11.0.0.1295
ProductVersion : 11.0.0
Copyright : Copyright (C) 1995-2003 Trend Micro Incorporated. All rights reserved.
CompanyName : Trend Micro Incorporated.
FileDescription : Tmntsrv
InternalName : Tmntsrv
OriginalFilename : Tmntsrv.exe
ProductName : Trend Pc-cillin 11
Created on : 14/11/2003 17:50:16
Last accessed : 06/06/2004 7:47:01
Last modified : 14/11/2003 17:50:16
#:31 [tmproxy.exe]
FilePath : C:\Archivos de programa\Trend Micro\Internet Security\
ThreadCreationTime : 06-06-2004 7:47:26
BasePriority : Normal
FileSize : 200 KB
FileVersion : 11.0.0.1295
ProductVersion : 11.0.0
Copyright : Copyright (C) 1995-2003 Trend Micro Incorporated. All rights reserved.
CompanyName : Trend Micro Incorporated.
FileDescription : TmProxy.exe
InternalName : TmProxy.exe
OriginalFilename : TmProxy.exe
ProductName : Trend Pc-cillin 11
Created on : 14/11/2003 17:51:24
Last accessed : 06/06/2004 7:42:59
Last modified : 14/11/2003 17:51:24
#:32 [pccpfw.exe]
FilePath : C:\Archivos de programa\Trend Micro\Internet Security\
ThreadCreationTime : 06-06-2004 7:47:29
BasePriority : Normal
FileSize : 684 KB
FileVersion : 11.0.0.1295
ProductVersion : 11.0.0
Copyright : Copyright (C) 1995-2003 Trend Micro Incorporated. All rights reserved.
CompanyName : Trend Micro Incorporated.
FileDescription : PCCPFW
InternalName : PCCPFW
OriginalFilename : PCCPFW.exe
ProductName : Trend Pc-cillin 11
Created on : 14/11/2003 17:47:28
Last accessed : 06/06/2004 7:47:01
Last modified : 14/11/2003 17:47:28
#:33 [lowlight.exe]
FilePath : C:\Archivos de programa\Logitech\ImageStudio\
ThreadCreationTime : 06-06-2004 7:48:11
BasePriority : Normal
FileSize : 52 KB
FileVersion : 7.3.0.1113
ProductVersion : 7.3.0.1113
Copyright : (c) 1996-2002 Logitech. All rights reserved.
CompanyName : Logitech Inc.
FileDescription : Automatic Low Light Module
InternalName : LowLight.exe
OriginalFilename : LowLight.exe
ProductName : Logitech ImageStudio
Created on : 10/12/2002 17:33:42
Last accessed : 06/06/2004 7:48:09
Last modified : 10/12/2002 17:33:42
#:34 [iexplore.exe]
FilePath : C:\Archivos de programa\Internet Explorer\
ThreadCreationTime : 06-06-2004 7:52:29
BasePriority : Normal
FileSize : 89 KB
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
OriginalFilename : IEXPLORE.EXE
ProductName : Sistema operativo Microsoft
Created on : 19/06/2003 19:16:06
Last accessed : 06/06/2004 7:52:38
Last modified : 09/09/2002 17:51:30
#:35 [excel.exe]
FilePath : C:\Archivos de programa\Microsoft Office\Office\
ThreadCreationTime : 06-06-2004 8:06:34
BasePriority : Normal
FileSize : 6984 KB
FileVersion : 9.0.2719
ProductVersion : 9.0.2719
Copyright : Copyright
CompanyName : Microsoft Corporation
FileDescription : Microsoft Excel for Windows
InternalName : Excel
OriginalFilename : Excel.exe
ProductName : Microsoft Office 2000
Created on : 20/03/1999 20:54:56
Last accessed : 06/06/2004 8:06:31
Last modified : 20/03/1999 20:54:56
#:36 [ad-aware.exe]
FilePath : C:\Archivos de programa\Lavasoft\Ad-aware 6\
ThreadCreationTime : 06-06-2004 8:24:37
BasePriority : Idle
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 22/07/2003 11:30:07
Last accessed : 06/06/2004 8:24:37
Last modified : 12/07/2003 20:00:20
Memory scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0
Started registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
CoolWebSearch Object recognized!
Type : RegValue
Data :
Category : Malware
Comment : "HOMEOldSP"
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Internet Explorer\Main
Value : HOMEOldSP
Registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 1
Objects found so far: 1
Started deep registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pageabout:blank
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "about:blank"
Category : Malware
Comment : Possible browser hijack attempt
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "about:blank"
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pageabout:blank
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "about:blank"
Category : Malware
Comment : Possible browser hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "about:blank"
CoolWebSearch Object recognized!
Type : RegKey
Data :
Category : Malware
Comment : c:\windows\system32\hodhp.dll
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{53E09742-A1D4-4C57-93C3-85464BB2114C}
CoolWebSearch Object recognized!
Type : File
Data : hodhp.dll
Category : Malware
Comment :
Object : c:\windows\system32\
FileSize : 30 KB
Created on : 05/06/2004 12:01:59
Last accessed : 06/06/2004 7:42:17
Last modified : 05/06/2004 12:01:59
CoolWebSearch Object recognized!
Type : RegKey
Data :
Category : Malware
Comment : c:\windows\system32\hodhp.dll
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{EB4F4160-1493-4DA0-9180-D450B96F5D1F}
Trusted zone presumably compromised : 63.219.181.7
Possible Browser Hijack attempt Object recognized!
Type : RegKey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : 63.219.181.7
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\63.219.181.7
CoolWebSearch Object recognized!
Type : RegKey
Data :
Category : Malware
Comment : c:\windows\system32\hodhp.dll
Rootkey : HKEY_CLASSES_ROOT
Obje