a ver esos resultados
primero te pongo el log de ayer, y luego el de hoy ok?
Nota: sa ma pasao volver a pasar el adware despeus de pasar el de hoy para saber si no tenia nada :oops:
-------------------------------------------------------------------------------------
[ad-ware 6 log (16-07 01.05).TXT]
Lavasoft Ad-aware Personal Build 6.181
Logfile created on :viernes, 16 de julio de 2004 0:44:55
Created with Ad-aware Personal, free for private use.
Using reference-file :01R332 12.07.2004
______________________________________________________
Reffile status:
=========================
Reference file loaded:
Reference Number : 01R332 12.07.2004
Internal build : 264
File location : C:\Archivos de programa\Lavasoft\Ad-aware 6\reflist.ref
Total size : 1304680 Bytes
Signature data size : 1283888 Bytes
Reference data size : 20728 Bytes
Signatures total : 28484
Target categories : 10
Target families : 520
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium II
Memory available:74 %
Total physical memory:261684 kb
Available physical memory:191596 kb
Total page file size:632856 kb
Available on page file:564052 kb
Total virtual memory:2097024 kb
Available virtual memory:2053080 kb
OS:Windows 2000
Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-aware Settings
=========================
Set : Unload recognized processes during scanning
Set : Include basic Ad-aware settings in logfile
Set : Include additional Ad-aware settings in logfile
Set : Let windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Always back up reference file, before updating
Set : Play sound if scan produced a result
16-07-2004 0:44:55 - Scan started. (Custom mode)
Listing running processes
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 15-07-2004 22:41:27
BasePriority : Normal
#:2 [winlogon.exe]
FilePath : \??\C:\WINNT\SYSTEM32\
ThreadCreationTime : 15-07-2004 22:41:51
BasePriority : High
#:3 [services.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 15-07-2004 22:41:58
BasePriority : Normal
FileSize : 87 KB
FileVersion : 5.00.2195.6700
ProductVersion : 5.00.2195.6700
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Aplicaci
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Sistema operativo Microsoft(R) Windows (R) 2000
Created on : 02/09/2003 16:58:57
Last accessed : 15/07/2004 22:41:58
Last modified : 19/06/2003 19:05:04
#:4 [lsass.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 15-07-2004 22:41:58
BasePriority : Normal
FileSize : 36 KB
FileVersion : 5.00.2195.6695
ProductVersion : 5.00.2195.6695
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : DLL de servidor y ejecutable LSA (versi
InternalName : lsasrv.dll and lsass.exe
OriginalFilename : lsasrv.dll and lsass.exe
ProductName : Sistema operativo Microsoft(R) Windows(R) 2000
Created on : 02/09/2003 16:58:54
Last accessed : 15/07/2004 22:41:58
Last modified : 19/06/2003 19:05:04
#:5 [svchost.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 15-07-2004 22:42:05
BasePriority : Normal
FileSize : 7 KB
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 01/12/1999 8:40:16
Last accessed : 15/07/2004 22:42:05
Last modified : 01/12/1999 8:40:16
#:6 [winmgmt.exe]
FilePath : C:\WINNT\System32\WBEM\
ThreadCreationTime : 15-07-2004 22:42:07
BasePriority : Normal
FileSize : 192 KB
FileVersion : 1.50.1085.0100
ProductVersion : 1.50.1085.0100
Copyright : Copyright (C) Microsoft Corp. 1995-1999
CompanyName : Microsoft Corporation
FileDescription : Instrumental de administraci
InternalName : WINMGMT
ProductName : Instrumental de administraci
Created on : 23/11/2003 1:15:57
Last accessed : 15/07/2004 22:42:07
Last modified : 19/06/2003 19:05:04
#:7 [userinit.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 15-07-2004 22:44:10
BasePriority : Normal
FileSize : 17 KB
FileVersion : 5.00.2195.6612
ProductVersion : 5.00.2195.6612
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Aplicaci
InternalName : userinit
OriginalFilename : USERINIT.EXE
ProductName : Sistema operativo Microsoft(R) Windows (R) 2000
Created on : 02/09/2003 16:58:57
Last accessed : 15/07/2004 22:44:10
Last modified : 19/06/2003 19:05:04
#:8 [explorer.exe]
FilePath : C:\WINNT\
ThreadCreationTime : 15-07-2004 22:44:12
BasePriority : Normal
FileSize : 238 KB
FileVersion : 5.00.3700.6690
ProductVersion : 5.00.3700.6690
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 22/11/2003 23:54:10
Last accessed : 15/07/2004 22:44:12
Last modified : 19/06/2003 19:05:04
#:9 [ad-aware.exe]
FilePath : C:\Archivos de programa\Lavasoft\Ad-aware 6\
ThreadCreationTime : 15-07-2004 22:44:34
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 26/06/2004 17:27:44
Last accessed : 15/07/2004 22:38:14
Last modified : 12/07/2003 20:00:20
Memory scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0
Started registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
PeopleOnPage Object recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "AutoLoaderAproposClient"
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value : AutoLoaderAproposClient
Registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 1
Objects found so far: 1
Started deep registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pageabout:blank
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "about:blank"
Category : Data Miner
Comment : Possible browser hijack attempt
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "about:blank"
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pageabout:blank
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "about:blank"
Category : Data Miner
Comment : Possible browser hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "about:blank"
Possible browser hijack attempt : .Default\Software\Microsoft\Internet Explorer\MainStart Pageabout:blank
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "about:blank"
Category : Data Miner
Comment : Possible browser hijack attempt
Rootkey : HKEY_USERS
Object : .Default\Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "about:blank"
CoolWebSearch Object recognized!
Type : RegKey
Data :
Category : Malware
Comment : c:\winnt\system32\fdop.dll
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{4CE5986A-005E-4B87-A91B-764B169E918A}
CoolWebSearch Object recognized!
Type : File
Data : fdop.dll
Category : Malware
Comment :
Object : c:\winnt\system32\
FileSize : 30 KB
Created on : 30/05/2004 1:49:38
Last accessed : 15/07/2004 22:34:59
Last modified : 30/05/2004 1:49:38
CoolWebSearch Object recognized!
Type : RegKey
Data :
Category : Malware
Comment : c:\winnt\system32\fdop.dll
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{57496027-B2F5-4823-BFD6-8AC94455F658}
CoolWebSearch Object recognized!
Type : RegKey
Data :
Category : Malware
Comment : c:\winnt\system32\fdop.dll
Rootkey : HKEY_CLASSES_ROOT
Object : PROTOCOLS\Filter\text/html
CoolWebSearch Object recognized!
Type : RegKey
Data :
Category : Malware
Comment : c:\winnt\system32\fdop.dll
Rootkey : HKEY_CLASSES_ROOT
Object : PROTOCOLS\Filter\text/plain
CoolWebSearch Object recognized!
Type : RegKey
Data :
Category : Malware
Comment : c:\winnt\system32\fdop.dll
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4CE5986A-005E-4B87-A91B-764B169E918A}
Deep registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 8
Objects found so far: 10
Deep scanning and examining files (A:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Disk scan result for A:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 10
Deep scanning and examining files (C:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Tracking Cookie Object recognized!
Type : File
Data :
[email protected][1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Administrador\Configuración local\Temp\Cookies\
Created on : 10/06/2004 0:53:50
Last accessed : 15/07/2004 22:56:14
Last modified : 10/06/2004 0:53:53
Tracking Cookie Object recognized!
Type : File
Data :
[email protected][1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Administrador\Configuración local\Temp\Cookies\
Created on : 09/06/2004 23:45:45
Last accessed : 15/07/2004 22:56:14
Last modified : 09/06/2004 23:45:48
Tracking Cookie Object recognized!
Type : File
Data : administrador@advertising[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Administrador\Configuración local\Temp\Cookies\
Created on : 10/06/2004 0:38:02
Last accessed : 15/07/2004 22:56:14
Last modified : 10/06/2004 0:38:02
Tracking Cookie Object recognized!
Type : File
Data : administrador@cgi-bin[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Administrador\Configuración local\Temp\Cookies\
Created on : 10/06/2004 0:53:37
Last accessed : 15/07/2004 22:56:15
Last modified : 10/06/2004 0:53:37
Tracking Cookie Object recognized!
Type : File
Data : administrador@doubleclick[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Administrador\Configuración local\Temp\Cookies\
Created on : 01/07/2004 18:25:42
Last accessed : 15/07/2004 22:56:15
Last modified : 01/07/2004 18:28:40
Tracking Cookie Object recognized!
Type : File
Data : administrador@mediaplex[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Administrador\Configuración local\Temp\Cookies\
Created on : 01/07/2004 19:59:24
Last accessed : 15/07/2004 22:56:15
Last modified : 01/07/2004 19:59:28
Tracking Cookie Object recognized!
Type : File
Data : administrador@paycounter[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Administrador\Configuración local\Temp\Cookies\
Created on : 01/07/2004 18:06:57
Last accessed : 15/07/2004 22:56:16
Last modified : 01/07/2004 18:06:57
Tracking Cookie Object recognized!
Type : File
Data : administrador@qksrv[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Administrador\Configuración local\Temp\Cookies\
Created on : 10/06/2004 0:38:18
Last accessed : 15/07/2004 22:56:16
Last modified : 10/06/2004 0:38:18
Tracking Cookie Object recognized!
Type : File
Data :
[email protected][2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Administrador\Configuración local\Temp\Cookies\
Created on : 10/06/2004 0:40:50
Last accessed : 15/07/2004 22:56:16
Last modified : 10/06/2004 0:40:50
Tracking Cookie Object recognized!
Type : File
Data : administrador@sexlist[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Administrador\Configuración local\Temp\Cookies\
Created on : 01/07/2004 17:58:04
Last accessed : 15/07/2004 22:56:16
Last modified : 01/07/2004 17:58:04
Tracking Cookie Object recognized!
Type : File
Data : administrador@tradedoubler[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Administrador\Configuración local\Temp\Cookies\
Created on : 01/07/2004 22:13:33
Last accessed : 15/07/2004 22:56:16
Last modified : 01/07/2004 22:13:33
Tracking Cookie Object recognized!
Type : File
Data : administrador@xxxcounter[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Administrador\Configuración local\Temp\Cookies\
Created on : 01/07/2004 17:58:15
Last accessed : 15/07/2004 22:56:17
Last modified : 01/07/2004 17:58:15
Tracking Cookie Object recognized!
Type : File
Data : administrador@bfast[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Administrador\Cookies\
Created on : 14/07/2004 23:35:02
Last accessed : 15/07/2004 22:57:07
Last modified : 14/07/2004 23:35:03
Tracking Cookie Object recognized!
Type : File
Data : administrador@doubleclick[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Administrador\Cookies\
Created on : 15/07/2004 0:14:30
Last accessed : 15/07/2004 22:57:07
Last modified : 15/07/2004 0:15:43
Tracking Cookie Object recognized!
Type : File
Data : administrador@fastclick[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Administrador\Cookies\
Created on : 14/07/2004 22:24:43
Last accessed : 15/07/2004 22:57:08
Last modified : 14/07/2004 22:24:57
Tracking Cookie Object recognized!
Type : File
Data : administrador@gator[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Administrador\Cookies\
Created on : 14/07/2004 22:24:45
Last accessed : 15/07/2004 22:57:08
Last modified : 14/07/2004 22:24:58
Tracking Cookie Object recognized!
Type : File
Data :
[email protected][1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Administrador\Cookies\
Created on : 15/07/2004 0:16:06
Last accessed : 15/07/2004 22:57:08
Last modified : 15/07/2004 0:16:06
Tracking Cookie Object recognized!
Type : File
Data : administrador@hitbox[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Administrador\Cookies\
Created on : 15/07/2004 0:16:03
Last accessed : 15/07/2004 22:57:08
Last modified : 15/07/2004 0:16:06
Tracking Cookie Object recognized!
Type : File
Data : administrador@paycounter[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Administrador\Cookies\
Created on : 15/07/2004 0:28:01
Last accessed : 15/07/2004 22:57:08
Last modified : 15/07/2004 0:28:01
Disk scan result for C:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 29
Deep scanning and examining files (D:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Disk scan result for D:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 29
Deep scanning and examining files (E:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Disk scan result for E:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 29
Deep scanning and examining files (F:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Disk scan result for F:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 29
Deep scanning and examining files (G:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Disk scan result for G:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 29
Deep scanning and examining files (H:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Disk scan result for H:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 29
Scanning Hosts file(C:\WINNT\system32\drivers\etc\hosts)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Hosts file scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
1 entries scanned.
New objects :0
Objects found so far: 29
Performing conditional scans..
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
PeopleOnPage Object recognized!
Type : Folder
Category : Data Miner
Comment :
Object : c:\docume~1\admini~1\config~1\temp\~apropos0
PeopleOnPage Object recognized!
Type : Folder
Category : Data Miner
Comment :
Object : c:\docume~1\admini~1\config~1\temp\~compoundinst0
PeopleOnPage Object recognized!
Type : File
Data : auf0.exe
Category : Data Miner
Comment :
Object : c:\docume~1\admini~1\config~1\temp\
FileSize : 1471 KB
Created on : 14/01/2004 19:25:59
Last accessed : 15/07/2004 23:04:51
Last modified : 14/01/2004 19:27:02
PeopleOnPage Object recognized!
Type : File
Data : atla.dll
Category : Data Miner
Comment :
Object : c:\docume~1\admini~1\config~1\temp\~apropos0\
FileSize : 72 KB
FileVersion : 3.00.8449
ProductVersion : 6.00.8449
Copyright : Copyright
CompanyName : Microsoft Corporation
FileDescription : ATL Module for Windows (ANSI)
InternalName : ATL
OriginalFilename : ATL.DLL
ProductName : Microsoft (R) Visual C++
Created on : 14/01/2004 20:23:10
Last accessed : 15/07/2004 23:04:51
Last modified : 14/01/2004 20:23:10
PeopleOnPage Object recognized!
Type : File
Data : atlw.dll
Category : Data Miner
Comment :
Object : c:\docume~1\admini~1\config~1\temp\~apropos0\
FileSize : 73 KB
FileVersion : 3.00.9435
ProductVersion : 6.00.9435
Copyright : Copyright
CompanyName : Microsoft Corporation
FileDescription : ATL Module for Windows NT (Unicode)
InternalName : ATL
OriginalFilename : ATL.DLL
ProductName : Microsoft (R) Visual C++
Created on : 14/01/2004 20:23:10
Last accessed : 15/07/2004 23:04:51
Last modified : 14/01/2004 20:23:10
PeopleOnPage Object recognized!
Type : File
Data : setup.inf
Category : Data Miner
Comment :
Object : c:\docume~1\admini~1\config~1\temp\~apropos0\
FileSize : 1 KB
Created on : 14/01/2004 20:23:11
Last accessed : 15/07/2004 23:04:51
Last modified : 14/01/2004 20:23:11
CoolWebSearch Object recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
Value : ITBarLayout
Conditional scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 7
Objects found so far: 36
1:04:53 Scan complete
Summary of this scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Total scanning time :00:19:55:519
Objects scanned :80720
Objects identified :36
Objects ignored :0
New objects :36
-------------------------------------------------------------------------------------
[ad-ware 6 log (17-07 00.55).TXT]
Lavasoft Ad-aware Personal Build 6.181
Logfile created on :sábado, 17 de julio de 2004 0:42:02
Created with Ad-aware Personal, free for private use.
Using reference-file :01R332 12.07.2004
______________________________________________________
Reffile status:
=========================
Reference file loaded:
Reference Number : 01R332 12.07.2004
Internal build : 264
File location : C:\Archivos de programa\Lavasoft\Ad-aware 6\reflist.ref
Total size : 1304680 Bytes
Signature data size : 1283888 Bytes
Reference data size : 20728 Bytes
Signatures total : 28484
Target categories : 10
Target families : 520
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium II
Memory available:74 %
Total physical memory:261684 kb
Available physical memory:192540 kb
Total page file size:632856 kb
Available on page file:564420 kb
Total virtual memory:2097024 kb
Available virtual memory:2053092 kb
OS:Windows 2000
Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-aware Settings
=========================
Set : Unload recognized processes during scanning
Set : Include basic Ad-aware settings in logfile
Set : Include additional Ad-aware settings in logfile
Set : Let windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Always back up reference file, before updating
Set : Play sound if scan produced a result
17-07-2004 0:42:02 - Scan started. (Custom mode)
Listing running processes
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 16-07-2004 22:37:55
BasePriority : Normal
#:2 [winlogon.exe]
FilePath : \??\C:\WINNT\SYSTEM32\
ThreadCreationTime : 16-07-2004 22:38:19
BasePriority : High
#:3 [services.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 16-07-2004 22:38:26
BasePriority : Normal
FileSize : 87 KB
FileVersion : 5.00.2195.6700
ProductVersion : 5.00.2195.6700
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Aplicaci
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Sistema operativo Microsoft(R) Windows (R) 2000
Created on : 02/09/2003 16:58:57
Last accessed : 16/07/2004 22:36:32
Last modified : 19/06/2003 19:05:04
#:4 [lsass.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 16-07-2004 22:38:26
BasePriority : Normal
FileSize : 36 KB
FileVersion : 5.00.2195.6695
ProductVersion : 5.00.2195.6695
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : DLL de servidor y ejecutable LSA (versi
InternalName : lsasrv.dll and lsass.exe
OriginalFilename : lsasrv.dll and lsass.exe
ProductName : Sistema operativo Microsoft(R) Windows(R) 2000
Created on : 02/09/2003 16:58:54
Last accessed : 16/07/2004 22:36:32
Last modified : 19/06/2003 19:05:04
#:5 [svchost.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 16-07-2004 22:38:32
BasePriority : Normal
FileSize : 7 KB
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 01/12/1999 8:40:16
Last accessed : 16/07/2004 22:38:32
Last modified : 01/12/1999 8:40:16
#:6 [winmgmt.exe]
FilePath : C:\WINNT\System32\WBEM\
ThreadCreationTime : 16-07-2004 22:38:34
BasePriority : Normal
FileSize : 192 KB
FileVersion : 1.50.1085.0100
ProductVersion : 1.50.1085.0100
Copyright : Copyright (C) Microsoft Corp. 1995-1999
CompanyName : Microsoft Corporation
FileDescription : Instrumental de administraci
InternalName : WINMGMT
ProductName : Instrumental de administraci
Created on : 23/11/2003 1:15:57
Last accessed : 16/07/2004 22:38:34
Last modified : 19/06/2003 19:05:04
#:7 [userinit.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 16-07-2004 22:40:37
BasePriority : Normal
FileSize : 17 KB
FileVersion : 5.00.2195.6612
ProductVersion : 5.00.2195.6612
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Aplicaci
InternalName : userinit
OriginalFilename : USERINIT.EXE
ProductName : Sistema operativo Microsoft(R) Windows (R) 2000
Created on : 02/09/2003 16:58:57
Last accessed : 16/07/2004 22:40:37
Last modified : 19/06/2003 19:05:04
#:8 [explorer.exe]
FilePath : C:\WINNT\
ThreadCreationTime : 16-07-2004 22:40:39
BasePriority : Normal
FileSize : 238 KB
FileVersion : 5.00.3700.6690
ProductVersion : 5.00.3700.6690
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 22/11/2003 23:54:10
Last accessed : 16/07/2004 22:40:39
Last modified : 19/06/2003 19:05:04
#:9 [ad-aware.exe]
FilePath : C:\Archivos de programa\Lavasoft\Ad-aware 6\
ThreadCreationTime : 16-07-2004 22:41:47
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 26/06/2004 17:27:44
Last accessed : 16/07/2004 22:41:47
Last modified : 12/07/2003 20:00:20
Memory scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0
Started registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0
Started deep registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pageabout:blank
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "about:blank"
Category : Data Miner
Comment : Possible browser hijack attempt
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "about:blank"
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pageabout:blank
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "about:blank"
Category : Data Miner
Comment : Possible browser hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "about:blank"
Possible browser hijack attempt : .Default\Software\Microsoft\Internet Explorer\MainStart Pageabout:blank
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "about:blank"
Category : Data Miner
Comment : Possible browser hijack attempt
Rootkey : HKEY_USERS
Object : .Default\Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "about:blank"
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Pagetemp\sp.html
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "file://C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\sp.html"
Category : Data Miner
Comment : Possible browser hijack attempt
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Main
Value : Search Page
Data : "file://C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\sp.html"
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Bartemp\sp.html
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "file://C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\sp.html"
Category : Data Miner
Comment : Possible browser hijack attempt
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Main
Value : Search Bar
Data : "file://C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\sp.html"
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\SearchSearchAssistanttemp\sp.html
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "file://C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\sp.html"
Category : Data Miner
Comment : Possible browser hijack attempt
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Search
Value : SearchAssistant
Data : "file://C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\sp.html"
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Pagetemp\sp.html
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "file://C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\sp.html"
Category : Data Miner
Comment : Possible browser hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Search Page
Data : "file://C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\sp.html"
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Bartemp\sp.html
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "file://C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\sp.html"
Category : Data Miner
Comment : Possible browser hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Search Bar
Data : "file://C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\sp.html"
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\SearchSearchAssistanttemp\sp.html
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "file://C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\sp.html"
Category : Data Miner
Comment : Possible browser hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Search
Value : SearchAssistant
Data : "file://C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\sp.html"
Possible browser hijack attempt : .Default\Software\Microsoft\Internet Explorer\MainSearch Pagetemp\sp.html
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "file://C:\WINNT\TEMP\sp.html"
Category : Data Miner
Comment : Possible browser hijack attempt
Rootkey : HKEY_USERS
Object : .Default\Software\Microsoft\Internet Explorer\Main
Value : Search Page
Data : "file://C:\WINNT\TEMP\sp.html"
Possible browser hijack attempt : .Default\Software\Microsoft\Internet Explorer\MainSearch Bartemp\sp.html
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "file://C:\WINNT\TEMP\sp.html"
Category : Data Miner
Comment : Possible browser hijack attempt
Rootkey : HKEY_USERS
Object : .Default\Software\Microsoft\Internet Explorer\Main
Value : Search Bar
Data : "file://C:\WINNT\TEMP\sp.html"
Possible browser hijack attempt : .Default\Software\Microsoft\Internet Explorer\SearchSearchAssistanttemp\sp.html
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "file://C:\WINNT\TEMP\sp.html"
Category : Data Miner
Comment : Possible browser hijack attempt
Rootkey : HKEY_USERS
Object : .Default\Software\Microsoft\Internet Explorer\Search
Value : SearchAssistant
Data : "file://C:\WINNT\TEMP\sp.html"
CoolWebSearch Object recognized!
Type : RegKey
Data :
Category : Malware
Comment : c:\winnt\system32\aok.dll
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{30D24C24-EA2F-41FC-8BCF-4CAE6277F0E9}
CoolWebSearch Object recognized!
Type : File
Data : aok.dll
Category : Malware
Comment :
Object : c:\winnt\system32\
FileSize : 30 KB
Created on : 16/07/2004 16:11:36
Last accessed : 16/07/2004 21:55:56
Last modified : 16/07/2004 16:11:36
CoolWebSearch Object recognized!
Type : RegKey
Data :
Category : Malware
Comment : c:\winnt\system32\aok.dll
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{B15CB30E-1EAA-472F-BF70-ED1FD32C1EA2}
CoolWebSearch Object recognized!
Type : RegKey
Data :
Category : Malware
Comment : c:\winnt\system32\aok.dll
Rootkey : HKEY_CLASSES_ROOT
Object : PROTOCOLS\Filter\text/html
CoolWebSearch Object recognized!
Type : RegKey
Data :
Category : Malware
Comment : c:\winnt\system32\aok.dll
Rootkey : HKEY_CLASSES_ROOT
Object : PROTOCOLS\Filter\text/plain
CoolWebSearch Object recognized!
Type : RegKey
Data :
Category : Malware
Comment : c:\winnt\system32\aok.dll
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30D24C24-EA2F-41FC-8BCF-4CAE6277F0E9}
Deep registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 17
Objects found so far: 18
Deep scanning and examining files (A:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Disk scan result for A:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 18
Deep scanning and examining files (C:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Tracking Cookie Object recognized!
Type : File
Data : administrador@2o7[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Administrador\Cookies\
Created on : 16/07/2004 22:30:03
Last accessed : 16/07/2004 22:30:03
Last modified : 16/07/2004 22:30:03
Tracking Cookie Object recognized!
Type : File
Data :
[email protected][1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Administrador\Cookies\
Created on : 16/07/2004 20:54:35
Last accessed : 16/07/2004 22:46:44
Last modified : 16/07/2004 21:11:28
Tracking Cookie Object recognized!
Type : File
Data : administrador@atdmt[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Administrador\Cookies\
Created on : 16/07/2004 16:18:55
Last accessed : 16/07/2004 22:46:44
Last modified : 16/07/2004 16:18:55
Tracking Cookie Object recognized!
Type : File
Data : administrador@doubleclick[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Administrador\Cookies\
Created on : 16/07/2004 20:34:50
Last accessed : 16/07/2004 22:46:44
Last modified : 16/07/2004 20:34:54
Tracking Cookie Object recognized!
Type : File
Data : administrador@fastclick[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Administrador\Cookies\
Created on : 16/07/2004 17:00:42
Last accessed : 16/07/2004 22:46:44
Last modified : 16/07/2004 17:00:42
Tracking Cookie Object recognized!
Type : File
Data : administrador@gator[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Administrador\Cookies\
Created on : 16/07/2004 16:57:43
Last accessed : 16/07/2004 22:46:44
Last modified : 16/07/2004 16:58:07
Tracking Cookie Object recognized!
Type : File
Data : administrador@mediaplex[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Administrador\Cookies\
Created on : 16/07/2004 20:34:51
Last accessed : 16/07/2004 22:46:45
Last modified : 16/07/2004 20:34:51
Disk scan result for C:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 25
Deep scanning and examining files (D:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Disk scan result for D:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 25
Deep scanning and examining files (E:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Disk scan result for E:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 25
Deep scanning and examining files (F:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Disk scan result for F:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 25
Deep scanning and examining files (G:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Disk scan result for G:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 25
Deep scanning and examining files (H:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Disk scan result for H:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 25
Scanning Hosts file(C:\WINNT\system32\drivers\etc\hosts)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Hosts file scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
1 entries scanned.
New objects :0
Objects found so far: 25
Performing conditional scans..
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
CoolWebSearch Object recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
Value : ITBarLayout
CoolWebSearch Object recognized!
Type : File
Data : sp.html
Category : Malware
Comment :
Object : c:\docume~1\admini~1\config~1\temp\
FileSize : 7 KB
Created on : 16/07/2004 16:17:48
Last accessed : 16/07/2004 22:26:06
Last modified : 16/07/2004 22:26:06
Conditional scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 2
Objects found so far: 27
0:54:45 Scan complete
Summary of this scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Total scanning time :00:12:41:104
Objects scanned :79917
Objects identified :27
Objects ignored :0
New objects :27