Foros de daboweb
SEGURIDAD INFORMATICA, Firewall, parches, vacunas, antivirus, anti troyanos, spyware etc => Seguridad Informatica - Firewall - Virus - Troyanos - Spyware - Ad Aware - Malware => Mensaje iniciado por: brandi659 en 14 de Diciembre de 2004, 04:25:16 pm
-
Hola chic@s,
Cada vez que inicio internet explorer me aparece una página que me es imposible quitar, he intentado configurar la pagina de inicio en el explorer, pero cuando vulevo a entrar me sigue apareciendo, he catualizado el ad-aware y he escaneado el PC en modo seguro, pero sigue apareciendo, me he bajado el RegSupreme y he borrado todos los archivos que me decía, pero sigue apareciendo y eso no es lo peor, sino que se me agregan a mis favoritos páginas que no deseo. También dentro de herramientas del explorer he bloqueado esta página, pero si la dejo bloqueada no puedo entrar en ninguna otra, me tiene desesperado y antes de formatear quería intentar que me echaseis una mano, por favor.
La dirección que me aparece en la página de inicio del explorer es:
http://win-eto.com/hp.htm?id=9
Y la que me aparece al abrir la página es:
http://kita-search.com/enter.htm?id=9
Saludos
brandi659
-
Prueba con el CWshreder (no te puedo asegurar que se escriba exactamente así, pero es que no recuerdo el nombre exacto :oops: )
-
Lo acabo de pasar en modo seguro y no detecta nada, los que si me han detectado son el regsupreme y el ad-aware, pero no logran quitarla, cuando reinicio el orednador me vuelve aparecer y vuelvo a pasar el ad-aware y me detecta siempre 8 archivos, pero no logra eliminarlos.
De todas formas gracias por intentar ayudarme grotfang.
brandi659
-
Pon el log del ad-aware a ver si sacamos la solución.
-
Holas brandi659, haz lo que te dice choche y de paso, aparte de pasarlo en modo a prueba de fallos, si tienes windows XP o ME, has desactivado la opción Restaurar sistema antes de la limpieza? a veces el no hacerlo provoca eso precisamente, que la limpieza no se complete y vuelvan a reaparecer los bichitos molestos al reiniciar. Por si quieres probar a ver si hay suerte ;)
Desactivar restaurar sistema en windows XP (http://alerta-antivirus.red.es/virus/ver_pag.html?tema=V&articulo=11&pagina=3)
Desactivar restaurar sistema en windows ME (http://alerta-antivirus.red.es/virus/ver_pag.html?tema=V&articulo=11&pagina=2)
Saludetes ;)
-
No me dja enviar el log, me aparece que no encuentra la página, ¿existe otra forma de enviarlo?
-
Hola compañeros!
Este es el log del ad-aware, para ver si me podeis echar una mano.
Lavasoft Ad-aware Personal Build 6.181
Logfile created on :miércoles, 15 de diciembre de 2004 14:44:25
Created with Ad-aware Personal, free for private use.
Using reference-file :01R347 26.10.2004
______________________________________________________
Reffile status:
=========================
Reference file loaded:
Reference Number : 01R347 26.10.2004
Internal build : 281
File location : C:\Archivos de programa\Lavasoft\Ad-aware 6\reflist.ref
Total size : 1379284 Bytes
Signature data size : 1356739 Bytes
Reference data size : 22481 Bytes
Signatures total : 29961
Target categories : 10
Target families : 587
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:58 %
Total physical memory:523760 kb
Available physical memory:301008 kb
Total page file size:1277104 kb
Available on page file:1014604 kb
Total virtual memory:2097024 kb
Available virtual memory:2051852 kb
OS:Windows 2000
Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
15-12-2004 14:44:25 - Scan started. (Smart mode)
Listing running processes
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 15-12-2004 13:38:30
BasePriority : Normal
#:2 [winlogon.exe]
FilePath : \??\C:\WINNT\system32\
ThreadCreationTime : 15-12-2004 13:38:34
BasePriority : High
#:3 [services.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 15-12-2004 13:38:35
BasePriority : Normal
FileSize : 86 KB
FileVersion : 5.00.2195.3940
ProductVersion : 5.00.2195.3940
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Aplicaci
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Sistema operativo Microsoft(R) Windows (R) 2000
Created on : 16/12/1999
Last accessed : 15/12/2004 13:41:12
Last modified : 19/07/2002 6:34:00
#:4 [lsass.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 15-12-2004 13:38:35
BasePriority : Normal
FileSize : 36 KB
FileVersion : 5.00.2195.6902
ProductVersion : 5.00.2195.6902
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : DLL de servidor y ejecutable LSA (versi
InternalName : lsasrv.dll and lsass.exe
OriginalFilename : lsasrv.dll and lsass.exe
ProductName : Sistema operativo Microsoft(R) Windows(R) 2000
Created on : 16/12/1999
Last accessed : 15/12/2004 13:41:12
Last modified : 24/03/2004 1:31:38
-
#:5 [smc.exe]
FilePath : C:\Archivos de programa\Sygate\SPF\
ThreadCreationTime : 15-12-2004 13:38:37
BasePriority : Normal
FileSize : 2280 KB
FileVersion : 5.5.00.2516
ProductVersion : 5.5.00.2516
Copyright : Copyright
CompanyName : Sygate Technologies, Inc.
FileDescription : Sygate Agent Firewall
InternalName : Smc
OriginalFilename : Smc.EXE
ProductName : Sygate
Created on : 21/10/2003 14:36:22
Last accessed : 15/12/2004 13:39:03
Last modified : 21/10/2003 14:36:22
#:6 [svchost.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 15-12-2004 13:38:39
BasePriority : Normal
FileSize : 7 KB
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 16/12/1999
Last accessed : 15/12/2004 13:39:11
Last modified : 16/12/1999
#:7 [spoolsv.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 15-12-2004 13:38:40
BasePriority : Normal
FileSize : 44 KB
FileVersion : 5.00.2195.4299
ProductVersion : 5.00.2195.4299
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolss.exe
OriginalFilename : spoolss.exe
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 23/07/2004 11:43:29
Last accessed : 15/12/2004 13:21:03
Last modified : 19/07/2002 6:34:00
#:8 [ccevtmgr.exe]
FilePath : C:\Archivos de programa\Archivos comunes\Symantec Shared\
ThreadCreationTime : 15-12-2004 13:38:40
BasePriority : Normal
FileSize : 309 KB
FileVersion : 1.03.4
ProductVersion : 1.03.4
Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Event Manager Service
InternalName : ccEvtMgr
OriginalFilename : ccEvtMgr.exe
ProductName : Event Manager
Created on : 27/07/2004 15:18:58
Last accessed : 15/12/2004 13:21:03
Last modified : 17/07/2003 9:16:38
#:9 [svchost.exe]
FilePath : C:\WINNT\System32\
ThreadCreationTime : 15-12-2004 13:38:41
BasePriority : Normal
FileSize : 7 KB
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 16/12/1999
Last accessed : 15/12/2004 13:39:11
Last modified : 16/12/1999
#:10 [navapsvc.exe]
FilePath : C:\Archivos de programa\Norton AntiVirus\
ThreadCreationTime : 15-12-2004 13:38:41
BasePriority : Normal
FileSize : 113 KB
FileVersion : 9.05.1015
ProductVersion : 9.05.1015
Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
OriginalFilename : NAVAPSVC.EXE
ProductName : Norton AntiVirus
Created on : 27/07/2004 15:18:46
Last accessed : 15/12/2004 13:21:04
Last modified : 14/11/2002 17:41:26
#:11 [nprotect.exe]
FilePath : C:\Archivos de programa\Norton AntiVirus\AdvTools\
ThreadCreationTime : 15-12-2004 13:38:42
BasePriority : Normal
FileSize : 132 KB
FileVersion : 16.00.0.22
ProductVersion : 16.00.0.22
Copyright : Copyright (C) 2003 Symantec Corporation
CompanyName : Symantec Corporation
FileDescription : Norton Protection Status
InternalName : NPROTECT
OriginalFilename : NPROTECT.EXE
ProductName : Norton Utilities
Created on : 23/07/2004 16:30:02
Last accessed : 15/12/2004 13:21:05
Last modified : 14/08/2002 4:03:00
#:12 [nvsvc32.exe]
FilePath : C:\WINNT\System32\
ThreadCreationTime : 15-12-2004 13:38:42
BasePriority : Normal
FileSize : 76 KB
FileVersion : 6.14.10.5303
ProductVersion : 6.14.10.5303
Copyright : (C) NVIDIA Corporation. All rights reserved.
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 53.03
InternalName : NVSVC
OriginalFilename : nvsvc32.exe
ProductName : NVIDIA Driver Helper Service, Version 53.03
Created on : 17/11/2003 8:33:00
Last accessed : 15/12/2004 13:21:06
Last modified : 17/11/2003 8:33:00
#:13 [regsvc.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 15-12-2004 13:38:43
BasePriority : Normal
FileSize : 65 KB
FileVersion : 5.00.2195.3649
ProductVersion : 5.00.2195.3649
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Remote Registry Service
InternalName : regsvc
OriginalFilename : REGSVC.EXE
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 24/07/2004 8:09:56
Last accessed : 15/12/2004 13:21:06
Last modified : 19/07/2002 6:34:00
#:14 [mstask.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 15-12-2004 13:38:46
BasePriority : Normal
FileSize : 116 KB
FileVersion : 4.71.2195.1
ProductVersion : 4.71.2195.1
Copyright : Copyright (C) Microsoft Corp. 1997
CompanyName : Microsoft Corporation
FileDescription : Motor de Programador de tareas
InternalName : TaskScheduler
OriginalFilename : mstask.exe
ProductName : Programador de tareas de Microsoft
Created on : 24/07/2004 8:09:50
Last accessed : 15/12/2004 13:39:10
Last modified : 19/07/2002 6:34:00
#:15 [winmgmt.exe]
FilePath : C:\WINNT\System32\WBEM\
ThreadCreationTime : 15-12-2004 13:38:47
BasePriority : Normal
FileSize : 192 KB
FileVersion : 1.50.1085.0070
ProductVersion : 1.50.1085.0070
Copyright : Copyright (C) Microsoft Corp. 1995-1999
CompanyName : Microsoft Corporation
FileDescription : Instrumental de administraci
InternalName : WINMGMT
ProductName : Instrumental de administraci
Created on : 24/07/2004 8:10:08
Last accessed : 15/12/2004 13:21:09
Last modified : 19/07/2002 6:34:00
#:16 [mspmspsv.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 15-12-2004 13:38:47
BasePriority : Normal
FileSize : 52 KB
FileVersion : 7.00.00.1956
ProductVersion : 7.00.00.1956
Copyright : Copyright (C) Microsoft Corp. 1981-2000
CompanyName : Microsoft Corporation
FileDescription : WMDM PMSP Service
InternalName : MSPMSPSV.EXE
OriginalFilename : MSPMSPSV.EXE
ProductName : Microsoft (R) DRM
Created on : 24/07/2004 10:19:49
Last accessed : 15/12/2004 13:21:11
Last modified : 08/08/2000 10:32:12
#:17 [svchost.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 15-12-2004 13:38:47
BasePriority : Normal
FileSize : 7 KB
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 16/12/1999
Last accessed : 15/12/2004 13:44:26
Last modified : 16/12/1999
#:18 [explorer.exe]
FilePath : C:\WINNT\
ThreadCreationTime : 15-12-2004 13:38:49
BasePriority : Normal
FileSize : 238 KB
FileVersion : 5.00.3502.5321
ProductVersion : 5.00.3502.5321
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 24/07/2004 8:10:05
Last accessed : 15/12/2004 13:38:49
Last modified : 19/07/2002 6:34:00
#:19 [soundman.exe]
FilePath : C:\WINNT\
ThreadCreationTime : 15-12-2004 13:39:10
BasePriority : Normal
FileSize : 45 KB
FileVersion : 5.0.02
ProductVersion : 5.0.02
Copyright : Copyright (c) 2001-2002 Avance Logic, Inc.
CompanyName : Avance Logic, Inc.
FileDescription : Avance Sound Manager
InternalName : ALSMTray
OriginalFilename : ALSMTray.exe
ProductName : Avance Sound Manager
Created on : 23/07/2004 12:03:58
Last accessed : 15/12/2004 13:21:35
Last modified : 18/06/2002 10:44:20
#:20 [ccapp.exe]
FilePath : C:\Archivos de programa\Archivos comunes\Symantec Shared\
ThreadCreationTime : 15-12-2004 13:39:12
BasePriority : Normal
FileSize : 53 KB
FileVersion : 1.0.10.006
ProductVersion : 1.0.10.006
Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Common Client CC App
InternalName : ccApp
OriginalFilename : ccApp.exe
ProductName : Common Client
Created on : 31/08/2004 16:37:27
Last accessed : 15/12/2004 13:39:58
Last modified : 02/12/2003 14:11:04
#:21 [iwctrl.exe]
FilePath : C:\Archivos de programa\Pinnacle\InstantCDDVD\InstantWrite\
ThreadCreationTime : 15-12-2004 13:39:14
BasePriority : Normal
FileSize : 816 KB
FileVersion : 4.0.2.7
ProductVersion : 4.0.0.0
Copyright : Copyright
CompanyName : Pinnacle Systems, Inc.
FileDescription : InstantWrite Control Center
InternalName : iwctrl
ProductName : InstantWrite
Created on : 12/03/2003 9:56:56
Last accessed : 15/12/2004 13:21:39
Last modified : 12/03/2003 9:56:56
#:22 [agrsmmsg.exe]
FilePath : C:\WINNT\
ThreadCreationTime : 15-12-2004 13:39:16
BasePriority : Normal
FileSize : 86 KB
FileVersion : 2.1.34 2.1.34 09/23/2003 17:06:56
ProductVersion : 2.1.34 2.1.34 09/23/2003 17:06:56
Copyright : Copyright
CompanyName : Agere Systems
FileDescription : SoftModem Messaging Applet
InternalName : smdmstat.exe
OriginalFilename : smdmstat.exe
ProductName : Agere SoftModem Messaging Applet
Created on : 05/08/2004 9:12:41
Last accessed : 15/12/2004 13:21:42
Last modified : 23/09/2003 15:06:58
#:23 [clonecdtray.exe]
FilePath : C:\Archivos de programa\Elaborate Bytes\CloneCD\
ThreadCreationTime : 15-12-2004 13:39:17
BasePriority : Normal
FileSize : 72 KB
FileVersion : 4, 1, 0, 0
ProductVersion : 4, 1, 0, 0
Copyright : Copyright
CompanyName : Elaborate Bytes AG
FileDescription : CloneCD Tray
InternalName : CloneCDTray
OriginalFilename : CloneCDTray.exe
ProductName : CloneCD
Created on : 04/11/2002 16:57:31
Last accessed : 15/12/2004 13:39:19
Last modified : 04/11/2002 16:57:31
#:24 [qttask.exe]
FilePath : C:\Archivos de programa\QuickTime\
ThreadCreationTime : 15-12-2004 13:39:18
BasePriority : Normal
FileSize : 76 KB
FileVersion : 6.0
ProductVersion : QuickTime 6.0
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
OriginalFilename : QTTask.exe
ProductName : QuickTime
Created on : 26/10/2004 20:56:02
Last accessed : 15/12/2004 13:21:44
Last modified : 26/10/2004 20:56:02
#:25 [ueinf6hztk1thd.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 15-12-2004 13:39:18
BasePriority : Normal
FileSize : 96 KB
FileVersion : 1, 0, 31, 0
ProductVersion : 1, 0, 31, 0
Copyright : Copyright (C) 2004
CompanyName : Melkosoft Corporation
ProductName : Cassandra
Created on : 03/12/2004 15:41:50
Last accessed : 15/12/2004 13:21:45
Last modified : 03/12/2004 15:41:50
#:26 [internat.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 15-12-2004 13:39:19
BasePriority : Normal
FileSize : 20 KB
FileVersion : 5.00.2920.0000
ProductVersion : 5.00.2920.0000
Copyright : Copyright (C) Microsoft Corp. 1994-1999
CompanyName : Microsoft Corporation
FileDescription : Aplicaci
InternalName : INTERNAT
OriginalFilename : INTERNAT.EXE
ProductName : Sistema operativo Microsoft(R) Windows(R) 2000
Created on : 16/12/1999
Last accessed : 15/12/2004 13:21:46
Last modified : 16/12/1999
#:27 [rundll32.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 15-12-2004 13:39:19
BasePriority : Normal
FileSize : 9 KB
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Ejecutar un archivo DLL como una aplicaci
InternalName : rundll
OriginalFilename : RUNDLL.EXE
ProductName : Sistema operativo Microsoft(R) Windows(R) 2000
Created on : 16/12/1999
Last accessed : 15/12/2004 13:39:11
Last modified : 16/12/1999
#:28 [twalink.exe]
FilePath : C:\Archivos de programa\TEXTware\HotKey\
ThreadCreationTime : 15-12-2004 13:39:21
BasePriority : Normal
FileSize : 19 KB
FileVersion : 1.00
ProductVersion : 1.00
CompanyName : TEXTware A/S
InternalName : twalink
OriginalFilename : twalink.exe
ProductName : twalink
Created on : 08/09/2004 12:19:19
Last accessed : 15/12/2004 13:39:21
Last modified : 10/11/1998 12:47:30
#:29 [pclescheduler.exe]
FilePath : C:\Archivos de programa\Pinnacle\Shared Files\Programs\Scheduler\
ThreadCreationTime : 15-12-2004 13:39:28
BasePriority : Normal
FileSize : 232 KB
FileVersion : 1.0.1.6
ProductVersion : 1.0.1.1
Copyright : Copyright (c) 2002 - 2003
CompanyName : Pinnacle Systems GmbH, Braunschweig
FileDescription : Pinnacle Scheduler Application
InternalName : PCLEScheduler
OriginalFilename : PCLEScheduler.exe
ProductName : Scheduler
Created on : 23/07/2004 12:10:50
Last accessed : 15/12/2004 13:39:26
Last modified : 31/03/2003 15:22:50
#:30 [popsub.exe]
FilePath : C:\Archivos de programa\interMute\PopSubtract\
ThreadCreationTime : 15-12-2004 13:39:36
BasePriority : Normal
FileSize : 228 KB
FileVersion : 1, 3, 8, 0
ProductVersion : 1, 3, 8, 0
Copyright : Copyright 2003 interMute, Inc.
CompanyName : interMute, Inc.
FileDescription : PopSubtract Main Module
InternalName : PopSubtract
OriginalFilename : PopSub.EXE
ProductName : PopSubtract
Created on : 05/08/2004 10:18:39
Last accessed : 15/12/2004 13:39:55
Last modified : 05/09/2003 9:57:58
#:31 [iexplore.exe]
FilePath : C:\Archivos de programa\Internet Explorer\
ThreadCreationTime : 15-12-2004 13:40:39
BasePriority : Normal
FileSize : 89 KB
FileVersion : 6.00.2800.1106
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
OriginalFilename : IEXPLORE.EXE
ProductName : Sistema operativo Microsoft
Created on : 30/08/2002 16:56:44
Last accessed : 15/12/2004 13:43:22
Last modified : 30/08/2002 16:56:44
#:32 [wuauclt.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 15-12-2004 13:40:46
BasePriority : Normal
FileSize : 148 KB
FileVersion : 5.4.3790.20 built by: lab04_n
ProductVersion : 5.4.3790.20
CompanyName : Microsoft Corporation
FileDescription : Cliente de actualizaci
InternalName : wuauclt.exe
OriginalFilename : wuauclt.exe
ProductName : Sistema operativo Microsoft
Created on : 24/07/2004 8:10:17
Last accessed : 15/12/2004 13:23:24
Last modified : 09/02/2004 19:09:32
#:33 [iexplore.exe]
FilePath : C:\Archivos de programa\Internet Explorer\
ThreadCreationTime : 15-12-2004 13:42:49
BasePriority : Normal
FileSize : 89 KB
FileVersion : 6.00.2800.1106
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
OriginalFilename : IEXPLORE.EXE
ProductName : Sistema operativo Microsoft
Created on : 30/08/2002 16:56:44
Last accessed : 15/12/2004 13:43:22
Last modified : 30/08/2002 16:56:44
#:34 [ad-aware.exe]
FilePath : C:\Archivos de programa\Lavasoft\Ad-aware 6\
ThreadCreationTime : 15-12-2004 13:44:18
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 23/07/2004 16:28:09
Last accessed : 15/12/2004 13:41:48
Last modified : 12/07/2003 20:00:20
Memory scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0
Started registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
CoolWebSearch Object recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : plugin6.dnserrobj
CoolWebSearch Object recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : plugin6.dnserrobj.1
CoolWebSearch Object recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : TYPELIB\{444a5674-ff85-45d4-9ae2-4199d8d70c85}
CoolWebSearch Object recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}
Registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 4
Objects found so far: 4
Started deep registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Deep registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 4
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Deep scanning and examining files (C:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Scanning Hosts file(C:\WINNT\system32\drivers\etc\hosts)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Hosts file scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
1 entries scanned.
New objects :0
Objects found so far: 4
Possible Browser Hijack attempt Object recognized!
Type : File
Data : all crazy sex.url
Category : Misc
Comment : Item referrs to blacklisted Site: http://allcrazyporn.com/
Object : C:\Documents and Settings\Administrador\Favoritos\
Created on : 15/12/2004 13:24:18
Last accessed : 15/12/2004 13:24:18
Last modified : 15/12/2004 13:24:18
Possible Browser Hijack attempt Object recognized!
Type : File
Data : free xxx pics & movies.url
Category : Misc
Comment : Item referrs to blacklisted Site: http://gotosex4all.com
Object : C:\Documents and Settings\Administrador\Favoritos\
Created on : 15/12/2004 13:24:18
Last accessed : 15/12/2004 13:24:18
Last modified : 15/12/2004 13:24:18
Possible Browser Hijack attempt Object recognized!
Type : File
Data : web anal sex.url
Category : Misc
Comment : Item referrs to blacklisted Site: http://webanalsex.com
Object : C:\Documents and Settings\Administrador\Favoritos\
Created on : 15/12/2004 13:24:18
Last accessed : 15/12/2004 13:24:18
Last modified : 15/12/2004 13:24:18
Performing conditional scans..
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
CoolWebSearch Object recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : redalert.here
CoolWebSearch Object recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : redalert.here.1
CoolWebSearch Object recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{0D721150-AEF3-457B-B03A-5097B623CE45}
CoolWebSearch Object recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E}
CoolWebSearch Object recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
Value : ITBarLayout
CoolWebSearch Object recognized!
Type : File
Data : all crazy sex.url
Category : Malware
Comment :
Object : c:\documents and settings\administrador\favoritos\
Created on : 15/12/2004 13:24:18
Last accessed : 15/12/2004 13:24:18
Last modified : 15/12/2004 13:24:18
CoolWebSearch Object recognized!
Type : File
Data : free xxx pics & movies.url
Category : Malware
Comment :
Object : c:\documents and settings\administrador\favoritos\
Created on : 15/12/2004 13:24:18
Last accessed : 15/12/2004 13:24:18
Last modified : 15/12/2004 13:24:18
CoolWebSearch Object recognized!
Type : File
Data : tgp with pics prewiev.url
Category : Malware
Comment :
Object : c:\documents and settings\administrador\favoritos\
Created on : 15/12/2004 13:24:18
Last accessed : 15/12/2004 13:24:18
Last modified : 15/12/2004 13:24:18
CoolWebSearch Object recognized!
Type : File
Data : go to sex.url
Category : Malware
Comment :
Object : c:\documents and settings\administrador\favoritos\
Created on : 15/12/2004 13:24:18
Last accessed : 15/12/2004 13:24:18
Last modified : 15/12/2004 13:24:18
Conditional scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 9
Objects found so far: 16
14:46:03 Scan complete
Summary of this scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Total scanning time :00:01:37:235
Objects scanned :44707
Objects identified :16
Objects ignored :0
New objects :16
Gracias de antemano.
brandi659
-
Hola de nuevo, he mirado en favoritos y no me aparecen esas dichosas páginas porno que me dice el ad-aware que están clasificadas como Malware.
Ahora la página de inicio que me aparece es:
http://here4search.com/enter.htm?id=9
De nuevo gracias por intentar echarme una mano.
brandi659
-
Que tal amigos?
Me he bajado el HijackThis, porque creo que puede ayudar, pero no tengo ni idea de como funciona ni de que hace sólo he leido que se lo recomendabais a otro compañero, si podeis me contais algo.
brandi659
-
Hola amig@s!!
He conseguido fundirme las páginas dichosas de inicio, en modo aprueba de fallos he pasado el HijackThis y he borrado los regirstros sospechosos, luego he pasado el Ad-aware que me ha detectado otro de ellos, después he pasado el Regsupreme que me ha detectado otros cuantos y por último lo he escaneado con el Norton antivirus y con esto he apgado el ordendor y a los dos minutos lo he conectado Y....¡¡¡¡ ME HA SALIDO MI PAGINA DE INICIO, BIEEEEENNNN!!!, espero que esto le sirva de ayuda alguno de nuestros compañeros de fatigas contra paginas dichosas.
Gracias a todos por echarme una mano.
brandi659
-
Hola:
Bienvenido al foro y gracias por comentar el procedimiento que has empleado.
POr otro lado:
Lavasoft Ad-aware Personal Build 6.181
Logfile created on :miércoles, 15 de diciembre de 2004 14:44:25
Created with Ad-aware Personal, free for private use.
Using reference-file :01R347 26.10.2004
Sería recomendable desinstalases esa version de ad aware e instalases el nuevo ad aware SE 1.05.
http://www.daboweb.com/software.htm
Un saludo