No se como quitarme unos troyanos de encima, podeis ayudarme

jla · Mensaje por **jla** » 15 Abr 2005, 16:00

Tengo unos troyanos, que me estan dando la lata, ademas de ralentizarme el aparato. Son del tipo data miner tracking cookie, y regkey tracking cookie. Al menos los que tengo localizados. Estos los que han hecho ha sido el no permitirme el abrir determinadas paginas, incluso no permitirme chequear el ordenador desde panda, por ej. eso tampoco me deja hacerlo. Me ha deshabilitado algunas funciones. Se ha metido dentro del sistema, del antivirus, del explorer,... dandome problemas con el correo de hotmail, no pudiendo tampoco acceder a la cuenta de correo.

Por ello me gustaria saber si hay alguna posibilidad de exterminarlo de una vez.

Os pongo el logfile que me da el hijackthis v1.99.1:

Logfile of HijackThis v1.99.1

Scan saved at 15:55:11, on 15/04/2005

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\ARCHIV~1\mcafee.com\vso\mcvsshld.exe

C:\ARCHIV~1\mcafee.com\agent\mcagent.exe

C:\ARCHIV~1\McAfee.com\PERSON~1\MpfTray.exe

C:\Archivos de programa\NavExcel\NavHelper\v2.0.4d\navapp.exe

C:\WINDOWS\System32\msnmessag.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Archivos de programa\Messenger\msmsgs.exe

C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe

C:\Archivos de programa\Ares\Ares.exe

c:\archiv~1\mcafee.com\vso\mcvsescn.exe

C:\ARCHIV~1\McAfee.com\PERSON~1\MpfAgent.exe

C:\WINDOWS\System32\atievxx.exe

c:\ARCHIV~1\mcafee.com\vso\mcvsrte.exe

C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe

c:\archiv~1\mcafee.com\vso\mcvsftsn.exe

C:\ARCHIV~1\McAfee.com\PERSON~1\MPFSERVICE.exe

c:\ARCHIV~1\mcafee.com\vso\mcshield.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Archivos de programa\Internet Explorer\iexplore.exe

c:\archivos de programa\mcafee.com\vso\mcmnhdlr.exe

c:\archivos de programa\mcafee.com\shared\mghtml.exe

C:\Archivos de programa\Internet Explorer\iexplore.exe

C:\Archivos de programa\Internet Explorer\iexplore.exe

C:\Archivos de programa\WinRAR\WinRAR.exe

C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Rar$EX00.907\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.heraldo.es/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Helper Class - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - C:\Archivos de programa\NavExcel Search Toolbar\NavExcelBar.dll

O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\archiv~1\mcafee.com\vso\mcvsshl.dll

O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - C:\Archivos de programa\NavExcel Search Toolbar\NavExcelBar.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [VSOCheckTask] "c:\ARCHIV~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [VirusScan Online] "c:\ARCHIV~1\mcafee.com\vso\mcvsshld.exe"

O4 - HKLM\..\Run: [MCAgentExe] c:\ARCHIV~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\ARCHIV~1\mcafee.com\agent\mcupdate.exe

O4 - HKLM\..\Run: [MPFExe] C:\ARCHIV~1\McAfee.com\PERSON~1\MpfTray.exe

O4 - HKLM\..\Run: [navapp] C:\Archivos de programa\NavExcel\NavHelper\v2.0.4d\navapp.exe

O4 - HKLM\..\Run: [MSN Messages] msnmessag.exe

O4 - HKLM\..\RunServices: [MSN Messages] msnmessag.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ares] "C:\Archivos de programa\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [MSN Messages] msnmessag.exe

O4 - HKCU\..\RunServices: [MSN Messages] msnmessag.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O16 - DPF: v3cab - http://searchmiracle.com/cab/2.cab

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971CanadaInc/ie/bridge-c46.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\ARCHIV~1\mcafee.com\vso\mcshield.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\ARCHIV~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\ARCHIV~1\mcafee.com\vso\mcvsrte.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\ARCHIV~1\McAfee.com\PERSON~1\MPFSERVICE.exe

Espero vuestras respuestas, y muchas gracias por adelantado ya que no se lo que hacer.

En mcafee me aparece todo limpio.

Y en adware me aparecen al igual que aqui 34 virus para ponerlos en quarentena o hacerlos desaparecer. El proceso a seguir es lo que no tengo claro.

Los virus como he dicho antes son del tipo data miner tracking cookie y regkey tracking cookie como habia dicho. Les agradezco su ayuda.

Mensaje por **maura63** » 15 Abr 2005, 16:12

tutorial anti-spyware

https://foros.zonavirus.com/viewtopic.php?t=5148

E intenta conectar via windows update y actualizar tu sistema operativo

Logfile of HijackThis v1.99.1

Scan saved at 15:55:11, on 15/04/2005

Platform: [color=red]Windows XP[/color] (WinNT 5.01.2600)

MSIE:[color=red] Internet Explorer v6.00 [/color](6.00.2600.0000)

Te falta como minimo el SP1 y ya vamos por el SP2 en ambos casos.

Si no te deja conectar con windows update elimina esta entrada e intentalo de nuevo

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971CanadaInc/ie/bridge-c46.cab

Saludos

maura63

jla · Mensaje por **jla** » 15 Abr 2005, 16:55

Hola,

Creo que tengo mas de lo que pensaba, he actualizado el adware, tenia el 6.0 y me he bajado el SE 1.05. Con el he encontrado bastantes mas de los que pensaba que tenia.

No se si seran peligrosos pues no estoy muy puesto en informatica. Pero tengo deshabilitado lo que son los enlaces, todo lo que son los links, aparte de alguna otra funcion que desconocere y que tambien me habran echo polvo. Te muestro el log:

Ad-Aware SE Build 1.05

Logfile Created on:viernes, 15 de abril de 2005 16:25:39

Created with Ad-Aware SE Personal, free for private use.

Using definitions file:SE1R38 11.04.2005

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Alexa(TAC index:5):11 total references

Claria(TAC index:7):4 total references

Elitum.ElitebarBHO(TAC index:5):6 total references

MRU List(TAC index:0):26 total references

NavExcel(TAC index:5):37 total references

Possible Browser Hijack attempt(TAC index:3):4 total references

Search Miracle(TAC index:5):7 total references

Tracking Cookie(TAC index:3):41 total references

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings

===========================

Set : Search for negligible risk entries

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep-scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan my Hosts file

Extended Ad-Aware SE Settings

===========================

Set : Unload recognized processes & modules during scan

Set : Scan registry for all users instead of current user only

Set : Always try to unload modules before deletion

Set : During removal, unload Explorer and IE if necessary

Set : Let Windows remove files in use at next reboot

Set : Delete quarantined objects after restoring

Set : Include basic Ad-Aware settings in log file

Set : Include additional Ad-Aware settings in log file

Set : Include reference summary in log file

Set : Include alternate data stream details in log file

Set : Play sound at scan completion if scan locates critical objects

15-04-2005 16:25:39 - Scan started. (Smart mode)

Listing running processes

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]

FilePath : \SystemRoot\System32\

ProcessID : 436

ThreadCreationTime : 15-04-2005 11:17:09

BasePriority : Normal

#:2 [csrss.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 484

ThreadCreationTime : 15-04-2005 11:17:10

BasePriority : Normal

#:3 [winlogon.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 508

ThreadCreationTime : 15-04-2005 11:17:10

BasePriority : High

#:4 [services.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 552

ThreadCreationTime : 15-04-2005 11:17:10

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Sistema operativo Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Aplicación de servicios y controlador

InternalName : services.exe

LegalCopyright : Copyright (C) Microsoft Corporation. Reservados todos los derechos.

OriginalFilename : services.exe

#:5 [lsass.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 564

ThreadCreationTime : 15-04-2005 11:17:10

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : LSA Shell (Export Version)

InternalName : lsass.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : lsass.exe

#:6 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 728

ThreadCreationTime : 15-04-2005 11:17:11

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

#:7 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 780

ThreadCreationTime : 15-04-2005 11:17:11

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

#:8 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 876

ThreadCreationTime : 15-04-2005 11:17:12

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

#:9 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 948

ThreadCreationTime : 15-04-2005 11:17:12

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

#:10 [explorer.exe]

FilePath : C:\WINDOWS\

ProcessID : 1176

ThreadCreationTime : 15-04-2005 11:17:13

BasePriority : Normal

FileVersion : 6.00.2600.0000 (xpclient.010817-1148)

ProductVersion : 6.00.2600.0000

ProductName : Sistema operativo Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Explorador de Windows

InternalName : explorer

LegalCopyright : © Microsoft Corporation. Reservados todos los derechos.

OriginalFilename : EXPLORER.EXE

#:11 [spoolsv.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1236

ThreadCreationTime : 15-04-2005 11:17:13

BasePriority : Normal

FileVersion : 5.1.2600.0 (XPClient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Spooler SubSystem App

InternalName : spoolsv.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : spoolsv.exe

#:12 [mcvsshld.exe]

FilePath : C:\ARCHIV~1\mcafee.com\vso\

ProcessID : 1352

ThreadCreationTime : 15-04-2005 11:17:15

BasePriority : Normal

FileVersion : 9, 0, 0, 7

ProductVersion : 9, 0, 0, 0

ProductName : McAfee VirusScan

CompanyName : Networks Associates Technology, Inc

FileDescription : McAfee VirusScan ActiveShield Resource

InternalName : msvcshld

LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc

OriginalFilename : mcvsshld.exe

Comments : McAfee VirusScan ActiveShield Resource

#:13 [mcagent.exe]

FilePath : C:\ARCHIV~1\mcafee.com\agent\

ProcessID : 1360

ThreadCreationTime : 15-04-2005 11:17:15

BasePriority : Normal

FileVersion : 5, 0, 0, 2

ProductVersion : 5, 0, 0, 0

ProductName : McAfee SecurityCenter

CompanyName : McAfee, Inc

FileDescription : McAfee SecurityCenter Agent

InternalName : mcagent

LegalCopyright : Copyright © 2004 Networks Associates Technology, Inc.

OriginalFilename : mcagent.exe

#:14 [mpftray.exe]

FilePath : C:\ARCHIV~1\McAfee.com\PERSON~1\

ProcessID : 1384

ThreadCreationTime : 15-04-2005 11:17:15

BasePriority : Normal

FileVersion : 6.0.0.14

ProductVersion : 6.0.0.14

ProductName : McAfee Personal Firewall (MPF)

CompanyName : McAfee Security

FileDescription : McAfee Personal Firewall Tray Monitor

InternalName : MpfTray

LegalCopyright : Copyright © 2000-2004 Networks Associates Technologies, Inc.

OriginalFilename : MPFTRAY.EXE

Comments : Tray Icon for McAfee Personal Firewall

#:15 [navapp.exe]

FilePath : C:\Archivos de programa\NavExcel\NavHelper\v2.0.4d\

ProcessID : 1392

ThreadCreationTime : 15-04-2005 11:17:15

BasePriority : Normal

FileVersion : 1, 0, 0, 1

ProductVersion : 1, 0, 0, 1

ProductName : navapp Module

FileDescription : navapp Module

InternalName : navapp

LegalCopyright : Copyright 2004

OriginalFilename : navapp.exe

#:16 [msnmessag.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1400

ThreadCreationTime : 15-04-2005 11:17:15

BasePriority : Normal

#:17 [ctfmon.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1408

ThreadCreationTime : 15-04-2005 11:17:15

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : CTF Loader

InternalName : CTFMON

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : CTFMON.EXE

#:18 [msmsgs.exe]

FilePath : C:\Archivos de programa\Messenger\

ProcessID : 1416

ThreadCreationTime : 15-04-2005 11:17:15

BasePriority : Normal

FileVersion : 4.0.0155

ProductVersion : Version 4.0

ProductName : Messenger

CompanyName : Microsoft Corporation

FileDescription : Messenger Client

InternalName : msmsgs

LegalCopyright : Copyright (c) Microsoft Corporation 1997-2001

LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.

OriginalFilename : msmsgs.exe

#:19 [msnmsgr.exe]

FilePath : C:\Archivos de programa\MSN Messenger\

ProcessID : 1424

ThreadCreationTime : 15-04-2005 11:17:15

BasePriority : Normal

FileVersion : 7.0.0777

ProductVersion : 7.0.0777

ProductName : MSN Messenger

CompanyName : Microsoft Corporation

FileDescription : MSN Messenger

InternalName : msnmsgr

LegalCopyright : Copyright (c) Microsoft Corporation 1997-2004

LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.

OriginalFilename : msnmsgr.exe

#:20 [ares.exe]

FilePath : C:\Archivos de programa\Ares\

ProcessID : 1448

ThreadCreationTime : 15-04-2005 11:17:15

BasePriority : Normal

FileVersion : 1.8.1.2960

ProductVersion : 1.8.1

ProductName : Ares for windows

CompanyName : Ares Development Group

FileDescription : Ares

InternalName : Ares

OriginalFilename : ARES.EXE

Comments : http://www.aresgalaxy.org

#:21 [mcvsescn.exe]

FilePath : c:\archiv~1\mcafee.com\vso\

ProcessID : 1480

ThreadCreationTime : 15-04-2005 11:17:15

BasePriority : Normal

FileVersion : 9, 0, 0, 7

ProductVersion : 9, 0, 0, 0

ProductName : McAfee VirusScan

CompanyName : Networks Associates Technology, Inc

FileDescription : McAfee VirusScan E-mail Scan Module

InternalName : mcvsescn

LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc

OriginalFilename : mcvsescn.EXE

Comments : McAfee VirusScan E-mail Scan Module

#:22 [mpfagent.exe]

FilePath : C:\ARCHIV~1\McAfee.com\PERSON~1\

ProcessID : 1672

ThreadCreationTime : 15-04-2005 11:17:19

BasePriority : Normal

FileVersion : 6.0.0.14

ProductVersion : 6.0.0.14

ProductName : McAfee Personal Firewall (MPF)

CompanyName : McAfee Security

FileDescription : McAfee Personal Firewall Agent Interface

InternalName : MpfAgent

LegalCopyright : Copyright © 2000-2004 Networks Associates Technologies, Inc.

OriginalFilename : MPFAGENT.EXE

Comments : McAfee Personal Firewall Security Center Module

#:23 [atievxx.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1768

ThreadCreationTime : 15-04-2005 11:17:20

BasePriority : Normal

FileVersion : 5.1.2482.0 (Lab01_N(ericks).010524-2202)

ProductVersion : 5.1.2482.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : ATI Hotkey polling utility

InternalName : atievxx.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : atievxx.exe

#:24 [mcvsrte.exe]

FilePath : c:\ARCHIV~1\mcafee.com\vso\

ProcessID : 1820

ThreadCreationTime : 15-04-2005 11:17:21

BasePriority : Normal

FileVersion : 9, 0, 0, 10

ProductVersion : 9, 0, 0, 0

ProductName : McAfee VirusScan

CompanyName : Networks Associates Technology, Inc

FileDescription : McAfee VirusScan Real-time Engine

InternalName : mcvsrte

LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc

OriginalFilename : mcvsrte.exe

Comments : McAfee VirusScan Real-time Engine

#:25 [mdm.exe]

FilePath : C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\

ProcessID : 1840

ThreadCreationTime : 15-04-2005 11:17:22

BasePriority : Normal

FileVersion : 7.00.9064.9150

ProductVersion : 7.00.9064.9150

ProductName : Microsoft Development Environment

CompanyName : Microsoft Corporation

FileDescription : Machine Debug Manager

InternalName : mdm.exe

LegalCopyright : Copyright (C) Microsoft Corp. 1997-2000

OriginalFilename : mdm.exe

#:26 [mcvsftsn.exe]

FilePath : c:\archiv~1\mcafee.com\vso\

ProcessID : 1860

ThreadCreationTime : 15-04-2005 11:17:22

BasePriority : Normal

FileVersion : 9, 0, 0, 0

ProductVersion : 9, 0, 0, 0

ProductName : McAfee VirusScan

CompanyName : Networks Associates Technology, Inc

FileDescription : McAfee VirusScan Instant Messenger Scan Module

InternalName : mcvsftsn

LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc

OriginalFilename : mcvsftsn.EXE

Comments : McAfee VirusScan Instant Messenger Scan Module

#:27 [mpfservice.exe]

FilePath : C:\ARCHIV~1\McAfee.com\PERSON~1\

ProcessID : 2040

ThreadCreationTime : 15-04-2005 11:17:25

BasePriority : Normal

FileVersion : 6.0.0.14

ProductVersion : 6.0.0.14

ProductName : McAfee Personal Firewall

CompanyName : McAfee Corporation

FileDescription : McAfee Personal Firewall Service

InternalName : MPFService

LegalCopyright : Copyright © 2000-2004 Networks Associates Technologies, Inc.

OriginalFilename : MpfService.exe

Comments : McAfee Personal Firewall Service

#:28 [mcshield.exe]

FilePath : c:\ARCHIV~1\mcafee.com\vso\

ProcessID : 720

ThreadCreationTime : 15-04-2005 11:17:29

BasePriority : High

#:29 [wuauclt.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 2220

ThreadCreationTime : 15-04-2005 11:18:26

BasePriority : Normal

FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)

ProductVersion : 5.4.3790.2182

ProductName : Sistema operativo Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Actualizaciones automáticas

InternalName : wuauclt.exe

LegalCopyright : © Microsoft Corporation. Reservados todos los derechos.

OriginalFilename : wuauclt.exe

#:30 [iexplore.exe]

FilePath : C:\Archivos de programa\Internet Explorer\

ProcessID : 3728

ThreadCreationTime : 15-04-2005 11:30:56

BasePriority : Normal

FileVersion : 6.00.2600.0000 (xpclient.010817-1148)

ProductVersion : 6.00.2600.0000

ProductName : Sistema operativo Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Internet Explorer

InternalName : iexplore

LegalCopyright : © Microsoft Corporation. Reservados todos los derechos.

OriginalFilename : IEXPLORE.EXE

#:31 [iexplore.exe]

FilePath : C:\Archivos de programa\Internet Explorer\

ProcessID : 3060

ThreadCreationTime : 15-04-2005 14:08:54

BasePriority : Normal

FileVersion : 6.00.2600.0000 (xpclient.010817-1148)

ProductVersion : 6.00.2600.0000

ProductName : Sistema operativo Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Internet Explorer

InternalName : iexplore

LegalCopyright : © Microsoft Corporation. Reservados todos los derechos.

OriginalFilename : IEXPLORE.EXE

#:32 [ad-aware.exe]

FilePath : C:\Archivos de programa\Lavasoft\Ad-Aware SE Personal\

ProcessID : 2724

ThreadCreationTime : 15-04-2005 14:24:55

BasePriority : Normal

FileVersion : 6.2.0.206

ProductVersion : VI.Second Edition

ProductName : Lavasoft Ad-Aware SE

CompanyName : Lavasoft Sweden

FileDescription : Ad-Aware SE Core application

InternalName : Ad-Aware.exe

LegalCopyright : Copyright © Lavasoft Sweden

OriginalFilename : Ad-Aware.exe

Comments : All Rights Reserved

Memory scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 0

Started registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Claria Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}

Claria Object Recognized!

Type : RegValue

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}

Value : Instalador

Claria Object Recognized!

Type : RegValue

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}

Value : uets

Claria Object Recognized!

Type : RegValue

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}

Value : GEF

Elitum.ElitebarBHO Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{be8d0059-d24d-4919-b76f-99f4a2203647}

Elitum.ElitebarBHO Object Recognized!

Type : RegValue

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{be8d0059-d24d-4919-b76f-99f4a2203647}

Value :

Elitum.ElitebarBHO Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{ed103d9f-3070-4580-ab1e-e5c179c1ae41}

Elitum.ElitebarBHO Object Recognized!

Type : RegValue

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{ed103d9f-3070-4580-ab1e-e5c179c1ae41}

Value :

Elitum.ElitebarBHO Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{0a1d22c3-37be-470c-9c29-e3074ee0574b}

NavExcel Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : appid\{710bcb5b-8c6c-483e-a4f5-faf083b13184}

NavExcel Object Recognized!

Type : RegValue

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : appid\{710bcb5b-8c6c-483e-a4f5-faf083b13184}

Value :

NavExcel Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : interface\{20f36af3-3486-4bb6-8bcb-f1f8abe74d07}

NavExcel Object Recognized!

Type : RegValue

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : interface\{20f36af3-3486-4bb6-8bcb-f1f8abe74d07}

Value :

NavExcel Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : navexcel.navhelper

NavExcel Object Recognized!

Type : RegValue

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : navexcel.navhelper

Value :

NavExcel Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : navexcel.navhelper.1

NavExcel Object Recognized!

Type : RegValue

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : navexcel.navhelper.1

Value :

NavExcel Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : typelib\{fa4de133-d3c3-4ed4-92d1-cd4dde839ab3}

NavExcel Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : typelib\{209b1cea-8b2e-4596-9b35-a4a7db611eb2}

NavExcel Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{5aa06644-bc46-4220-a460-47a6eb47c96d}

NavExcel Object Recognized!

Type : RegValue

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{5aa06644-bc46-4220-a460-47a6eb47c96d}

Value :

NavExcel Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{d80c4e21-c346-4e21-8e64-20746aa20aeb}

NavExcel Object Recognized!

Type : RegValue

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{d80c4e21-c346-4e21-8e64-20746aa20aeb}

Value :

NavExcel Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : interface\{4d6ced50-d6ae-40da-b87f-235593fc1f28}

NavExcel Object Recognized!

Type : RegValue

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : interface\{4d6ced50-d6ae-40da-b87f-235593fc1f28}

Value :

Search Miracle Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : typelib\{a74cd7dd-ea6f-11d4-abf3-000102378429}

Search Miracle Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{02c20140-76f8-4763-83d5-b660107babcd}

Search Miracle Object Recognized!

Type : RegValue

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{02c20140-76f8-4763-83d5-b660107babcd}

Value :

NavExcel Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_USERS

Object : S-1-5-21-796845957-1708537768-1957994488-500\software\navexcel ltd

Alexa Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}

Alexa Object Recognized!

Type : RegValue

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}

Value : MenuText

Alexa Object Recognized!

Type : RegValue

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}

Value : MenuStatusBar

Alexa Object Recognized!

Type : RegValue

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}

Value : Script

Alexa Object Recognized!

Type : RegValue

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}

Value : clsid

Alexa Object Recognized!

Type : RegValue

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}

Value : Icon

Alexa Object Recognized!

Type : RegValue

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}

Value : HotIcon

Alexa Object Recognized!

Type : RegValue

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}

Value : ButtonText

NavExcel Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows\currentversion\uninstall\navhelper

NavExcel Object Recognized!

Type : RegValue

Data :

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows\currentversion\uninstall\navhelper

Value : DisplayName

NavExcel Object Recognized!

Type : RegValue

Data :

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows\currentversion\uninstall\navhelper

Value : UninstallString

NavExcel Object Recognized!

Type : RegValue

Data :

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows\currentversion\uninstall\navhelper

Value : HelpLink

NavExcel Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\navexcel

NavExcel Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows\currentversion\uninstall\navexcel search toolbar

NavExcel Object Recognized!

Type : RegValue

Data :

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows\currentversion\uninstall\navexcel search toolbar

Value : DisplayName

NavExcel Object Recognized!

Type : RegValue

Data :

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows\currentversion\uninstall\navexcel search toolbar

Value : UninstallString

NavExcel Object Recognized!

Type : RegValue

Data :

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows\currentversion\uninstall\navexcel search toolbar

Value : NoModify

NavExcel Object Recognized!

Type : RegValue

Data :

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows\currentversion\uninstall\navexcel search toolbar

Value : NoRepair

Alexa Object Recognized!

Type : RegValue

Data :

Category : Data Miner

Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"

Rootkey : HKEY_USERS

Object : .DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping

Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Alexa Object Recognized!

Type : RegValue

Data :

Category : Data Miner

Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"

Rootkey : HKEY_USERS

Object : S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping

Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Alexa Object Recognized!

Type : RegValue

Data :

Category : Data Miner

Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"

Rootkey : HKEY_USERS

Object : S-1-5-21-796845957-1708537768-1957994488-500\software\microsoft\internet explorer\extensions\cmdmapping

Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

NavExcel Object Recognized!

Type : RegValue

Data :

Category : Malware

Comment : "{5AA06644-BC46-4220-A460-47A6EB47C96D}"

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\internet explorer\toolbar

Value : {5AA06644-BC46-4220-A460-47A6EB47C96D}

Registry Scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 51

Objects found so far: 51

Started deep registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Possible Browser Hijack attempt : v3cab (http://searchmiracle.com/cab/2.cab)

Possible Browser Hijack attempt Object Recognized!

Type : Regkey

Data :

Category : Vulnerability

Comment : Possible Browser Hijack attempt : http://searchmiracle.com/cab/2.cab

Rootkey : HKEY_LOCAL_MACHINE

Object : SOFTWARE\Microsoft\Code Store Database\Distribution Units\v3cab

Possible Browser Hijack attempt Object Recognized!

Type : RegValue

Data :

Category : Vulnerability

Comment : Possible Browser Hijack attempt : http://searchmiracle.com/cab/2.cab

Rootkey : HKEY_LOCAL_MACHINE

Object : SOFTWARE\Microsoft\Code Store Database\Distribution Units\v3cab

Value :

Possible Browser Hijack attempt Object Recognized!

Type : RegValue

Data :

Category : Vulnerability

Comment : Possible Browser Hijack attempt : http://searchmiracle.com/cab/2.cab

Rootkey : HKEY_LOCAL_MACHINE

Object : SOFTWARE\Microsoft\Code Store Database\Distribution Units\v3cab

Value : SystemComponent

Possible Browser Hijack attempt Object Recognized!

Type : RegValue

Data :

Category : Vulnerability

Comment : Possible Browser Hijack attempt : http://searchmiracle.com/cab/2.cab

Rootkey : HKEY_LOCAL_MACHINE

Object : SOFTWARE\Microsoft\Code Store Database\Distribution Units\v3cab

Value : Installer

Deep registry scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 4

Objects found so far: 55

Started Tracking Cookie scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : administrador@adserver.terra[1].txt

Category : Data Miner

Comment : Hits:5

Value : Cookie:administrador@adserver.terra.es/

Expires : 03-05-2073 19:35:42

LastSync : Hits:5

UseCount : 0

Hits : 5

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : administrador@versiontracker[2].txt

Category : Data Miner

Comment : Hits:8

Value : Cookie:administrador@versiontracker.com/

Expires : 15-04-2007 16:20:02

LastSync : Hits:8

UseCount : 0

Hits : 8

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : administrador@cgi-bin[2].txt

Category : Data Miner

Comment : Hits:5

Value : Cookie:administrador@imrworldwide.com/cgi-bin

Expires : 13-04-2015 16:21:34

LastSync : Hits:5

UseCount : 0

Hits : 5

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : administrador@tribalfusion[2].txt

Category : Data Miner

Comment : Hits:3

Value : Cookie:administrador@tribalfusion.com/

Expires : 01-01-2038 2:00:00

LastSync : Hits:3

UseCount : 0

Hits : 3

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : administrador@bluestreak[1].txt

Category : Data Miner

Comment : Hits:1

Value : Cookie:administrador@bluestreak.com/

Expires : 13-04-2015 12:16:32

LastSync : Hits:1

UseCount : 0

Hits : 1

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : administrador@atdmt[2].txt

Category : Data Miner

Comment : Hits:1

Value : Cookie:administrador@atdmt.com/

Expires : 14-04-2010 2:00:00

LastSync : Hits:1

UseCount : 0

Hits : 1

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : administrador@adtech[3].txt

Category : Data Miner

Comment : Hits:2

Value : Cookie:administrador@adtech.de/

Expires : 13-04-2015 16:17:38

LastSync : Hits:2

UseCount : 0

Hits : 2

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : administrador@servedby.netshelter[2].txt

Category : Data Miner

Comment : Hits:4

Value : Cookie:administrador@servedby.netshelter.net/

Expires : 22-04-2005 16:25:24

LastSync : Hits:4

UseCount : 0

Hits : 4

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : administrador@doubleclick[2].txt

Category : Data Miner

Comment : Hits:3

Value : Cookie:administrador@doubleclick.net/

Expires : 14-04-2008 16:20:14

LastSync : Hits:3

UseCount : 0

Hits : 3

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : administrador@as-us.falkag[1].txt

Category : Data Miner

Comment : Hits:7

Value : Cookie:administrador@as-us.falkag.net/

Expires : 15-04-2006 16:17:54

LastSync : Hits:7

UseCount : 0

Hits : 7

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : administrador@adserver.hispavista[2].txt

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Administrador\Cookies\administrador@adserver.hispavista[2].txt

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : administrador@adserver.livedoor[2].txt

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Administrador\Cookies\administrador@adserver.livedoor[2].txt

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : administrador@adserver.tibaco[1].txt

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Administrador\Cookies\administrador@adserver.tibaco[1].txt

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : administrador@adserver[2].txt

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Administrador\Cookies\administrador@adserver[2].txt

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : administrador@adserver[3].txt

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Administrador\Cookies\administrador@adserver[3].txt

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : administrador@adtech[2].txt

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Administrador\Cookies\administrador@adtech[2].txt

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : administrador@advertising[1].txt

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Administrador\Cookies\administrador@advertising[1].txt

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : administrador@atdmt[1].txt

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Administrador\Cookies\administrador@atdmt[1].txt

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : administrador@bfast[2].txt

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Administrador\Cookies\administrador@bfast[2].txt

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : administrador@bravenet[1].txt

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Administrador\Cookies\administrador@bravenet[1].txt

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : administrador@centrport[2].txt

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Administrador\Cookies\administrador@centrport[2].txt

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : administrador@counter2.hitslink[2].txt

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Administrador\Cookies\administrador@counter2.hitslink[2].txt

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : administrador@doubleclick[1].txt

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Administrador\Cookies\administrador@doubleclick[1].txt

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : administrador@ehg-adidas.hitbox[1].txt

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Administrador\Cookies\administrador@ehg-adidas.hitbox[1].txt

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : administrador@ehg-documentum.hitbox[2].txt

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Administrador\Cookies\administrador@ehg-documentum.hitbox[2].txt

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : administrador@ehg-mastercard.hitbox[1].txt

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Administrador\Cookies\administrador@ehg-mastercard.hitbox[1].txt

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : administrador@ehg-puritec.hitbox[1].txt

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Administrador\Cookies\administrador@ehg-puritec.hitbox[1].txt

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : administrador@ehg-traderelectronicmedia.hitbox[2].txt

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Administrador\Cookies\administrador@ehg-traderelectronicmedia.hitbox[2].txt

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : administrador@fastclick[2].txt

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Administrador\Cookies\administrador@fastclick[2].txt

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : administrador@hitbox[1].txt

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Administrador\Cookies\administrador@hitbox[1].txt

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : administrador@internetfuel[2].txt

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Administrador\Cookies\administrador@internetfuel[2].txt

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : administrador@linksynergy[1].txt

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Administrador\Cookies\administrador@linksynergy[1].txt

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : administrador@mediaplex[1].txt

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Administrador\Cookies\administrador@mediaplex[1].txt

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : administrador@phg.hitbox[1].txt

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Administrador\Cookies\administrador@phg.hitbox[1].txt

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : administrador@qksrv[2].txt

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Administrador\Cookies\administrador@qksrv[2].txt

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : administrador@servedby.advertising[2].txt

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Administrador\Cookies\administrador@servedby.advertising[2].txt

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : administrador@targetnet[2].txt

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Administrador\Cookies\administrador@targetnet[2].txt

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : administrador@tradedoubler[2].txt

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Administrador\Cookies\administrador@tradedoubler[2].txt

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : administrador@valueclick[2].txt

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Administrador\Cookies\administrador@valueclick[2].txt

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : administrador@weborama[1].txt

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Administrador\Cookies\administrador@weborama[1].txt

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : administrador@z1.adserver[1].txt

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Administrador\Cookies\administrador@z1.adserver[1].txt

Tracking cookie scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 41

Objects found so far: 96

Deep scanning and examining files...

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 96

Disk Scan Result for C:\WINDOWS\System32

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 96

Disk Scan Result for C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 96

Scanning Hosts file......

Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

1 entries scanned.

New critical objects:0

Objects found so far: 96

MRU List Object Recognized!

Location: : S-1-5-21-796845957-1708537768-1957994488-500\software\microsoft\windows\currentversion\applets\paint\recent file list

Description : list of files recently opened using microsoft paint

MRU List Object Recognized!

Location: : S-1-5-21-796845957-1708537768-1957994488-500\software\microsoft\search assistant\acmru

Description : list of recent search terms used with the search assistant

MRU List Object Recognized!

Location: : S-1-5-21-796845957-1708537768-1957994488-500\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru

Description : list of recently saved files, stored according to file extension

MRU List Object Recognized!

Location: : S-1-5-21-796845957-1708537768-1957994488-500\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru

Description : list of recent programs opened

MRU List Object Recognized!

Location: : S-1-5-21-796845957-1708537768-1957994488-500\software\microsoft\windows\currentversion\explorer\recentdocs

Description : list of recent documents opened

MRU List Object Recognized!

Location: : S-1-5-21-796845957-1708537768-1957994488-500\software\microsoft\office\10.0\excel\recent files

Description : list of recent files used by microsoft excel

MRU List Object Recognized!

Location: : S-1-5-21-796845957-1708537768-1957994488-500\software\microsoft\office\10.0\powerpoint\recent file list

Description : list of recent files used by microsoft powerpoint

MRU List Object Recognized!

Location: : S-1-5-21-796845957-1708537768-1957994488-500\software\microsoft\mediaplayer\player\recentfilelist

Description : list of recently used files in microsoft windows media player

MRU List Object Recognized!

Location: : S-1-5-21-796845957-1708537768-1957994488-500\software\microsoft\internet explorer

Description : last download directory used in microsoft internet explorer

MRU List Object Recognized!

Location: : software\microsoft\directdraw\mostrecentapplication

Description : most recent application to use microsoft directdraw

MRU List Object Recognized!

Location: : S-1-5-21-796845957-1708537768-1957994488-500\software\ahead\nero - burning rom\recent file list

Description : list of recently used files in nero burning rom

MRU List Object Recognized!

Location: : S-1-5-21-796845957-1708537768-1957994488-500\software\microsoft\office\10.0\common\general

Description : list of recently used symbols in microsoft office

MRU List Object Recognized!

Location: : S-1-5-21-796845957-1708537768-1957994488-500\software\microsoft\internet explorer\typedurls

Description : list of recently entered addresses in microsoft internet explorer

MRU List Object Recognized!

Location: : S-1-5-21-796845957-1708537768-1957994488-500\software\adobe\acrobat reader\5.0\avgeneral\crecentfiles

Description : list of recently used files in adobe reader

MRU List Object Recognized!

Location: : S-1-5-21-796845957-1708537768-1957994488-500\software\microsoft\mediaplayer\player\settings

Description : last open directory used in jasc paint shop pro

MRU List Object Recognized!

Location: : software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct3d

MRU List Object Recognized!

Location: : .DEFAULT\software\microsoft\mediaplayer\preferences

Description : last playlist loaded in microsoft windows media player

MRU List Object Recognized!

Location: : S-1-5-18\software\microsoft\mediaplayer\preferences

Description : last playlist loaded in microsoft windows media player

MRU List Object Recognized!

Location: : S-1-5-19\software\microsoft\mediaplayer\preferences

Description : last playlist loaded in microsoft windows media player

MRU List Object Recognized!

Location: : S-1-5-20\software\microsoft\mediaplayer\preferences

Description : last playlist loaded in microsoft windows media player

MRU List Object Recognized!

Location: : S-1-5-21-796845957-1708537768-1957994488-500\software\microsoft\mediaplayer\preferences

Description : last playlist loaded in microsoft windows media player

MRU List Object Recognized!

Location: : software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct X

MRU List Object Recognized!

Location: : S-1-5-21-796845957-1708537768-1957994488-500\software\winrar\dialogedithistory\extrpath

Description : winrar "extract-to" history

MRU List Object Recognized!

Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general

Description : windows media sdk

MRU List Object Recognized!

Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general

Description : windows media sdk

MRU List Object Recognized!

Location: : S-1-5-21-796845957-1708537768-1957994488-500\software\microsoft\windows media\wmsdk\general

Description : windows media sdk

Performing conditional scans...

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Elitum.ElitebarBHO Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\elitum

NavExcel Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : appid\nhelper.dll

NavExcel Object Recognized!

Type : RegValue

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : appid\nhelper.dll

Value : AppID

NavExcel Object Recognized!

Type : Folder

Category : Malware

Comment :

Object : C:\Archivos de programa\NavExcel

NavExcel Object Recognized!

Type : Folder

Category : Malware

Comment :

Object : C:\Archivos de programa\navexcel\NavHelper

NavExcel Object Recognized!

Type : Folder

Category : Malware

Comment :

Object : C:\Archivos de programa\NavExcel Search Toolbar

NavExcel Object Recognized!

Type : File

Data : remover.dll

Category : Malware

Comment :

Object : C:\WINDOWS\

NavExcel Object Recognized!

Type : File

Data : nxstinst.exe

Category : Malware

Comment :

Object : C:\WINDOWS\

NavExcel Object Recognized!

Type : File

Data : NavExcelBar.dll

Category : Malware

Comment :

Object : C:\Archivos de programa\navexcel search toolbar\

FileVersion : 0, 0, 0, 0

ProductVersion : 1, 0, 0, 0

ProductName : NavExcelBar Module

FileDescription : NavExcelBar Module

InternalName : NavExcelBar

LegalCopyright : Copyright 2004

OriginalFilename : NavExcelBar.DLL

NavExcel Object Recognized!

Type : File

Data : settings.dat

Category : Malware

Comment :

Object : C:\Archivos de programa\navexcel search toolbar\

Search Miracle Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : interface\{a74cd7de-ea6f-11d4-abf3-000102378429}

Search Miracle Object Recognized!

Type : RegValue

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : interface\{a74cd7de-ea6f-11d4-abf3-000102378429}

Value :

Search Miracle Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : plot.plotctrl.1

Search Miracle Object Recognized!

Type : RegValue

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : plot.plotctrl.1

Value :

Conditional scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 14

Objects found so far: 136

16:28:15 Scan Complete

Summary Of This Scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Total scanning time:00:02:36.254

Objects scanned:65848

Objects identified:110

Objects ignored:0

New critical objects:110

Muchas gracias por adelantado.

No se que hacer, un saludo y muchas gracias.

Mensaje por **maura63** » 15 Abr 2005, 17:04

Cuando los detecte marcas las casilla das a continuar y luego esliminas sin contemplaciones.

Instala tambien Spybot, actualizas. Despues de actualizarlo pinchas en inmunizar boton de un frasco hasta que te de el ok. luego pulsa en analizar sistema y cuando acabe das a inmunizar, luego de la carpeta cuarentena los borras tambien.

Hazlo arrancando en modo seguro y desactiva la restauracion del sistema.

En el tutorial vienen todos los pasos.

Pasa tambien un antivirus online.

Saludos

maura63

jla · Mensaje por **jla** » 15 Abr 2005, 19:32

Hola,

He puesto en quarentena y removido los virus en el ad-aware, y posteriormente me he bajado el spybot actualizando el mismo, y he tenido tras haber removido anteriormente mas de 100, ahora 17 virus mas, de 5 clases diferentes. Todos rojos como dice aqui, de los dañinos.

He dado a fix selected problems, y parece que el problema se ha resuelto, en principio.

Muchas gracias por todo el esfuerzo y dedicacion. :D :D :D

jla · Mensaje por **jla** » 15 Abr 2005, 19:55

Hola, soy yo de nuevo ha debido de quedar alguno vivo, dando mal con las cookies, me sale de vez en cuando, se han resuelto la mayor parte de los problemas, va mas rapido, los links ya funcionan, lo que todavia no funciona tampoco es el correo de hotmail, no se si esto es a mi solo o es general? Sabes si existe algun virus en especial que ataque a los msn y como se localiza?

En otro caso, he utilizado como te he comentado el ad-aware y el spybot, que utilizarias, o como obrarias para seguir matando a los virus.

Muchas gracias.

Mensaje por **maura63** » 15 Abr 2005, 20:44

Las cookies siempre que navegues las tendras, por ejemplo esta pagina las utiliza, cuando te registras y accedes al foro estan en tu ordenador. Si sales de el sin borrar cookies no tendras que volver a registrarte para poder acceder a las distintas zonas, si las borras te las volvera a pedir por ejemplo para mandar un mensaje.

No tienen mayor importancia.

Y sobre virus que ataquen por el mesenger hay multitud, pero lo que te falta es actualizar tu sistema operativo conectando con windouw update.

Con internet explorer abierto pulsa en herramientas y veras windows update, pincha y actualiza, te pedira que aceptes un control active X, acepta y cuando cargue pincha en buscar actualizaciones dejas que busqye y te mostrara un monton de ellas.

Ve instalandolas, y ten en cuenta que a medida que instales y te pida reiniciar el equipo vuelves al windows update y a descargar, te llevara tiempo, pero de no hacerlo mejor apraga y vamonos.

Y no olvides de pasar antivirus que es lo principal.

Saludos

maura63

jla · Mensaje por **jla** » 15 Abr 2005, 23:13

Hola,

Me he expresado mal, realmente es publicidad que aparece, que salta. Se trata de publicidad de un casino, que de vez en cuando, cuando te metes en otra pagina te salta. Ese virus todavia lo tengo. Ademas he scaneado de nuevo, y a pesar de haber puesto en cuarentena y borrado. Me siguen apareciendo los virus. La mayoria se hallan en archivos ejecutables, internet explorer, ares.exe, msg.exe,...archivos de sistema, c:/windows/system32 y un largo etc... Realmente solo ha borrado los que he borrado con el spybot, hecho que ha mejorado un poco la maquina pero sigue dando problemas.

Estas son las que quedan ahora:

References detected during the scan:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Alexa(TAC index:5):11 total references

Elitum.ElitebarBHO(TAC index:5):6 total references

MRU List(TAC index:0):26 total references

NavExcel(TAC index:5):23 total references

Possible Browser Hijack attempt(TAC index:3):4 total references

Tracking Cookie(TAC index:3):42 total references

Un cordial saludo.

Mensaje por **maura63** » 16 Abr 2005, 12:13

Arrancando en modo seguro y desactivando antes la restauracion del sistema el antivirus actualizado y Spybot deben eliminarte toda esa basura como Alexa.

Despues conecta via windows update y actualiza, de lo contrario en cinco minutos estaras infectada de basura.

Saludos

maura63