se me cierra el escritorio i barra de inicio

[xdiegox]

cuando tengo varias aplicaciones abiertas

me sale una ventana con un error i se me cierra un programa

o en veces se me desaparece todo el escritorio i la barra de inicio

esto es mui raro antes no pasaba eso

cabo de analizar mi pc con el AD-adware

i me salio esto







Ad-Aware SE Build 1.06r1

Logfile Created on:lunes, 09 de abril de 2007 11:20:15

Created with Ad-Aware SE Personal, free for private use.

Using definitions file:SE1R164 02.04.2007

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»



References detected during the scan:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Alexa(TAC index:5):3 total references

MRU List(TAC index:0):41 total references

Tracking Cookie(TAC index:3):26 total references

Windows(TAC index:3):1 total references

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»



Ad-Aware SE Settings

===========================

Set : Search for negligible risk entries

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep-scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan my Hosts file



Extended Ad-Aware SE Settings

===========================

Set : Unload recognized processes & modules during scan

Set : Scan registry for all users instead of current user only

Set : Always try to unload modules before deletion

Set : During removal, unload Explorer and IE if necessary

Set : Let Windows remove files in use at next reboot

Set : Delete quarantined objects after restoring

Set : Include basic Ad-Aware settings in log file

Set : Include additional Ad-Aware settings in log file

Set : Include reference summary in log file

Set : Include alternate data stream details in log file

Set : Play sound at scan completion if scan locates critical objects





09-04-2007 11:20:15 - Scan started. (Full System Scan)



MRU List Object Recognized!

Location: : S-1-5-21-527237240-507921405-854245398-1003\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles

Description : list of recently used files in adobe reader





MRU List Object Recognized!

Location: : S-1-5-21-527237240-507921405-854245398-1003\software\ahead\cover designer\recent file list

Description : list of recently used files in ahead cover designer





MRU List Object Recognized!

Location: : S-1-5-21-527237240-507921405-854245398-1003\software\ahead\nero - burning rom\recent file list

Description : list of recently used files in nero burning rom





MRU List Object Recognized!

Location: : software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct3d





MRU List Object Recognized!

Location: : software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct X





MRU List Object Recognized!

Location: : software\microsoft\directdraw\mostrecentapplication

Description : most recent application to use microsoft directdraw





MRU List Object Recognized!

Location: : S-1-5-21-527237240-507921405-854245398-1003\software\microsoft\directinput\mostrecentapplication

Description : most recent application to use microsoft directinput





MRU List Object Recognized!

Location: : S-1-5-21-527237240-507921405-854245398-1003\software\microsoft\directinput\mostrecentapplication

Description : most recent application to use microsoft directinput





MRU List Object Recognized!

Location: : S-1-5-21-527237240-507921405-854245398-1003\software\microsoft\frontpage

Description : default save location in microsoft frontpage





MRU List Object Recognized!

Location: : S-1-5-21-527237240-507921405-854245398-1003\software\microsoft\frontpage\editor

Description : default add image directory for microsoft frontpage





MRU List Object Recognized!

Location: : S-1-5-21-527237240-507921405-854245398-1003\software\microsoft\frontpage\editor\recent templates

Description : list of recently used templates in microsoft publisher





MRU List Object Recognized!

Location: : S-1-5-21-527237240-507921405-854245398-1003\software\microsoft\frontpage\explorer\frontpage explorer\recent file list

Description : list of recently used files in microsoft frontpage





MRU List Object Recognized!

Location: : S-1-5-21-527237240-507921405-854245398-1003\software\microsoft\frontpage\explorer\frontpage explorer\recent page list

Description : list of recently used pages in microsoft frontpage





MRU List Object Recognized!

Location: : S-1-5-21-527237240-507921405-854245398-1003\software\microsoft\frontpage\explorer\frontpage explorer\recent web list

Description : list of recently used webs in microsoft frontpage





MRU List Object Recognized!

Location: : S-1-5-21-527237240-507921405-854245398-1003\software\microsoft\frontpage\explorer\frontpage explorer\recently created servers

Description : list of recently created servers in microsoft frontpage





MRU List Object Recognized!

Location: : S-1-5-21-527237240-507921405-854245398-1003\software\microsoft\frontpage\explorer\navigation\mrulist

Description : list for the navigation feature of microsoft frontpage





MRU List Object Recognized!

Location: : S-1-5-21-527237240-507921405-854245398-1003\software\microsoft\internet explorer

Description : last download directory used in microsoft internet explorer





MRU List Object Recognized!

Location: : S-1-5-21-527237240-507921405-854245398-1003\software\microsoft\internet explorer\typedurls

Description : list of recently entered addresses in microsoft internet explorer





MRU List Object Recognized!

Location: : S-1-5-21-527237240-507921405-854245398-1003\software\microsoft\mediaplayer\medialibraryui

Description : last selected node in the microsoft windows media player media library





MRU List Object Recognized!

Location: : S-1-5-21-527237240-507921405-854245398-1003\software\microsoft\mediaplayer\player\recentfilelist

Description : list of recently used files in microsoft windows media player





MRU List Object Recognized!

Location: : S-1-5-21-527237240-507921405-854245398-1003\software\microsoft\mediaplayer\player\settings

Description : last save as directory used in jasc paint shop pro





MRU List Object Recognized!

Location: : S-1-5-21-527237240-507921405-854245398-1003\software\microsoft\mediaplayer\player\settings

Description : last open directory used in jasc paint shop pro





MRU List Object Recognized!

Location: : S-1-5-21-527237240-507921405-854245398-1003\software\microsoft\mediaplayer\preferences

Description : last cd record path used in microsoft windows media player





MRU List Object Recognized!

Location: : S-1-5-21-527237240-507921405-854245398-1003\software\microsoft\mediaplayer\preferences

Description : last playlist index loaded in microsoft windows media player





MRU List Object Recognized!

Location: : .DEFAULT\software\microsoft\mediaplayer\preferences

Description : last playlist loaded in microsoft windows media player





MRU List Object Recognized!

Location: : S-1-5-18\software\microsoft\mediaplayer\preferences

Description : last playlist loaded in microsoft windows media player





MRU List Object Recognized!

Location: : S-1-5-19\software\microsoft\mediaplayer\preferences

Description : last playlist loaded in microsoft windows media player





MRU List Object Recognized!

Location: : S-1-5-20\software\microsoft\mediaplayer\preferences

Description : last playlist loaded in microsoft windows media player





MRU List Object Recognized!

Location: : S-1-5-21-527237240-507921405-854245398-1003\software\microsoft\mediaplayer\preferences

Description : last playlist loaded in microsoft windows media player





MRU List Object Recognized!

Location: : S-1-5-21-527237240-507921405-854245398-1003\software\microsoft\mediaplayer\preferences

Description : last search path used in microsoft windows media player





MRU List Object Recognized!

Location: : S-1-5-21-527237240-507921405-854245398-1003\software\microsoft\office\10.0\clip organizer\search\last query

Description : last query in microsoft clip organizer





MRU List Object Recognized!

Location: : S-1-5-21-527237240-507921405-854245398-1003\software\microsoft\search assistant\acmru

Description : list of recent search terms used with the search assistant





MRU List Object Recognized!

Location: : S-1-5-21-527237240-507921405-854245398-1003\software\microsoft\windows\currentversion\applets\paint\recent file list

Description : list of files recently opened using microsoft paint





MRU List Object Recognized!

Location: : S-1-5-21-527237240-507921405-854245398-1003\software\microsoft\windows\currentversion\applets\regedit

Description : last key accessed using the microsoft registry editor





MRU List Object Recognized!

Location: : S-1-5-21-527237240-507921405-854245398-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru

Description : list of recent programs opened





MRU List Object Recognized!

Location: : S-1-5-21-527237240-507921405-854245398-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru

Description : list of recently saved files, stored according to file extension





MRU List Object Recognized!

Location: : S-1-5-21-527237240-507921405-854245398-1003\software\microsoft\windows\currentversion\explorer\recentdocs

Description : list of recent documents opened





MRU List Object Recognized!

Location: : S-1-5-21-527237240-507921405-854245398-1003\software\microsoft\windows\currentversion\explorer\runmru

Description : mru list for items opened in start | run





MRU List Object Recognized!

Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general

Description : windows media sdk





MRU List Object Recognized!

Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general

Description : windows media sdk





MRU List Object Recognized!

Location: : S-1-5-21-527237240-507921405-854245398-1003\software\microsoft\windows media\wmsdk\general

Description : windows media sdk





Listing running processes

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»



#:1 [smss.exe]

FilePath : \SystemRoot\System32\

ProcessID : 556

ThreadCreationTime : 09-04-2007 18:18:45

BasePriority : Normal





#:2 [csrss.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 608

ThreadCreationTime : 09-04-2007 18:18:55

BasePriority : Normal





#:3 [winlogon.exe]

FilePath : \??\C:\WINDOWS\SYSTEM32\

ProcessID : 632

ThreadCreationTime : 09-04-2007 18:18:56

BasePriority : High





#:4 [services.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 676

ThreadCreationTime : 09-04-2007 18:18:57

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Sistema operativo Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Aplicación de servicios y controlador

InternalName : services.exe

LegalCopyright : Copyright (C) Microsoft Corporation. Reservados todos los derechos.

OriginalFilename : services.exe



#:5 [lsass.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 688

ThreadCreationTime : 09-04-2007 18:18:57

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : LSA Shell (Export Version)

InternalName : lsass.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : lsass.exe



#:6 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 856

ThreadCreationTime : 09-04-2007 18:18:59

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe



#:7 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 964

ThreadCreationTime : 09-04-2007 18:18:59

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe



#:8 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1052

ThreadCreationTime : 09-04-2007 18:19:00

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe



#:9 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1100

ThreadCreationTime : 09-04-2007 18:19:02

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe



#:10 [explorer.exe]

FilePath : C:\WINDOWS\

ProcessID : 1308

ThreadCreationTime : 09-04-2007 18:19:07

BasePriority : Normal

FileVersion : 6.00.2600.0000 (xpclient.010817-1148)

ProductVersion : 6.00.2600.0000

ProductName : Sistema operativo Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Explorador de Windows

InternalName : explorer

LegalCopyright : © Microsoft Corporation. Reservados todos los derechos.

OriginalFilename : EXPLORER.EXE



#:11 [ad-aware.exe]

FilePath : C:\Archivos de programa\Lavasoft\Ad-Aware SE Personal\

ProcessID : 1680

ThreadCreationTime : 09-04-2007 18:19:28

BasePriority : Normal

FileVersion : 6.2.0.236

ProductVersion : SE 106

ProductName : Lavasoft Ad-Aware SE

CompanyName : Lavasoft Sweden

FileDescription : Ad-Aware SE Core application

InternalName : Ad-Aware.exe

LegalCopyright : Copyright © Lavasoft AB Sweden

OriginalFilename : Ad-Aware.exe

Comments : All Rights Reserved



Memory scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 41





Started registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»



Alexa Object Recognized!

Type : RegValue

Data :

TAC Rating : 5

Category : Data Miner

Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"

Rootkey : HKEY_USERS

Object : .DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping

Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}



Alexa Object Recognized!

Type : RegValue

Data :

TAC Rating : 5

Category : Data Miner

Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"

Rootkey : HKEY_USERS

Object : S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping

Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}



Alexa Object Recognized!

Type : RegValue

Data :

TAC Rating : 5

Category : Data Miner

Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"

Rootkey : HKEY_USERS

Object : S-1-5-21-527237240-507921405-854245398-1003\software\microsoft\internet explorer\extensions\cmdmapping

Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}



Windows Object Recognized!

Type : RegData

Data :

TAC Rating : 3

Category : Vulnerability

Comment :

Rootkey : HKEY_USERS

Object : S-1-5-21-527237240-507921405-854245398-1003\software\microsoft\windows\currentversion\policies\system

Value : DisableRegistryTools

Data :



Registry Scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 4

Objects found so far: 45





Started deep registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»



Deep registry scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 45





Started Tracking Cookie scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»





Tracking Cookie Object Recognized!

Type : IECache Entry

Data : particular@ad.yieldmanager[1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:27

Value : Cookie:particular@ad.yieldmanager.com/

Expires : 13-08-2017 17:00:00

LastSync : Hits:27

UseCount : 0

Hits : 27



Tracking Cookie Object Recognized!

Type : IECache Entry

Data : particular@bluestreak[2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:2

Value : Cookie:particular@bluestreak.com/

Expires : 05-04-2017 5:37:46

LastSync : Hits:2

UseCount : 0

Hits : 2



Tracking Cookie Object Recognized!

Type : IECache Entry

Data : particular@adtech[2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:10

Value : Cookie:particular@adtech.de/

Expires : 05-04-2017 16:43:46

LastSync : Hits:10

UseCount : 0

Hits : 10



Tracking Cookie Object Recognized!

Type : IECache Entry

Data : particular@revsci[1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:1

Value : Cookie:particular@revsci.net/

Expires : 06-05-2007 13:09:26

LastSync : Hits:1

UseCount : 0

Hits : 1



Tracking Cookie Object Recognized!

Type : IECache Entry

Data : particular@kontera[2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:9

Value : Cookie:particular@kontera.com/

Expires : 07-04-2008 9:58:30

LastSync : Hits:9

UseCount : 0

Hits : 9



Tracking Cookie Object Recognized!

Type : IECache Entry

Data : particular@statcounter[1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:1

Value : Cookie:particular@statcounter.com/

Expires : 06-04-2012 18:17:42

LastSync : Hits:1

UseCount : 0

Hits : 1



Tracking Cookie Object Recognized!

Type : IECache Entry

Data : particular@adbrite[1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:13

Value : Cookie:particular@adbrite.com/

Expires : 07-04-2008 11:16:22

LastSync : Hits:13

UseCount : 0

Hits : 13



Tracking Cookie Object Recognized!

Type : IECache Entry

Data : particular@tradedoubler[1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:3

Value : Cookie:particular@tradedoubler.com/

Expires : 03-04-2027 9:37:20

LastSync : Hits:3

UseCount : 0

Hits : 3



Tracking Cookie Object Recognized!

Type : IECache Entry

Data : particular@msnportal.112.2o7[1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:6

Value : Cookie:particular@msnportal.112.2o7.net/

Expires : 06-04-2012 14:39:14

LastSync : Hits:6

UseCount : 0

Hits : 6



Tracking Cookie Object Recognized!

Type : IECache Entry

Data : particular@adserving.cpxinteractive[2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:3

Value : Cookie:particular@adserving.cpxinteractive.com/

Expires : 22-04-2007 15:15:16

LastSync : Hits:3

UseCount : 0

Hits : 3



Tracking Cookie Object Recognized!

Type : IECache Entry

Data : particular@clickbank[2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:4

Value : Cookie:particular@clickbank.net/

Expires : 05-10-2007 10:04:20

LastSync : Hits:4

UseCount : 0

Hits : 4



Tracking Cookie Object Recognized!

Type : IECache Entry

Data : particular@tribalfusion[1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:1

Value : Cookie:particular@tribalfusion.com/

Expires : 07-04-2008 18:16:52

LastSync : Hits:1

UseCount : 0

Hits : 1



Tracking Cookie Object Recognized!

Type : IECache Entry

Data : particular@overture[2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:2

Value : Cookie:particular@overture.com/

Expires : 05-04-2017 11:16:34

LastSync : Hits:2

UseCount : 0

Hits : 2



Tracking Cookie Object Recognized!

Type : IECache Entry

Data : particular@as1.falkag[1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:9

Value : Cookie:particular@as1.falkag.de/

Expires : 08-05-2007 17:56:42

LastSync : Hits:9

UseCount : 0

Hits : 9



Tracking Cookie Object Recognized!

Type : IECache Entry

Data : particular@valueclick[1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:1

Value : Cookie:particular@valueclick.com/

Expires : 01-04-2032 18:20:58

LastSync : Hits:1

UseCount : 0

Hits : 1



Tracking Cookie Object Recognized!

Type : IECache Entry

Data : particular@atdmt[2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:7

Value : Cookie:particular@atdmt.com/

Expires : 05-04-2012 17:00:00

LastSync : Hits:7

UseCount : 0

Hits : 7



Tracking cookie scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 16

Objects found so far: 61







Deep scanning and examining files (C:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»



Tracking Cookie Object Recognized!

Type : IECache Entry

Data : particular@tripod[2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Particular\Configuración local\Temp\Cookies\particular@tripod[2].txt



Tracking Cookie Object Recognized!

Type : IECache Entry

Data : particular@ads.multimania.lycos[1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Particular\Configuración local\Temp\Cookies\particular@ads.multimania.lycos[1].txt



Tracking Cookie Object Recognized!

Type : IECache Entry

Data : particular@tripod[1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Particular\Configuración local\Temp\Cookies\particular@tripod[1].txt



Tracking Cookie Object Recognized!

Type : IECache Entry

Data : particular@unicast[1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Particular\Configuración local\Temp\Cookies\particular@unicast[1].txt



Tracking Cookie Object Recognized!

Type : IECache Entry

Data : particular@insightexpressai[2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Particular\Configuración local\Temp\Cookies\particular@insightexpressai[2].txt



Tracking Cookie Object Recognized!

Type : IECache Entry

Data : moka@cms[1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\moka\Cookies\moka@cms[1].txt



Tracking Cookie Object Recognized!

Type : IECache Entry

Data : moka@partypoker[2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\moka\Cookies\moka@partypoker[2].txt



Tracking Cookie Object Recognized!

Type : IECache Entry

Data : moka@indextools[2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\moka\Cookies\moka@indextools[2].txt



Tracking Cookie Object Recognized!

Type : IECache Entry

Data : moka@ad1.emediate[2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\moka\Cookies\moka@ad1.emediate[2].txt



Tracking Cookie Object Recognized!

Type : IECache Entry

Data : moka@digitalpoint[1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\moka\Cookies\moka@digitalpoint[1].txt



Disk Scan Result for C:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 71





Scanning Hosts file......

Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»



Hosts file scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

0 entries scanned.

New critical objects:0

Objects found so far: 71









Performing conditional scans...

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»



Conditional scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 71



11:26:30 Scan Complete



Summary Of This Scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Total scanning time:00:06:14.399

Objects scanned:164924

Objects identified:30

Objects ignored:0

New critical objects:30







porfavor diganme ke ago

[msc hotline sat]

Prueba el ELISTARA y acepta si te pregunta limpiar temporales:





ELISTARA:

http://www.zonavirus.com/descargas/elistara.asp



Tras probarlo, reiniciar y postearnos el contenido de C:\infosat.txt para ver el resultado del proceso



saludos



ms, 9-04-2007

[xdiegox]

Mon Apr 09 12:05:55 2007

EliStartPage v13.70 (c)2007 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

C:\Archivos de programa\Microsoft Works\WKSSOLE.DLL --> Eliminado, ZangoSA (BHO)

C:\Archivos de programa\Microsoft Works\WKDBOLE.DLL --> Eliminado, ZangoSA (BHO)

C:\System Volume Information\_restore{78D389C8-7FDA-4893-8D97-B824187F9124}\RP36\A0274084.EXE --> Eliminado, Ailis

C:\System Volume Information\_restore{78D389C8-7FDA-4893-8D97-B824187F9124}\RP36\A0278225.DLL --> Eliminado, NavHelper (BHO)

C:\System Volume Information\_restore{78D389C8-7FDA-4893-8D97-B824187F9124}\RP37\A0284263.DLL --> Eliminado, NavHelper (BHO)

C:\System Volume Information\_restore{78D389C8-7FDA-4893-8D97-B824187F9124}\RP45\A0437557.EXE --> Eliminado, DriverLoad (Clicker.Delf.CN)

C:\System Volume Information\_restore{78D389C8-7FDA-4893-8D97-B824187F9124}\RP49\A0522181.DLL --> Eliminado, ZangoSA (BHO)

C:\System Volume Information\_restore{78D389C8-7FDA-4893-8D97-B824187F9124}\RP49\A0522182.DLL --> Eliminado, ZangoSA (BHO)





eso fue lo ke me salio

[xdiegox]

tengo el mismo problema todavia miren

les voi a mandar una imagen de lo ke me sale

si alguien sabe de lo ke pasa ayudeme

tambien me sale ke memoria virtual de windows demaciada baja

[msc hotline sat]

Pruebe de lanzar un windowsupdate, y si tras ello persiste el problema, diganos el tamaño del disco duro y el espacio libre disponible, y la RAM que tiene en placa base.



saludos



ms, 10-04.2007

[xdiegox]

emmm

i como ago eso explicame ???

[Nuker]

Para lanzar un Windows Update, solo haga click en le link y siga las instrucciones:



Windows Update:

https://support.microsoft.com/es-es/help/12373/windows-update-faq



Para checar su Disco Duro se va a mi Pc, un click sobre el icono de Unidad C, y observe en la parte izquierda (Detalles) mencionenos que dice en Tamaño Total y en Espacio Libre.



Y para checar la RAM Click derecho sobre le icono de Mi Pc, Propiedades. Le saldra una ventana nueva (General) Abajo en Equipo le dira la cantidad RAM que tiene.



Saludos.





[u]Atendido a las 2:08 p.m. (Hora México) 10/04/07[/u]

[xdiegox]

mira la informacion de mi pc es

intel (R)

pentium (R) 4 CPU 2.26GHz

248 MB de RAM



tamaño total 76,6 GB

espacio libre 23,5 GB





a Windows Update no puedo entrar =S

[Nuker]

Pues el link funciona, vayasa entonces a Inicio, Todos los Programas, Windows Update a ver si de ahi pudiera accesar.



Tiene una Ram algo baja intente liberar memoria, para eso.



Abra el bloc de notas y copie este contenido.



MyString=(80000000)



Guardas el documento con cualquier nombre que quiera pero con terminacion .vbs, abra el archivo donde lo haya guardado y cada vez que lo abra liberara memoria.



Y posteenos un log de HijackThis por si quedaran restos viricos, abre, le da en scan and save log file, copia contenido del bloc y lo pega aqui.



HijackThis:

http://www.zonavirus.com/descargas/trendmicro-hijackthis.asp



Saludos.



[u]Atendido a las 2:29 p.m. (Hora México) 10/04/07[/u]

[xdiegox]

esto me salio...





Logfile of HijackThis v1.99.1

Scan saved at 14:42:52, on 10/04/2007

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Archivos de programa\Webroot\Spy Sweeper\SpySweeper.exe

C:\WINDOWS\Explorer.EXE

C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe

C:\ARCHIV~1\MSNMES~1\msnmsgr.exe

C:\Archivos de programa\Internet Explorer\iexplore.exe

C:\Program Files\HijackThis\HijackThis.exe



R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos

F2 - REG:system.ini: UserInit=C:\WINDOWS\regedit /s C:\pav.reg,C:\WINDOWS\System32\pavdr.exe,C:\WINDOWS\System32\userinit.exe,

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Archivos de programa\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [VTPreset] VTPreset.exe

O4 - HKLM\..\Run: [CM-SmWizard] C:\WINDOWS\System\SmWizard.exe

O4 - HKLM\..\Run: [Ink Monitor] "C:\Archivos de programa\EPSON\Ink Monitor\InkMonitor.exe"

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [APVXDWIN] "C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u

O4 - HKLM\..\Run: [SpySweeper] "C:\Archivos de programa\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Send Image to Photo Library - file://C:\Archivos de programa\MGI\MGI PhotoSuite III SE\Temp\MGI00000.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O10 - Unknown file in Winsock LSP: c:\windows\system32\ou7viewer.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ou7viewer.dll

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/spanish//kavwebscan_unicode.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (Installer Class) - https://www.pandasecurity.com/spain/homeusers/solutions/online-antivirus//as/v1/cabs/ascinstie.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1166208108834

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135625977766

O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/spain/homeusers/solutions/online-antivirus//cabs/nanoinst.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARCHIV~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Card Adapter (NETDown) - Unknown owner - C:\WINDOWS\cfcf.exe

O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe

O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Archivos de programa\Archivos comunes\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe

O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe

O23 - Service: Motor de Spy Sweeper de Webroot (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Archivos de programa\Webroot\Spy Sweeper\SpySweeper.exe

[msc hotline sat]

Analisis log HJT:



Faltan todos los parches del SP2 y posteriores.



Lance el windowsupdate !



_____





Tiene MSG PLUS instalado.



Desinstalelo pues es un foco de adwares !

______



Restaurar con LPSFIX:



O10 - Unknown file in Winsock LSP: c:\windows\system32\ou7viewer.dll



O10 - Unknown file in Winsock LSP: c:\windows\system32\ou7viewer.dll



[url=http://www.zonavirus.com/descargas/lsp-fix.asp][b]Descargar LSP-FIX[/b][/url]



· [url=http://www.zonavirus.com/articulos/manual-lsp-fix.asp][b]Manual LSP-FIx[/b][/url] (Español)

_______



Enviarnos muestra para analizar de:



C:\WINDOWS\cfcf.exe



________



y el spysweeper no es de nuestro gusto, si nos quiere hacer caso mire de usar cualquier otro, como el antispyware EWIDO /AVG



http://www.ewido.net/en/download/



saludos



ms, 11-04-2007

[xdiegox]

ia desinstale el msg plus i el spysweeper

pero lo ke no entiendo es como restaurar con LPSFIX

lei el manual i no viene nada acerca de restaurar

[msc hotline sat]

Su ejecucion restaurará las claves



No se olvide de enviarnos la muestra del ctcf.exe, gracias



saludos



ms, 11-04-2007

[xdiegox]

sorri por mi ignoranzia

pero komo mando la muestra del C:\WINDOWS\cfcf.exe



orita estaba analizando mi pc con el ewido

i me salio que tengo el trojan.nilage.ara

[msc hotline sat]

La muestra nos la anexa a un mail, como se indica en:



https://foros.zonavirus.com/viewtopic.php?f=2&t=45334



saludos



ms, 11-04-.2007





nota: tras enviar la muestra, y si puede tambien el fichero que ewido le detecta como infectado, luego elimine lo que encuentra con el EWIDO. ms.

[xdiegox]

pero de donde saco las muestras esas del C:\WINDOWS\cfcf.exe

donde las busco ??

o como le ago para sacarlas noc ???

sorri :(

[msc hotline sat]

Se le indica la ruta y el nombre del fichero...



sabe lo que es C:\ , pues es el directorio principal de la unidad C:



y C:\windows es la carpeta windows que cuelga de C:\







y C:\WINDOWS\cfcf.exe es el fichero cfcf.exe que está en dicha carpeta...



Si ya no llega hasta aquí, mejor haga que le ayude algun amigo o vecino, de verdad.



saludos



ms, 11-04-2007

[xdiegox]

ia buske la carpeta i no me sale nada

no la encuentro =S



este fue el reporte que me dio ewido



Name: TrackingCookie.Burstnet

Path: C:\Documents and Settings\Particular\Cookies\particular@burstnet[1].txt

Risk: Medium



Name: TrackingCookie.Webtrends

Path: C:\Documents and Settings\Particular\Cookies\particular@m.webtrends[1].txt

Risk: Medium



Name: TrackingCookie.Msn

Path: C:\Documents and Settings\Particular\Cookies\particular@ie.search.msn[1].txt

Risk: Medium



Name: TrackingCookie.Burstnet

Path: C:\Documents and Settings\Particular\Cookies\particular@www.burstnet[2].txt

Risk: Medium



Name: TrackingCookie.Atdmt

Path: C:\Documents and Settings\Particular\Cookies\particular@atdmt[2].txt

Risk: Medium



Name: TrackingCookie.2o7

Path: C:\Documents and Settings\Particular\Cookies\particular@msnportal.112.2o7[1].txt

Risk: Medium



Name: TrackingCookie.Netflame

Path: C:\Documents and Settings\Particular\Cookies\particular@ssl-hints.netflame[1].txt

Risk: Medium



Name: TrackingCookie.Yieldmanager

Path: C:\Documents and Settings\Particular\Cookies\particular@ad.yieldmanager[2].txt

Risk: Medium



Name: Trojan.Nilage.ara

Path: [864] VM_00610000

Risk: High



Name: Trojan.Nilage.ara

Path: [1936] VM_01700000

Risk: High



Name: TrackingCookie.Atdmt

Path: C:\Documents and Settings\Particular\Configuración local\Temp\Cookies\particular@atdmt[2].txt

Risk: Medium



Name: TrackingCookie.Yieldmanager

Path: C:\Documents and Settings\Particular\Configuración local\Temp\Cookies\particular@ad.yieldmanager[1].txt

Risk: Medium



Name: TrackingCookie.2o7

Path: C:\Documents and Settings\Particular\Configuración local\Temp\Cookies\particular@msnportal.112.2o7[1].txt

Risk: Medium



Name: Adware.SafetyBar

Path: C:\System Volume Information\_restore{78D389C8-7FDA-4893-8D97-B824187F9124}\RP15\A0034721.bat

Risk: Medium

[msc hotline sat]

Pues arranque en modo seguro y que el ewido le solucione lo que detecta.





Y si no encuentra dicho fichero, vea que no esté oculto:



https://foros.zonavirus.com/viewtopic.php?f=5&t=13245



saludos



ms, 11-04-2007

[xdiegox]

es mui raro ia desmarque lo que decia

i cuando busco el fichero nomas sale el reloj de espera

pero no sale ia nada

que es lo que pasa =S



i ia stoi en modo seguro

[msc hotline sat]

Pues si tiene configurado windows para ver todos los ficheros, incluso los ocultos y los de sistema, y no lo encuentra, olvidelo, no le pida peras al olmo...



Termine la limpieza con el ewido y listos.



saludos



ms, 11-04-2007



nota: y en cuanto pueda, aumente la memoria RAM, que está en minimos... 512 o 1 GB es lo aconsejable (hasta 4 GB que admiten segun qué placas...) ms.