Se me abre esta pagina sola de internet. Como titulo pone: if you have been brought here th..
y creo que lo que intenta es instalar unos controles activeX. Creo.
Es la pagina que mas aparece abriendose.
Ahora se me acaba de abrir otra, que es:
el titulo: brought to you bt 180search assistant, y es una publi sobre el zango messenger.
Esta es otra que me acaba de aparecer, tambien del 180assistant ese.
El problema es que no aguanta la conexion durnte mucho tiempo, y en 2 o 3 o 5 minutos, se cae y ya no conecta. Ni el explorer, ni el messenger ni nada.
Si ejecuto desde simbolo de sistema las instrucciones:
ipconfig /release
ipconfig /renew
se me vuelve a conectar, pero mas tarde me vuelve a ocurrir lo mismo.
Antes de ayer, tenía mas virus en el ordenador, y no dejaba conectarme apenas 10 segundos.
Y una cosa curiosa era que por ejemplo, si estaba navegando en un sitio, como
Pero sin embargo, cuando ponia una direccion distinta, como
Otra cosa. Intento descargar cualquier programa, como el hijackthis, y me sale una alerta de seguridad, de que mi configuracion de seguridad no me permite la descarga de ese archivo.
Los niveles que tengo son, para internet Media, para Intranet local Media-baja.
He añadido a sitios seguros el lugar de donde me iba a bajar el hijackthis, y ya lo he descargado. A continuacion os pongo los resultados.
Logfile of HijackThis v1.99.1
Scan saved at 9:45:25, on 04/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ARCHIV~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Archivos de programa\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\ARCHIV~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Archivos de programa\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Archivos de programa\HP\hpcoretech\hpcmpmgr.exe
C:\Archivos de programa\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\Logitechs.exe
C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe
C:\Archivos de programa\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\ARCHIV~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Archivos de programa\Archivos comunes\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\Archivos de programa\ISTsvc\istsvc.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\WINDOWS\oduxnfvx.exe
C:\WINDOWS\system32\notepad.exe
C:\Archivos de programa\BullsEye Network\bin\bargains.exe
c:\temp\salm.exe
C:\WINDOWS\system32\ap9h4qmo.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\Documents and Settings\Celia.CELL\Escritorio\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - Default URLSearchHook is missing
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Archivos de programa\SideFind\sfbho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Archivos de programa\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\system32\msbe.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar2.dll
O3 - Toolbar: ISTbar - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - C:\Archivos de programa\ISTbar\istbarcm.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Archivos de programa\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Archivos de programa\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Archivos de programa\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [sysPersonalFirewall] msnmssgr.exe
O4 - HKLM\..\Run: [Logitechs] Logitechs.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\ARCHIV~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [AcctMgr] C:\Archivos de programa\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [IST Service] C:\Archivos de programa\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [C3WhD] C:\WINDOWS\oduxnfvx.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [xkboj] C:\WINDOWS\xkboj.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Archivos de programa\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [ap9h4qmo] C:\WINDOWS\system32\ap9h4qmo.exe
O4 - HKLM\..\RunServices: [sysPersonalFirewall] msnmssgr.exe
O4 - HKLM\..\RunServices: [Logitechs] Logitechs.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [sysPersonalFirewall] msnmssgr.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [roru] C:\ARCHIV~1\COMMON~1\roru\rorum.exe
O8 - Extra context menu item: &Google Search - res://c:\archivos de programa\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Instantánea de caché de la página - res://c:\archivos de programa\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Páginas similares - res://c:\archivos de programa\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Páginas vinculadas - res://c:\archivos de programa\google\GoogleToolbar2.dll/cmbacklinks.html
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Archivos de programa\SideFind\sidefind.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O15 - Trusted Zone:
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) -
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\ARCHIV~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Archivos de programa\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\ARCHIV~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Archivos de programa\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARCHIV~1\ARCHIV~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\ARCHIV~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\Security Center\SymWSC.exe
A continuacion voi a pasar el Norton Systemworks 2004, que lo tengo actualizado.
El resultado es el siguiente:
Ante mi sorpresa, ya a que como dije antes habia eliminado casi la totalidad de los virus quedando solo 1 que volvia a aparecer aunque lo borrase, han aparecido muchos mas hoy.
He entrado en el log, y estos son los que me detectó el otro dia:
Threat category: AdwareSource:
C:\Documents and Settings\Celia.CELL\Configuración local\Archivos temporales de Internet\Content.IE5\80RF2GN3\index[1].htm,Description: The file C:\Documents and Settings\Celia.CELL\Configuración local\Archivos temporales de Internet\Content.IE5\80RF2GN3\index[1].htm is a Adware threat.
Source: C:\WINDOWS\system32\msnmssgr.exe
Source: C:\WINDOWS\system32\msnmssgr.exe
Source: C:\WINDOWS\System32\hwclock.exe
Source: C:\WINDOWS\System32\hwclock.exe
Source: C:\WINDOWS\system32\msnmssgr.exe
Source: C:\WINDOWS\system32\msnmssgr.exe
Source: C:\WINDOWS\System32\hwclock.exe
Source: C:\WINDOWS\System32\hwclock.exe
Source: C:\WINDOWS\system32\msnmssgr.exe
Source: C:\WINDOWS\system32\msnmssgr.exe
Source: C:\WINDOWS\System32\hwclock.exe
Source: C:\WINDOWS\System32\hwclock.exe
Source: C:\WINDOWS\system32\msnmssgr.exe
Source: C:\WINDOWS\system32\msnmssgr.exe
Source: C:\WINDOWS\System32\hwclock.exe
Source: C:\WINDOWS\System32\hwclock.exe
Source: C:\WINDOWS\system32\msnmssgr.exe
Source: C:\WINDOWS\system32\msnmssgr.exe
Source: C:\WINDOWS\System32\hwclock.exe
Source: C:\WINDOWS\System32\hwclock.exe
Source: C:\WINDOWS\system32\msnmssgr.exe
Source: C:\WINDOWS\system32\msnmssgr.exe
Source: C:\WINDOWS\System32\hwclock.exe
Source: C:\WINDOWS\System32\hwclock.exe
Source: C:\WINDOWS\system32\msnmssgr.exe
Source: C:\WINDOWS\system32\msnmssgr.exe
Source: C:\WINDOWS\System32\hwclock.exe
Source: C:\WINDOWS\System32\hwclock.exe
Source: C:\WINDOWS\system32\msnmssgr.exe
Source: C:\WINDOWS\system32\msnmssgr.exe
Source: C:\WINDOWS\System32\hwclock.exe
Source: C:\WINDOWS\System32\hwclock.exe
Source: C:\WINDOWS\system32\msnmssgr.exe
Source: C:\WINDOWS\system32\msnmssgr.exe
Source: C:\WINDOWS\System32\hwclock.exe
Source: C:\WINDOWS\System32\hwclock.exe
Source: C:\WINDOWS\system32\msnmssgr.exe
Source: C:\WINDOWS\system32\msnmssgr.exe
Source: C:\WINDOWS\System32\hwclock.exe
Source: C:\WINDOWS\System32\hwclock.exe
Y mas concretamente, el Adware.CDT era el que no se eliminaba.
Seguí unas instrucciones tambien de borrar unas cosas del registro, relacionadas con ese Adware.CDT, pero ninguna de las posibles entradas en el registro las tenía yo, asi que no hice nada al final.
Los de hoy son los sguientes:
,Threat category: AdwareSource: C:\WINDOWS\zeta.exe,Description: The file C:\WINDOWS\zeta.exe is a Adware threat.
,Threat category: AdwareSource: C:\WINDOWS\xkboj.exe,Description: The file C:\WINDOWS\xkboj.exe is a Adware threat.
,Threat category: AdwareSource: C:\WINDOWS\system32\qh4mkbv9.dll,Description: The file C:\WINDOWS\system32\qh4mkbv9.dll is a Adware threat.
,Threat category: AdwareSource: C:\WINDOWS\system32\q17i9a4j.exe,Description: The file C:\WINDOWS\system32\q17i9a4j.exe is a Adware threat.
,Threat category: AdwareSource: C:/WINDOWS/system32/msexreg.exe,Description: The compressed file C:/WINDOWS/system32/msexreg.exe within C:\WINDOWS\system32\netut80ex.vxd is a Adware threat.
,Threat category: AdwareSource: C:/WINDOWS/system32/javexulm.vxd,Description: The compressed file C:/WINDOWS/system32/javexulm.vxd within C:\WINDOWS\system32\netut80ex.vxd is a Adware threat.
,Threat category: AdwareSource: C:/WINDOWS/system32/exul.exe,Description: The compressed file C:/WINDOWS/system32/exul.exe within C:\WINDOWS\system32\netut80ex.vxd is a Adware threat.
,Threat category: AdwareSource: C:/WINDOWS/system32/mqexdlm.srg,Description: The compressed file C:/WINDOWS/system32/mqexdlm.srg within C:\WINDOWS\system32\netut80ex.vxd is a Adware threat.
,Threat category: AdwareSource: C:/WINDOWS/system32/exdl.exe,Description: The compressed file C:/WINDOWS/system32/exdl.exe within C:\WINDOWS\system32\netut80ex.vxd is a Adware threat.
,Threat category: AdwareSource: C:\WINDOWS\system32\msexreg.exe,Description: The file C:\WINDOWS\system32\msexreg.exe is a Adware threat.
,Threat category: AdwareSource: C:\WINDOWS\system32\msbe.dll,Description: The file C:\WINDOWS\system32\msbe.dll is a Adware threat.
,Threat category: AdwareSource: C:\WINDOWS\system32\mqexdlm.srg,Description: The file C:\WINDOWS\system32\mqexdlm.srg is a Adware threat.
,Threat category: AdwareSource: C:/Archivos de programa/BullsEye Network/bin/adx.exe,Description: The compressed file C:/Archivos de programa/BullsEye Network/bin/adx.exe within C:\WINDOWS\system32\mac80ex.idf is a Adware threat.
,Threat category: AdwareSource: C:/Archivos de programa/BullsEye Network/bin/adv.exe,Description: The compressed file C:/Archivos de programa/BullsEye Network/bin/adv.exe within C:\WINDOWS\system32\mac80ex.idf is a Adware threat.
,Threat category: AdwareSource: C:/Archivos de programa/BullsEye Network/bin/bargains.exe,Description: The compressed file C:/Archivos de programa/BullsEye Network/bin/bargains.exe within C:\WINDOWS\system32\mac80ex.idf is a Adware threat.
,Threat category: AdwareSource: C:/WINDOWS/system32/msbe.dll,Description: The compressed file C:/WINDOWS/system32/msbe.dll within C:\WINDOWS\system32\mac80ex.idf is a Adware threat.
,Threat category: AdwareSource: C:\WINDOWS\system32\javexulm.vxd,Description: The file C:\WINDOWS\system32\javexulm.vxd is a Adware threat.
,Threat category: AdwareSource: C:\WINDOWS\system32\exul1.exe,Description: The file C:\WINDOWS\system32\exul1.exe is a Adware threat.
,Threat category: AdwareSource: C:\WINDOWS\system32\exul.exe,Description: The file C:\WINDOWS\system32\exul.exe is a Adware threat.
,Threat category: AdwareSource: C:\WINDOWS\system32\exdl1.exe,Description: The file C:\WINDOWS\system32\exdl1.exe is a Adware threat.
,Threat category: AdwareSource: C:\WINDOWS\system32\exdl0.exe,Description: The file C:\WINDOWS\system32\exdl0.exe is a Adware threat.
,Threat category: AdwareSource: C:\WINDOWS\system32\exdl.exe,Description: The file C:\WINDOWS\system32\exdl.exe is a Adware threat.
,Threat category: AdwareSource: C:\WINDOWS\system32\ap9h4qmo.exe,Description: The file C:\WINDOWS\system32\ap9h4qmo.exe is a Adware threat.
,Threat category: AdwareSource: C:\WINDOWS\system32\angelex.exe,Description: The file C:\WINDOWS\system32\angelex.exe is a Adware threat.
,Threat category: AdwareSource: C:\WINDOWS\nem220.dll,Description: The file C:\WINDOWS\nem220.dll is a Adware threat.
,Threat category: AdwareSource: C:\WINDOWS\exdl.exe,Description: The file C:\WINDOWS\exdl.exe is a Adware threat.
,Threat category: AdwareSource: C:\WINDOWS\Downloaded Program Files\u6f6uftuc_.exe,Description: The file C:\WINDOWS\Downloaded Program Files\u6f6uftuc_.exe is a Adware threat.
,Threat category: AdwareSource: C:\WINDOWS\Downloaded Program Files\MediaAccX.dll,Description: The file C:\WINDOWS\Downloaded Program Files\MediaAccX.dll is a Adware threat.
,Threat category: AdwareSource: C:\WINDOWS\ahadp.exe,Description: The file C:\WINDOWS\ahadp.exe is a Adware threat.
,Threat category: AdwareSource: C:\WINDOWS\a95kfrhe.exe,Description: The file C:\WINDOWS\a95kfrhe.exe is a Adware threat.
,Threat category: AdwareSource: C:\temp\salmhook.dll,Description: The file C:\temp\salmhook.dll is a Adware threat.
,Threat category: AdwareSource: C:\temp\salm.exe,Description: The file C:\temp\salm.exe is a Adware threat.
,Threat category: AdwareSource: C:\Program Files\Media Access\MediaAccK.exe,Description: The file C:\Program Files\Media Access\MediaAccK.exe is a Adware threat.
,Threat category: AdwareSource: C:\Program Files\Media Access\MediaAccess.exe,Description: The file C:\Program Files\Media Access\MediaAccess.exe is a Adware threat.
,Threat category: AdwareSource: C:\Program Files\Media Access\MediaAccC.dll,Description: The file C:\Program Files\Media Access\MediaAccC.dll is a Adware threat.
,Threat category: AdwareSource: C:\Program Files\Internet Optimizer\optimize.exe,Description: The file C:\Program Files\Internet Optimizer\optimize.exe is a Adware threat.
,Threat category: AdwareSource: C:\Documents and Settings\Celia.CELL\Configuración local\Temp\sidefind.exe,Description: The file C:\Documents and Settings\Celia.CELL\Configuración local\Temp\sidefind.exe is a Adware threat.
,Threat category: AdwareSource: C:\Documents and Settings\Celia.CELL\Configuración local\Temp\bb.exe,Description: The file C:\Documents and Settings\Celia.CELL\Configuración local\Temp\bb.exe is a Adware threat.
,Threat category: AdwareSource: C:\Documents and Settings\Celia.CELL\Configuración local\Temp\7SAA0IDO.dll,Description: The file C:\Documents and Settings\Celia.CELL\Configuración local\Temp\7SAA0IDO.dll is a Adware threat.
,Threat category: AdwareSource: C:\Documents and Settings\Celia.CELL\Configuración local\Archivos temporales de Internet\Content.IE5\W99Z66S0\sfbho13[1].dll,Description: The file C:\Documents and Settings\Celia.CELL\Configuración local\Archivos temporales de Internet\Content.IE5\W99Z66S0\sfbho13[1].dll is a Adware threat.
,Threat category: AdwareSource: C:\Documents and Settings\Celia.CELL\Configuración local\Archivos temporales de Internet\Content.IE5\W99Z66S0\ncase_new[1].exe,Description: The file C:\Documents and Settings\Celia.CELL\Configuración local\Archivos temporales de Internet\Content.IE5\W99Z66S0\ncase_new[1].exe is a Adware threat.
,Threat category: AdwareSource: C:\Documents and Settings\Celia.CELL\Configuración local\Archivos temporales de Internet\Content.IE5\W99Z66S0\MediaAccC[1].dll,Description: The file C:\Documents and Settings\Celia.CELL\Configuración local\Archivos temporales de Internet\Content.IE5\W99Z66S0\MediaAccC[1].dll is a Adware threat.
,Threat category: AdwareSource: C:\Documents and Settings\Celia.CELL\Configuración local\Archivos temporales de Internet\Content.IE5\STKUUSKI\MediaAccK[1].exe,Description: The file C:\Documents and Settings\Celia.CELL\Configuración local\Archivos temporales de Internet\Content.IE5\STKUUSKI\MediaAccK[1].exe is a Adware threat.
,Threat category: AdwareSource: C:\Documents and Settings\Celia.CELL\Configuración local\Archivos temporales de Internet\Content.IE5\STKUUSKI\bb[1].exe,Description: The file C:\Documents and Settings\Celia.CELL\Configuración local\Archivos temporales de Internet\Content.IE5\STKUUSKI\bb[1].exe is a Adware threat.
,Threat category: AdwareSource: C:\Documents and Settings\Celia.CELL\Configuración local\Archivos temporales de Internet\Content.IE5\EJ7GCS4S\nem220[1].dll,Description: The file C:\Documents and Settings\Celia.CELL\Configuración local\Archivos temporales de Internet\Content.IE5\EJ7GCS4S\nem220[1].dll is a Adware threat.
,Threat category: AdwareSource: C:\Documents and Settings\Celia.CELL\Configuración local\Archivos temporales de Internet\Content.IE5\EJ7GCS4S\istrecover[1].exe,Description: The file C:\Documents and Settings\Celia.CELL\Configuración local\Archivos temporales de Internet\Content.IE5\EJ7GCS4S\istrecover[1].exe is a Adware threat.
,Threat category: AdwareSource: C:\Documents and Settings\Celia.CELL\Configuración local\Archivos temporales de Internet\Content.IE5\80RF2GN3\sidefind[1].exe,Description: The file C:\Documents and Settings\Celia.CELL\Configuración local\Archivos temporales de Internet\Content.IE5\80RF2GN3\sidefind[1].exe is a Adware threat.
,Threat category: AdwareSource: C:\Documents and Settings\Celia.CELL\Configuración local\Archivos temporales de Internet\Content.IE5\80RF2GN3\sidefind13[1].dll,Description: The file C:\Documents and Settings\Celia.CELL\Configuración local\Archivos temporales de Internet\Content.IE5\80RF2GN3\sidefind13[1].dll is a Adware threat.
,Threat category: AdwareSource: C:\Documents and Settings\Celia.CELL\Configuración local\Archivos temporales de Internet\Content.IE5\80RF2GN3\MediaAccess[1].exe,Description: The file C:\Documents and Settings\Celia.CELL\Configuración local\Archivos temporales de Internet\Content.IE5\80RF2GN3\MediaAccess[1].exe is a Adware threat.
,Threat category: AdwareSource: C:\Documents and Settings\Celia.CELL\Configuración local\Archivos temporales de Internet\Content.IE5\80RF2GN3\prompt[2].htm,Description: The file C:\Documents and Settings\Celia.CELL\Configuración local\Archivos temporales de Internet\Content.IE5\80RF2GN3\prompt[2].htm is a Adware threat.
,Threat category: AdwareSource: C:\Documents and Settings\Celia.CELL\Configuración local\Archivos temporales de Internet\Content.IE5\80RF2GN3\index[1].htm,Description: The file C:\Documents and Settings\Celia.CELL\Configuración local\Archivos temporales de Internet\Content.IE5\80RF2GN3\index[1].htm is a Adware threat.
,Threat category: AdwareSource: MediaAccX.dll,Description: The compressed file MediaAccX.dll within C:\Documents and Settings\Celia.CELL\Configuración local\Archivos temporales de Internet\Content.IE5\80RF2GN3\bridge-c6[1].cab is a Adware threat.
,Threat category: AdwareSource: C:\Archivos de programa\SideFind\sidefind.dll,Description: The file C:\Archivos de programa\SideFind\sidefind.dll is a Adware threat.
,Threat category: AdwareSource: C:\Documents and Settings\Celia.CELL\Configuración local\Archivos temporales de Internet\Content.IE5\80RF2GN3\bridge-c6[1].cab,Description: The file C:\Documents and Settings\Celia.CELL\Configuración local\Archivos temporales de Internet\Content.IE5\80RF2GN3\bridge-c6[1].cab is a Adware threat.
,Threat category: AdwareSource: C:\Archivos de programa\SideFind\update\sidefind.exe,Description: The file C:\Archivos de programa\SideFind\update\sidefind.exe is a Adware threat.
,Threat category: AdwareSource: C:\Archivos de programa\SideFind\sfbho.dll,Description: The file C:\Archivos de programa\SideFind\sfbho.dll is a Adware threat.
,Threat category: AdwareSource: C:\Archivos de programa\BullsEye Network\bin\adv.exe,Description: The file C:\Archivos de programa\BullsEye Network\bin\adv.exe is a Adware threat.
,Threat category: AdwareSource: C:\Archivos de programa\BullsEye Network\bin\bargains.exe,Description: The file C:\Archivos de programa\BullsEye Network\bin\bargains.exe is a Adware threat.
,Threat category: AdwareSource: C:\Archivos de programa\BullsEye Network\bin\adx.exe,Description: The file C:\Archivos de programa\BullsEye Network\bin\adx.exe is a Adware threat.
,Threat category: AdwareSource: C:\Archivos de programa\180Solutions\sais.exe,Description: The file C:\Archivos de programa\180Solutions\sais.exe is a Adware threat.
Bueno, el log no se por que no me permitia copiarlo directamente y me ha costado copiarlo.
Y no se si es la informacion que queria daros.
Echando un vistazo al mensaje del antivirus tengo un total de 60 amenazas.
Todas son tipo fichero.
Y sus nombres son: todas empiezan por Adware., y siguen con: BargainBuddy, 180search, SAHAgent, Netoptimizer, MediaPass, Istbar, Windupdates.
No las he eliminado las amenazas porque esta visto que no sirve de nada. En cuanto reinicie volveran a aparecer.
A continuacion le he pasado el Ad-Adware SE. Un full system scan, con los siguientes resultados:
Ad-Aware SE Build 1.05
Logfile Created on:miércoles, 04 de mayo de 2005 10:52:33
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R42 28.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
180Solutions(TAC index:6):47 total references
BargainBuddy(TAC index:8):91 total references
DyFuCA(TAC index:3):69 total references
Hijacker.TopConverting(TAC index:5):1 total references
istbar(TAC index:7):21 total references
MRU List(TAC index:0):9 total references
Other(TAC index:5):17 total references
Possible Browser Hijack attempt(TAC index:3):9 total references
Rads01.Quadrogram(TAC index:6):3 total references
SahAgent(TAC index:9):21 total references
SideFind(TAC index:5):49 total references
Tracking Cookie(TAC index:3):9 total references
WindUpdates(TAC index:8):23 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
04-05-2005 10:52:33 - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : S-1-5-21-1935655697-1972579041-725345543-1003\software\google\navclient\1.1\history
Description : list of recently used search terms in the google toolbar
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-1935655697-1972579041-725345543-1003\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-1935655697-1972579041-725345543-1003\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-1935655697-1972579041-725345543-1003\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor
MRU List Object Recognized!
Location: : S-1-5-21-1935655697-1972579041-725345543-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-1935655697-1972579041-725345543-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-1935655697-1972579041-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-1935655697-1972579041-725345543-1003\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 428
ThreadCreationTime : 04-05-2005 7:19:22
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 484
ThreadCreationTime : 04-05-2005 7:19:25
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 516
ThreadCreationTime : 04-05-2005 7:19:33
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 560
ThreadCreationTime : 04-05-2005 7:19:34
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Aplicación de servicios y controlador
InternalName : services.exe
LegalCopyright : Copyright (C) Microsoft Corporation. Reservados todos los derechos.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 572
ThreadCreationTime : 04-05-2005 7:19:34
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 724
ThreadCreationTime : 04-05-2005 7:19:36
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 768
ThreadCreationTime : 04-05-2005 7:19:37
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 836
ThreadCreationTime : 04-05-2005 7:19:37
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 904
ThreadCreationTime : 04-05-2005 7:19:37
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 992
ThreadCreationTime : 04-05-2005 7:19:38
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [ccsetmgr.exe]
FilePath : C:\Archivos de programa\Archivos comunes\Symantec Shared\
ProcessID : 1228
ThreadCreationTime : 04-05-2005 7:19:40
BasePriority : Normal
FileVersion : 2.1.6.3
ProductVersion : 2.1.6.3
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe
#:12 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1244
ThreadCreationTime : 04-05-2005 7:19:40
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Explorador de Windows
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Reservados todos los derechos.
OriginalFilename : EXPLORER.EXE
Warning! SahAgent Object found in memory(C:\WINDOWS\system32\qh4mkbv9.dll)
SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2
#:13 [ccevtmgr.exe]
FilePath : C:\Archivos de programa\Archivos comunes\Symantec Shared\
ProcessID : 1264
ThreadCreationTime : 04-05-2005 7:19:40
BasePriority : Normal
FileVersion : 2.1.6.3
ProductVersion : 2.1.6.3
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe
#:14 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1488
ThreadCreationTime : 04-05-2005 7:19:41
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:15 [ghosts~2.exe]
FilePath : C:\ARCHIV~1\NORTON~1\NORTON~4\
ProcessID : 1660
ThreadCreationTime : 04-05-2005 7:19:41
BasePriority : Normal
FileVersion : 2003.789
ProductVersion : 2003.789
ProductName : Norton Ghost Start Service
CompanyName : Symantec Corporation
FileDescription : Norton Ghost Start
InternalName : GhostStartService
LegalCopyright : Copyright (C) 1998-2003 Symantec Corp. All rights reserved.
OriginalFilename : GhostStartService.exe
#:16 [mdm.exe]
FilePath : C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\
ProcessID : 1696
ThreadCreationTime : 04-05-2005 7:19:42
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe
#:17 [navapsvc.exe]
FilePath : C:\Archivos de programa\Norton SystemWorks\Norton Antivirus\
ProcessID : 1744
ThreadCreationTime : 04-05-2005 7:19:42
BasePriority : Normal
FileVersion : 10.00.2
ProductVersion : 10.00.2
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright (c) 2003 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE
#:18 [nprotect.exe]
FilePath : C:\ARCHIV~1\NORTON~1\NORTON~2\
ProcessID : 1832
ThreadCreationTime : 04-05-2005 7:19:42
BasePriority : Normal
FileVersion : 17.0.0.82
ProductVersion : 17.0.0.82
ProductName : Norton Utilities
CompanyName : Symantec Corporation
FileDescription : Norton Protection Status
InternalName : NPROTECT
LegalCopyright : Copyright (c) 1997-2003 Symantec Corporation
LegalTrademarks : Norton Utilities® and UnErase® are registered trademarks of Symantec Corporation.
OriginalFilename : NPROTECT.EXE
#:19 [hpztsb09.exe]
FilePath : C:\WINDOWS\System32\spool\drivers\w32x86\3\
ProcessID : 1892
ThreadCreationTime : 04-05-2005 7:19:44
BasePriority : Normal
FileVersion : 2.236.4.0
ProductVersion : 2.236.4.0
ProductName : HP DeskJet
CompanyName : HP
LegalCopyright : Copyright (c) Hewlett-Packard Company 1999-2003
Warning! SahAgent Object found in memory(C:\WINDOWS\system32\qh4mkbv9.dll)
SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2
"C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe"Process terminated successfully
#:20 [hpwuschd.exe]
FilePath : C:\Archivos de programa\Hewlett-Packard\HP Software Update\
ProcessID : 1916
ThreadCreationTime : 04-05-2005 7:19:44
BasePriority : Normal
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : Hewlett-Packard hpwuSchd
CompanyName : Hewlett-Packard
FileDescription : hpwuSchd
InternalName : hpwuSchd
LegalCopyright : Copyright © 2003
OriginalFilename : hpwuSchd.exe
Warning! SahAgent Object found in memory(C:\WINDOWS\system32\qh4mkbv9.dll)
SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2
"C:\Archivos de programa\Hewlett-Packard\HP Software Update\HPWuSchd.exe"Process terminated successfully
#:21 [hpcmpmgr.exe]
FilePath : C:\Archivos de programa\HP\hpcoretech\
ProcessID : 1928
ThreadCreationTime : 04-05-2005 7:19:45
BasePriority : Normal
FileVersion : 2.1.1
ProductVersion : 2.1.1
ProductName : hp coretech (COmponent REuse TECHnology)
CompanyName : Hewlett-Packard Company
FileDescription : HP Framework Component Manager Service
InternalName : HPComponentManagerService module
LegalCopyright : Copyright (C) Hewlett-Packard. 2002-2003
OriginalFilename : HPCmpMgr.exe
Warning! SahAgent Object found in memory(C:\WINDOWS\system32\qh4mkbv9.dll)
SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2
"C:\Archivos de programa\HP\hpcoretech\hpcmpmgr.exe"Process terminated successfully
#:22 [hpotdd01.exe]
FilePath : C:\Archivos de programa\Hewlett-Packard\Digital Imaging\bin\
ProcessID : 1936
ThreadCreationTime : 04-05-2005 7:19:45
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Hewlett-Packard hpotdd01
CompanyName : Hewlett-Packard
FileDescription : hpotdd01
InternalName : hpotdd01
LegalCopyright : Copyright © 2002
OriginalFilename : hpotdd01.exe
Warning! SahAgent Object found in memory(C:\WINDOWS\system32\qh4mkbv9.dll)
SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2
"C:\Archivos de programa\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe"Process terminated successfully
#:23 [logitechs.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1948
ThreadCreationTime : 04-05-2005 7:19:45
BasePriority : Normal
#:24 [pdvdserv.exe]
FilePath : C:\Archivos de programa\CyberLink\PowerDVD\
ProcessID : 1964
ThreadCreationTime : 04-05-2005 7:19:45
BasePriority : Normal
FileVersion : 6.00.1027
ProductVersion : 6.00.1027
ProductName : PowerDVD
CompanyName : Cyberlink Corp.
FileDescription : PowerDVD RC Service
InternalName : PowerDVD RC Service
LegalCopyright : Copyright (c) CyberLink Corp. 1997-2004
OriginalFilename : PDVDSERV.EXE
Warning! SahAgent Object found in memory(C:\WINDOWS\system32\qh4mkbv9.dll)
SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2
"C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe"Process terminated successfully
#:25 [ccapp.exe]
FilePath : C:\Archivos de programa\Archivos comunes\Symantec Shared\
ProcessID : 1976
ThreadCreationTime : 04-05-2005 7:19:45
BasePriority : Normal
FileVersion : 2.1.6.3
ProductVersion : 2.1.6.3
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client User Session
InternalName : ccApp
LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe
Warning! SahAgent Object found in memory(C:\WINDOWS\system32\qh4mkbv9.dll)
SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2
"C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe"Process terminated successfully
#:26 [acctmgr.exe]
FilePath : C:\Archivos de programa\Norton SystemWorks\Password Manager\
ProcessID : 2000
ThreadCreationTime : 04-05-2005 7:19:46
BasePriority : Normal
FileVersion : 2004.1.406
ProductVersion : 2004.1.406
ProductName : Norton Password Manager
CompanyName : Symantec Corporation
FileDescription : Password Manager Controller
InternalName : AcctMgr
LegalCopyright : Copyright (c) 2003-2004 Symantec Corporation
OriginalFilename : AcctMgr.EXE
Warning! SahAgent Object found in memory(C:\WINDOWS\system32\qh4mkbv9.dll)
SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2
"C:\Archivos de programa\Norton SystemWorks\Password Manager\AcctMgr.exe"Process terminated successfully
#:27 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 132
ThreadCreationTime : 04-05-2005 7:19:46
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
Warning! SahAgent Object found in memory(C:\WINDOWS\system32\qh4mkbv9.dll)
SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2
"C:\WINDOWS\system32\ctfmon.exe"Process terminated successfully
#:28 [savscan.exe]
FilePath : C:\Archivos de programa\Norton SystemWorks\Norton Antivirus\
ProcessID : 248
ThreadCreationTime : 04-05-2005 7:19:48
BasePriority : Normal
ProductVersion : 9.2
ProductName : Symantec AntiVirus AutoProtect
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus Scanner
InternalName : SAVSCAN
LegalCopyright : Copyright (c) 2004 Symantec Corporation
OriginalFilename : SAVSCAN.EXE
#:29 [nopdb.exe]
FilePath : C:\ARCHIV~1\NORTON~1\NORTON~2\SPEEDD~1\
ProcessID : 472
ThreadCreationTime : 04-05-2005 7:19:52
BasePriority : Normal
FileVersion : 7.00.0.24
ProductVersion : 7.00.0.24
ProductName : Norton Speed Disk
CompanyName : Symantec Corporation
FileDescription : NOPDB
InternalName : NOPDB
LegalCopyright : Copyright (c) 1997-2003 Symantec Corporation
OriginalFilename : NOPDB.dll
#:30 [symlcsvc.exe]
FilePath : C:\Archivos de programa\Archivos comunes\Symantec Shared\CCPD-LC\
ProcessID : 1028
ThreadCreationTime : 04-05-2005 7:19:57
BasePriority : Normal
FileVersion : 1, 8, 48, 79
ProductVersion : 1, 8, 48, 79
ProductName : Symantec Core Component
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
LegalCopyright : Copyright (C) 2003
OriginalFilename : symlcsvc.exe
#:31 [symwsc.exe]
FilePath : C:\Archivos de programa\Archivos comunes\Symantec Shared\Security Center\
ProcessID : 944
ThreadCreationTime : 04-05-2005 7:20:07
BasePriority : Normal
FileVersion : 2005.1.2.20
ProductVersion : 2005.1
ProductName : Norton Security Center
CompanyName : Symantec Corporation
FileDescription : Norton Security Center Service
InternalName : SymWSC.exe
LegalCopyright : Copyright (c) 1997-2004 Symantec Corporation
OriginalFilename : SymWSC.exe
#:32 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2640
ThreadCreationTime : 04-05-2005 7:20:30
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:33 [mediaaccess.exe]
FilePath : C:\Program Files\Media Access\
ProcessID : 3644
ThreadCreationTime : 04-05-2005 7:27:30
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : LoaderX Module
FileDescription : LoaderX Module
InternalName : LoaderX
LegalCopyright : Copyright 2005
OriginalFilename : LoaderX.EXE
WindUpdates Object Recognized!
Type : Process
Data : MediaAccC.dll
Category : Malware
Comment : (CSI MATCH)
Object : C:\Program Files\Media Access\
Warning! WindUpdates Object found in memory(C:\Program Files\Media Access\MediaAccC.dll)
Warning! SahAgent Object found in memory(C:\WINDOWS\system32\qh4mkbv9.dll)
SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2
"C:\Program Files\Media Access\MediaAccess.exe"Process terminated successfully
#:34 [mediaacck.exe]
FilePath : C:\Program Files\Media Access\
ProcessID : 1156
ThreadCreationTime : 04-05-2005 7:27:44
BasePriority : Normal
Warning! WindUpdates Object found in memory(C:\Program Files\Media Access\MediaAccK.exe)
WindUpdates Object Recognized!
Type : Process
Data : MediaAccK.exe
Category : Malware
Comment :
Object : C:\Program Files\Media Access\
"C:\Program Files\Media Access\MediaAccK.exe"Process terminated successfully
"C:\Program Files\Media Access\MediaAccK.exe"Process terminated successfully
#:35 [istsvc.exe]
FilePath : C:\Archivos de programa\ISTsvc\
ProcessID : 3964
ThreadCreationTime : 04-05-2005 7:27:51
BasePriority : Normal
istbar Object Recognized!
Type : Process
Data : istsvc.exe
Category : Malware
Comment : (CSI MATCH)
Object : C:\Archivos de programa\ISTsvc\
Warning! istbar Object found in memory(C:\Archivos de programa\ISTsvc\istsvc.exe)
"C:\Archivos de programa\ISTsvc\istsvc.exe"Process terminated successfully
"C:\Archivos de programa\ISTsvc\istsvc.exe"Process terminated successfully
#:36 [optimize.exe]
FilePath : C:\Program Files\Internet Optimizer\
ProcessID : 3972
ThreadCreationTime : 04-05-2005 7:27:51
BasePriority : Normal
DyFuCA Object Recognized!
Type : Process
Data : optimize.exe
Category : Malware
Comment : (CSI MATCH)
Object : C:\Program Files\Internet Optimizer\
Warning! DyFuCA Object found in memory(C:\Program Files\Internet Optimizer\optimize.exe)
"C:\Program Files\Internet Optimizer\optimize.exe"Process terminated successfully
"C:\Program Files\Internet Optimizer\optimize.exe"Process terminated successfully
#:37 [oduxnfvx.exe]
FilePath : C:\WINDOWS\
ProcessID : 4060
ThreadCreationTime : 04-05-2005 7:27:57
BasePriority : Normal
Warning! SahAgent Object found in memory(C:\WINDOWS\system32\qh4mkbv9.dll)
SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2
"C:\WINDOWS\oduxnfvx.exe"Process terminated successfully
#:38 [notepad.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2588
ThreadCreationTime : 04-05-2005 7:28:39
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Bloc de notas
InternalName : Notepad
LegalCopyright : © Microsoft Corporation. Reservados todos los derechos.
OriginalFilename : NOTEPAD.EXE
Warning! SahAgent Object found in memory(C:\WINDOWS\system32\qh4mkbv9.dll)
SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2
"C:\WINDOWS\system32\notepad.exe"Process terminated successfully
#:39 [bargains.exe]
FilePath : C:\Archivos de programa\BullsEye Network\bin\
ProcessID : 3556
ThreadCreationTime : 04-05-2005 7:29:04
BasePriority : Normal
FileVersion : 8, 0, 3, 6
ProductVersion : 8, 0, 3, 6
ProductName : BargainsBuddy ADP Module
CompanyName : eXact Advertising
FileDescription : bargains
InternalName : ADP
LegalCopyright : Copyright © 2003-2005. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : bargains.exe
Warning! SahAgent Object found in memory(C:\WINDOWS\system32\qh4mkbv9.dll)
SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2
"C:\Archivos de programa\BullsEye Network\bin\bargains.exe"Process terminated successfully
#:40 [salm.exe]
FilePath : c:\temp\
ProcessID : 656
ThreadCreationTime : 04-05-2005 7:29:33
BasePriority : Normal
FileVersion : 5, 15, 0, 15
ProductVersion : 5, 15, 0, 15
ProductName : Search Assistant
CompanyName : 180solutions, Inc.
FileDescription : Search Assistant
LegalCopyright : Copyright © 2004, 180solutions Inc.
Warning! 180Solutions Object found in memory(c:\temp\salm.exe)
180Solutions Object Recognized!
Type : Process
Data : salm.exe
Category : Data Miner
Comment :
Object : c:\temp\
FileVersion : 5, 15, 0, 15
ProductVersion : 5, 15, 0, 15
ProductName : Search Assistant
CompanyName : 180solutions, Inc.
FileDescription : Search Assistant
LegalCopyright : Copyright © 2004, 180solutions Inc.
"c:\temp\salm.exe"Process terminated successfully
"c:\temp\salm.exe"Process terminated successfully
#:41 [ap9h4qmo.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3352
ThreadCreationTime : 04-05-2005 7:29:41
BasePriority : Idle
FileVersion : 4, 0, 0, 4
ProductVersion : 4, 0, 0, 4
Warning! SahAgent Object found in memory(C:\WINDOWS\system32\ap9h4qmo.exe)
SahAgent Object Recognized!
Type : Process
Data : ap9h4qmo.exe
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 4, 0, 0, 4
ProductVersion : 4, 0, 0, 4
"C:\WINDOWS\system32\ap9h4qmo.exe"Process terminated successfully
"C:\WINDOWS\system32\ap9h4qmo.exe"Process terminated successfully
#:42 [msmsgs.exe]
FilePath : C:\Archivos de programa\Messenger\
ProcessID : 668
ThreadCreationTime : 04-05-2005 8:51:18
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright (c) Microsoft Corporation 2004
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe
#:43 [ad-aware.exe]
FilePath : C:\Archivos de programa\Lavasoft\Ad-Aware SE Personal\
ProcessID : 4044
ThreadCreationTime : 04-05-2005 8:52:23
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 28
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adp.urlcatcher
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adp.urlcatcher
Value :
BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adp.urlcatcher.1
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adp.urlcatcher.1
Value :
SideFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : browserhelperobject.bahelper
SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : browserhelperobject.bahelper
Value :
SideFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : browserhelperobject.bahelper.1
SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : browserhelperobject.bahelper.1
Value :
DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{00000010-6f7d-442c-93e3-4a4827c2e4c8}
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{00000010-6f7d-442c-93e3-4a4827c2e4c8}
Value :
WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{1e5f0d38-214b-4085-ad2a-d2290e6a2d2c}
WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{1e5f0d38-214b-4085-ad2a-d2290e6a2d2c}
Value :
WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{1e5f0d38-214b-4085-ad2a-d2290e6a2d2c}
Value : AppID
SideFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{8cba1b49-8144-4721-a7b1-64c578c9eed7}
SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{8cba1b49-8144-4721-a7b1-64c578c9eed7}
Value :
SideFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{a3fdd654-a057-4971-9844-4ed8e67dbbb8}
SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{a3fdd654-a057-4971-9844-4ed8e67dbbb8}
Value :
BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{f4e04583-354e-4076-be7d-ed6a80fd66da}
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{f4e04583-354e-4076-be7d-ed6a80fd66da}
Value :
DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dyfuca_bh.bhobj