caito plz checa mi log

Bienvenido: ( Identificarse | Registrarse )

Foros de Trucos Windows

Indice Foros Descargas eLinks Analisis Procesos Buscar Nuevos Ayuda

√ Foros de Windows y Seguridad Informática > Área de Reciclaje > Temas antiguos > Seguridad informática

Closed Topic

Start new topic

Start Poll

Outline · [ Estándar ] · Lineal+

caito plz checa mi log

Suscribirse | Enviar por correo | Imprimir

Rich_Anderson	Nov 24 2005, 11:50 PM Publicado: #1
//\\//\\++*++//\\//\\ Grupo: Members Mensajes: 27 Registrado: 23-November 05 Desde: Cancun Mx Miembro nº: 153.514	Hola Caito aki te paso mi log para que lo cheques y me orientes, sale? Ahi me avisas cual es el sig. paso. muchas gracias Logfile of HijackThis v1.99.1 Scan saved at 04:43:30 p.m., on 24/11/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\Mixer.exe C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe C:\WINDOWS\system32\ctfmon.exe C:\Archivos de programa\Messenger\msmsgs.exe C:\WINDOWS\system32\RUNDLL32.exe C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\system32\RUNDLL32.exe C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Archivos de programa\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\svchost.exe C:\Archivos de programa\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Archivos de programa\MSN Messenger\msnmsgr.exe C:\Documents and Settings\usuario1\Escritorio\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 456456:456 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos O2 - BHO: HomepageBHO - {7caf96a2-c556-460a-988e-76fc7895d284} - C:\WINDOWS\system32\hp79EE.tmp O2 - BHO: C:\WINDOWS\adsldpbd.dll - {826B2228-BC09-49F2-B5F8-42CE26B1B712} - C:\WINDOWS\adsldpbd.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll (file missing) O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [avast!] C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [ccApp] C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [ccRegVfy] C:\Archivos de programa\Archivos comunes\Symantec Shared\ccRegVfy.exe O4 - HKLM\..\Run: [SpyAxe] C:\Archivos de programa\SpyAxe\spyaxe.exe /h O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ClearCookies] C:\WINDOWS\cc.exe O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Archivos de programa\Trend Micro\Tmas\Tmas.exe O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe O15 - Trusted Zone: .coolwebsearch.com O15 - Trusted Zone: .searchmeup.com O20 - Winlogon Notify: gs - C:\WINDOWS\adsldpbd.dll O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Unknown owner - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccPwdSvc.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Archivos de programa\Norton AntiVirus\navapsvc.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARCHIV~1\ARCHIV~1\SYMANT~1\SCRIPT~1\SBServ.exe

Caito	Nov 25 2005, 03:40 AM Publicado: #2
No Spiware Grupo: Supervisor Global Mensajes: 17.493 Registrado: 15-August 04 Desde: Argentina Miembro nº: 13.043	Baja la version trial del Spy Sweeper : http://www.webroot.com/consumer/products/spysweeper Instálalo usando “Standard Install “opción. Te pedirá una dirección de email . Se actualizará. Luego andá a “Options”>Sweep options” y marca “Sweep all folders on selected drives” Marca “Local disc C “ ( o pon el que quieres analizar ) Y en “What to Sweep “ selecciona todas las casillas Haz clic en “Sweep” y comenzará el scaneo Al finalizar haz clic en “Remove”, clic en “Selected All “ y luego pulsa “Next” En “Results” selecciona “Session Log “, marca “Save to File “ Guarda el reporte (Log) en un lugar conveniente. Copia y pega ese log en tu próximo pos junto a un nuevo reporte del Hijack. Salu2 Caito

Rich_Anderson	Nov 25 2005, 09:14 PM Publicado: #3
//\\//\\++*++//\\//\\ Grupo: Members Mensajes: 27 Registrado: 23-November 05 Desde: Cancun Mx Miembro nº: 153.514	Hola Caito, te estoy pasando el log del spy sweeper, hay 2 sesiones en el mismo log, el de arriba es el mas reciente y el de abajo es de otra sesion donde encontro mas traces anteriormente ok? tambien te paso el log del hijackthis, todavia no he podido resolver el problema del mensaje q sale en un globo amarillo cerca del reloj por lo del spy axe, ni estabilizar mi pagina de inicio, ojala pueda resolverlo pronto y de verdad aprecio tu ayuda y tu talento. GRACIAS ****** 01:15 p.m.: \| Start of Session, Viernes, 25 de Noviembre de 2005 \| 01:15 p.m.: Spy Sweeper started 01:15 p.m.: Sweep initiated using definitions version 574 01:15 p.m.: Starting Memory Sweep 01:21 p.m.: Memory Sweep Complete, Elapsed Time: 00:05:05 01:21 p.m.: Starting Registry Sweep 01:22 p.m.: Found Trojan Horse: trojan-downloader-2pursuit 01:22 p.m.: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{826b2228-bc09-49f2-b5f8-42ce26b1b712}\ (ID = 995023) 01:22 p.m.: Registry Sweep Complete, Elapsed Time:00:01:47 01:22 p.m.: Starting Cookie Sweep 01:22 p.m.: Cookie Sweep Complete, Elapsed Time: 00:00:00 01:22 p.m.: Starting File Sweep 01:29 p.m.: IE Tracking Cookies Shield: Removed atlas dmt cookie 01:37 p.m.: Found Trojan Horse: antivirus gold 01:37 p.m.: scannerconfig.xml (ID = 49967) 01:39 p.m.: IE Tracking Cookies Shield: Removed zedo cookie 01:41 p.m.: File Sweep Complete, Elapsed Time: 00:18:20 01:41 p.m.: Full Sweep has completed. Elapsed time 00:25:17 01:41 p.m.: Traces Found: 2 01:49 p.m.: Removal process initiated 01:49 p.m.: Quarantining All Traces: antivirus gold 01:49 p.m.: Quarantining All Traces: trojan-downloader-2pursuit 01:49 p.m.: Removal process completed. Elapsed time 00:00:06 **** 12:37 p.m.: \| Start of Session, Viernes, 25 de Noviembre de 2005 \| 12:37 p.m.: Spy Sweeper started 12:37 p.m.: Sweep initiated using definitions version 574 12:37 p.m.: Found Trojan Horse: trojan-downloader-2pursuit 12:37 p.m.: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\st3\ \|\| dllname (ID = 910576) 12:37 p.m.: st3.dll (ID = 910576) 12:37 p.m.: Starting Memory Sweep 12:37 p.m.: Detected running threat: C:\WINDOWS\adsldpbd.dll (ID = 194436) 12:37 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:37 p.m.: IE Security Shield: found: C:\ARCHIVOS DE PROGRAMA\INTERNET EXPLORER\IEXPLORE.EXE -- IE Security modification denied 12:37 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:38 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:38 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:38 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:38 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:38 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:38 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:38 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:38 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:38 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:38 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:38 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:39 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:39 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:39 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:39 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:39 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:39 p.m.: Detected running threat: C:\WINDOWS\system32\st3.dll (ID = 188587) 12:39 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:39 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:39 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:39 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:39 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:39 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:40 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:40 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:40 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:40 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:40 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:40 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:40 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:40 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:40 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:40 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:40 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:41 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:41 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:41 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:41 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:41 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:41 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:41 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:41 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:41 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:41 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:41 p.m.: Memory Sweep Complete, Elapsed Time: 00:04:04 12:41 p.m.: Starting Registry Sweep 12:41 p.m.: Found Trojan Horse: antivirus gold 12:41 p.m.: HKCR\appid\{70f17c8c-1744-41b6-9d07-575db448dcc5}\ (1 subtraces) (ID = 103594) 12:41 p.m.: HKCR\engine.ignorelist.1\ (3 subtraces) (ID = 103615) 12:41 p.m.: HKCR\engine.ignorelist\ (5 subtraces) (ID = 103616) 12:41 p.m.: HKCR\engine.threat.1\ (3 subtraces) (ID = 103629) 12:41 p.m.: HKCR\engine.threat\ (5 subtraces) (ID = 103630) 12:41 p.m.: HKLM\software\classes\appid\{70f17c8c-1744-41b6-9d07-575db448dcc5}\ (1 subtraces) (ID = 103633) 12:41 p.m.: HKLM\software\classes\engine.ignorelist.1\ (3 subtraces) (ID = 103655) 12:41 p.m.: HKLM\software\classes\engine.ignorelist\ (5 subtraces) (ID = 103656) 12:41 p.m.: HKLM\software\classes\engine.threat.1\ (3 subtraces) (ID = 103669) 12:41 p.m.: HKLM\software\classes\engine.threat\ (5 subtraces) (ID = 103670) 12:41 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:42 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:42 p.m.: Found Adware: security2k hijacker 12:42 p.m.: HKLM\software\microsoft\windows\currentversion\policies\explorer\run\ \|\| kernel32.dll (ID = 796421) 12:42 p.m.: Found Trojan Horse: trojan-downloader-zlob 12:42 p.m.: HKLM\software\microsoft\windows\currentversion\policies\explorer\run\ \|\| wininet.dll (ID = 797671) 12:42 p.m.: HKCR\clsid\{1b68470c-2def-493b-8a4a-8e2d81be4ea5}\ (5 subtraces) (ID = 910438) 12:42 p.m.: HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler\ \|\| {1b68470c-2def-493b-8a4a-8e2d81be4ea5} (ID = 910513) 12:42 p.m.: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\st3\ (10 subtraces) (ID = 910519) 12:42 p.m.: HKLM\software\classes\clsid\{1b68470c-2def-493b-8a4a-8e2d81be4ea5}\ (5 subtraces) (ID = 910556) 12:42 p.m.: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{826b2228-bc09-49f2-b5f8-42ce26b1b712}\ (ID = 995023) 12:42 p.m.: HKCR\clsid\{826b2228-bc09-49f2-b5f8-42ce26b1b712}\ (5 subtraces) (ID = 995025) 12:42 p.m.: HKLM\software\classes\clsid\{826b2228-bc09-49f2-b5f8-42ce26b1b712}\ (5 subtraces) (ID = 995043) 12:42 p.m.: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\gs\ (10 subtraces) (ID = 1007739) 12:42 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:42 p.m.: HKU\WRSS_Profile_S-1-5-21-73586283-1202660629-1343024091-500\software\microsoft\st3\ (5 subtraces) (ID = 910473) 12:42 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:42 p.m.: HKU\S-1-5-21-73586283-1202660629-1343024091-1003\software\microsoft\st3\ (11 subtraces) (ID = 910473) 12:42 p.m.: HKU\S-1-5-21-73586283-1202660629-1343024091-1003\software\microsoft\gs\ (302 subtraces) (ID = 1007590) 12:42 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:42 p.m.: Registry Sweep Complete, Elapsed Time:00:00:29 12:42 p.m.: Starting Cookie Sweep 12:42 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:42 p.m.: Cookie Sweep Complete, Elapsed Time: 00:00:00 12:42 p.m.: Starting File Sweep 12:42 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:42 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:42 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:42 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:42 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:42 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:42 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:43 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:43 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:43 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:43 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:43 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:43 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:43 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:43 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:43 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:43 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:43 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:44 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:44 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:44 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:44 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:44 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:44 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:44 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:44 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:44 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:44 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:45 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:45 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:45 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:45 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:45 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:45 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:45 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:45 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:45 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:45 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:45 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:46 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:46 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:46 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:46 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:46 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:46 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:46 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:46 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:46 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:46 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:46 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:47 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:47 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:47 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:47 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:47 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:47 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:47 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:47 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:47 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:47 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:47 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:48 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:48 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:48 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:48 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:48 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:48 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:48 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:48 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:48 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:48 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:48 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:49 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:49 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:49 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:49 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:49 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:49 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:49 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:49 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:49 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:49 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:49 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:50 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:50 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:50 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:50 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:50 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:50 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:50 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:50 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:50 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:50 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:51 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:51 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:51 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:51 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:51 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:51 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:51 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:51 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:51 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:51 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:51 p.m.: adsldpbd.dll (ID = 194436) 12:51 p.m.: st3.dll (ID = 188587) 12:51 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:52 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:52 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:52 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:52 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:52 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:52 p.m.: q1128412.dll (ID = 188588) 12:52 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:52 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:52 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:52 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:52 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:52 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:53 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:53 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:53 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:53 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:53 p.m.: scannerconfig.xml (ID = 49967) 12:53 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:53 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:53 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:53 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:53 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:53 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:54 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:54 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:54 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:54 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:54 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:54 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:54 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:54 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:54 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:54 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:54 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:55 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:55 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:55 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:55 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:55 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:55 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:55 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:55 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:55 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:55 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:56 p.m.: Warning: Unhandled Archive Type 12:56 p.m.: Warning: Unhandled Archive Type 12:56 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:56 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:56 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:56 p.m.: Warning: Unhandled Archive Type 12:56 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:56 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:56 p.m.: Warning: Unhandled Archive Type 12:56 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:56 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:56 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:56 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:56 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:57 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:57 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:57 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:57 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:57 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:57 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:57 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:57 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:57 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:58 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:58 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:58 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:58 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:58 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:58 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:58 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:58 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:58 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:58 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:59 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:59 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:59 p.m.: File Sweep Complete, Elapsed Time: 00:16:43 12:59 p.m.: Full Sweep has completed. Elapsed time 00:21:23 12:59 p.m.: Traces Found: 423 12:59 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:59 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:59 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:59 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:59 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:59 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:59 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:59 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:59 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:59 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:00 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:00 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:00 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:00 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:00 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:00 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:00 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:00 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:00 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:00 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:00 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:01 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:01 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:01 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:01 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:01 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:01 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:01 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:01 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:01 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:01 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:01 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:01 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:02 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:02 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:02 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:02 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:02 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:02 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:02 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:02 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:02 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:02 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:02 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:03 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:03 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:03 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:03 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:03 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:03 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:03 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:03 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:03 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:03 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:03 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:04 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:04 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:04 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:04 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:04 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:04 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:04 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:04 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:04 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:04 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:04 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:04 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:05 p.m.: Removal process initiated 01:05 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:05 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:05 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:05 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:05 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:05 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:05 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:05 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:05 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:05 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:05 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:06 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:06 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:06 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:06 p.m.: Quarantining All Traces: security2k hijacker 01:06 p.m.: Quarantining All Traces: trojan-downloader-zlob 01:06 p.m.: Quarantining All Traces: antivirus gold 01:06 p.m.: Quarantining All Traces: trojan-downloader-2pursuit 01:06 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:06 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 01:06 p.m.: trojan-downloader-2pursuit is in use. It will be removed on reboot. 01:06 p.m.: BHO Shield: found: -- BHO installation denied at user request 01:07 p.m.: Preparing to restart your computer. Please wait... 01:07 p.m.: Removal process completed. Elapsed time 00:02:07 01:10 p.m.: IE Tracking Cookies Shield is activated 01:11 p.m.: Common Ad Sites Shield is activated 01:15 p.m.: Updating spyware definitions 01:15 p.m.: Your definitions are up to date. 01:15 p.m.: Updating spyware definitions 01:15 p.m.: Your definitions are up to date. 01:15 p.m.: Updating spyware definitions 01:15 p.m.: Your definitions are up to date. 01:15 p.m.: \| End of Session, Viernes, 25 de Noviembre de 2005 \| **** 12:34 p.m.: \| Start of Session, Viernes, 25 de Noviembre de 2005 \| 12:34 p.m.: Spy Sweeper started 12:34 p.m.: Sweep initiated using definitions version 574 12:34 p.m.: Found Trojan Horse: trojan-downloader-2pursuit 12:34 p.m.: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\st3\ \|\| dllname (ID = 910576) 12:34 p.m.: st3.dll (ID = 910576) 12:34 p.m.: Starting Memory Sweep 12:34 p.m.: Detected running threat: C:\WINDOWS\adsldpbd.dll (ID = 194436) 12:34 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:35 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:35 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:35 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:35 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:35 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:35 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:35 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:35 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:35 p.m.: IE Security Shield: found: C:\ARCHIVOS DE PROGRAMA\INTERNET EXPLORER\IEXPLORE.EXE -- IE Security modification denied 12:35 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:35 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:35 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:35 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:36 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:36 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:36 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:36 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:36 p.m.: Sweep Canceled 12:36 p.m.: Memory Sweep Complete, Elapsed Time: 00:01:21 12:36 p.m.: Traces Found: 3 12:36 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:36 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:36 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:36 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:36 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:36 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:36 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:37 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:37 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:37 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:37 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:37 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:37 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:37 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:37 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:37 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:37 p.m.: \| End of Session, Viernes, 25 de Noviembre de 2005 \| ****** 08:49 a.m.: \| Start of Session, Viernes, 25 de Noviembre de 2005 \| 08:49 a.m.: Spy Sweeper started 12:28 p.m.: Your spyware definitions have been updated. 12:30 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:30 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:31 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:32 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:32 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:32 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:32 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:33 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:33 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:33 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:33 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:33 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:33 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:33 p.m.: Memory Shield: Found: Memory-resident threat trojan-downloader-2pursuit, version 1.0.0.0 12:33 p.m.: Detected running threat: trojan-downloader-2pursuit 12:33 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:34 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:34 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:34 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:34 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:34 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:34 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:34 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:34 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:34 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:34 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:34 p.m.: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied 12:34 p.m.: \| End of Session, Viernes, 25 de Noviembre de 2005 \| Logfile of HijackThis v1.99.1 Scan saved at 02:11:25 p.m., on 25/11/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\Mixer.exe C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe C:\Archivos de programa\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\system32\ctfmon.exe C:\Archivos de programa\Messenger\msmsgs.exe C:\Archivos de programa\Trend Micro\Tmas\Tmas.exe C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\system32\RUNDLL32.exe C:\WINDOWS\system32\RUNDLL32.exe C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Archivos de programa\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\svchost.exe C:\Archivos de programa\Webroot\Spy Sweeper\WRSSSDK.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Archivos de programa\MSN Messenger\msnmsgr.exe C:\Archivos de programa\Internet Explorer\iexplore.exe C:\Documents and Settings\usuario1\Escritorio\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 456456:456 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos O2 - BHO: HomepageBHO - {7caf96a2-c556-460a-988e-76fc7895d284} - C:\WINDOWS\system32\hp79EE.tmp O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll (file missing) O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [avast!] C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [ccApp] C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [ccRegVfy] C:\Archivos de programa\Archivos comunes\Symantec Shared\ccRegVfy.exe O4 - HKLM\..\Run: [SpyAxe] C:\Archivos de programa\SpyAxe\spyaxe.exe /h O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [SpySweeper] "C:\Archivos de programa\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ClearCookies] C:\WINDOWS\cc.exe O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Archivos de programa\Trend Micro\Tmas\Tmas.exe O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe O15 - Trusted Zone: .coolwebsearch.com O15 - Trusted Zone: .searchmeup.com O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Unknown owner - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccPwdSvc.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Archivos de programa\Norton AntiVirus\navapsvc.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARCHIV~1\ARCHIV~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Archivos de programa\Webroot\Spy Sweeper\WRSSSDK.exe

Caito	Nov 25 2005, 10:01 PM Publicado: #4
No Spiware Grupo: Supervisor Global Mensajes: 17.493 Registrado: 15-August 04 Desde: Argentina Miembro nº: 13.043	Imprime o copia estas indicaciones!!! Si no sabes cómo hacer algunos de los procedimientos mira esto: http://www.trucoswindows.net/foro/showtopic-25181.html Esto es muy importante : ( SI TE SALTEAS ESTE PASO TE RECOMIENDO QUE NO HAGAS NADA ) Antes que nada guarda el Hijack en su propia carpeta por ej: C>Limpiar>Hijack Luego : Baja este programa: disk cleaner http://www.trucoswindows.net/downloadview-details-110-Disk_Cleaner_1.5.5.html Y el AdAware Se 1.06 : http://www.trucoswindows.net/detalles-59-a...rsonal_106.html Actualízalo al 23/11/05 Desconéctate físicamente de Internet (cables,ADSL, o Dial Up modem a tu PC ) Desactiva Restaurar Sistema (si tienes ME o XP ) Reinicia en Modo seguro o A prueba de Fallos Haz que se vean todos los archivos. Cierra todas las aplicaciones Lanza el Hijack Busca “Open the Misc Tools Section" Selecciona "Open process manager" Busca los siguientes procesos: spyaxe.exe cc.exe Y uno a uno termina estos procesos clickeando "Kill process" y “Yes” Cuando terminas con todos clickea "Back" Scan y luego Fix a estas: O2 - BHO: HomepageBHO - {7caf96a2-c556-460a-988e-76fc7895d284} - C:\WINDOWS\system32\hp79EE.tmp O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll (file missing) O4 - HKLM\..\Run: [SpyAxe] C:\Archivos de programa\SpyAxe\spyaxe.exe /h O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k O4 - HKCU\..\Run: [ClearCookies] C:\WINDOWS\cc.exe O15 - Trusted Zone: .coolwebsearch.com O15 - Trusted Zone: .searchmeup.com Cierra el Hijack. Busca estos archivos y los eliminas: (pueden no estar ) C:\WINDOWS\system32\hp79EE.tmp C:\WINDOWS\cc.exe Busca estas carpetas y elimínalas: C:\Archivos de programa\SpyAxe Borra con el Disk Cleaner :Archivos Temp. de Internet,Temp. de Sistema,cookies,historial , etc. Vacía la Papelera Lanza el AdAware Se 1.06 actualizado al 23/11/05 Reinicia normal, conecta Internet, pon un nuevo log del hijack Salu2 Caito Pd: qué antivirus estás usando , Norton o Avast ?

Rich_Anderson	Nov 26 2005, 12:41 AM Publicado: #5
//\\//\\++*++//\\//\\ Grupo: Members Mensajes: 27 Registrado: 23-November 05 Desde: Cancun Mx Miembro nº: 153.514	Caito, imprimi tus indicaciones,ya desactive rest. sistema, desoculte todos los archivos, me desconecte de la red, reincie en modo a prueba de fallos, corri el hijack con las misc tools y abri el process manager donde no aparecian ni el spyaxe.exe ni el cc.exe por eso no le puse kill process. entonces segui con los demas pasos de scan pero en la lista de posibles problemas para arreglar estaban todos los que mencionaste menos: 015 - Trusted Zone: * coolwebsearch.com 015 - Trusted Zone: * searchmeup.com Entonces estos ultimos no los pude seleccionar y arreglar pero los otros si. cerre el hijack y elimine C:\WINDOWS\cc.exe y la carpeta de C:\archivos de programa\SpyAxe. pero C:\WINDOWS\system32\hp79EE.tmp no estaba. borre con el disk cleaner lo que me dijiste. vacie papelera corri el ad-aware actualizado hasta el dia 22 /11/05 por que no habia del 23/11/05 y le di scan, me encontro como 18 archivos malos y otros rastros, elimine las amenazas. (cabe mencionar que el icono y su globo de texto siguen apareciendo en este punto) reinicié y sigue apareciendo el mismo icono con su globo de texto. (ya no lo soporto) corri el hijack, que mas podria ser? que me hace falta amigo? gracias por tu ayuda. aki te pogo el log del ad-aware y luego el del hijack: Ad-Aware SE Build 1.06r1 Logfile Created on:Viernes, 25 de Noviembre de 2005 04:31:15 p.m. Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R76 22.11.2005 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» CoolWebSearch(TAC index:10):4 total references MRU List(TAC index:0):18 total references SearchV(TAC index:6):1 total references Tracking Cookie(TAC index:3):29 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 25-11-2005 04:31:15 p.m. - Scan started. (Full System Scan) MRU List Object Recognized! Location: : C:\Documents and Settings\usuario1\recent Description : list of recently opened documents MRU List Object Recognized! Location: : S-1-5-21-73586283-1202660629-1343024091-1003\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles Description : list of recently used files in adobe reader MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : S-1-5-21-73586283-1202660629-1343024091-1003\software\microsoft\internet explorer Description : last download directory used in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-73586283-1202660629-1343024091-1003\software\microsoft\mediaplayer\medialibraryui Description : last selected node in the microsoft windows media player media library MRU List Object Recognized! Location: : S-1-5-21-73586283-1202660629-1343024091-1003\software\microsoft\mediaplayer\preferences Description : last playlist index loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-73586283-1202660629-1343024091-1003\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-73586283-1202660629-1343024091-1003\software\microsoft\mediaplayer\preferences Description : last search path used in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-73586283-1202660629-1343024091-1003\software\microsoft\office\11.0\powerpoint\recent file list Description : list of recent files used by microsoft powerpoint MRU List Object Recognized! Location: : S-1-5-21-73586283-1202660629-1343024091-1003\software\microsoft\windows\currentversion\applets\regedit Description : last key accessed using the microsoft registry editor MRU List Object Recognized! Location: : S-1-5-21-73586283-1202660629-1343024091-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : list of recent programs opened MRU List Object Recognized! Location: : S-1-5-21-73586283-1202660629-1343024091-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru Description : list of recently saved files, stored according to file extension MRU List Object Recognized! Location: : S-1-5-21-73586283-1202660629-1343024091-1003\software\microsoft\windows\currentversion\explorer\runmru Description : mru list for items opened in start \| run MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-21-73586283-1202660629-1343024091-1003\software\microsoft\windows media\wmsdk\general Description : windows media sdk Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 148 ThreadCreationTime : 25-11-2005 09:56:43 p.m. BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 196 ThreadCreationTime : 25-11-2005 09:56:52 p.m. BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 220 ThreadCreationTime : 25-11-2005 09:56:54 p.m. BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 264 ThreadCreationTime : 25-11-2005 09:57:00 p.m. BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Sistema operativo Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Aplicación de servicios y controlador InternalName : services.exe LegalCopyright : Copyright © Microsoft Corporation. Reservados todos los derechos. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 276 ThreadCreationTime : 25-11-2005 09:57:00 p.m. BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 428 ThreadCreationTime : 25-11-2005 09:57:05 p.m. BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 480 ThreadCreationTime : 25-11-2005 09:57:06 p.m. BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 520 ThreadCreationTime : 25-11-2005 09:57:07 p.m. BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [wrsssdk.exe] FilePath : C:\Archivos de programa\Webroot\Spy Sweeper\ ProcessID : 560 ThreadCreationTime : 25-11-2005 09:57:07 p.m. BasePriority : Normal FileVersion : 2,0,7,456 ProductVersion : 2, 0 ProductName : Spy Sweeper SDK CompanyName : Webroot Software, Inc. FileDescription : Spy Sweeper SDK LegalCopyright : Copyright © 2002 - 2005, All Rights Reserved. LegalTrademarks : Spy Sweeper is a trademark of Webroot Software, Inc. OriginalFilename : SpySweeper.exe #:10 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 788 ThreadCreationTime : 25-11-2005 09:57:16 p.m. BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Sistema operativo Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Explorador de Windows InternalName : explorer LegalCopyright : © Microsoft Corporation. Reservados todos los derechos. OriginalFilename : EXPLORER.EXE #:11 [ntvdm.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1068 ThreadCreationTime : 25-11-2005 10:12:44 p.m. BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Sistema operativo Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : NTVDM.EXE InternalName : NTVDM.EXE LegalCopyright : Copyright © Microsoft Corporation. Reservados todos los derechos. OriginalFilename : NTVDM.EXE #:12 [ad-aware.exe] FilePath : C:\Archivos de programa\Lavasoft\Ad-Aware SE Personal\ ProcessID : 1212 ThreadCreationTime : 25-11-2005 10:30:20 p.m. BasePriority : Normal FileVersion : 6.2.0.236 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 18 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 18 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 18 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 18 Deep scanning and examining files (C:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 18 Deep scanning and examining files (D:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : fernando rodriguez@2o7[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : D:\datos\respaldo 2\FERNANDO RODRIGUEZ\Cookies\fernando rodriguez@2o7[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : fernando rodriguez@adserv.internetfuel[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : D:\datos\respaldo 2\FERNANDO RODRIGUEZ\Cookies\fernando rodriguez@adserv.internetfuel[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : fernando rodriguez@advertising[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : D:\datos\respaldo 2\FERNANDO RODRIGUEZ\Cookies\fernando rodriguez@advertising[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : fernando rodriguez@atdmt[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : D:\datos\respaldo 2\FERNANDO RODRIGUEZ\Cookies\fernando rodriguez@atdmt[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : fernando rodriguez@bfast[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : D:\datos\respaldo 2\FERNANDO RODRIGUEZ\Cookies\fernando rodriguez@bfast[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : fernando rodriguez@bravenet[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : D:\datos\respaldo 2\FERNANDO RODRIGUEZ\Cookies\fernando rodriguez@bravenet[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : fernando rodriguez@c.sexcounter[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : D:\datos\respaldo 2\FERNANDO RODRIGUEZ\Cookies\fernando rodriguez@c.sexcounter[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : fernando rodriguez@clickagents[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : D:\datos\respaldo 2\FERNANDO RODRIGUEZ\Cookies\fernando rodriguez@clickagents[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : fernando rodriguez@counter.hitslink[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : D:\datos\respaldo 2\FERNANDO RODRIGUEZ\Cookies\fernando rodriguez@counter.hitslink[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : fernando rodriguez@counter1.sextracker[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : D:\datos\respaldo 2\FERNANDO RODRIGUEZ\Cookies\fernando rodriguez@counter1.sextracker[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : fernando rodriguez@counter12.sextracker[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : D:\datos\respaldo 2\FERNANDO RODRIGUEZ\Cookies\fernando rodriguez@counter12.sextracker[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : fernando rodriguez@counter14.sextracker[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : D:\datos\respaldo 2\FERNANDO RODRIGUEZ\Cookies\fernando rodriguez@counter14.sextracker[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : fernando rodriguez@data.coremetrics[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : D:\datos\respaldo 2\FERNANDO RODRIGUEZ\Cookies\fernando rodriguez@data.coremetrics[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : fernando rodriguez@doubleclick[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : D:\datos\respaldo 2\FERNANDO RODRIGUEZ\Cookies\fernando rodriguez@doubleclick[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : fernando rodriguez@ehg-dig.hitbox[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : D:\datos\respaldo 2\FERNANDO RODRIGUEZ\Cookies\fernando rodriguez@ehg-dig.hitbox[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : fernando rodriguez@ehg.hitbox[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : D:\datos\respaldo 2\FERNANDO RODRIGUEZ\Cookies\fernando rodriguez@ehg.hitbox[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : fernando rodriguez@fastclick[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : D:\datos\respaldo 2\FERNANDO RODRIGUEZ\Cookies\fernando rodriguez@fastclick[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : fernando rodriguez@gator[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : D:\datos\respaldo 2\FERNANDO RODRIGUEZ\Cookies\fernando rodriguez@gator[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : fernando rodriguez@hg1.hitbox[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : D:\datos\respaldo 2\FERNANDO RODRIGUEZ\Cookies\fernando rodriguez@hg1.hitbox[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : fernando rodriguez@hitbox[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : D:\datos\respaldo 2\FERNANDO RODRIGUEZ\Cookies\fernando rodriguez@hitbox[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : fernando rodriguez@mediaplex[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : D:\datos\respaldo 2\FERNANDO RODRIGUEZ\Cookies\fernando rodriguez@mediaplex[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : fernando rodriguez@overture[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : D:\datos\respaldo 2\FERNANDO RODRIGUEZ\Cookies\fernando rodriguez@overture[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : fernando rodriguez@pointroll[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : D:\datos\respaldo 2\FERNANDO RODRIGUEZ\Cookies\fernando rodriguez@pointroll[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : fernando rodriguez@servedby.advertising[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : D:\datos\respaldo 2\FERNANDO RODRIGUEZ\Cookies\fernando rodriguez@servedby.advertising[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : fernando rodriguez@sextracker[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : D:\datos\respaldo 2\FERNANDO RODRIGUEZ\Cookies\fernando rodriguez@sextracker[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : fernando rodriguez@stat.onestat[1].txt TAC Rating : 3 Category : Data Miner Comment : www.searchtraffic.com Value : D:\datos\respaldo 2\FERNANDO RODRIGUEZ\Cookies\fernando rodriguez@stat.onestat[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : fernando rodriguez@trafficmp[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : D:\datos\respaldo 2\FERNANDO RODRIGUEZ\Cookies\fernando rodriguez@trafficmp[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : fernando rodriguez@www.qksrv[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : D:\datos\respaldo 2\FERNANDO RODRIGUEZ\Cookies\fernando rodriguez@www.qksrv[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : fernando rodriguez@z1.adserver[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : D:\datos\respaldo 2\FERNANDO RODRIGUEZ\Cookies\fernando rodriguez@z1.adserver[1].txt SearchV Object Recognized! Type : File Data : A0022854.exe TAC Rating : 6 Category : Malware Comment : Object : D:\System Volume Information\_restore{677C8D5D-4988-40AE-A64A-AF579A580CBF}\RP124\ CoolWebSearch Object Recognized! Type : File Data : A0022860.exe TAC Rating : 10 Category : Malware Comment : Object : D:\System Volume Information\_restore{677C8D5D-4988-40AE-A64A-AF579A580CBF}\RP124\ FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : Install Application FileDescription : Install MFC Application InternalName : Install LegalCopyright : Copyright © 2003 OriginalFilename : Install.EXE Disk Scan Result for D:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 49 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 685 entries scanned. New critical objects:0 Objects found so far: 49 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» CoolWebSearch Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\downloadmanager CoolWebSearch Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\new windows Value : PopupMgr CoolWebSearch Object Recognized! Type : File Data : wbemess.log TAC Rating : 10 Category : Malware Comment : Object : C:\WINDOWS\system32\wbem\logs\ Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 3 Objects found so far: 52 04:38:36 p.m. Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:07:21.225 Objects scanned:93172 Objects identified:34 Objects ignored:0 New critical objects:34 //////////////////////////////////////////////////////////////////// Logfile of HijackThis v1.99.1 Scan saved at 05:06:05 p.m., on 25/11/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\Mixer.exe C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe C:\Archivos de programa\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\system32\ctfmon.exe C:\Archivos de programa\Messenger\msmsgs.exe C:\WINDOWS\system32\RUNDLL32.exe C:\WINDOWS\system32\RUNDLL32.exe C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Archivos de programa\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\svchost.exe C:\Archivos de programa\Webroot\Spy Sweeper\WRSSSDK.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\usuario1\Escritorio\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 456456:456 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [avast!] C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [ccApp] C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [ccRegVfy] C:\Archivos de programa\Archivos comunes\Symantec Shared\ccRegVfy.exe O4 - HKLM\..\Run: [SpySweeper] "C:\Archivos de programa\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Archivos de programa\Trend Micro\Tmas\Tmas.exe O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Unknown owner - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccPwdSvc.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Archivos de programa\Norton AntiVirus\navapsvc.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARCHIV~1\ARCHIV~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Archivos de programa\Webroot\Spy Sweeper\WRSSSDK.exe