infeccion en system32\crypts.dll. (troyano) HELPPPP

Estado
Cerrado para nuevas respuestas.

patapum

Nuevo Miembro
Miembro
hola a todos!

tengo en el nod32 como antivirus, y desde hace unos días no paran de aparecer ventanitas con infecciones y codigos maliciosos, prob´´e eliminarlos y desinfectar pero nada!. también me di cuanta, leyendo en distintos foros que tengo el virus del acento, miren: as´´iiiiiii!

espero que me puedan ayudar a sacar estos bichos :eek:

les dejo el ultimo log que me dio el Ad-Aware

Muchisimas gracias por su ayuda

Ad-Aware SE Build 1.06r1

Logfile Created on:martes, 29 de julio de 2008 2:23:32

Using definitions file:SE1R273 24.07.2008

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Adware.MeMedia(TAC index:3):67 total references

MRU List(TAC index:0):8 total references

WhenU(TAC index:3):1 total references

Windows(TAC index:3):1 total references

XPSecurityCenter(TAC index:10):1 total references

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings

===========================

Set : Search for negligible risk entries

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep-scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan my Hosts file

Extended Ad-Aware SE Settings

===========================

Set : Unload recognized processes & modules during scan

Set : Ignore spanned files when scanning cab archives

Set : Scan registry for all users instead of current user only

Set : Always try to unload modules before deletion

Set : During removal, unload Explorer and IE if necessary

Set : Let Windows remove files in use at next reboot

Set : Delete quarantined objects after restoring

Set : Block pop-ups aggressively

Set : Automatically select problematic objects in results lists

Set : Include basic Ad-Aware settings in log file

Set : Include additional Ad-Aware settings in log file

Set : Include reference summary in log file

Set : Include alternate data stream details in log file

Set : Show splash screen

Set : Backup current definitions file before updating

Set : Play sound at scan completion if scan locates critical objects

29-07-2008 2:23:32 - Scan started. (Custom mode)

Listing running processes

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]

FilePath : \SystemRoot\System32\

ProcessID : 684

ThreadCreationTime : 28-07-2008 23:53:43

BasePriority : Normal

#:2 [csrss.exe]

FilePath : \?\C:\WINDOWS\system32\

ProcessID : 924

ThreadCreationTime : 28-07-2008 23:53:46

BasePriority : Normal

#:3 [winlogon.exe]

FilePath : \?\C:\WINDOWS\system32\

ProcessID : 948

ThreadCreationTime : 28-07-2008 23:53:47

BasePriority : High

#:4 [services.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 992

ThreadCreationTime : 28-07-2008 23:53:47

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Sistema operativo Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Aplicación de servicios y controlador

InternalName : services.exe

LegalCopyright : Copyright © Microsoft Corporation. Reservados todos los derechos.

OriginalFilename : services.exe

#:5 [lsass.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1004

ThreadCreationTime : 28-07-2008 23:53:47

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : LSA Shell (Export Version)

InternalName : lsass.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : lsass.exe

#:6 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1156

ThreadCreationTime : 28-07-2008 23:53:47

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

#:7 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1204

ThreadCreationTime : 28-07-2008 23:53:47

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

#:8 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1308

ThreadCreationTime : 28-07-2008 23:53:47

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

#:9 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1412

ThreadCreationTime : 28-07-2008 23:53:47

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

#:10 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1460

ThreadCreationTime : 28-07-2008 23:53:47

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

#:11 [spoolsv.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1672

ThreadCreationTime : 28-07-2008 23:53:48

BasePriority : Normal

FileVersion : 5.1.2600.2696 (xpsp.050610-1527)

ProductVersion : 5.1.2600.2696

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Spooler SubSystem App

InternalName : spoolsv.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : spoolsv.exe

#:12 [applemobiledeviceservice.exe]

FilePath : C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\

ProcessID : 2008

ThreadCreationTime : 28-07-2008 23:53:49

BasePriority : Normal

FileVersion : 2.0.28.0

ProductVersion : 2.0.28.0

ProductName : Apple Mobile Device Service

CompanyName : Apple Inc.

FileDescription : Apple Mobile Device Service

InternalName : AppleMobileDeviceService

LegalCopyright : © 2007-2008 Apple Inc. All Rights Reserved.

OriginalFilename : AppleMobileDeviceService.exe

#:13 [mdnsresponder.exe]

FilePath : C:\Archivos de programa\Bonjour\

ProcessID : 2028

ThreadCreationTime : 28-07-2008 23:53:49

BasePriority : Normal

FileVersion : 1,0,4,12

ProductVersion : 1,0,4,12

ProductName : Bonjour

CompanyName : Apple Inc.

FileDescription : Bonjour Service

InternalName : mDNSResponder.exe

LegalCopyright : Copyright © 2003-2007 Apple Inc.

OriginalFilename : mDNSResponder.exe

#:14 [gearsec.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 268

ThreadCreationTime : 28-07-2008 23:53:49

BasePriority : Normal

FileVersion : 1, 0, 0, 6

ProductVersion : 1, 0, 0, 6

ProductName : gearsec

CompanyName : GEAR Software

FileDescription : gearsec

InternalName : gearsec

LegalCopyright : Copyright © 2001-2003 GEAR Software

OriginalFilename : gearsec.exe

#:15 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 472

ThreadCreationTime : 28-07-2008 23:53:49

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

#:16 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 640

ThreadCreationTime : 28-07-2008 23:53:49

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

#:17 [nod32krn.exe]

FilePath : C:\Archivos de programa\Eset\

ProcessID : 1068

ThreadCreationTime : 28-07-2008 23:53:49

BasePriority : Normal

FileVersion : 2, 51, 20

ProductVersion : 2, 51, 20

ProductName : NOD32 Antivirus System

CompanyName : Eset

FileDescription : NOD32 Kernel Service

InternalName : NOD32 Kernel

LegalCopyright : Copyright © 1992-2005 Eset

LegalTrademarks : NOD, NOD32, AMON, ESET are registered trademarks of Eset

OriginalFilename : nod32krn.exe

#:18 [pqv2isvc.exe]

FilePath : C:\Archivos de programa\Symantec\Norton Ghost\Agent\

ProcessID : 1336

ThreadCreationTime : 28-07-2008 23:53:49

BasePriority : Normal

FileVersion : 9.0.0.2583

ProductVersion : 9.0.0.2583

ProductName : Norton Ghost

CompanyName : Symantec Corporation

FileDescription : Service Module

InternalName : PQV2iSvc

LegalCopyright : Copyright © 1994-2004 Symantec Corporation. All rights reserved.

OriginalFilename : PQV2iSvc.exe

#:19 [nvsvc32.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1612

ThreadCreationTime : 28-07-2008 23:53:50

BasePriority : Normal

FileVersion : 6.14.11.5819

ProductVersion : 6.14.11.5819

ProductName : NVIDIA Driver Helper Service, Version 158.19

CompanyName : NVIDIA Corporation

FileDescription : NVIDIA Driver Helper Service, Version 158.19

InternalName : NVSVC

LegalCopyright : © NVIDIA Corporation. All rights reserved.

OriginalFilename : nvsvc32.exe

#:20 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1048

ThreadCreationTime : 28-07-2008 23:53:50

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

#:21 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 2208

ThreadCreationTime : 28-07-2008 23:53:51

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

#:22 [viewpointservice.exe]

FilePath : C:\Archivos de programa\Viewpoint\Common\

ProcessID : 2316

ThreadCreationTime : 28-07-2008 23:53:51

BasePriority : Normal

FileVersion : 2, 0, 0, 54

ProductVersion : 2, 0, 0, 54

ProductName : Viewpoint Manager

CompanyName : Viewpoint Corporation

FileDescription : ViewMgr

InternalName : Viewpoint Manager

LegalCopyright : Copyright © 2004

OriginalFilename : ViewMgr.exe

Comments : Viewpoint Manager

#:23 [nod32kui.exe]

FilePath : C:\Archivos de programa\Eset\

ProcessID : 2372

ThreadCreationTime : 28-07-2008 23:53:51

BasePriority : Normal

FileVersion : 2, 51, 20

ProductVersion : 2, 51, 20

ProductName : NOD32 Antivirus System

CompanyName : Eset

FileDescription : NOD32 Control Center GUI

InternalName : NOD32 Control Center GUI

LegalCopyright : Copyright © 1992-2005 Eset

LegalTrademarks : NOD, NOD32, AMON, ESET are registered trademarks of Eset

OriginalFilename : nod32kui.exe

#:24 [rundll32.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 2444

ThreadCreationTime : 28-07-2008 23:53:51

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Sistema operativo Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Ejecutar un archivo DLL como una aplicación

InternalName : rundll

LegalCopyright : © Microsoft Corporation. Reservados todos los derechos.

OriginalFilename : RUNDLL.EXE

#:25 [rthdcpl.exe]

FilePath : C:\WINDOWS\

ProcessID : 2492

ThreadCreationTime : 28-07-2008 23:53:51

BasePriority : Normal

FileVersion : 2.0.8.7

ProductVersion : 2.0.8.7

ProductName : Realtek HD Audio Sound Effect Manager

CompanyName : Realtek Semiconductor Corp.

FileDescription : Realtek HD Audio Control Panel

LegalCopyright : Copyright © 2004 Realtek Semiconductor Corp.

OriginalFilename : RTHDCPL.EXE

#:26 [ghosttray.exe]

FilePath : C:\Archivos de programa\Symantec\Norton Ghost\Agent\

ProcessID : 2556

ThreadCreationTime : 28-07-2008 23:53:52

BasePriority : Normal

FileVersion : 9.0.0.2583

ProductVersion : 9.0.0.2583

ProductName : Norton Ghost

CompanyName : Symantec Corporation

FileDescription : Tray Application

InternalName : V2iTray

LegalCopyright : Copyright © 1994-2004 Symantec Corporation. All rights reserved.

OriginalFilename : V2iTray.exe

#:27 [issch.exe]

FilePath : C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\

ProcessID : 2612

ThreadCreationTime : 28-07-2008 23:53:52

BasePriority : Normal

FileVersion : 4, 60, 100, 37068

ProductVersion : 4, 60

ProductName : InstallShield Update Service

CompanyName : Macrovision Corporation

FileDescription : InstallShield Update Service Scheduler

InternalName : Scheduler

LegalCopyright : Copyright © 2005 Macrovision Corporation

OriginalFilename : issch.exe

#:28 [cledx.exe]

FilePath : C:\Archivos de programa\SyncroSoft\Pos\H2O\

ProcessID : 2624

ThreadCreationTime : 28-07-2008 23:53:52

BasePriority : Normal

FileVersion : v0.3.1412

ProductVersion : v0.3.1412

ProductName : CLEDX

CompanyName : Team H2O

FileDescription : Team H2O CLEDX

InternalName : cledx.exe

LegalCopyright : xDD

OriginalFilename : cledx.exe

#:29 [smvss.exe]

FilePath : C:\WINDOWS\system\

ProcessID : 2656

ThreadCreationTime : 28-07-2008 23:53:52

BasePriority : Normal

#:30 [ituneshelper.exe]

FilePath : C:\Archivos de programa\iTunes\

ProcessID : 2828

ThreadCreationTime : 28-07-2008 23:53:53

BasePriority : Normal

FileVersion : 7.7.0.43

ProductVersion : 7.7.0.43

ProductName : iTunes

CompanyName : Apple Inc.

FileDescription : iTunesHelper Module

InternalName : iTunesHelper

LegalCopyright : © 2003-2008 Apple Inc. All Rights Reserved.

OriginalFilename : iTunesHelper.exe

#:31 [jusched.exe]

FilePath : C:\Archivos de programa\Java\jre1.5.0_09\bin\

ProcessID : 2852

ThreadCreationTime : 28-07-2008 23:53:53

BasePriority : Normal

#:32 [monitor.exe]

FilePath : C:\WINDOWS\PixArt\PAC7302\

ProcessID : 2872

ThreadCreationTime : 28-07-2008 23:53:53

BasePriority : Normal

FileVersion : 0001.0004.2006.1103

ProductVersion : 0000.0000.0000.0000

ProductName : Registry Monitor

CompanyName : PixArt Imaging Incorporation

FileDescription : Registry Monitor

InternalName : Registry Monitor

LegalCopyright : Copyright © 1998-2006 PixArt Imaging Incorporation. All rights reserved.

OriginalFilename : Registry Monitor.exe

#:33 [taskswitchxp.exe]

FilePath : C:\Archivos de programa\TaskSwitchXP\

ProcessID : 2888

ThreadCreationTime : 28-07-2008 23:53:53

BasePriority : High

FileVersion : 2.0.11.0

ProductVersion : 2.0.11.0

ProductName : TaskSwitchXP

CompanyName : Alexander Avdonin

FileDescription : TaskSwitchXP Pro 2.0

InternalName : TaskSwitchXP.exe

LegalCopyright : © 2004-2006 by Alexander Avdonin

OriginalFilename : TaskSwitchXP.exe

#:34 [ctfmon.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 2936

ThreadCreationTime : 28-07-2008 23:53:54

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : CTF Loader

InternalName : CTFMON

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : CTFMON.EXE

#:35 [ipodservice.exe]

FilePath : C:\Archivos de programa\iPod\bin\

ProcessID : 3468

ThreadCreationTime : 28-07-2008 23:53:56

BasePriority : Normal

FileVersion : 7.7.0.43

ProductVersion : 7.7.0.43

ProductName : iTunes

CompanyName : Apple Inc.

FileDescription : iPodService Module

InternalName : iPodService

LegalCopyright : © 2003-2008 Apple Inc. All Rights Reserved.

OriginalFilename : iPodService.exe

#:36 [alg.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 3500

ThreadCreationTime : 28-07-2008 23:53:56

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Application Layer Gateway Service

InternalName : ALG.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : ALG.exe

#:37 [wuauclt.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 2196

ThreadCreationTime : 28-07-2008 23:55:01

BasePriority : Normal

#:38 [memoptimizer.exe]

FilePath : C:\Archivos de programa\TuneUp Utilities 2008\

ProcessID : 444

ThreadCreationTime : 29-07-2008 3:40:31

BasePriority : Normal

FileVersion : 7.0.8007.322

ProductVersion : 7.0.0.0

ProductName : TuneUp Utilities

CompanyName : TuneUp Software GmbH

FileDescription : TuneUp MemOptimizer

LegalCopyright : Copyright © 2003-2008 TuneUp Software GmbH

LegalTrademarks : TuneUp Utilities

#:39 [firefox.exe]

FilePath : C:\ARCHIV~1\Mozilla Firefox\

ProcessID : 1976

ThreadCreationTime : 29-07-2008 3:53:45

BasePriority : Normal

Adware.MeMedia Object Recognized!

Type : Process

Data : MeMedia_FF.dll

TAC Rating : 3

Category : Adware

Comment :

Object : C:\Archivos de programa\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\

#:40 [explorer.exe]

FilePath : C:\WINDOWS\

ProcessID : 3184

ThreadCreationTime : 29-07-2008 5:17:46

BasePriority : Normal

FileVersion : 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)

ProductVersion : 6.00.2900.3156

ProductName : Sistema operativo Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Explorador de Windows

InternalName : explorer

LegalCopyright : © Microsoft Corporation. Reservados todos los derechos.

OriginalFilename : EXPLORER.EXE

#:41 [ad-aware.exe]

FilePath : C:\Archivos de programa\Lavasoft\Ad-Aware SE Professional\

ProcessID : 3856

ThreadCreationTime : 29-07-2008 5:22:59

BasePriority : Normal

FileVersion : 6.2.0.238

ProductVersion : SE 106

ProductName : Lavasoft Ad-Aware SE

CompanyName : Lavasoft Sweden

FileDescription : Ad-Aware SE Core application

InternalName : Ad-Aware.exe

LegalCopyright : Copyright © Lavasoft AB Sweden

OriginalFilename : Ad-Aware.exe

Comments : All Rights Reserved

Memory scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 1

Started registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Adware.MeMedia Object Recognized!

Type : Regkey

Data :

TAC Rating : 3

Category : Adware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : appid\{69e0089f-28bc-4bb5-862b-e2b07c3b83c6}

Adware.MeMedia Object Recognized!

Type : Regkey

Data :

TAC Rating : 3

Category : Adware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{602d9049-b4ac-4a25-bf75-a9b54d747cba}

Adware.MeMedia Object Recognized!

Type : RegValue

Data :

TAC Rating : 3

Category : Adware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{602d9049-b4ac-4a25-bf75-a9b54d747cba}

Value : AppID

Adware.MeMedia Object Recognized!

Type : Regkey

Data :

TAC Rating : 3

Category : Adware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : interface\{5ac3a9ef-c0f8-41d4-b4e2-b7cebb794151}

Adware.MeMedia Object Recognized!

Type : Regkey

Data :

TAC Rating : 3

Category : Adware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : interface\{862def42-89aa-49fa-ae1f-8a84b1b08a17}

Adware.MeMedia Object Recognized!

Type : Regkey

Data :

TAC Rating : 3

Category : Adware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : interface\{f6e4845d-1d13-4bc0-942d-b9191524cc48}

Adware.MeMedia Object Recognized!

Type : Regkey

Data :

TAC Rating : 3

Category : Adware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : typelib\{dabf362d-d442-4402-9208-ca9ed70dd01e}

Windows Object Recognized!

Type : RegData

Data : "regedit.exe" "%1"

TAC Rating : 3

Category : Vulnerability

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : regfile\shell\open\command

Value :

Data : "regedit.exe" "%1"

Registry Scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 8

Objects found so far: 9

Started deep registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 9

MRU List Object Recognized!

Location: : C:\Documents and Settings\Administrador\recent

Description : list of recently opened documents

MRU List Object Recognized!

Location: : software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct3d

MRU List Object Recognized!

Location: : software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct X

MRU List Object Recognized!

Location: : software\microsoft\directdraw\mostrecentapplication

Description : most recent application to use microsoft directdraw

MRU List Object Recognized!

Location: : S-1-5-21-1177238915-220523388-725345543-500\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru

Description : list of recent programs opened

MRU List Object Recognized!

Location: : S-1-5-21-1177238915-220523388-725345543-500\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru

Description : list of recently saved files, stored according to file extension

MRU List Object Recognized!

Location: : S-1-5-21-1177238915-220523388-725345543-500\software\microsoft\windows\currentversion\explorer\recentdocs

Description : list of recent documents opened

MRU List Object Recognized!

Location: : S-1-5-21-1177238915-220523388-725345543-500\software\microsoft\windows media\wmsdk\general

Description : Windows media sdk

Started Tracking Cookie scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking cookie scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 17

Deep scanning and examining files (C:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

WhenU Object Recognized!

Type : File

Data : AdVantage.exe

TAC Rating : 3

Category : Misc

Comment :

Object : C:\Archivos de programa\AdVantage\

FileVersion : 1, 0, 1, 13170

ProductVersion : 1, 0, 1, 13170

ProductName : AdVantage

CompanyName : AdVantage

FileDescription : AdVantage

LegalCopyright : © 2007 AdVantage. All rights reserved.

OriginalFilename : AdVantage.exe

Adware.MeMedia Object Recognized!

Type : File

Data : MeMedia_FF.dll

TAC Rating : 3

Category : Adware

Comment :

Object : C:\Archivos de programa\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\

XPSecurityCenter Object Recognized!

Type : File

Data : winivstr.exe

TAC Rating : 10

Category : Misc

Comment :

Object : C:\WINDOWS\system32\

Disk Scan Result for C:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 20

Scanning Hosts file......

Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

1 entries scanned.

New critical objects:0

Objects found so far: 20

Performing conditional scans...

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Adware.MeMedia Object Recognized!

Type : Regkey

Data :

TAC Rating : 3

Category : Adware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : appid\tr.dll

Adware.MeMedia Object Recognized!

Type : Regkey

Data :

TAC Rating : 3

Category : Adware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : tr.trfactory

Adware.MeMedia Object Recognized!

Type : Regkey

Data :

TAC Rating : 3

Category : Adware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : tr.trfactory.1

Adware.MeMedia Object Recognized!

Type : Regkey

Data :

TAC Rating : 3

Category : Adware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : mead.1

Adware.MeMedia Object Recognized!

Type : Regkey

Data :

TAC Rating : 3

Category : Adware

Comment :

Rootkey : HKEY_CURRENT_USER

Object : software\advantage

Adware.MeMedia Object Recognized!

Type : RegValue

Data :

TAC Rating : 3

Category : Adware

Comment :

Rootkey : HKEY_CURRENT_USER

Object : software\advantage

Value : InstallDir

Adware.MeMedia Object Recognized!

Type : RegValue

Data :

TAC Rating : 3

Category : Adware

Comment :

Rootkey : HKEY_CURRENT_USER

Object : software\advantage

Value : pats_url

Adware.MeMedia Object Recognized!

Type : RegValue

Data :

TAC Rating : 3

Category : Adware

Comment :

Rootkey : HKEY_CURRENT_USER

Object : software\advantage

Value : pat_chunks_url

Adware.MeMedia Object Recognized!

Type : RegValue

Data :

TAC Rating : 3

Category : Adware

Comment :

Rootkey : HKEY_CURRENT_USER

Object : software\advantage

Value : script_url

Adware.MeMedia Object Recognized!

Type : RegValue

Data :

TAC Rating : 3

Category : Adware

Comment :

Rootkey : HKEY_CURRENT_USER

Object : software\advantage

Value : update_url

Adware.MeMedia Object Recognized!

Type : RegValue

Data :

TAC Rating : 3

Category : Adware

Comment :

Rootkey : HKEY_CURRENT_USER

Object : software\advantage

Value : ver_url

Adware.MeMedia Object Recognized!

Type : RegValue

Data :

TAC Rating : 3

Category : Adware

Comment :

Rootkey : HKEY_CURRENT_USER

Object : software\advantage

Value : Version

Adware.MeMedia Object Recognized!

Type : RegValue

Data :

TAC Rating : 3

Category : Adware

Comment :

Rootkey : HKEY_CURRENT_USER

Object : software\advantage

Value : timedDBUpdate_rs

Adware.MeMedia Object Recognized!

Type : RegValue

Data :

TAC Rating : 3

Category : Adware

Comment :

Rootkey : HKEY_CURRENT_USER

Object : software\advantage

Value : SystemParam_rs

Adware.MeMedia Object Recognized!

Type : RegValue

Data :

TAC Rating : 3

Category : Adware

Comment :

Rootkey : HKEY_CURRENT_USER

Object : software\advantage

Value : dbg_trayicon_rs

Adware.MeMedia Object Recognized!

Type : RegValue

Data :

TAC Rating : 3

Category : Adware

Comment :

Rootkey : HKEY_CURRENT_USER

Object : software\advantage

Value : uninst_rs

Adware.MeMedia Object Recognized!

Type : RegValue

Data :

TAC Rating : 3

Category : Adware

Comment :

Rootkey : HKEY_CURRENT_USER

Object : software\advantage

Value : shelp_url

Adware.MeMedia Object Recognized!

Type : RegValue

Data :

TAC Rating : 3

Category : Adware

Comment :

Rootkey : HKEY_CURRENT_USER

Object : software\advantage

Value : snhelp_url

Adware.MeMedia Object Recognized!

Type : RegValue

Data :

TAC Rating : 3

Category : Adware

Comment :

Rootkey : HKEY_CURRENT_USER

Object : software\advantage

Value : extra_url

Adware.MeMedia Object Recognized!

Type : RegValue

Data :

TAC Rating : 3

Category : Adware

Comment :

Rootkey : HKEY_CURRENT_USER

Object : software\advantage

Value : extraver_url

Adware.MeMedia Object Recognized!

Type : RegValue

Data :

TAC Rating : 3

Category : Adware

Comment :

Rootkey : HKEY_CURRENT_USER

Object : software\advantage

Value : ziptomsa_url

Adware.MeMedia Object Recognized!

Type : RegValue

Data :

TAC Rating : 3

Category : Adware

Comment :

Rootkey : HKEY_CURRENT_USER

Object : software\advantage

Value : InstallTime

Adware.MeMedia Object Recognized!

Type : RegValue

Data :

TAC Rating : 3

Category : Adware

Comment :

Rootkey : HKEY_CURRENT_USER

Object : software\advantage

Value : LastPartner

Adware.MeMedia Object Recognized!

Type : RegValue

Data :

TAC Rating : 3

Category : Adware

Comment :

Rootkey : HKEY_CURRENT_USER

Object : software\advantage

Value : zip

Adware.MeMedia Object Recognized!

Type : RegValue

Data :

TAC Rating : 3

Category : Adware

Comment :

Rootkey : HKEY_CURRENT_USER

Object : software\advantage

Value : no_x_rs

Adware.MeMedia Object Recognized!

Type : RegValue

Data :

TAC Rating : 3

Category : Adware

Comment :

Rootkey : HKEY_CURRENT_USER

Object : software\advantage

Value : uninstall_cmd_rs

Adware.MeMedia Object Recognized!

Type : RegValue

Data :

TAC Rating : 3

Category : Adware

Comment :

Rootkey : HKEY_CURRENT_USER

Object : software\advantage

Value : tr_rs

Adware.MeMedia Object Recognized!

Type : RegValue

Data :

TAC Rating : 3

Category : Adware

Comment :

Rootkey : HKEY_CURRENT_USER

Object : software\advantage

Value : Partner

Adware.MeMedia Object Recognized!

Type : RegValue

Data :

TAC Rating : 3

Category : Adware

Comment :

Rootkey : HKEY_CURRENT_USER

Object : software\advantage

Value : PartnerB

Adware.MeMedia Object Recognized!

Type : RegValue

Data :

TAC Rating : 3

Category : Adware

Comment :

Rootkey : HKEY_CURRENT_USER

Object : software\advantage

Value : PartnerDesc

Adware.MeMedia Object Recognized!

Type : RegValue

Data :

TAC Rating : 3

Category : Adware

Comment :

Rootkey : HKEY_CURRENT_USER

Object : software\advantage

Value : PartnerParam

Adware.MeMedia Object Recognized!

Type : RegValue

Data :

TAC Rating : 3

Category : Adware

Comment :

Rootkey : HKEY_CURRENT_USER

Object : software\advantage

Value : TotalPopup

Adware.MeMedia Object Recognized!

Type : RegValue

Data :

TAC Rating : 3

Category : Adware

Comment :

Rootkey : HKEY_CURRENT_USER

Object : software\advantage

Value : TotalCube

Adware.MeMedia Object Recognized!

Type : RegValue

Data :

TAC Rating : 3

Category : Adware

Comment :

Rootkey : HKEY_CURRENT_USER

Object : software\advantage

Value : HeartbeatTime

Adware.MeMedia Object Recognized!

Type : RegValue

Data :

TAC Rating : 3

Category : Adware

Comment :

Rootkey : HKEY_CURRENT_USER

Object : software\advantage

Value : HeartbeatCount

Adware.MeMedia Object Recognized!

Type : RegValue

Data :

TAC Rating : 3

Category : Adware

Comment :

Rootkey : HKEY_CURRENT_USER

Object : software\advantage

Value : PulseTime

Adware.MeMedia Object Recognized!

Type : RegValue

Data :

TAC Rating : 3

Category : Adware

Comment :

Rootkey : HKEY_CURRENT_USER

Object : software\advantage

Value : PulseCount

Adware.MeMedia Object Recognized!

Type : RegValue

Data :

TAC Rating : 3

Category : Adware

Comment :

Rootkey : HKEY_CURRENT_USER

Object : software\advantage

Value : FullDBTime

Adware.MeMedia Object Recognized!

Type : RegValue

Data :

TAC Rating : 3

Category : Adware

Comment :

Rootkey : HKEY_CURRENT_USER

Object : software\advantage

Value : brandskin_url

Adware.MeMedia Object Recognized!

Type : RegValue

Data :

TAC Rating : 3

Category : Adware

Comment :

Rootkey : HKEY_CURRENT_USER

Object : software\advantage

Value : brandstrip_rs

Adware.MeMedia Object Recognized!

Type : RegValue

Data :

TAC Rating : 3

Category : Adware

Comment :

Rootkey : HKEY_CURRENT_USER

Object : software\advantage

Value : brandstrip_url

Adware.MeMedia Object Recognized!

Type : RegValue

Data :

TAC Rating : 3

Category : Adware

Comment :

Rootkey : HKEY_CURRENT_USER

Object : software\advantage

Value : bstat_rs

Adware.MeMedia Object Recognized!

Type : RegValue

Data :

TAC Rating : 3

Category : Adware

Comment :

Rootkey : HKEY_CURRENT_USER

Object : software\advantage

Value : himp_url

Adware.MeMedia Object Recognized!

Type : RegValue

Data :

TAC Rating : 3

Category : Adware

Comment :

Rootkey : HKEY_CURRENT_USER

Object : software\advantage

Value : iptomsa_url

Adware.MeMedia Object Recognized!

Type : RegValue

Data :

TAC Rating : 3

Category : Adware

Comment :

Rootkey : HKEY_CURRENT_USER

Object : software\advantage

Value : maxPopups_rs

Adware.MeMedia Object Recognized!

Type : RegValue

Data :

TAC Rating : 3

Category : Adware

Comment :

Rootkey : HKEY_CURRENT_USER

Object : software\advantage

Value : redir3p_url

Adware.MeMedia Object Recognized!

Type : RegValue

Data :

TAC Rating : 3

Category : Adware

Comment :

Rootkey : HKEY_CURRENT_USER

Object : software\advantage

Value : src_url

Adware.MeMedia Object Recognized!

Type : RegValue

Data :

TAC Rating : 3

Category : Adware

Comment :

Rootkey : HKEY_CURRENT_USER

Object : software\advantage

Value : uninstalltag_rs

Adware.MeMedia Object Recognized!

Type : RegValue

Data :

TAC Rating : 3

Category : Adware

Comment :

Rootkey : HKEY_CURRENT_USER

Object : software\advantage

Value : db_stamp_rs

Adware.MeMedia Object Recognized!

Type : RegValue

Data :

TAC Rating : 3

Category : Adware

Comment :

Rootkey : HKEY_CURRENT_USER

Object : software\advantage

Value : dbc_chunks_rs

Adware.MeMedia Object Recognized!

Type : RegValue

Data :

TAC Rating : 3

Category : Adware

Comment :

Rootkey : HKEY_CURRENT_USER

Object : software\advantage

Value : db_server_update

Adware.MeMedia Object Recognized!

Type : RegValue

Data :

TAC Rating : 3

Category : Adware

Comment :

Rootkey : HKEY_CURRENT_USER

Object : software\advantage

Value : MSA

Adware.MeMedia Object Recognized!

Type : RegValue

Data :

TAC Rating : 3

Category : Adware

Comment :

Rootkey : HKEY_CURRENT_USER

Object : software\advantage

Value : fword_rs

Adware.MeMedia Object Recognized!

Type : RegValue

Data :

TAC Rating : 3

Category : Adware

Comment :

Rootkey : HKEY_CURRENT_USER

Object : software\advantage

Value : TotalAbout

Adware.MeMedia Object Recognized!

Type : RegValue

Data :

TAC Rating : 3

Category : Adware

Comment :

Rootkey : HKEY_CURRENT_USER

Object : software\advantage

Value : db_ver_update

Adware.MeMedia Object Recognized!

Type : RegValue

Data :

TAC Rating : 3

Category : Adware

Comment :

Rootkey : HKEY_CURRENT_USER

Object : software\advantage

Value : db_failretry_rs

Adware.MeMedia Object Recognized!

Type : RegValue

Data :

TAC Rating : 3

Category : Adware

Comment :

Rootkey : HKEY_CURRENT_USER

Object : software\advantage

Value : UrlChangeCount

Adware.MeMedia Object Recognized!

Type : Folder

TAC Rating : 3

Category : Adware

Comment : Adware.MeMedia

Object : C:\Archivos de programa\AdVantage

Conditional scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 58

Objects found so far: 78

2:35:05 Scan Complete

Summary Of This Scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Total scanning time:00:11:32.672

Objects scanned:220554

Objects identified:69

Objects ignored:0

New critical objects:69
 

Kbite

Aprender y compartir
Administrador
Hola patapum y bienvenido a los foros.

Te aconsejo que pegues un log de HijackThis en su foro para que los expertos lo analicen y te den los pasos a seguir (pincha en el botón Mostrar):

Descarga el programa HijackThis y colócalo en una carpeta propia para el HijackThis (por ejemplo una carpeta C:\HijackThis\). Cierra programas P2P y otras aplicaciones que no arranquen con Windows

Primero da click en el botón "Config", y aparecerán 7 opciones . Fíjate que no estén tildadas la primera ( “Mark everything found for fixing alter scan”) y la última (“Run Hijack This scan at startup and show it ítems are fond”).Luego presiona "Back"

Ejecútalo y presiona el botón " scan and save a logfile"; el programa realizará el escaneo e inmediatamente generará el Log, sólo te pedira el nombre del archivo y su ubicación, puedes simplemente guardarlo así como está. Se abrirá el Bloc de Notas, copia todo el contenido y pégalo como respuesta a este tema.

Una vez descargado, da doble click en el icono del HijackThis.exe.

Comienza un nuevo post y pega el log aquí:  AQUÍ

Saludos. xDD
 
Estado
Cerrado para nuevas respuestas.
Arriba Pie