false screen

Unknown

Hello,first I must to give you thanks for your disinterested job and your patience.Here’s my problem: I think I’ve been infected with the trojan TOFFGER AT.When I try to connect with my on line office bank , it appears a false screen wich try to get my banks codes.I ‘ve also found the netx files in my windows register : *.xlf , tofger.dll, sysini.ini, sachost.exe, msrt32.dll , system.exe, msto32.dll, mstasks.exe, nostar.ini . All them in the same folder (HKEY/CURRENT SER/software/microsoft/search assistant/5603).I deleted all, but the problem continues. I can’t run my PC in safe mode and I can’t find them in my WinDir.I have followed all yours advices ,except panda on line,it gave me downloaded problems. At last I've installed the kaspersky trial version, but it hasn’t found anything. I hope don’t give you too much problems.

KASPERSKY ONLINE SCANNER 7 REPORT

Wednesday, August 20, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, August 20, 2008 14:03:41
Records in database: 1113861



Scan settings
Scan using the following database
extended
Scan archives
yes
Scan mail databases
yes

Scan area
My Computer
C:\
D:\
F:\

Scan statistics
Files scanned
94635
Threat name
0
Infected objects
0
Suspicious objects
0
Duration of the scan
04:12:25


No malware has been detected. The scan area is clean.
The selected area was scanned.






--- Report generated: 2008-08-23 01:05 ---
Hint of the Day: Click the bar at the right of this to see more information! ()

Statcounter: Galeta de seguiment (Internet Explorer: Propietario) (Galeta, fixed)

Right Media: Galeta de seguiment (Internet Explorer: Propietario) (Galeta, fixed)


--- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) ---
2008-07-07 blindman.exe (1.0.0.8)
2008-07-07 SDFiles.exe (1.6.0.4)
2008-07-07 SDMain.exe (1.0.0.6)
2008-07-07 SDShred.exe (1.0.2.3)
2008-07-07 SDUpdate.exe (1.6.0.8)
2008-07-07 SDWinSec.exe (1.0.0.12)
2008-07-07 SpybotSD.exe (1.6.0.30)
2008-07-07 TeaTimer.exe (1.6.0.20)
2008-08-20 unins000.exe (51.49.0.0)
2008-07-07 Update.exe (1.6.0.7)
2008-07-07 advcheck.dll (1.6.1.12)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-07-07 SDHelper.dll (1.6.0.12)
2008-06-19 sqlite3.dll
2008-07-07 Tools.dll (2.1.5.7)
2008-08-05 Includes\Adware.sbi (*)
2008-08-19 Includes\AdwareC.sbi (*)
2008-06-03 Includes\Cookies.sbi (*)
2008-06-03 Includes\Dialer.sbi (*)
2008-08-05 Includes\DialerC.sbi (*)
2008-07-23 Includes\HeavyDuty.sbi (*)
2008-08-19 Includes\Hijackers.sbi (*)
2008-08-19 Includes\HijackersC.sbi (*)
2008-08-05 Includes\Keyloggers.sbi (*)
2008-08-12 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-08-20 Includes\Malware.sbi (*)
2008-08-19 Includes\MalwareC.sbi (*)
2008-08-05 Includes\PUPS.sbi (*)
2008-08-19 Includes\PUPSC.sbi (*)
2007-11-07 Includes\Revision.sbi (*)
2008-06-18 Includes\Security.sbi (*)
2008-08-19 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2008-08-12 Includes\Spyware.sbi (*)
2008-08-12 Includes\SpywareC.sbi (*)
2008-06-03 Includes\Tracks.uti
2008-08-05 Includes\Trojans.sbi (*)
2008-08-20 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:47:16, on 26/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe
C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Archivos de programa\Intel\Wireless\Bin\OProtSvc.exe
C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\ARCHIV~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Archivos de programa\Power Manager\PM.exe
C:\Archivos de programa\Intel\Wireless\Bin\EOUWiz.exe
C:\Archivos de programa\Java\jre1.5.0_09\bin\jusched.exe
C:\Archivos de programa\ScanSoft\PaperPort\pptd40nt.exe
C:\Archivos de programa\Brother\ControlCenter2\brctrcen.exe
C:\Archivos de programa\QuickTime\qttask.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Archivos de programa\Sandisk\Common\Bin\WinCinemaMgr.exe
C:\Archivos de programa\Java\jre1.5.0_09\bin\jucheck.exe
C:\Archivos de programa\eMule\emule.exe
C:\Archivos de programa\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PowerManager] C:\Archivos de programa\Power Manager\PM.exe
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Archivos de programa\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Archivos de programa\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Archivos de programa\Archivos comunes\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Archivos de programa\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Archivos de programa\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Archivos de programa\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Archivos de programa\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Telefonica] "C:\Archivos de programa\Telefonica\bin\sprtcmd.exe" /P Telefonica
O4 - HKLM\..\Run: [PowerDVD] C:\Archivos de programa\CyberLink\PowerDVD\PowerDVD.exe /autostart
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVP] "C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Archivos de programa\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LaunchList] C:\Archivos de programa\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [NBJ] "C:\Archivos de programa\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Archivos de programa\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: WinCinema Manager.lnk = C:\Archivos de programa\Sandisk\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Acelerador de inicio de AutoCAD.lnk = C:\Archivos de programa\Archivos comunes\Autodesk Shared\acstart17.exe
O4 - Global Startup: Inicio rápido de Adobe Reader.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Monitor de estado.lnk = C:\Archivos de programa\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/ES-ES/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165920465979
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{59B3C720-E9B0-45FE-B97C-2BD8CCDC2EB2}: NameServer = 80.58.61.254,80.58.61.250
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5175BD6-662B-46EA-A446-EECCE2055DAC}: NameServer = 80.58.61.254,80.58.61.250
O20 - AppInit_DLLs: C:\ARCHIV~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\ARCHIV~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Archivos de programa\Archivos comunes\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Archivos de programa\Canon\CAL\CALMAIN.exe
O23 - Service: EvtEng - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Archivos de programa\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: RegSrvc - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe
O24 - Desktop Component 0: (no name) - [URL]file:///C:/DOCUME~1/PROPIE~1/CONFIG~1/Temp/msohtml1/01/clip_image002.jpg[/URL]
--
End of file - 10427 bytes

Thomas

Welcome to Icrontic frolma,


You surely describe a list of well known bad files, but right now all that shows in the log view is a questionable active desktop graphic file. Do you recognize this file, and/or choose it for your active desktop there (I think the answer will be no):

C:/DOCUME~1/PROPIE~1/CONFIG~1/Temp/msohtml1/01/clip_image002.jpg


Let's also take a more detailed look at this system now.


To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.



Download OldTimer's OTViewIt from here to your desktop, then click OTViewIt.exe to start the scan.

When the display opens place a check next to:

Scan All Users

Then click the Run Scan button to start the scan. Once that completes a textbox will open - copy/paste those contents here for review please. The log can also be found on your desktop as OTViewIt.Txt.

Note - do not press any other buttons or make any other changes when running the scan.


You can use separate posts here when replying and posting the log files if needed.

frolma

false screen/ frolma


Hi again, you are right, I’ven’t found clip_image002.jpg
I’ve ran OTViewIT and it has created two logs: OTViewIT.txt
and Extras.txt ,but when I try reply the thread and paste the log
I get a missage error:

1. The text that you have entered is too long (58014 characters). Please shorten it to 50000 characters long. What can I do?

Thanks.

Thomas

The logs will be usually pretty large. You can break the log into parts and post each part as a separate post.

frolma

Hi, ok, here's the first part.

OTViewIt logfile created on: 28/08/2008 15:18:53 - Run 1
OTViewIt by OldTimer - Version 1.0.0.15 Folder = C:\Documents and Settings\Propietario\Mis documentos\Pirateo\Old Timer
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy

1014,42 Mb Total Physical Memory | 641,46 Mb Available Physical Memory | 63,23% Memory free
2,38 Gb Paging File | 1,93 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 74,53 Gb Total Space | 26,55 Gb Free Space | 35,63% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ORGANIZA-6EEEB6
Current User Name: Propietario
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: Off
===== Processes - Non-Microsoft Only =====
[06/03/2005 02:25 AM | 00,086,016 | ---- | M] (Intel Corporation) - C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe
[06/03/2005 02:28 AM | 00,372,809 | ---- | M] (Intel Corporation ) - C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe
[04/12/2002 01:00 AM | 00,057,344 | ---- | M] (brother Industries Ltd) - C:\WINDOWS\system32\brsvc01a.exe
[12/13/2001 01:01 AM | 00,045,056 | ---- | M] (brother Industries Ltd) - C:\WINDOWS\system32\brss01a.exe
[05/31/2005 11:46 PM | 00,401,408 | ---- | M] (Intel Corporation) - C:\Archivos de programa\Intel\Wireless\Bin\ZCfgSvc.exe
[06/28/2007 04:06 AM | 00,106,496 | ---- | M] (Apple, Inc.) - C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[07/29/2008 08:20 PM | 00,206,088 | ---- | M] (Kaspersky Lab) - C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
[05/31/2005 11:50 PM | 00,098,304 | ---- | M] (Intel Corporation) - C:\Archivos de programa\Intel\Wireless\Bin\OProtSvc.exe
[06/03/2005 02:25 AM | 00,139,264 | ---- | M] (Intel Corporation) - C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe
[07/05/2005 10:47 PM | 00,544,768 | R--- | M] (Motorola Inc.) - C:\WINDOWS\sm56hlpr.exe
[06/08/2005 08:42 AM | 14,565,376 | ---- | M] (Realtek Semiconductor Corp.) - C:\WINDOWS\RTHDCPL.EXE
[08/08/2005 11:13 AM | 00,163,840 | ---- | M] () - C:\Archivos de programa\Power Manager\PM.exe
[06/03/2005 02:31 AM | 00,385,024 | ---- | M] (Intel Corporation) - C:\Archivos de programa\Intel\Wireless\Bin\iFrmewrk.exe
[05/31/2005 11:50 PM | 00,356,352 | ---- | M] (Intel Corporation) - C:\Archivos de programa\Intel\Wireless\Bin\EOUWiz.exe
[10/12/2006 04:10 AM | 00,049,263 | ---- | M] (Sun Microsystems, Inc.) - C:\Archivos de programa\Java\jre1.5.0_09\bin\jusched.exe
[03/18/2005 11:52 AM | 00,057,393 | ---- | M] (ScanSoft, Inc.) - C:\Archivos de programa\ScanSoft\PaperPort\pptd40nt.exe
[05/17/2005 06:42 PM | 00,933,888 | ---- | M] (Brother Industries, Ltd.) - C:\Archivos de programa\Brother\ControlCenter2\brctrcen.exe
[04/27/2007 09:41 AM | 00,282,624 | ---- | M] (Apple Inc.) - C:\Archivos de programa\QuickTime\qttask.exe
[06/13/2002 06:08 PM | 00,389,120 | ---- | M] (CyberLink Corp.) - C:\Archivos de programa\CyberLink\PowerDVD\PowerDVD.exe
[01/13/2007 10:47 AM | 00,131,072 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\igfxtray.exe
[01/13/2007 10:47 AM | 00,163,840 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\hkcmd.exe
[01/13/2007 10:46 AM | 00,135,168 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\igfxpers.exe
[07/29/2008 08:20 PM | 00,206,088 | ---- | M] (Kaspersky Lab) - C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
[06/28/2007 09:14 AM | 00,270,648 | ---- | M] (Apple Inc.) - C:\Archivos de programa\iTunes\iTunesHelper.exe
[06/03/2005 02:26 AM | 00,245,760 | ---- | M] (Intel) - C:\Archivos de programa\Intel\Wireless\Bin\1XConfig.exe
[03/30/2006 09:15 AM | 00,096,341 | ---- | M] (Canon Inc.) - C:\Archivos de programa\Canon\CAL\CALMAIN.exe
[06/28/2007 09:14 AM | 00,501,048 | ---- | M] (Apple Inc.) - C:\Archivos de programa\iPod\bin\iPodService.exe
[10/12/2006 04:10 AM | 00,241,775 | ---- | M] (Sun Microsystems, Inc.) - C:\Archivos de programa\Java\jre1.5.0_09\bin\jucheck.exe
[08/28/2008 03:13 PM | 01,304,576 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\Propietario\Mis documentos\Pirateo\Old Timer\OTViewIt.exe
===== Win32 Services - Non-Microsoft Only =====
(Apple Mobile Device) Apple Mobile Device [Auto | Running]
[06/28/2007 04:06 AM | 00,106,496 | ---- | M] (Apple, Inc.) - C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
(Autodesk Licensing Service) Autodesk Licensing Service [On_Demand | Stopped]
[01/23/2007 10:00 PM | 00,077,944 | ---- | M] (Autodesk) - C:\Archivos de programa\Archivos comunes\Autodesk Shared\Service\AdskScSrv.exe
(AVP) Kaspersky Anti-Virus [Auto | Running]
[07/29/2008 08:20 PM | 00,206,088 | ---- | M] (Kaspersky Lab) - C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
(Brother XP spl Service) BrSplService [Auto | Running]
[04/12/2002 01:00 AM | 00,057,344 | ---- | M] (brother Industries Ltd) - C:\WINDOWS\system32\brsvc01a.exe
(CCALib8) Canon Camera Access Library 8 [Auto | Running]
[03/30/2006 09:15 AM | 00,096,341 | ---- | M] (Canon Inc.) - C:\Archivos de programa\Canon\CAL\CALMAIN.exe
(dmadmin) Servicio del administrador de discos lógicos [On_Demand | Stopped]
[03/02/2006 02:00 PM | 00,225,792 | ---- | M] (Microsoft Corp., VERITAS Software) - C:\WINDOWS\system32\dmadmin.exe
(EvtEng) EvtEng [Auto | Running]
[06/03/2005 02:25 AM | 00,086,016 | ---- | M] (Intel Corporation) - C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe
(FirebirdServerMAGIXInstance) Firebird Server - MAGIX Instance [On_Demand | Stopped]
[11/17/2005 03:18 PM | 01,527,900 | ---- | M] (MAGIX®) - C:\Archivos de programa\MAGIX\Common\Database\bin\fbserver.exe
(iPod Service) Servicio del iPod [On_Demand | Running]
[06/28/2007 09:14 AM | 00,501,048 | ---- | M] (Apple Inc.) - C:\Archivos de programa\iPod\bin\iPodService.exe
(OwnershipProtocol) OwnershipProtocol [Auto | Running]
[05/31/2005 11:50 PM | 00,098,304 | ---- | M] (Intel Corporation) - C:\Archivos de programa\Intel\Wireless\Bin\OProtSvc.exe
(PCLEPCI) PCLEPCI [Auto | Stopped]
[02/09/2005 01:59 PM | 00,014,165 | ---- | M] (Pinnacle Systems GmbH) - C:\WINDOWS\system32\drivers\Pclepci.sys
(RegSrvc) RegSrvc [Auto | Running]
[06/03/2005 02:25 AM | 00,139,264 | ---- | M] (Intel Corporation) - C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe
(S24EventMonitor) Spectrum24 Event Monitor [Auto | Running]
[06/03/2005 02:28 AM | 00,372,809 | ---- | M] (Intel Corporation ) - C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe
===== Driver Services - Non-Microsoft Only =====
(AegisP) AEGIS Protocol (IEEE 802.1x) v3.2.0.3 [Auto | Running]
[12/12/2006 12:22 PM | 00,017,801 | ---- | M] (Meetinghouse Data Communications) - C:\WINDOWS\system32\drivers\AegisP.sys
(bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [On_Demand | Running]
[10/11/2004 01:24 PM | 00,045,056 | ---- | M] (Broadcom Corporation) - C:\WINDOWS\system32\drivers\bcm4sbxp.sys
(BrScnUsb) Brother USB Still Image driver [On_Demand | Running]
[10/15/2004 01:50 PM | 00,015,295 | ---- | M] (Brother Industries Ltd.) - C:\WINDOWS\system32\drivers\BrScnUsb.sys
(dmboot) dmboot [Disabled | Stopped]
[03/02/2006 02:00 PM | 00,800,256 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmboot.sys
(dmio) dmio [Disabled | Stopped]
[03/02/2006 02:00 PM | 00,154,240 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmio.sys
(dmload) dmload [Disabled | Stopped]
[03/02/2006 02:00 PM | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\drivers\dmload.sys
(EKBfltr) ENE Keyboard Controller [On_Demand | Running]
[01/14/2005 11:22 AM | 00,005,504 | R--- | M] (EnE Technology Inc.) - C:\WINDOWS\system32\drivers\EKBfltr.sys
(GEARAspiWDM) GEARAspiWDM [On_Demand | Running]
[09/19/2006 02:44 PM | 00,015,664 | ---- | M] (GEAR Software Inc.) - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
(HdAudAddService) Microsoft UAA Function Driver for High Definition Audio Service [On_Demand | Stopped]
[01/07/2005 06:07 PM | 00,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) - C:\WINDOWS\system32\drivers\Hdaudio.sys
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [On_Demand | Running]
[01/07/2005 06:07 PM | 00,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) - C:\WINDOWS\system32\drivers\Hdaudbus.sys
(ialm) ialm [On_Demand | Running]
[01/13/2007 11:33 AM | 05,672,032 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\igxpmp32.sys
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [On_Demand | Running]
[06/08/2005 10:22 AM | 03,160,576 | ---- | M] (Realtek Semiconductor Corp.) - C:\WINDOWS\system32\drivers\RtkHDAud.sys
(Iviaspi) IVI ASPI Shell [On_Demand | Running]
[09/20/2005 05:27 PM | 00,010,368 | ---- | M] (InterVideo, Inc.) - C:\WINDOWS\system32\drivers\iviaspi.sys
(IWCA) Intel Wireless Connection Agent Miniport for Win XP [On_Demand | Running]
[08/12/2004 09:44 AM | 00,234,496 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\iwca.sys
(kl1) kl1 [Boot | Running]
[07/21/2008 06:34 PM | 00,121,872 | ---- | M] (Kaspersky Lab) - C:\WINDOWS\system32\drivers\kl1.sys
(klbg) Kaspersky Lab Boot Guard Driver [Boot | Running]
[01/29/2008 06:29 PM | 00,032,784 | ---- | M] (Kaspersky Lab) - C:\WINDOWS\system32\drivers\klbg.sys
(KLIF) Kaspersky Lab Driver [System | Running]
[08/23/2008 03:22 AM | 00,213,008 | ---- | M] (Kaspersky Lab) - C:\WINDOWS\system32\drivers\klif.sys
(klim5) Kaspersky Anti-Virus NDIS Filter [On_Demand | Running]
[04/30/2008 06:06 PM | 00,024,592 | ---- | M] (Kaspersky Lab) - C:\WINDOWS\system32\drivers\klim5.sys
(MarvinBus) Pinnacle Marvin Bus [On_Demand | Running]
[01/04/2007 11:07 AM | 00,171,520 | ---- | M] (Pinnacle Systems GmbH) - C:\WINDOWS\system32\drivers\MarvinBus.sys
(pcouffin) VSO Software pcouffin [On_Demand | Stopped]
[05/30/2008 06:30 PM | 00,047,360 | ---- | M] (VSO Software) - C:\WINDOWS\system32\drivers\pcouffin.sys
(pfc) PADUS ASPI SHELL [On_Demand | Running]
[06/13/2002 03:08 PM | 00,014,604 | ---- | M] (Padus, Inc.) - C:\WINDOWS\system32\drivers\pfc.sys
(Ptilink) Controlador de vínculo paralelo directo [On_Demand | Running]
[03/02/2006 02:00 PM | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) - C:\WINDOWS\system32\drivers\ptilink.sys
(PxHelp20) PxHelp20 [Boot | Running]
[07/27/2006 07:28 PM | 00,020,640 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\PxHelp20.sys
(s24trans) Transporte WLAN [Auto | Running]
[05/03/2005 08:03 AM | 00,011,354 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\s24trans.sys
(Secdrv) Secdrv [Auto | Running]
[11/13/2007 12:25 PM | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) - C:\WINDOWS\system32\drivers\secdrv.sys
(smserial) smserial [On_Demand | Running]
[07/05/2005 10:54 PM | 00,840,100 | R--- | M] (Motorola Inc.) - C:\WINDOWS\system32\drivers\smserial.sys
(tifm21) tifm21 [On_Demand | Running]
[06/03/2005 11:50 PM | 00,162,176 | ---- | M] (Texas Instruments) - C:\WINDOWS\system32\drivers\tifm21.sys
(w29n51) Controlador de la Conexión de red Intel(R) PRO/Wireless 2200BG para Windows XP [On_Demand | Running]
[04/30/2005 05:01 PM | 03,281,408 | ---- | M] (Intel® Corporation) - C:\WINDOWS\system32\drivers\w29n51.sys
(WINIO) WINIO [On_Demand | Running]
[03/02/2002 12:21 AM | 00,004,944 | ---- | M] () - C:\Archivos de programa\Power Manager\WinIo.sys
===== Run Keys =====
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"" = File not found
"Alcmtr" = ALCMTR.EXE [05/03/2005 12:43 PM | 00,069,632 | ---- | M] (Realtek Semiconductor Corp.)
"AVP" = "C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [07/29/2008 08:20 PM | 00,206,088 | ---- | M] (Kaspersky Lab)
"ControlCenter2.0" = C:\Archivos de programa\Brother\ControlCenter2\brctrcen.exe /autorun [05/17/2005 06:42 PM | 00,933,888 | ---- | M] (Brother Industries, Ltd.)
"EOUApp" = C:\Archivos de programa\Intel\Wireless\Bin\EOUWiz.exe [05/31/2005 11:50 PM | 00,356,352 | ---- | M] (Intel Corporation)
"High Definition Audio Property Page Shortcut" = HDAShCut.exe [01/07/2005 06:07 PM | 00,061,952 | ---- | M] (Windows (R) Server 2003 DDK provider)
"HotKeysCmds" = C:\WINDOWS\system32\hkcmd.exe [01/13/2007 10:47 AM | 00,163,840 | ---- | M] (Intel Corporation)
"IgfxTray" = C:\WINDOWS\system32\igfxtray.exe [01/13/2007 10:47 AM | 00,131,072 | ---- | M] (Intel Corporation)
"IndexSearch" = C:\Archivos de programa\ScanSoft\PaperPort\IndexSearch.exe [03/18/2005 12:04 PM | 00,040,960 | ---- | M] (ScanSoft, Inc.)
"IntelWireless" = C:\Archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless [06/03/2005 02:31 AM | 00,385,024 | ---- | M] (Intel Corporation)
"IntelZeroConfig" = C:\Archivos de programa\Intel\Wireless\bin\ZCfgSvc.exe [05/31/2005 11:46 PM | 00,401,408 | ---- | M] (Intel Corporation)
"iTunesHelper" = "C:\Archivos de programa\iTunes\iTunesHelper.exe" [06/28/2007 09:14 AM | 00,270,648 | ---- | M] (Apple Inc.)
"NeroFilterCheck" = C:\WINDOWS\system32\NeroCheck.exe [07/09/2001 11:50 AM | 00,155,648 | ---- | M] (Ahead Software Gmbh)
"PaperPort PTD" = C:\Archivos de programa\ScanSoft\PaperPort\pptd40nt.exe [03/18/2005 11:52 AM | 00,057,393 | ---- | M] (ScanSoft, Inc.)
"Persistence" = C:\WINDOWS\system32\igfxpers.exe [01/13/2007 10:46 AM | 00,135,168 | ---- | M] (Intel Corporation)
"PowerDVD" = C:\Archivos de programa\CyberLink\PowerDVD\PowerDVD.exe /autostart [06/13/2002 06:08 PM | 00,389,120 | ---- | M] (CyberLink Corp.)
"PowerManager" = C:\Archivos de programa\Power Manager\PM.exe [08/08/2005 11:13 AM | 00,163,840 | ---- | M] ()
"QuickTime Task" = "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime [04/27/2007 09:41 AM | 00,282,624 | ---- | M] (Apple Inc.)
"RTHDCPL" = RTHDCPL.EXE [06/08/2005 08:42 AM | 14,565,376 | ---- | M] (Realtek Semiconductor Corp.)
"SetDefPrt" = C:\Archivos de programa\Brother\Brmfl05a\BrStDvPt.exe [01/26/2005 07:02 PM | 00,049,152 | ---- | M] (Brother Industories, Ltd.)
"SMSERIAL" = sm56hlpr.exe [07/05/2005 10:47 PM | 00,544,768 | R--- | M] (Motorola Inc.)
"SSBkgdUpdate" = "C:\Archivos de programa\Archivos comunes\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot [10/14/2003 11:22 AM | 00,155,648 | R--- | M] (Scansoft, Inc.)
"SunJavaUpdateSched" = "C:\Archivos de programa\Java\jre1.5.0_09\bin\jusched.exe" [10/12/2006 04:10 AM | 00,049,263 | ---- | M] (Sun Microsystems, Inc.)
"Telefonica" = "C:\Archivos de programa\Telefonica\bin\sprtcmd.exe" /P Telefonica [10/06/2005 05:44 PM | 00,192,512 | ---- | M] (SupportSoft, Inc.)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchList" = C:\Archivos de programa\Pinnacle\Studio 11\LaunchList2.exe [03/21/2007 04:41 PM | 00,145,496 | ---- | M] (Pinnacle Systems)
"NBJ" = "C:\Archivos de programa\Ahead\Nero BackItUp\NBJ.exe" [10/11/2005 07:25 PM | 01,961,984 | ---- | M] (Ahead Software AG)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.
[HKEY_USERS\S-1-5-21-343818398-884357618-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchList" = C:\Archivos de programa\Pinnacle\Studio 11\LaunchList2.exe [03/21/2007 04:41 PM | 00,145,496 | ---- | M] (Pinnacle Systems)
"NBJ" = "C:\Archivos de programa\Ahead\Nero BackItUp\NBJ.exe" [10/11/2005 07:25 PM | 01,961,984 | ---- | M] (Ahead Software AG)
[HKEY_USERS\S-1-5-21-343818398-884357618-839522115-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.
===== Startup Folders =====
[Administrador Startup Folder - C:\Documents and Settings\Administrador\Menú Inicio\Programas\Inicio]
[All Users Startup Folder - C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio]
[03/05/2006 03:43 PM | 00,011,000 | ---- | M] (Autodesk, Inc) - C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Acelerador de inicio de AutoCAD.lnk = C:\Archivos de programa\Archivos comunes\Autodesk Shared\acstart17.exe
[09/23/2005 11:05 PM | 00,029,696 | ---- | M] (Adobe Systems Incorporated) - C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Inicio rápido de Adobe Reader.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[04/23/2005 08:12 PM | 00,802,816 | ---- | M] (Brother Industries, Ltd.) - C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Monitor de estado.lnk = C:\Archivos de programa\Brother\Brmfcmon\BrMfcWnd.exe
[Default User Startup Folder - C:\Documents and Settings\Default User\Menú Inicio\Programas\Inicio]
[Propietario Startup Folder - C:\Documents and Settings\Propietario\Menú Inicio\Programas\Inicio]
File not found - C:\Documents and Settings\Propietario\Menú Inicio\Programas\Inicio\OpenOffice.org 2.0.lnk = C:\Archivos de programa\OpenOffice.org 2.0\program\quickstart.exe
===== BHO's =====
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
HKLM CLSID: (Adobe PDF Reader Link Helper) - [01/12/2006 09:38 PM | 00,063,128 | ---- | M] (Adobe Systems Incorporated) C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
HKLM CLSID: (IEVkbdBHO Class) - [07/29/2008 08:21 PM | 00,062,728 | ---- | M] (Kaspersky Lab) C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
HKLM CLSID: (SSVHelper Class) - [10/12/2006 04:25 AM | 00,434,279 | ---- | M] (Sun Microsystems, Inc.) C:\Archivos de programa\Java\jre1.5.0_09\bin\ssv.dll
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.
===== Toolbars =====
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
HKLM CLSID: (Yahoo! Toolbar) - File not found Reg Error: Key does not exist or could not be opened.
[HKEY_USERS\S-1-5-21-343818398-884357618-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
HKLM CLSID: (Yahoo! Toolbar) - File not found Reg Error: Key does not exist or could not be opened.
===== Policies =====
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
Unable to open key or key not present!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!

[HKEY_USERS\S-1-5-21-343818398-884357618-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145
[HKEY_USERS\S-1-5-21-343818398-884357618-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!

===== Desktop Components =====
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"FriendlyName" = ""
"Source" = "[URL]file:///C:/DOCUME~1/PROPIE~1/CONFIG~1/Temp/msohtml1/01/clip_image002.jpg[/URL]"
"SubscribedURL" = "[URL]file:///C:/DOCUME~1/PROPIE~1/CONFIG~1/Temp/msohtml1/01/clip_image002.jpg[/URL]"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"FriendlyName" = "Mi página de inicio actual"
"Source" = "About:Home"
"SubscribedURL" = "About:Home"
===== Shared Task Scheduler =====
===== AppInit_Dlls =====
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls]
"C:\ARCHIV~1\KASPER~1\KASPER~1\mzvkbd.dll" - [07/29/2008 08:22 PM | 00,079,112 | ---- | M] (Kaspersky Lab) C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd.dll
"C:\ARCHIV~1\KASPER~1\KASPER~1\mzvkbd3.dll" - [07/29/2008 08:22 PM | 00,079,112 | ---- | M] (Kaspersky Lab) C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd3.dll
===== Lsa Authentication Packages =====
===== Lsa Security Packages =====
===== Authorized Applications List =====
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [03/02/2006 02:00 PM | 00,142,848 | ---- | M] (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [10/10/2006 02:44 PM | 00,557,568 | ---- | M] (Microsoft Corporation)
"C:\Archivos de programa\MSN Messenger\msncall.exe" = C:\Archivos de programa\MSN Messenger\msncall.exe File not found
"C:\Archivos de programa\MSN Messenger\msnmsgr.exe" = C:\Archivos de programa\MSN Messenger\msnmsgr.exe [01/19/2007 12:55 PM | 05,674,352 | ---- | M] (Microsoft Corporation)
"C:\Archivos de programa\MSN Messenger\livecall.exe" = C:\Archivos de programa\MSN Messenger\livecall.exe [01/04/2007 04:10 PM | 00,297,752 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [03/02/2006 02:00 PM | 00,142,848 | ---- | M] (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [10/10/2006 02:44 PM | 00,557,568 | ---- | M] (Microsoft Corporation)
"C:\Archivos de programa\MSN Messenger\msncall.exe" = C:\Archivos de programa\MSN Messenger\msncall.exe File not found
"C:\Archivos de programa\iTunes\iTunes.exe" = C:\Archivos de programa\iTunes\iTunes.exe [06/28/2007 09:14 AM | 15,330,616 | ---- | M] (Apple Inc.)
"C:\Archivos de programa\Telefonica\AsistCfg71\awcbrwsr.exe" = C:\Archivos de programa\Telefonica\AsistCfg71\awcbrwsr.exe [03/29/2007 01:00 AM | 00,053,248 | ---- | M] ()
"C:\Archivos de programa\Microsoft Office\OFFICE11\OUTLOOK.EXE" = C:\Archivos de programa\Microsoft Office\OFFICE11\OUTLOOK.EXE [07/15/2003 06:45 AM | 00,196,152 | ---- | M] (Microsoft Corporation)
"C:\Documents and Settings\Propietario\Configuración local\Temp\Rar$EX01.766\eMule0.48a\emule.exe" = C:\Documents and Settings\Propietario\Configuración local\Temp\Rar$EX01.766\eMule0.48a\emule.exe File not found
"C:\Archivos de programa\eMule\emule.exe" = C:\Archivos de programa\eMule\emule.exe [05/13/2007 04:57 PM | 05,308,416 | ---- | M] (http://www.emule-project.net)
"C:\Archivos de programa\Kazaa Lite K++\KazaaLite.kpp" = C:\Archivos de programa\Kazaa Lite K++\KazaaLite.kpp File not found
"C:\Archivos de programa\MSN Messenger\msnmsgr.exe" = C:\Archivos de programa\MSN Messenger\msnmsgr.exe [01/19/2007 12:55 PM | 05,674,352 | ---- | M] (Microsoft Corporation)
"C:\Archivos de programa\MSN Messenger\livecall.exe" = C:\Archivos de programa\MSN Messenger\livecall.exe [01/04/2007 04:10 PM | 00,297,752 | ---- | M] (Microsoft Corporation)
"C:\Archivos de programa\Messenger\msmsgs.exe" = C:\Archivos de programa\Messenger\msmsgs.exe [10/13/2004 06:24 PM | 01,694,208 | ---- | M] (Microsoft Corporation)
"C:\Archivos de programa\Pinnacle\Studio 11\programs\RM.exe" = C:\Archivos de programa\Pinnacle\Studio 11\programs\RM.exe [04/06/2007 02:17 PM | 00,073,728 | ---- | M] (Pinnacle Systems)
"C:\Archivos de programa\Pinnacle\Studio 11\programs\Studio.exe" = C:\Archivos de programa\Pinnacle\Studio 11\programs\Studio.exe [04/06/2007 02:40 PM | 05,505,024 | ---- | M] (Pinnacle Systems)
"C:\Archivos de programa\Pinnacle\Studio 11\programs\PMSRegisterFile.exe" = C:\Archivos de programa\Pinnacle\Studio 11\programs\PMSRegisterFile.exe [11/21/2006 06:05 AM | 00,024,576 | ---- | M] ( )
"C:\Archivos de programa\Pinnacle\Studio 11\programs\umi.exe" = C:\Archivos de programa\Pinnacle\Studio 11\programs\umi.exe [04/06/2007 02:16 PM | 00,081,920 | ---- | M] (Pinnacle Systems)
"C:\Archivos de programa\Internet Explorer\iexplore.exe" = C:\Archivos de programa\Internet Explorer\iexplore.exe [06/23/2008 11:20 AM | 00,625,664 | ---- | M] (Microsoft Corporation)
"C:\WINDOWS\Explorer.EXE" = C:\WINDOWS\explorer.exe [06/13/2007 03:22 PM | 01,035,776 | ---- | M] (Microsoft Corporation)
===== HKLM Winlogon Settings =====
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
"Explorer.exe" - [06/13/2007 03:22 PM | 01,035,776 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
"C:\WINDOWS\system32\userinit.exe" - [03/02/2006 02:00 PM | 00,025,088 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
"logonui.exe" - [03/02/2006 02:00 PM | 00,515,584 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
"rundll32 shell32" - [10/25/2007 06:43 PM | 08,502,272 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
"Control_RunDLL "sysdm.cpl"" - [03/02/2006 02:00 PM | 00,302,592 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl
===== User's Winlogon Settings =====
===== Winlogon Notify Settings =====
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
"DllName" = C:\WINDOWS\system32\igfxdev.dll [01/13/2007 10:46 AM | 00,204,800 | ---- | M] (Intel Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IntelWireless]
"DllName" = C:\Archivos de programa\Intel\Wireless\Bin\LgNotify.dll [05/31/2005 11:46 PM | 00,110,592 | ---- | M] (Intel Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
"DllName" = C:\WINDOWS\system32\klogon.dll [07/29/2008 08:21 PM | 00,218,376 | ---- | M] (Kaspersky Lab)
===== Safeboot Options =====
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe
===== Disabled MsConfig Items =====
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^ WinCinema Manager.lnk]
"path" = C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\ WinCinema Manager.lnk File not found
"backup" = C:\WINDOWS\pss\ WinCinema Manager.lnk File not found
"location" = Common Startup
"command" = C:\Archivos de programa\Sandisk\Common\Bin\WinCinemaMgr.exe [09/26/2006 02:29 PM | 00,303,104 | ---- | M] (InterVideo Inc.)
"item" = WinCinema Manager

frolma

Hi, and here's the second


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
"system.ini" = 0
"win.ini" = 0
"bootini" = 0
"services" = 0
"startup" = 2
===== DNS Name Servers =====
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{472F2256-6B58-4784-9CD8-32BD2E21A4F7}]
Servers: | Description: Intel(R) PRO/Wireless 2200BG Network Connection
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{59B3C720-E9B0-45FE-B97C-2BD8CCDC2EB2}]
Servers: 80.58.61.254,80.58.61.250 | Description: Broadcom 440x 10/100 Integrated Controller
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{A5175BD6-662B-46EA-A446-EECCE2055DAC}]
Servers: 80.58.61.254,80.58.61.250 | Description: Adaptador de red 1394
===== CDRom AutoRun Settings =====
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1
===== Autorun Files on Drives =====
AUTOEXEC.BAT [SET PATH=C:\Archivos de programa\Pinnacle\Shared Files;C:\Archivos de programa\Pinnacle\Shared Files\Filter | ]
[03/23/2008 11:37 PM | 00,000,109 | ---- | M] () C:\AUTOEXEC.BAT [ NTFS ]
===== MountPoints2 =====
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{008e5a07-940e-11db-b04b-00166f4e7cbd}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{008e5a07-940e-11db-b04b-00166f4e7cbd}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 06:43 PM | 08,502,272 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{008e5a07-940e-11db-b04b-00166f4e7cbd}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{04b59145-89f5-11db-b046-00166f4e7cbd}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{04b59145-89f5-11db-b046-00166f4e7cbd}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 06:43 PM | 08,502,272 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{04b59145-89f5-11db-b046-00166f4e7cbd}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{187aefec-943d-11db-b051-00166f4e7cbd}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{187aefec-943d-11db-b051-00166f4e7cbd}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 06:43 PM | 08,502,272 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{187aefec-943d-11db-b051-00166f4e7cbd}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b3388ea-eecb-11dc-b2d4-00166f4e7cbd}\Shell]
"" = Open
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b3388ea-eecb-11dc-b2d4-00166f4e7cbd}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 06:43 PM | 08,502,272 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b3388ea-eecb-11dc-b2d4-00166f4e7cbd}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b3388ea-eecb-11dc-b2d4-00166f4e7cbd}\Shell\AutoRun]
"Extended" =
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b3388ea-eecb-11dc-b2d4-00166f4e7cbd}\Shell\AutoRun\command]
"" = dh66ln.cmd
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b3388ea-eecb-11dc-b2d4-00166f4e7cbd}\Shell\explore]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b3388ea-eecb-11dc-b2d4-00166f4e7cbd}\Shell\explore\Command]
"" = dh66ln.cmd
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b3388ea-eecb-11dc-b2d4-00166f4e7cbd}\Shell\open]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b3388ea-eecb-11dc-b2d4-00166f4e7cbd}\Shell\open\Command]
"" = dh66ln.cmd
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b3388ea-eecb-11dc-b2d4-00166f4e7cbd}\Shell\open\Default]
"" = 1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{208331b2-dd63-11db-b10e-00166f4e7cbd}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{208331b2-dd63-11db-b10e-00166f4e7cbd}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 06:43 PM | 08,502,272 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{208331b2-dd63-11db-b10e-00166f4e7cbd}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24dbd769-2e6a-11dd-b316-00166f4e7cbd}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24dbd769-2e6a-11dd-b316-00166f4e7cbd}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 06:43 PM | 08,502,272 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24dbd769-2e6a-11dd-b316-00166f4e7cbd}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2589628e-1783-11dc-b168-00166f4e7cbd}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2589628e-1783-11dc-b168-00166f4e7cbd}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 06:43 PM | 08,502,272 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2589628e-1783-11dc-b168-00166f4e7cbd}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2589628f-1783-11dc-b168-00166f4e7cbd}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2589628f-1783-11dc-b168-00166f4e7cbd}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 06:43 PM | 08,502,272 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2589628f-1783-11dc-b168-00166f4e7cbd}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{32cbf123-2734-11dc-b18d-00166f4e7cbd}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{32cbf123-2734-11dc-b18d-00166f4e7cbd}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 06:43 PM | 08,502,272 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{32cbf123-2734-11dc-b18d-00166f4e7cbd}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3f836d6e-89fa-11db-b047-00166f4e7cbd}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3f836d6e-89fa-11db-b047-00166f4e7cbd}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 06:43 PM | 08,502,272 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3f836d6e-89fa-11db-b047-00166f4e7cbd}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{481da3ed-f9ab-11db-b135-00166f4e7cbd}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{481da3ed-f9ab-11db-b135-00166f4e7cbd}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 06:43 PM | 08,502,272 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{481da3ed-f9ab-11db-b135-00166f4e7cbd}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8043784d-aef5-11db-b0b6-00166f4e7cbd}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8043784d-aef5-11db-b0b6-00166f4e7cbd}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 06:43 PM | 08,502,272 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8043784d-aef5-11db-b0b6-00166f4e7cbd}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bd9687c-388a-11dd-b317-00166f4e7cbd}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bd9687c-388a-11dd-b317-00166f4e7cbd}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 06:43 PM | 08,502,272 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bd9687c-388a-11dd-b317-00166f4e7cbd}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91541350-a907-11dc-b29f-00166f4e7cbd}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91541350-a907-11dc-b29f-00166f4e7cbd}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 06:43 PM | 08,502,272 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91541350-a907-11dc-b29f-00166f4e7cbd}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f7c12ec-4c2e-11dc-b1db-00166f4e7cbd}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f7c12ec-4c2e-11dc-b1db-00166f4e7cbd}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 06:43 PM | 08,502,272 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f7c12ec-4c2e-11dc-b1db-00166f4e7cbd}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a22665ff-1687-11dc-b165-00166f4e7cbd}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a22665ff-1687-11dc-b165-00166f4e7cbd}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 06:43 PM | 08,502,272 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a22665ff-1687-11dc-b165-00166f4e7cbd}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{caa0508c-9761-11db-b064-00166f4e7cbd}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{caa0508c-9761-11db-b064-00166f4e7cbd}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 06:43 PM | 08,502,272 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{caa0508c-9761-11db-b064-00166f4e7cbd}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d144cc08-3f8e-11dc-b1b8-00166f4e7cbd}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d144cc08-3f8e-11dc-b1b8-00166f4e7cbd}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 06:43 PM | 08,502,272 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d144cc08-3f8e-11dc-b1b8-00166f4e7cbd}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de387366-846f-11dc-b283-00166f4e7cbd}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de387366-846f-11dc-b283-00166f4e7cbd}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 06:43 PM | 08,502,272 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de387366-846f-11dc-b283-00166f4e7cbd}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de38736a-846f-11dc-b283-00166f4e7cbd}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de38736a-846f-11dc-b283-00166f4e7cbd}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 06:43 PM | 08,502,272 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de38736a-846f-11dc-b283-00166f4e7cbd}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0edb6da-d8bb-11db-b105-00166f4e7cbd}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0edb6da-d8bb-11db-b105-00166f4e7cbd}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 06:43 PM | 08,502,272 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0edb6da-d8bb-11db-b105-00166f4e7cbd}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f215f2e8-4085-11dc-b1ba-00166f4e7cbd}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f215f2e8-4085-11dc-b1ba-00166f4e7cbd}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 06:43 PM | 08,502,272 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f215f2e8-4085-11dc-b1ba-00166f4e7cbd}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f52782d4-5c99-11dc-b21e-00166f4e7cbd}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f52782d4-5c99-11dc-b21e-00166f4e7cbd}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 06:43 PM | 08,502,272 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f52782d4-5c99-11dc-b21e-00166f4e7cbd}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7437be1-6f70-11dc-b25e-00166f4e7cbd}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7437be1-6f70-11dc-b25e-00166f4e7cbd}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 06:43 PM | 08,502,272 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7437be1-6f70-11dc-b25e-00166f4e7cbd}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}
===== Hosts File =====
HOSTS File = (792 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

[Files/Folders - Created Within 30 days]
[07/29/2008 08:20 PM | 00,024,774 | ---- | C] () - C:\WINDOWS\System32\drivers\klopp.dat
[08/23/2008 03:22 AM | 00,213,008 | ---- | C] (Kaspersky Lab) - C:\WINDOWS\System32\drivers\klif.sys
[08/23/2008 03:23 AM | 00,002,228 | -HS- | C] () - C:\WINDOWS\System32\drivers\fidbox2.idx
[08/23/2008 03:23 AM | 00,026,616 | -HS- | C] () - C:\WINDOWS\System32\drivers\fidbox.idx
[08/23/2008 03:23 AM | 00,335,904 | -HS- | C] () - C:\WINDOWS\System32\drivers\fidbox2.dat
[08/23/2008 03:23 AM | 03,268,640 | -HS- | C] () - C:\WINDOWS\System32\drivers\fidbox.dat
[08/23/2008 03:24 AM | 00,087,855 | ---- | C] () - C:\WINDOWS\System32\drivers\klick.dat
[08/23/2008 03:24 AM | 00,096,976 | ---- | C] () - C:\WINDOWS\System32\drivers\klin.dat
[1 C:\WINDOWS\System32\*.tmp files]
[07/29/2008 08:21 PM | 00,218,376 | ---- | C] (Kaspersky Lab) - C:\WINDOWS\System32\klogon.dll
[08/15/2008 06:03 AM | 00,120,200 | ---- | C] () - C:\WINDOWS\System32\DLLDEV32i.dll
[08/15/2008 06:05 AM | 00,053,248 | ---- | C] () - C:\WINDOWS\System32\mgxasio2.dll
[08/15/2008 06:05 AM | 00,430,080 | ---- | C] (MAGIX AG) - C:\WINDOWS\System32\MXRestore.exe
[08/28/2008 10:21 AM | ---D | C] - C:\WINDOWS\System32\CatRoot_bak
[5 C:\WINDOWS\*.tmp files]
[08/01/2008 10:45 AM | 00,001,409 | ---- | C] () - C:\WINDOWS\QTFont.for
[08/01/2008 10:45 AM | 00,054,156 | -H-- | C] () - C:\WINDOWS\QTFont.qfn
[08/15/2008 06:06 AM | 00,000,028 | ---- | C] () - C:\WINDOWS\Robota.INI
[08/26/2008 10:58 PM | 00,000,146 | ---- | C] () - C:\WINDOWS\wuasirvy.dll
[08/26/2008 10:58 PM | 00,018,944 | ---- | C] () - C:\WINDOWS\msacm32.drv
[08/27/2008 01:18 PM | 00,000,005 | ---- | C] () - C:\WINDOWS\sdfixwcs.dll
[08/27/2008 01:18 PM | 00,000,007 | ---- | C] () - C:\WINDOWS\sdfinacs.dll
[08/27/2008 01:18 PM | 00,000,036 | ---- | C] () - C:\WINDOWS\rasqervy.dll
[08/28/2008 10:10 AM | ---D | C] - C:\WINDOWS\LastGood
[08/15/2008 06:03 AM | ---D | C] - C:\Documents and Settings\All Users\Datos de programa\MAGIX
[08/20/2008 01:40 PM | ---D | C] - C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy
[08/23/2008 03:17 AM | ---D | C] - C:\Documents and Settings\All Users\Datos de programa\Kaspersky Lab Setup Files
[08/23/2008 03:23 AM | ---D | C] - C:\Documents and Settings\All Users\Datos de programa\Kaspersky Lab
[08/15/2008 06:06 AM | ---D | C] - C:\Documents and Settings\Propietario\Datos de programa\MAGIX
[08/15/2008 06:04 AM | ---D | C] - C:\Documents and Settings\Propietario\Mis documentos\MAGIX_MusicMaker2008PE_Version_para_descargar
[08/15/2008 06:06 AM | ---D | C] - C:\Documents and Settings\Propietario\Mis documentos\MAGIX Descargas
[08/15/2008 06:06 AM | ---D | C] - C:\Documents and Settings\Propietario\Mis documentos\MAGIX_Screenshare
[08/15/2008 07:10 AM | ---D | C] - C:\Documents and Settings\Propietario\Mis documentos\Nueva carpeta
[08/15/2008 06:05 AM | 00,001,042 | ---- | C] () - C:\Documents and Settings\All Users\Escritorio\MAGIX Music Maker 2008 Producer Edition Trial.lnk
[08/27/2008 10:53 PM | 00,001,007 | ---- | C] () - C:\Documents and Settings\All Users\Escritorio\Nero Online Upgrade.lnk
[08/25/2008 12:44 AM | 00,000,925 | ---- | C] () - C:\Documents and Settings\Propietario\Menú Inicio\Programas\Inicio\OpenOffice.org 2.0.lnk
[08/15/2008 06:03 AM | ---D | C] - C:\Archivos de programa\MAGIX
[08/20/2008 01:40 PM | ---D | C] - C:\Archivos de programa\Spybot - Search & Destroy
[08/20/2008 01:49 AM | ---D | C] - C:\Archivos de programa\Trend Micro
[08/23/2008 03:23 AM | ---D | C] - C:\Archivos de programa\Kaspersky Lab
[08/23/2008 06:35 PM | ---D | C] - C:\Archivos de programa\BitTorrent Fastest Tool
[Files/Folders - Modified Within 30 days]
[08/05/2008 12:37 AM | 00,000,244 | -H-- | M] () - C:\sqmnoopt18.sqm
[08/05/2008 12:37 AM | 00,000,268 | -H-- | M] () - C:\sqmdata15.sqm
[08/20/2008 01:25 PM | ---D | M] - C:\Documents and Settings
[08/23/2008 06:35 PM | ---D | M] - C:\Archivos de programa
[08/26/2008 03:06 PM | 00,000,211 | -HS- | M] () - C:\boot.ini
[08/28/2008 10:21 AM | ---D | M] - C:\WINDOWS
[07/29/2008 08:20 PM | 00,024,774 | ---- | M] () - C:\WINDOWS\System32\drivers\klopp.dat
[08/23/2008 03:22 AM | 00,213,008 | ---- | M] (Kaspersky Lab) - C:\WINDOWS\System32\drivers\klif.sys
[08/23/2008 03:24 AM | 00,087,855 | ---- | M] () - C:\WINDOWS\System32\drivers\klick.dat
[08/23/2008 03:38 AM | 00,096,976 | ---- | M] () - C:\WINDOWS\System32\drivers\klin.dat
[08/27/2008 01:54 AM | 00,026,616 | -HS- | M] () - C:\WINDOWS\System32\drivers\fidbox.idx
[08/27/2008 01:54 AM | 03,268,640 | -HS- | M] () - C:\WINDOWS\System32\drivers\fidbox.dat
[08/28/2008 03:18 PM | 00,002,228 | -HS- | M] () - C:\WINDOWS\System32\drivers\fidbox2.idx
[08/28/2008 03:18 PM | 00,335,904 | -HS- | M] () - C:\WINDOWS\System32\drivers\fidbox2.dat
[1 C:\WINDOWS\System32\*.tmp files]
[07/29/2008 08:21 PM | 00,218,376 | ---- | M] (Kaspersky Lab) - C:\WINDOWS\System32\klogon.dll
[08/15/2008 06:06 AM | ---D | M] - C:\WINDOWS\System32\MAGIX
[08/23/2008 02:40 AM | 00,064,706 | ---- | M] () - C:\WINDOWS\System32\perfc009.dat
[08/23/2008 02:40 AM | 00,084,476 | ---- | M] () - C:\WINDOWS\System32\perfc00A.dat
[08/23/2008 02:40 AM | 00,409,566 | ---- | M] () - C:\WINDOWS\System32\perfh009.dat
[08/23/2008 02:40 AM | 00,473,274 | ---- | M] () - C:\WINDOWS\System32\perfh00A.dat
[08/23/2008 02:40 AM | 01,043,160 | ---- | M] () - C:\WINDOWS\System32\PerfStringBackup.INI
[08/23/2008 03:38 AM | ---D | M] - C:\WINDOWS\System32\drivers
[08/27/2008 01:17 PM | ---D | M] - C:\WINDOWS\System32\Lang
[08/27/2008 01:18 PM | 00,002,206 | ---- | M] () - C:\WINDOWS\System32\wpa.dbl
[08/28/2008 10:10 AM | RHSD | M] - C:\WINDOWS\System32\dllcache
[08/28/2008 11:05 AM | ---D | M] - C:\WINDOWS\System32\CatRoot
[08/28/2008 11:05 AM | ---D | M] - C:\WINDOWS\System32\CatRoot_bak
[08/28/2008 11:05 AM | ---D | M] - C:\WINDOWS\System32\CatRoot2
[5 C:\WINDOWS\*.tmp files]
[08/01/2008 10:45 AM | 00,001,409 | ---- | M] () - C:\WINDOWS\QTFont.for
[08/12/2008 05:48 PM | 00,000,067 | ---- | M] () - C:\WINDOWS\iltwain.ini
[08/15/2008 06:05 AM | 00,006,308 | ---- | M] () - C:\WINDOWS\mgxoschk.ini
[08/17/2008 09:19 PM | 00,001,374 | ---- | M] () - C:\WINDOWS\imsins.BAK
[08/17/2008 09:19 PM | -H-D | M] - C:\WINDOWS\$hf_mig$
[08/18/2008 12:16 PM | 00,000,028 | ---- | M] () - C:\WINDOWS\Robota.INI
[08/18/2008 12:27 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\BeatBox.INI
[08/18/2008 12:27 PM | 00,000,456 | ---- | M] () - C:\WINDOWS\musicmaker.INI
[08/23/2008 02:46 AM | --SD | M] - C:\WINDOWS\Downloaded Program Files
[08/23/2008 03:24 AM | -HSD | M] - C:\WINDOWS\Installer
[08/26/2008 03:06 PM | 00,000,227 | ---- | M] () - C:\WINDOWS\system.ini
[08/26/2008 03:06 PM | 00,000,799 | ---- | M] () - C:\WINDOWS\win.ini
[08/26/2008 03:06 PM | ---D | M] - C:\WINDOWS\pss
[08/26/2008 12:36 PM | ---D | M] - C:\WINDOWS\Minidump
[08/27/2008 01:17 PM | 00,002,048 | --S- | M] () - C:\WINDOWS\bootstat.dat
[08/27/2008 01:17 PM | 00,054,156 | -H-- | M] () - C:\WINDOWS\QTFont.qfn
[08/27/2008 01:18 PM | 00,000,005 | ---- | M] () - C:\WINDOWS\sdfixwcs.dll
[08/27/2008 01:18 PM | 00,000,007 | ---- | M] () - C:\WINDOWS\sdfinacs.dll
[08/27/2008 01:18 PM | 00,000,036 | ---- | M] () - C:\WINDOWS\rasqervy.dll
[08/27/2008 01:18 PM | 00,000,146 | ---- | M] () - C:\WINDOWS\wuasirvy.dll
[08/27/2008 01:18 PM | 00,018,944 | ---- | M] () - C:\WINDOWS\msacm32.drv
[08/28/2008 02:43 PM | 00,000,116 | ---- | M] () - C:\WINDOWS\NeroDigital.ini
[08/28/2008 03:08 PM | ---D | M] - C:\WINDOWS\system32
[08/28/2008 03:13 PM | ---D | M] - C:\WINDOWS\Temp
[08/28/2008 10:10 AM | ---D | M] - C:\WINDOWS\LastGood
[08/28/2008 10:11 AM | ---D | M] - C:\WINDOWS\Help
[08/28/2008 10:21 AM | ---D | M] - C:\WINDOWS\Debug
[08/28/2008 10:21 AM | ---D | M] - C:\WINDOWS\Prefetch
[08/28/2008 11:05 AM | -H-D | M] - C:\WINDOWS\inf
[08/26/2008 10:25 AM | 00,000,298 | ---- | M] () - C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[08/27/2008 01:17 PM | 00,000,006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT
[08/15/2008 06:05 AM | ---D | M] - C:\Documents and Settings\All Users\Datos de programa\MAGIX
[08/22/2008 07:40 PM | ---D | M] - C:\Documents and Settings\All Users\Datos de programa\AntiVir PersonalEdition Classic
[08/23/2008 03:17 AM | ---D | M] - C:\Documents and Settings\All Users\Datos de programa\Kaspersky Lab Setup Files
[08/23/2008 03:19 AM | ---D | M] - C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy
[08/26/2008 04:12 PM | ---D | M] - C:\Documents and Settings\All Users\Datos de programa\DVD Shrink
[08/27/2008 01:18 PM | ---D | M] - C:\Documents and Settings\All Users\Datos de programa\Kaspersky Lab
[08/15/2008 06:06 AM | ---D | M] - C:\Documents and Settings\Propietario\Datos de programa\MAGIX
[08/26/2008 02:14 AM | ---D | M] - C:\Documents and Settings\Propietario\Configuración local\Datos de programa\Microsoft
[08/28/2008 10:13 AM | 00,142,848 | ---- | M] () - C:\Documents and Settings\Propietario\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[08/26/2008 06:30 PM | 00,000,349 | ---- | M] () - C:\Documents and Settings\All Users\Documentos\PCLECHAL.INI
[08/02/2008 10:15 AM | ---D | M] - C:\Documents and Settings\Propietario\Mis documentos\Gerard
[08/10/2008 07:35 PM | ---D | M] - C:\Documents and Settings\Propietario\Mis documentos\MANEL
[08/12/2008 06:50 PM | --SD | M] - C:\Documents and Settings\Propietario\Mis documentos\Mis proyectos DPBook
[08/13/2008 09:00 PM | ---D | M] - C:\Documents and Settings\Propietario\Mis documentos\Mª jose
[08/14/2008 06:51 PM | R--D | M] - C:\Documents and Settings\Propietario\Mis documentos\Mis imágenes
[08/15/2008 06:06 AM | ---D | M] - C:\Documents and Settings\Propietario\Mis documentos\MAGIX Descargas
[08/15/2008 06:06 AM | ---D | M] - C:\Documents and Settings\Propietario\Mis documentos\MAGIX_MusicMaker2008PE_Version_para_descargar
[08/15/2008 06:06 AM | ---D | M] - C:\Documents and Settings\Propietario\Mis documentos\MAGIX_Screenshare
[08/15/2008 07:10 AM | ---D | M] - C:\Documents and Settings\Propietario\Mis documentos\Nueva carpeta
[08/17/2008 04:55 PM | ---D | M] - C:\Documents and Settings\Propietario\Mis documentos\Mis archivos recibidos
[08/26/2008 04:46 AM | ---D | M] - C:\Documents and Settings\Propietario\Mis documentos\Laura
[08/26/2008 05:29 PM | ---D | M] - C:\Documents and Settings\Propietario\Mis documentos\VolcatShrink
[08/28/2008 03:12 PM | ---D | M] - C:\Documents and Settings\Propietario\Mis documentos\Pirateo
[08/28/2008 10:02 AM | 00,000,595 | ---- | M] () - C:\Documents and Settings\Propietario\Mis documentos\Mis carpetas para compartir.lnk
[08/15/2008 06:05 AM | 00,001,042 | ---- | M] () - C:\Documents and Settings\All Users\Escritorio\MAGIX Music Maker 2008 Producer Edition Trial.lnk
[08/28/2008 02:42 PM | 00,001,007 | ---- | M] () - C:\Documents and Settings\All Users\Escritorio\Nero Online Upgrade.lnk
[08/19/2008 04:53 PM | 00,002,543 | ---- | M] () - C:\Documents and Settings\Propietario\Escritorio\Microsoft Office Excel 2003 (2).lnk
[08/20/2008 01:43 PM | ---D | M] - C:\Documents and Settings\Propietario\Escritorio\Seguretat
[08/23/2008 07:45 PM | 00,002,271 | ---- | M] () - C:\Documents and Settings\Propietario\Escritorio\Copia de PaperPort.lnk
[08/26/2008 01:59 AM | 00,002,565 | ---- | M] () - C:\Documents and Settings\Propietario\Escritorio\Microsoft Office Word 2003 (2).lnk
[08/27/2008 11:29 PM | 00,065,536 | ---- | M] () - C:\Documents and Settings\Propietario\Escritorio\PELICULES .xls
< End of report >

Thomas

Malware showing in parts there. Let's make some change and then start other repairs.


To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.


Download OTMoveIt2 by OldTimer to your desktop.

Then click OTMoveIt2.exe to run it (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator").

Copy the file path(s) below to the clipboard by highlighting ALL of them and pressing CTRL + C, or right-click and choose Copy):

[kill explorer]
C:\WINDOWS\sdfixwcs.dll
C:\WINDOWS\sdfinacs.dll
C:\WINDOWS\rasqervy.dll
C:\WINDOWS\wuasirvy.dll
[start explorer]

Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window and select Paste. Then click the red MoveIt! button. A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder, in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose "Yes".

---

Then you will want to print or have other access to a copy of the next steps, as some will be done without net access or in Safe Mode.


Download SDFix.exe and save it to your desktop.

Then disconnect from net access. If cable/dsl physically disconnect the modem cable, if dial-up disconnect the phone line. This will keep infection from reinstalling right now.

===================================================


Reboot into Safe Mode (at startup tap the F8 key and select Safe Mode).


In Safe Mode, click the SDFix.exe and allow it to extract to it's own folder (C:\SDFix). Navigate to that folder and double click RunThis.bat to start the script.

Next type Y to begin the script. Once the fix has run it will prompt you to restart your computer. Press any key to restart at this time. Your system will take longer that normal to restart as the fixtool will be running and removing files.

When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.

Then open the C:\SDFix folder and copy and paste the contents of the results file Report.txt back here.

=============================

After the reboot reconnect to net access and Download Malwarebytes' Anti-Malware from Here or Here.

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then.

============================

Post back those logs along with the OTMoveIt log and a new OTViewIt log. A lot of log posting so take your time.

frolma

Hi, one more time, here are the small log's list.

LoadLibrary failed for C:\WINDOWS\sdfixwcs.dll
C:\WINDOWS\sdfixwcs.dll NOT unregistered.
C:\WINDOWS\sdfixwcs.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\sdfinacs.dll
C:\WINDOWS\sdfinacs.dll NOT unregistered.
C:\WINDOWS\sdfinacs.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\rasqervy.dll
C:\WINDOWS\rasqervy.dll NOT unregistered.
C:\WINDOWS\rasqervy.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\wuasirvy.dll
C:\WINDOWS\wuasirvy.dll NOT unregistered.
C:\WINDOWS\wuasirvy.dll moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08302008_111150


OTViewIt (part one)
OTViewIt logfile created on: 30/08/2008 11:48:47 - Run 2
OTViewIt by OldTimer - Version 1.0.0.15 Folder = C:\Documents and Settings\Propietario\Mis documentos\Pirateo\Old Timer
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy

1014,42 Mb Total Physical Memory | 566,02 Mb Available Physical Memory | 55,80% Memory free
2,38 Gb Paging File | 2,03 Gb Available in Paging File | 85,38% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 74,53 Gb Total Space | 25,19 Gb Free Space | 33,80% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ORGANIZA-6EEEB6
Current User Name: Propietario
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
===== Processes - Non-Microsoft Only =====
[06/03/2005 02:25 AM | 00,086,016 | ---- | M] (Intel Corporation) - C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe
[06/03/2005 02:28 AM | 00,372,809 | ---- | M] (Intel Corporation ) - C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe
[04/12/2002 01:00 AM | 00,057,344 | ---- | M] (brother Industries Ltd) - C:\WINDOWS\system32\brsvc01a.exe
[12/13/2001 01:01 AM | 00,045,056 | ---- | M] (brother Industries Ltd) - C:\WINDOWS\system32\brss01a.exe
[06/28/2007 04:06 AM | 00,106,496 | ---- | M] (Apple, Inc.) - C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[07/29/2008 08:20 PM | 00,206,088 | ---- | M] (Kaspersky Lab) - C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
[05/31/2005 11:50 PM | 00,098,304 | ---- | M] (Intel Corporation) - C:\Archivos de programa\Intel\Wireless\Bin\OProtSvc.exe
[06/03/2005 02:25 AM | 00,139,264 | ---- | M] (Intel Corporation) - C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe
[05/31/2005 11:46 PM | 00,401,408 | ---- | M] (Intel Corporation) - C:\Archivos de programa\Intel\Wireless\Bin\ZCfgSvc.exe
[06/03/2005 02:26 AM | 00,245,760 | ---- | M] (Intel) - C:\Archivos de programa\Intel\Wireless\Bin\1XConfig.exe
[07/05/2005 10:47 PM | 00,544,768 | R--- | M] (Motorola Inc.) - C:\WINDOWS\sm56hlpr.exe
[08/08/2005 11:13 AM | 00,163,840 | ---- | M] () - C:\Archivos de programa\Power Manager\PM.exe
[06/03/2005 02:31 AM | 00,385,024 | ---- | M] (Intel Corporation) - C:\Archivos de programa\Intel\Wireless\Bin\iFrmewrk.exe
[05/31/2005 11:50 PM | 00,356,352 | ---- | M] (Intel Corporation) - C:\Archivos de programa\Intel\Wireless\Bin\EOUWiz.exe
[03/18/2005 11:52 AM | 00,057,393 | ---- | M] (ScanSoft, Inc.) - C:\Archivos de programa\ScanSoft\PaperPort\pptd40nt.exe
[05/17/2005 06:42 PM | 00,933,888 | ---- | M] (Brother Industries, Ltd.) - C:\Archivos de programa\Brother\ControlCenter2\brctrcen.exe
[01/13/2007 10:47 AM | 00,163,840 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\hkcmd.exe
[01/13/2007 10:46 AM | 00,135,168 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\igfxpers.exe
[07/29/2008 08:20 PM | 00,206,088 | ---- | M] (Kaspersky Lab) - C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
===== Win32 Services - Non-Microsoft Only =====
(Apple Mobile Device) Apple Mobile Device [Auto | Running]
[06/28/2007 04:06 AM | 00,106,496 | ---- | M] (Apple, Inc.) - C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
(Autodesk Licensing Service) Autodesk Licensing Service [On_Demand | Stopped]
[01/23/2007 10:00 PM | 00,077,944 | ---- | M] (Autodesk) - C:\Archivos de programa\Archivos comunes\Autodesk Shared\Service\AdskScSrv.exe
(AVP) Kaspersky Anti-Virus [Auto | Running]
[07/29/2008 08:20 PM | 00,206,088 | ---- | M] (Kaspersky Lab) - C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
(Brother XP spl Service) BrSplService [Auto | Running]
[04/12/2002 01:00 AM | 00,057,344 | ---- | M] (brother Industries Ltd) - C:\WINDOWS\system32\brsvc01a.exe
(dmadmin) Servicio del administrador de discos lógicos [On_Demand | Stopped]
[03/02/2006 02:00 PM | 00,225,792 | ---- | M] (Microsoft Corp., VERITAS Software) - C:\WINDOWS\system32\dmadmin.exe
(EvtEng) EvtEng [Auto | Running]
[06/03/2005 02:25 AM | 00,086,016 | ---- | M] (Intel Corporation) - C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe
(FirebirdServerMAGIXInstance) Firebird Server - MAGIX Instance [On_Demand | Stopped]
[11/17/2005 03:18 PM | 01,527,900 | ---- | M] (MAGIX®) - C:\Archivos de programa\MAGIX\Common\Database\bin\fbserver.exe
(OwnershipProtocol) OwnershipProtocol [Auto | Running]
[05/31/2005 11:50 PM | 00,098,304 | ---- | M] (Intel Corporation) - C:\Archivos de programa\Intel\Wireless\Bin\OProtSvc.exe
(RegSrvc) RegSrvc [Auto | Running]
[06/03/2005 02:25 AM | 00,139,264 | ---- | M] (Intel Corporation) - C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe
(S24EventMonitor) Spectrum24 Event Monitor [Auto | Running]
[06/03/2005 02:28 AM | 00,372,809 | ---- | M] (Intel Corporation ) - C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe
===== Driver Services - Non-Microsoft Only =====
(BrScnUsb) Brother USB Still Image driver [On_Demand | Running]
[10/15/2004 01:50 PM | 00,015,295 | ---- | M] (Brother Industries Ltd.) - C:\WINDOWS\system32\drivers\BrScnUsb.sys
(EKBfltr) ENE Keyboard Controller [On_Demand | Running]
[01/14/2005 11:22 AM | 00,005,504 | R--- | M] (EnE Technology Inc.) - C:\WINDOWS\system32\drivers\EKBfltr.sys
(ialm) ialm [On_Demand | Running]
[01/13/2007 11:33 AM | 05,672,032 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\igxpmp32.sys
(Iviaspi) IVI ASPI Shell [On_Demand | Running]
[09/20/2005 05:27 PM | 00,010,368 | ---- | M] (InterVideo, Inc.) - C:\WINDOWS\system32\drivers\iviaspi.sys
(IWCA) Intel Wireless Connection Agent Miniport for Win XP [On_Demand | Running]
[08/12/2004 09:44 AM | 00,234,496 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\iwca.sys
(kl1) kl1 [Boot | Running]
[07/21/2008 06:34 PM | 00,121,872 | ---- | M] (Kaspersky Lab) - C:\WINDOWS\system32\drivers\kl1.sys
(klbg) Kaspersky Lab Boot Guard Driver [Boot | Running]
[01/29/2008 06:29 PM | 00,032,784 | ---- | M] (Kaspersky Lab) - C:\WINDOWS\system32\drivers\klbg.sys
(KLIF) Kaspersky Lab Driver [System | Running]
[08/23/2008 03:22 AM | 00,213,008 | ---- | M] (Kaspersky Lab) - C:\WINDOWS\system32\drivers\klif.sys
(klim5) Kaspersky Anti-Virus NDIS Filter [On_Demand | Running]
[04/30/2008 06:06 PM | 00,024,592 | ---- | M] (Kaspersky Lab) - C:\WINDOWS\system32\drivers\klim5.sys
(pcouffin) VSO Software pcouffin [On_Demand | Stopped]
[05/30/2008 06:30 PM | 00,047,360 | ---- | M] (VSO Software) - C:\WINDOWS\system32\drivers\pcouffin.sys
(s24trans) Transporte WLAN [Auto | Running]
[05/03/2005 08:03 AM | 00,011,354 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\s24trans.sys
(smserial) smserial [On_Demand | Running]
[07/05/2005 10:54 PM | 00,840,100 | R--- | M] (Motorola Inc.) - C:\WINDOWS\system32\drivers\smserial.sys
(tifm21) tifm21 [On_Demand | Running]
[06/03/2005 11:50 PM | 00,162,176 | ---- | M] (Texas Instruments) - C:\WINDOWS\system32\drivers\tifm21.sys
(WINIO) WINIO [On_Demand | Running]
[03/02/2002 12:21 AM | 00,004,944 | ---- | M] () - C:\Archivos de programa\Power Manager\WinIo.sys
===== Run Keys =====
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Alcmtr" = ALCMTR.EXE [05/03/2005 12:43 PM | 00,069,632 | ---- | M] (Realtek Semiconductor Corp.)
"AVP" = "C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [07/29/2008 08:20 PM | 00,206,088 | ---- | M] (Kaspersky Lab)
"ControlCenter2.0" = C:\Archivos de programa\Brother\ControlCenter2\brctrcen.exe /autorun [05/17/2005 06:42 PM | 00,933,888 | ---- | M] (Brother Industries, Ltd.)
"EOUApp" = C:\Archivos de programa\Intel\Wireless\Bin\EOUWiz.exe [05/31/2005 11:50 PM | 00,356,352 | ---- | M] (Intel Corporation)
"High Definition Audio Property Page Shortcut" = HDAShCut.exe [01/07/2005 06:07 PM | 00,061,952 | ---- | M] (Windows (R) Server 2003 DDK provider)
"HotKeysCmds" = C:\WINDOWS\system32\hkcmd.exe [01/13/2007 10:47 AM | 00,163,840 | ---- | M] (Intel Corporation)
"IgfxTray" = C:\WINDOWS\system32\igfxtray.exe [01/13/2007 10:47 AM | 00,131,072 | ---- | M] (Intel Corporation)
"IndexSearch" = C:\Archivos de programa\ScanSoft\PaperPort\IndexSearch.exe [03/18/2005 12:04 PM | 00,040,960 | ---- | M] (ScanSoft, Inc.)
"IntelWireless" = C:\Archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless [06/03/2005 02:31 AM | 00,385,024 | ---- | M] (Intel Corporation)
"IntelZeroConfig" = C:\Archivos de programa\Intel\Wireless\bin\ZCfgSvc.exe [05/31/2005 11:46 PM | 00,401,408 | ---- | M] (Intel Corporation)
"iTunesHelper" = "C:\Archivos de programa\iTunes\iTunesHelper.exe" [06/28/2007 09:14 AM | 00,270,648 | ---- | M] (Apple Inc.)
"NeroFilterCheck" = C:\WINDOWS\system32\NeroCheck.exe [07/09/2001 11:50 AM | 00,155,648 | ---- | M] (Ahead Software Gmbh)
"PaperPort PTD" = C:\Archivos de programa\ScanSoft\PaperPort\pptd40nt.exe [03/18/2005 11:52 AM | 00,057,393 | ---- | M] (ScanSoft, Inc.)
"Persistence" = C:\WINDOWS\system32\igfxpers.exe [01/13/2007 10:46 AM | 00,135,168 | ---- | M] (Intel Corporation)
"PowerDVD" = C:\Archivos de programa\CyberLink\PowerDVD\PowerDVD.exe /autostart [06/13/2002 06:08 PM | 00,389,120 | ---- | M] (CyberLink Corp.)
"PowerManager" = C:\Archivos de programa\Power Manager\PM.exe [08/08/2005 11:13 AM | 00,163,840 | ---- | M] ()
"QuickTime Task" = "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime [04/27/2007 09:41 AM | 00,282,624 | ---- | M] (Apple Inc.)
"RTHDCPL" = RTHDCPL.EXE [06/08/2005 08:42 AM | 14,565,376 | ---- | M] (Realtek Semiconductor Corp.)
"SetDefPrt" = C:\Archivos de programa\Brother\Brmfl05a\BrStDvPt.exe [01/26/2005 07:02 PM | 00,049,152 | ---- | M] (Brother Industories, Ltd.)
"SMSERIAL" = sm56hlpr.exe [07/05/2005 10:47 PM | 00,544,768 | R--- | M] (Motorola Inc.)
"SSBkgdUpdate" = "C:\Archivos de programa\Archivos comunes\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot [10/14/2003 11:22 AM | 00,155,648 | R--- | M] (Scansoft, Inc.)
"SunJavaUpdateSched" = "C:\Archivos de programa\Java\jre1.5.0_09\bin\jusched.exe" [10/12/2006 04:10 AM | 00,049,263 | ---- | M] (Sun Microsystems, Inc.)
"Telefonica" = "C:\Archivos de programa\Telefonica\bin\sprtcmd.exe" /P Telefonica [10/06/2005 05:44 PM | 00,192,512 | ---- | M] (SupportSoft, Inc.)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchList" = C:\Archivos de programa\Pinnacle\Studio 11\LaunchList2.exe [03/21/2007 04:41 PM | 00,145,496 | ---- | M] (Pinnacle Systems)
"NBJ" = "C:\Archivos de programa\Ahead\Nero BackItUp\NBJ.exe" [10/11/2005 07:25 PM | 01,961,984 | ---- | M] (Ahead Software AG)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.
[HKEY_USERS\S-1-5-21-343818398-884357618-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchList" = C:\Archivos de programa\Pinnacle\Studio 11\LaunchList2.exe [03/21/2007 04:41 PM | 00,145,496 | ---- | M] (Pinnacle Systems)
"NBJ" = "C:\Archivos de programa\Ahead\Nero BackItUp\NBJ.exe" [10/11/2005 07:25 PM | 01,961,984 | ---- | M] (Ahead Software AG)
[HKEY_USERS\S-1-5-21-343818398-884357618-839522115-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.
===== Startup Folders =====
[Administrador Startup Folder - C:\Documents and Settings\Administrador\Menú Inicio\Programas\Inicio]
[All Users Startup Folder - C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio]
[03/05/2006 03:43 PM | 00,011,000 | ---- | M] (Autodesk, Inc) - C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Acelerador de inicio de AutoCAD.lnk = C:\Archivos de programa\Archivos comunes\Autodesk Shared\acstart17.exe
[09/23/2005 11:05 PM | 00,029,696 | ---- | M] (Adobe Systems Incorporated) - C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Inicio rápido de Adobe Reader.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[04/23/2005 08:12 PM | 00,802,816 | ---- | M] (Brother Industries, Ltd.) - C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Monitor de estado.lnk = C:\Archivos de programa\Brother\Brmfcmon\BrMfcWnd.exe
[Default User Startup Folder - C:\Documents and Settings\Default User\Menú Inicio\Programas\Inicio]
[Propietario Startup Folder - C:\Documents and Settings\Propietario\Menú Inicio\Programas\Inicio]
===== BHO's =====
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
HKLM CLSID: (Adobe PDF Reader Link Helper) - [01/12/2006 09:38 PM | 00,063,128 | ---- | M] (Adobe Systems Incorporated) C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
HKLM CLSID: (IEVkbdBHO Class) - [07/29/2008 08:21 PM | 00,062,728 | ---- | M] (Kaspersky Lab) C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
HKLM CLSID: (SSVHelper Class) - [10/12/2006 04:25 AM | 00,434,279 | ---- | M] (Sun Microsystems, Inc.) C:\Archivos de programa\Java\jre1.5.0_09\bin\ssv.dll
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.
===== Toolbars =====
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
HKLM CLSID: (Yahoo! Toolbar) - File not found Reg Error: Key does not exist or could not be opened.
[HKEY_USERS\S-1-5-21-343818398-884357618-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
HKLM CLSID: (Yahoo! Toolbar) - File not found Reg Error: Key does not exist or could not be opened.
===== Policies =====
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!

[HKEY_USERS\S-1-5-21-343818398-884357618-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145
[HKEY_USERS\S-1-5-21-343818398-884357618-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
===== Desktop Components =====
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"FriendlyName" = ""
"Source" = "[URL]file:///C:/DOCUME~1/PROPIE~1/CONFIG~1/Temp/msohtml1/01/clip_image002.jpg[/URL]"
"SubscribedURL" = "[URL]file:///C:/DOCUME~1/PROPIE~1/CONFIG~1/Temp/msohtml1/01/clip_image002.jpg[/URL]"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"FriendlyName" = "Mi página de inicio actual"
"Source" = "About:Home"
"SubscribedURL" = "About:Home"
===== Shared Task Scheduler =====
===== AppInit_Dlls =====
===== Lsa Authentication Packages =====
===== Lsa Security Packages =====
===== Authorized Applications List =====
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [03/02/2006 02:00 PM | 00,142,848 | ---- | M] (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [10/10/2006 02:44 PM | 00,557,568 | ---- | M] (Microsoft Corporation)
"C:\Archivos de programa\MSN Messenger\msncall.exe" = C:\Archivos de programa\MSN Messenger\msncall.exe File not found
"C:\Archivos de programa\MSN Messenger\msnmsgr.exe" = C:\Archivos de programa\MSN Messenger\msnmsgr.exe [01/19/2007 12:55 PM | 05,674,352 | ---- | M] (Microsoft Corporation)
"C:\Archivos de programa\MSN Messenger\livecall.exe" = C:\Archivos de programa\MSN Messenger\livecall.exe [01/04/2007 04:10 PM | 00,297,752 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [03/02/2006 02:00 PM | 00,142,848 | ---- | M] (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [10/10/2006 02:44 PM | 00,557,568 | ---- | M] (Microsoft Corporation)
"C:\Archivos de programa\MSN Messenger\msncall.exe" = C:\Archivos de programa\MSN Messenger\msncall.exe File not found
"C:\Archivos de programa\iTunes\iTunes.exe" = C:\Archivos de programa\iTunes\iTunes.exe [06/28/2007 09:14 AM | 15,330,616 | ---- | M] (Apple Inc.)
"C:\Archivos de programa\Telefonica\AsistCfg71\awcbrwsr.exe" = C:\Archivos de programa\Telefonica\AsistCfg71\awcbrwsr.exe [03/29/2007 01:00 AM | 00,053,248 | ---- | M] ()
"C:\Archivos de programa\Microsoft Office\OFFICE11\OUTLOOK.EXE" = C:\Archivos de programa\Microsoft Office\OFFICE11\OUTLOOK.EXE [07/15/2003 06:45 AM | 00,196,152 | ---- | M] (Microsoft Corporation)
"C:\Documents and Settings\Propietario\Configuración local\Temp\Rar$EX01.766\eMule0.48a\emule.exe" = C:\Documents and Settings\Propietario\Configuración local\Temp\Rar$EX01.766\eMule0.48a\emule.exe File not found
"C:\Archivos de programa\eMule\emule.exe" = C:\Archivos de programa\eMule\emule.exe [05/13/2007 04:57 PM | 05,308,416 | ---- | M] (http://www.emule-project.net)
"C:\Archivos de programa\Kazaa Lite K++\KazaaLite.kpp" = C:\Archivos de programa\Kazaa Lite K++\KazaaLite.kpp File not found
"C:\Archivos de programa\MSN Messenger\msnmsgr.exe" = C:\Archivos de programa\MSN Messenger\msnmsgr.exe [01/19/2007 12:55 PM | 05,674,352 | ---- | M] (Microsoft Corporation)
"C:\Archivos de programa\MSN Messenger\livecall.exe" = C:\Archivos de programa\MSN Messenger\livecall.exe [01/04/2007 04:10 PM | 00,297,752 | ---- | M] (Microsoft Corporation)
"C:\Archivos de programa\Messenger\msmsgs.exe" = C:\Archivos de programa\Messenger\msmsgs.exe [10/13/2004 06:24 PM | 01,694,208 | ---- | M] (Microsoft Corporation)
"C:\Archivos de programa\Pinnacle\Studio 11\programs\RM.exe" = C:\Archivos de programa\Pinnacle\Studio 11\programs\RM.exe [04/06/2007 02:17 PM | 00,073,728 | ---- | M] (Pinnacle Systems)
"C:\Archivos de programa\Pinnacle\Studio 11\programs\Studio.exe" = C:\Archivos de programa\Pinnacle\Studio 11\programs\Studio.exe [04/06/2007 02:40 PM | 05,505,024 | ---- | M] (Pinnacle Systems)
"C:\Archivos de programa\Pinnacle\Studio 11\programs\PMSRegisterFile.exe" = C:\Archivos de programa\Pinnacle\Studio 11\programs\PMSRegisterFile.exe [11/21/2006 06:05 AM | 00,024,576 | ---- | M] ( )
"C:\Archivos de programa\Pinnacle\Studio 11\programs\umi.exe" = C:\Archivos de programa\Pinnacle\Studio 11\programs\umi.exe [04/06/2007 02:16 PM | 00,081,920 | ---- | M] (Pinnacle Systems)
"C:\Archivos de programa\Internet Explorer\iexplore.exe" = C:\Archivos de programa\Internet Explorer\iexplore.exe [06/23/2008 11:20 AM | 00,625,664 | ---- | M] (Microsoft Corporation)
"C:\WINDOWS\Explorer.EXE" = C:\WINDOWS\explorer.exe [06/13/2007 03:22 PM | 01,035,776 | ---- | M] (Microsoft Corporation)
===== HKLM Winlogon Settings =====
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
"Explorer.exe" - [06/13/2007 03:22 PM | 01,035,776 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
"C:\WINDOWS\system32\userinit.exe" - [03/02/2006 02:00 PM | 00,025,088 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
"logonui.exe" - [03/02/2006 02:00 PM | 00,515,584 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
"rundll32 shell32" - [10/25/2007 06:43 PM | 08,502,272 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
"Control_RunDLL "sysdm.cpl"" - [03/02/2006 02:00 PM | 00,302,592 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl
===== User's Winlogon Settings =====
===== Winlogon Notify Settings =====
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
"DllName" = C:\WINDOWS\system32\igfxdev.dll [01/13/2007 10:46 AM | 00,204,800 | ---- | M] (Intel Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IntelWireless]
"DllName" = C:\Archivos de programa\Intel\Wireless\Bin\LgNotify.dll [05/31/2005 11:46 PM | 00,110,592 | ---- | M] (Intel Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
"DllName" = C:\WINDOWS\system32\klogon.dll [07/29/2008 08:21 PM | 00,218,376 | ---- | M] (Kaspersky Lab)
===== Safeboot Options =====
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe
===== Disabled MsConfig Items =====
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^ WinCinema Manager.lnk]
"path" = C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\ WinCinema Manager.lnk File not found
"backup" = C:\WINDOWS\pss\ WinCinema Manager.lnk File not found
"location" = Common Startup
"command" = C:\Archivos de programa\Sandisk\Common\Bin\WinCinemaMgr.exe [09/26/2006 02:29 PM | 00,303,104 | ---- | M] (InterVideo Inc.)
"item" = WinCinema Manager
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Propietario^Menú Inicio^Programas^Inicio^OpenOffice.org 2.0.lnk]
"path" = C:\Documents and Settings\Propietario\Menú Inicio\Programas\Inicio\OpenOffice.org 2.0.lnk File not found
"backup" = C:\WINDOWS\pss\OpenOffice.org File not found
"location" = Startup
"command" = C:\Archivos de programa\OpenOffice.org 2.0\program\quickstart.exe File not found
"item" = OpenOffice.org 2.0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
"system.ini" = 0
"win.ini" = 0
"bootini" = 0
"services" = 0
"startup" = 2
===== DNS Name Servers =====
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{472F2256-6B58-4784-9CD8-32BD2E21A4F7}]
Servers: | Description: Intel(R) PRO/Wireless 2200BG Network Connection
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{59B3C720-E9B0-45FE-B97C-2BD8CCDC2EB2}]
Servers: 80.58.61.254,80.58.61.250 | Description: Broadcom 440x 10/100 Integrated Controller
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{A5175BD6-662B-46EA-A446-EECCE2055DAC}]
Servers: 80.58.61.254,80.58.61.250 | Description: Adaptador de red 1394
===== CDRom AutoRun Settings =====
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1
===== Autorun Files on Drives =====
AUTOEXEC.BAT [SET PATH=C:\Archivos de programa\Pinnacle\Shared Files;C:\Archivos de programa\Pinnacle\Shared Files\Filter | ]
[03/23/2008 11:37 PM | 00,000,109 | ---- | M] () C:\AUTOEXEC.BAT [ NTFS ]
===== MountPoints2 =====
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{008e5a07-940e-11db-b04b-00166f4e7cbd}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{008e5a07-940e-11db-b04b-00166f4e7cbd}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 06:43 PM | 08,502,272 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{008e5a07-940e-11db-b04b-00166f4e7cbd}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{04b59145-89f5-11db-b046-00166f4e7cbd}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{04b59145-89f5-11db-b046-00166f4e7cbd}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 06:43 PM | 08,502,272 | ---- | M] (Microsoft Corporation)

frolma

OTViewIt (part two)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{04b59145-89f5-11db-b046-00166f4e7cbd}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{187aefec-943d-11db-b051-00166f4e7cbd}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{187aefec-943d-11db-b051-00166f4e7cbd}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 06:43 PM | 08,502,272 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{187aefec-943d-11db-b051-00166f4e7cbd}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b3388ea-eecb-11dc-b2d4-00166f4e7cbd}\Shell]
"" = Open
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b3388ea-eecb-11dc-b2d4-00166f4e7cbd}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 06:43 PM | 08,502,272 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b3388ea-eecb-11dc-b2d4-00166f4e7cbd}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b3388ea-eecb-11dc-b2d4-00166f4e7cbd}\Shell\AutoRun]
"Extended" =
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b3388ea-eecb-11dc-b2d4-00166f4e7cbd}\Shell\AutoRun\command]
"" = dh66ln.cmd
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b3388ea-eecb-11dc-b2d4-00166f4e7cbd}\Shell\explore]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b3388ea-eecb-11dc-b2d4-00166f4e7cbd}\Shell\explore\Command]
"" = dh66ln.cmd
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b3388ea-eecb-11dc-b2d4-00166f4e7cbd}\Shell\open]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b3388ea-eecb-11dc-b2d4-00166f4e7cbd}\Shell\open\Command]
"" = dh66ln.cmd
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b3388ea-eecb-11dc-b2d4-00166f4e7cbd}\Shell\open\Default]
"" = 1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{208331b2-dd63-11db-b10e-00166f4e7cbd}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{208331b2-dd63-11db-b10e-00166f4e7cbd}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 06:43 PM | 08,502,272 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{208331b2-dd63-11db-b10e-00166f4e7cbd}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24dbd769-2e6a-11dd-b316-00166f4e7cbd}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24dbd769-2e6a-11dd-b316-00166f4e7cbd}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 06:43 PM | 08,502,272 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24dbd769-2e6a-11dd-b316-00166f4e7cbd}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2589628e-1783-11dc-b168-00166f4e7cbd}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2589628e-1783-11dc-b168-00166f4e7cbd}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 06:43 PM | 08,502,272 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2589628e-1783-11dc-b168-00166f4e7cbd}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2589628f-1783-11dc-b168-00166f4e7cbd}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2589628f-1783-11dc-b168-00166f4e7cbd}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 06:43 PM | 08,502,272 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2589628f-1783-11dc-b168-00166f4e7cbd}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{32cbf123-2734-11dc-b18d-00166f4e7cbd}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{32cbf123-2734-11dc-b18d-00166f4e7cbd}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 06:43 PM | 08,502,272 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{32cbf123-2734-11dc-b18d-00166f4e7cbd}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3f836d6e-89fa-11db-b047-00166f4e7cbd}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3f836d6e-89fa-11db-b047-00166f4e7cbd}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 06:43 PM | 08,502,272 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3f836d6e-89fa-11db-b047-00166f4e7cbd}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{481da3ed-f9ab-11db-b135-00166f4e7cbd}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{481da3ed-f9ab-11db-b135-00166f4e7cbd}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 06:43 PM | 08,502,272 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{481da3ed-f9ab-11db-b135-00166f4e7cbd}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8043784d-aef5-11db-b0b6-00166f4e7cbd}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8043784d-aef5-11db-b0b6-00166f4e7cbd}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 06:43 PM | 08,502,272 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8043784d-aef5-11db-b0b6-00166f4e7cbd}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bd9687c-388a-11dd-b317-00166f4e7cbd}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bd9687c-388a-11dd-b317-00166f4e7cbd}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 06:43 PM | 08,502,272 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bd9687c-388a-11dd-b317-00166f4e7cbd}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91541350-a907-11dc-b29f-00166f4e7cbd}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91541350-a907-11dc-b29f-00166f4e7cbd}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 06:43 PM | 08,502,272 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91541350-a907-11dc-b29f-00166f4e7cbd}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f7c12ec-4c2e-11dc-b1db-00166f4e7cbd}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f7c12ec-4c2e-11dc-b1db-00166f4e7cbd}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 06:43 PM | 08,502,272 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f7c12ec-4c2e-11dc-b1db-00166f4e7cbd}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a22665ff-1687-11dc-b165-00166f4e7cbd}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a22665ff-1687-11dc-b165-00166f4e7cbd}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 06:43 PM | 08,502,272 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a22665ff-1687-11dc-b165-00166f4e7cbd}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{caa0508c-9761-11db-b064-00166f4e7cbd}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{caa0508c-9761-11db-b064-00166f4e7cbd}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 06:43 PM | 08,502,272 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{caa0508c-9761-11db-b064-00166f4e7cbd}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d144cc08-3f8e-11dc-b1b8-00166f4e7cbd}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d144cc08-3f8e-11dc-b1b8-00166f4e7cbd}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 06:43 PM | 08,502,272 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d144cc08-3f8e-11dc-b1b8-00166f4e7cbd}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de387366-846f-11dc-b283-00166f4e7cbd}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de387366-846f-11dc-b283-00166f4e7cbd}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 06:43 PM | 08,502,272 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de387366-846f-11dc-b283-00166f4e7cbd}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de38736a-846f-11dc-b283-00166f4e7cbd}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de38736a-846f-11dc-b283-00166f4e7cbd}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 06:43 PM | 08,502,272 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de38736a-846f-11dc-b283-00166f4e7cbd}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0edb6da-d8bb-11db-b105-00166f4e7cbd}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0edb6da-d8bb-11db-b105-00166f4e7cbd}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 06:43 PM | 08,502,272 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0edb6da-d8bb-11db-b105-00166f4e7cbd}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f215f2e8-4085-11dc-b1ba-00166f4e7cbd}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f215f2e8-4085-11dc-b1ba-00166f4e7cbd}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 06:43 PM | 08,502,272 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f215f2e8-4085-11dc-b1ba-00166f4e7cbd}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f52782d4-5c99-11dc-b21e-00166f4e7cbd}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f52782d4-5c99-11dc-b21e-00166f4e7cbd}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 06:43 PM | 08,502,272 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f52782d4-5c99-11dc-b21e-00166f4e7cbd}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7437be1-6f70-11dc-b25e-00166f4e7cbd}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7437be1-6f70-11dc-b25e-00166f4e7cbd}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 06:43 PM | 08,502,272 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7437be1-6f70-11dc-b25e-00166f4e7cbd}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}
===== Hosts File =====
HOSTS File = (792 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

[Files/Folders - Created Within 30 days]
[08/30/2008 11:11 AM | ---D | C] - C:\_OTMoveIt
[08/30/2008 11:18 AM | ---D | C] - C:\SDFix
[08/23/2008 03:22 AM | 00,213,008 | ---- | C] (Kaspersky Lab) - C:\WINDOWS\System32\drivers\klif.sys
[08/23/2008 03:23 AM | 00,002,564 | -HS- | C] () - C:\WINDOWS\System32\drivers\fidbox2.idx
[08/23/2008 03:23 AM | 00,026,616 | -HS- | C] () - C:\WINDOWS\System32\drivers\fidbox.idx
[08/23/2008 03:23 AM | 00,434,208 | -HS- | C] () - C:\WINDOWS\System32\drivers\fidbox2.dat
[08/23/2008 03:23 AM | 03,268,640 | -HS- | C] () - C:\WINDOWS\System32\drivers\fidbox.dat
[08/23/2008 03:24 AM | 00,087,855 | ---- | C] () - C:\WINDOWS\System32\drivers\klick.dat
[08/23/2008 03:24 AM | 00,096,976 | ---- | C] () - C:\WINDOWS\System32\drivers\klin.dat
[1 C:\WINDOWS\System32\*.tmp files]
[08/15/2008 06:03 AM | 00,120,200 | ---- | C] () - C:\WINDOWS\System32\DLLDEV32i.dll
[08/15/2008 06:05 AM | 00,053,248 | ---- | C] () - C:\WINDOWS\System32\mgxasio2.dll
[08/15/2008 06:05 AM | 00,430,080 | ---- | C] (MAGIX AG) - C:\WINDOWS\System32\MXRestore.exe
[08/28/2008 07:14 PM | 00,000,290 | ---- | C] () - C:\WINDOWS\System32\112.CPX
[08/28/2008 07:14 PM | 00,000,422 | ---- | C] () - C:\WINDOWS\System32\121.CPX
[08/28/2008 10:21 AM | ---D | C] - C:\WINDOWS\System32\CatRoot_bak
[5 C:\WINDOWS\*.tmp files]
[08/01/2008 10:45 AM | 00,001,409 | ---- | C] () - C:\WINDOWS\QTFont.for
[08/01/2008 10:45 AM | 00,054,156 | -H-- | C] () - C:\WINDOWS\QTFont.qfn
[08/15/2008 06:06 AM | 00,000,028 | ---- | C] () - C:\WINDOWS\Robota.INI
[08/30/2008 11:19 AM | ---D | C] - C:\WINDOWS\ERUNT
[08/15/2008 06:03 AM | ---D | C] - C:\Documents and Settings\All Users\Datos de programa\MAGIX
[08/20/2008 01:40 PM | ---D | C] - C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy
[08/23/2008 03:17 AM | ---D | C] - C:\Documents and Settings\All Users\Datos de programa\Kaspersky Lab Setup Files
[08/23/2008 03:23 AM | ---D | C] - C:\Documents and Settings\All Users\Datos de programa\Kaspersky Lab
[08/30/2008 11:37 AM | ---D | C] - C:\Documents and Settings\All Users\Datos de programa\Malwarebytes
[08/15/2008 06:06 AM | ---D | C] - C:\Documents and Settings\Propietario\Datos de programa\MAGIX
[08/30/2008 11:37 AM | ---D | C] - C:\Documents and Settings\Propietario\Datos de programa\Malwarebytes
[08/15/2008 06:04 AM | ---D | C] - C:\Documents and Settings\Propietario\Mis documentos\MAGIX_MusicMaker2008PE_Version_para_descargar
[08/15/2008 06:06 AM | ---D | C] - C:\Documents and Settings\Propietario\Mis documentos\MAGIX Descargas
[08/15/2008 06:06 AM | ---D | C] - C:\Documents and Settings\Propietario\Mis documentos\MAGIX_Screenshare
[08/30/2008 11:46 AM | ---D | C] - C:\Documents and Settings\Propietario\Mis documentos\LOGS
[08/29/2008 04:00 PM | 00,001,007 | ---- | C] () - C:\Documents and Settings\All Users\Escritorio\Nero Online Upgrade.lnk
[08/30/2008 11:37 AM | 00,000,731 | ---- | C] () - C:\Documents and Settings\All Users\Escritorio\Malwarebytes' Anti-Malware.lnk
[08/15/2008 06:03 AM | ---D | C] - C:\Archivos de programa\MAGIX
[08/20/2008 01:40 PM | ---D | C] - C:\Archivos de programa\Spybot - Search & Destroy
[08/20/2008 01:49 AM | ---D | C] - C:\Archivos de programa\Trend Micro
[08/23/2008 03:23 AM | ---D | C] - C:\Archivos de programa\Kaspersky Lab
[08/23/2008 06:35 PM | ---D | C] - C:\Archivos de programa\BitTorrent Fastest Tool
[08/30/2008 11:37 AM | ---D | C] - C:\Archivos de programa\Malwarebytes' Anti-Malware
[Files/Folders - Modified Within 30 days]
[08/05/2008 12:37 AM | 00,000,244 | -H-- | M] () - C:\sqmnoopt18.sqm
[08/05/2008 12:37 AM | 00,000,268 | -H-- | M] () - C:\sqmdata15.sqm
[08/20/2008 01:25 PM | ---D | M] - C:\Documents and Settings
[08/28/2008 07:54 PM | 00,000,211 | -HS- | M] () - C:\boot.ini
[08/30/2008 11:11 AM | ---D | M] - C:\_OTMoveIt
[08/30/2008 11:29 AM | ---D | M] - C:\SDFix
[08/30/2008 11:37 AM | ---D | M] - C:\Archivos de programa
[08/30/2008 11:45 AM | ---D | M] - C:\WINDOWS
[08/23/2008 03:22 AM | 00,213,008 | ---- | M] (Kaspersky Lab) - C:\WINDOWS\System32\drivers\klif.sys
[08/23/2008 03:24 AM | 00,087,855 | ---- | M] () - C:\WINDOWS\System32\drivers\klick.dat
[08/23/2008 03:38 AM | 00,096,976 | ---- | M] () - C:\WINDOWS\System32\drivers\klin.dat
[08/30/2008 11:14 AM | 00,026,616 | -HS- | M] () - C:\WINDOWS\System32\drivers\fidbox.idx
[08/30/2008 11:14 AM | 03,268,640 | -HS- | M] () - C:\WINDOWS\System32\drivers\fidbox.dat
[08/30/2008 11:37 AM | 00,002,564 | -HS- | M] () - C:\WINDOWS\System32\drivers\fidbox2.idx
[08/30/2008 11:37 AM | 00,434,208 | -HS- | M] () - C:\WINDOWS\System32\drivers\fidbox2.dat
[1 C:\WINDOWS\System32\*.tmp files]
[08/23/2008 02:40 AM | 00,064,706 | ---- | M] () - C:\WINDOWS\System32\perfc009.dat
[08/23/2008 02:40 AM | 00,084,476 | ---- | M] () - C:\WINDOWS\System32\perfc00A.dat
[08/23/2008 02:40 AM | 00,409,566 | ---- | M] () - C:\WINDOWS\System32\perfh009.dat
[08/23/2008 02:40 AM | 00,473,274 | ---- | M] () - C:\WINDOWS\System32\perfh00A.dat
[08/23/2008 02:40 AM | 01,043,160 | ---- | M] () - C:\WINDOWS\System32\PerfStringBackup.INI
[08/28/2008 05:07 PM | RHSD | M] - C:\WINDOWS\System32\dllcache
[08/28/2008 07:14 PM | 00,000,290 | ---- | M] () - C:\WINDOWS\System32\112.CPX
[08/28/2008 07:14 PM | 00,000,422 | ---- | M] () - C:\WINDOWS\System32\121.CPX
[08/28/2008 11:05 AM | ---D | M] - C:\WINDOWS\System32\CatRoot
[08/28/2008 11:05 AM | ---D | M] - C:\WINDOWS\System32\CatRoot_bak
[08/29/2008 02:10 PM | ---D | M] - C:\WINDOWS\System32\MAGIX
[08/29/2008 12:05 AM | ---D | M] - C:\WINDOWS\System32\CatRoot2
[08/30/2008 11:22 AM | 00,002,206 | ---- | M] () - C:\WINDOWS\System32\wpa.dbl
[08/30/2008 11:30 AM | ---D | M] - C:\WINDOWS\System32\Lang
[08/30/2008 11:37 AM | ---D | M] - C:\WINDOWS\System32\drivers
[5 C:\WINDOWS\*.tmp files]
[08/01/2008 10:45 AM | 00,001,409 | ---- | M] () - C:\WINDOWS\QTFont.for
[08/12/2008 05:48 PM | 00,000,067 | ---- | M] () - C:\WINDOWS\iltwain.ini
[08/15/2008 06:05 AM | 00,006,308 | ---- | M] () - C:\WINDOWS\mgxoschk.ini
[08/17/2008 09:19 PM | 00,001,374 | ---- | M] () - C:\WINDOWS\imsins.BAK
[08/17/2008 09:19 PM | -H-D | M] - C:\WINDOWS\$hf_mig$
[08/18/2008 12:27 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\BeatBox.INI
[08/18/2008 12:27 PM | 00,000,456 | ---- | M] () - C:\WINDOWS\musicmaker.INI
[08/23/2008 02:46 AM | --SD | M] - C:\WINDOWS\Downloaded Program Files
[08/23/2008 03:24 AM | -HSD | M] - C:\WINDOWS\Installer
[08/26/2008 12:36 PM | ---D | M] - C:\WINDOWS\Minidump
[08/28/2008 06:56 PM | 00,000,116 | ---- | M] () - C:\WINDOWS\NeroDigital.ini
[08/28/2008 07:54 PM | 00,000,227 | ---- | M] () - C:\WINDOWS\system.ini
[08/28/2008 07:54 PM | 00,000,799 | ---- | M] () - C:\WINDOWS\win.ini
[08/28/2008 07:54 PM | ---D | M] - C:\WINDOWS\pss
[08/28/2008 10:11 AM | ---D | M] - C:\WINDOWS\Help
[08/28/2008 10:21 AM | ---D | M] - C:\WINDOWS\Debug
[08/28/2008 11:05 AM | -H-D | M] - C:\WINDOWS\inf
[08/29/2008 02:08 PM | 00,000,028 | ---- | M] () - C:\WINDOWS\Robota.INI
[08/30/2008 11:19 AM | ---D | M] - C:\WINDOWS\ERUNT
[08/30/2008 11:21 AM | 00,002,048 | --S- | M] () - C:\WINDOWS\bootstat.dat
[08/30/2008 11:30 AM | 00,054,156 | -H-- | M] () - C:\WINDOWS\QTFont.qfn
[08/30/2008 11:35 AM | ---D | M] - C:\WINDOWS\Temp
[08/30/2008 11:37 AM | ---D | M] - C:\WINDOWS\Prefetch
[08/30/2008 11:48 AM | ---D | M] - C:\WINDOWS\system32
[08/26/2008 10:25 AM | 00,000,298 | ---- | M] () - C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[08/30/2008 11:21 AM | 00,000,006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT
[08/15/2008 06:05 AM | ---D | M] - C:\Documents and Settings\All Users\Datos de programa\MAGIX
[08/22/2008 07:40 PM | ---D | M] - C:\Documents and Settings\All Users\Datos de programa\AntiVir PersonalEdition Classic
[08/23/2008 03:17 AM | ---D | M] - C:\Documents and Settings\All Users\Datos de programa\Kaspersky Lab Setup Files
[08/23/2008 03:19 AM | ---D | M] - C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy
[08/26/2008 04:12 PM | ---D | M] - C:\Documents and Settings\All Users\Datos de programa\DVD Shrink
[08/30/2008 11:30 AM | ---D | M] - C:\Documents and Settings\All Users\Datos de programa\Kaspersky Lab
[08/30/2008 11:37 AM | ---D | M] - C:\Documents and Settings\All Users\Datos de programa\Malwarebytes
[08/15/2008 06:06 AM | ---D | M] - C:\Documents and Settings\Propietario\Datos de programa\MAGIX
[08/30/2008 11:37 AM | ---D | M] - C:\Documents and Settings\Propietario\Datos de programa\Malwarebytes
[08/28/2008 07:19 PM | ---D | M] - C:\Documents and Settings\Propietario\Configuración local\Datos de programa\Microsoft
[08/29/2008 03:46 PM | 00,153,088 | ---- | M] () - C:\Documents and Settings\Propietario\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[08/28/2008 06:56 PM | 00,000,349 | ---- | M] () - C:\Documents and Settings\All Users\Documentos\PCLECHAL.INI
[08/02/2008 10:15 AM | ---D | M] - C:\Documents and Settings\Propietario\Mis documentos\Gerard
[08/10/2008 07:35 PM | ---D | M] - C:\Documents and Settings\Propietario\Mis documentos\MANEL
[08/12/2008 06:50 PM | --SD | M] - C:\Documents and Settings\Propietario\Mis documentos\Mis proyectos DPBook
[08/13/2008 09:00 PM | ---D | M] - C:\Documents and Settings\Propietario\Mis documentos\Mª jose
[08/14/2008 06:51 PM | R--D | M] - C:\Documents and Settings\Propietario\Mis documentos\Mis imágenes
[08/15/2008 06:06 AM | ---D | M] - C:\Documents and Settings\Propietario\Mis documentos\MAGIX Descargas
[08/15/2008 06:06 AM | ---D | M] - C:\Documents and Settings\Propietario\Mis documentos\MAGIX_Screenshare
[08/26/2008 05:29 PM | ---D | M] - C:\Documents and Settings\Propietario\Mis documentos\VolcatShrink
[08/29/2008 01:31 PM | ---D | M] - C:\Documents and Settings\Propietario\Mis documentos\Laura
[08/29/2008 01:42 PM | ---D | M] - C:\Documents and Settings\Propietario\Mis documentos\Mis archivos recibidos
[08/29/2008 02:10 PM | ---D | M] - C:\Documents and Settings\Propietario\Mis documentos\MAGIX_MusicMaker2008PE_Version_para_descargar
[08/30/2008 01:24 AM | 00,000,595 | ---- | M] () - C:\Documents and Settings\Propietario\Mis documentos\Mis carpetas para compartir.lnk
[08/30/2008 11:33 AM | ---D | M] - C:\Documents and Settings\Propietario\Mis documentos\Pirateo
[08/30/2008 11:46 AM | ---D | M] - C:\Documents and Settings\Propietario\Mis documentos\LOGS
[08/29/2008 04:00 PM | 00,001,007 | ---- | M] () - C:\Documents and Settings\All Users\Escritorio\Nero Online Upgrade.lnk
[08/30/2008 11:37 AM | 00,000,731 | ---- | M] () - C:\Documents and Settings\All Users\Escritorio\Malwarebytes' Anti-Malware.lnk
[08/19/2008 04:53 PM | 00,002,543 | ---- | M] () - C:\Documents and Settings\Propietario\Escritorio\Microsoft Office Excel 2003 (2).lnk
[08/20/2008 01:43 PM | ---D | M] - C:\Documents and Settings\Propietario\Escritorio\Seguretat
[08/23/2008 07:45 PM | 00,002,271 | ---- | M] () - C:\Documents and Settings\Propietario\Escritorio\Copia de PaperPort.lnk
[08/27/2008 11:29 PM | 00,065,536 | ---- | M] () - C:\Documents and Settings\Propietario\Escritorio\PELICULES .xls
[08/29/2008 12:00 PM | 00,002,565 | ---- | M] () - C:\Documents and Settings\Propietario\Escritorio\Microsoft Office Word 2003 (2).lnk
< End of report >


MBAM log

Malwarebytes' Anti-Malware 1.25
Database version: 1097
Windows 5.1.2600 Service Pack 2
11:45:27 30/08/2008
mbam-log-08-30-2008 (11-45-27).txt
Scan type: Quick Scan
Objects scanned: 46183
Time elapsed: 3 minute(s), 59 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\msacm32.drv (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\37407285612.CPX (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\37407285621.CPX (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\37407285631.CPX (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\37407285651.CPX (Trojan.Agent) -> Quarantined and deleted successfully.

frolma

and SDFIX log


Rebooting

Checking Files :
No Trojan Files Found



Removing Temp Files
ADS Check :


Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-30 11:26:05
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
C:\WINDOWS\system32\3740728561.CPX 110080 bytes executable
C:\WINDOWS\system32\37407285621.CPX 412 bytes
C:\WINDOWS\system32\37407285651.CPX 8910 bytes
C:\Documents and Settings\Propietario\Configuración local\Temp\3740728566537407285665.tmp 48 bytes
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 4

Remaining Services :


Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Archivos de programa\\MSN Messenger\\msncall.exe"="C:\\Archivos de programa\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Archivos de programa\\iTunes\\iTunes.exe"="C:\\Archivos de programa\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Archivos de programa\\Telefonica\\AsistCfg71\\awcbrwsr.exe"="C:\\Archivos de programa\\Telefonica\\AsistCfg71\\awcbrwsr.exe:*:Disabled:Aplicaci¢n MFC awcbrwsr"
"C:\\Archivos de programa\\Microsoft Office\\OFFICE11\\OUTLOOK.EXE"="C:\\Archivos de programa\\Microsoft Office\\OFFICE11\\OUTLOOK.EXE:*:Enabled:OUTLOOK.EXE"
"C:\\Documents and Settings\\Propietario\\Configuraci¢n local\\Temp\\Rar$EX01.766\\eMule0.48a\\emule.exe"="C:\\Documents and Settings\\Propietario\\Configuraci¢n local\\Temp\\Rar$EX01.766\\eMule0.48a\\emule.exe:*:Enabled:eMule"
"C:\\Archivos de programa\\eMule\\emule.exe"="C:\\Archivos de programa\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Archivos de programa\\Kazaa Lite K++\\KazaaLite.kpp"="C:\\Archivos de programa\\Kazaa Lite K++\\KazaaLite.kpp:*:Disabled:KazaaLite"
"C:\\Archivos de programa\\MSN Messenger\\msnmsgr.exe"="C:\\Archivos de programa\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Archivos de programa\\MSN Messenger\\livecall.exe"="C:\\Archivos de programa\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Archivos de programa\\Messenger\\msmsgs.exe"="C:\\Archivos de programa\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Archivos de programa\\Pinnacle\\Studio 11\\programs\\RM.exe"="C:\\Archivos de programa\\Pinnacle\\Studio 11\\programs\\RM.exe:*:Enabled:Render Manager"
"C:\\Archivos de programa\\Pinnacle\\Studio 11\\programs\\Studio.exe"="C:\\Archivos de programa\\Pinnacle\\Studio 11\\programs\\Studio.exe:*:Enabled:Studio"
"C:\\Archivos de programa\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"="C:\\Archivos de programa\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\\Archivos de programa\\Pinnacle\\Studio 11\\programs\\umi.exe"="C:\\Archivos de programa\\Pinnacle\\Studio 11\\programs\\umi.exe:*:Enabled:umi"
"C:\\Archivos de programa\\Internet Explorer\\iexplore.exe"="C:\\Archivos de programa\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\WINDOWS\\Explorer.EXE"="C:\\WINDOWS\\Explorer.EXE:*:Enabled:enable"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Archivos de programa\\MSN Messenger\\msncall.exe"="C:\\Archivos de programa\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Archivos de programa\\MSN Messenger\\msnmsgr.exe"="C:\\Archivos de programa\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Archivos de programa\\MSN Messenger\\livecall.exe"="C:\\Archivos de programa\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files :

Files with Hidden Attributes :
Wed 3 May 2006 163,328 ..SHR --- "C:\WINDOWS\system32\flvDX.dll"
Wed 21 Feb 2007 31,232 ..SHR --- "C:\WINDOWS\system32\msfDX.dll"
Tue 15 Nov 2005 78,104 ..SHR --- "C:\Archivos de programa\Autodesk\Autodesk DWF Viewer\Setup.exe"
Thu 1 Dec 2005 16,896 A.SHR --- "C:\Archivos de programa\Autodesk\Autodesk DWF Viewer\_Setup.dll"
Thu 1 Dec 2005 12,880 A.SHR --- "C:\Archivos de programa\Autodesk\Autodesk DWF Viewer\_Setupx.dll"
Sun 26 Jun 2005 616,448 ..SHR --- "C:\Archivos de programa\eRightSoft\SUPER\cygwin1.dll"
Tue 21 Jun 2005 45,568 ..SHR --- "C:\Archivos de programa\eRightSoft\SUPER\cygz.dll"
Thu 13 Sep 2007 72,704 ..SHR --- "C:\Archivos de programa\eRightSoft\SUPER\Setup.exe"
Fri 27 Oct 2006 16,384 A.SHR --- "C:\Archivos de programa\eRightSoft\SUPER\_Setup.dll"
Thu 13 Sep 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 4 Jun 2002 84,992 ...HR --- "C:\Archivos de programa\eRightSoft\SUPER\mencoder\14_43260.dll"
Tue 4 Jun 2002 44,032 ...HR --- "C:\Archivos de programa\eRightSoft\SUPER\mencoder\28_83260.dll"
Tue 10 Dec 2002 73,766 ...HR --- "C:\Archivos de programa\eRightSoft\SUPER\mencoder\atrc3260.dll"
Tue 10 Dec 2002 65,575 ...HR --- "C:\Archivos de programa\eRightSoft\SUPER\mencoder\cook3260.dll"
Sun 9 Jun 2002 36,864 ...HR --- "C:\Archivos de programa\eRightSoft\SUPER\mencoder\ddnt3260.dll"
Tue 4 Jun 2002 20,480 ...HR --- "C:\Archivos de programa\eRightSoft\SUPER\mencoder\dnet3260.dll"
Tue 10 Dec 2002 102,437 ...HR --- "C:\Archivos de programa\eRightSoft\SUPER\mencoder\drv13260.dll"
Tue 10 Dec 2002 176,165 ...HR --- "C:\Archivos de programa\eRightSoft\SUPER\mencoder\drv23260.dll"
Tue 10 Dec 2002 208,935 ...HR --- "C:\Archivos de programa\eRightSoft\SUPER\mencoder\drv33260.dll"
Tue 10 Dec 2002 217,127 ...HR --- "C:\Archivos de programa\eRightSoft\SUPER\mencoder\drv43260.dll"
Sun 9 Jun 2002 40,448 ...HR --- "C:\Archivos de programa\eRightSoft\SUPER\mencoder\dspr3260.dll"
Sun 4 Nov 2001 225,280 ...HR --- "C:\Archivos de programa\eRightSoft\SUPER\mencoder\ivvideo.dll"
Tue 10 Apr 2001 225,280 ...HR --- "C:\Archivos de programa\eRightSoft\SUPER\mencoder\qtmlClient.dll"
Fri 20 Feb 2004 232,960 ...HR --- "C:\Archivos de programa\eRightSoft\SUPER\mencoder\raac.dll"
Sun 9 Jun 2002 525,824 ...HR --- "C:\Archivos de programa\eRightSoft\SUPER\mencoder\rnco3260.dll"
Tue 10 Dec 2002 245,805 ...HR --- "C:\Archivos de programa\eRightSoft\SUPER\mencoder\rnlt3260.dll"
Tue 10 Dec 2002 45,093 ...HR --- "C:\Archivos de programa\eRightSoft\SUPER\mencoder\rv103260.dll"
Tue 10 Dec 2002 98,341 ...HR --- "C:\Archivos de programa\eRightSoft\SUPER\mencoder\rv203260.dll"
Tue 10 Dec 2002 94,247 ...HR --- "C:\Archivos de programa\eRightSoft\SUPER\mencoder\rv303260.dll"
Tue 10 Dec 2002 90,151 ...HR --- "C:\Archivos de programa\eRightSoft\SUPER\mencoder\rv403260.dll"
Tue 10 Dec 2002 102,439 ...HR --- "C:\Archivos de programa\eRightSoft\SUPER\mencoder\sipr3260.dll"
Sun 9 Jun 2002 49,152 ...HR --- "C:\Archivos de programa\eRightSoft\SUPER\mencoder\tokr3260.dll"
Tue 12 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Finished!

Thomas

Very good - most of the more active infection removed in those steps. Let's do some repairs then have a scan tell us if any files remain to remove.


To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Mi página de inicio actual"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,36,02,00,00,00,\
  00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
  ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
  00,00,01,00,00,00

[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1]

Open Notepad (Start - Run, type Notepad then press OK), and copy the text in the box above and paste it into the open Notepad textbox.

Save this to your desktop as "fixer.reg"

Be sure to include the "" quotes in the name.

Then right click fixer.reg, select Merge, and allow it to merge the new information with the Registry.

---

Go to Start - Run, type firewall.cpl (and Enter). Click the Exceptions tab. If the following item is present on that list click to hilight it, and select "Delete", and OK to close the Windows Firewall display. Internet Explorer does not require a firewall exception, but malware using it does.

Internet Explorer
enable

---

Then click OTMoveIt2.exe to run it again.

Copy the file path(s) below to the clipboard by highlighting ALL of them and pressing CTRL + C, or right-click and choose Copy):

C:\WINDOWS\System32\112.CPX
C:\WINDOWS\System32\121.CPX

Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window and select Paste. Then click the red MoveIt! button. A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder, in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose "Yes".

---

Then Go here and run the Kaspersky online scan, and post back the log it creates.

To use the scan, accept the agreement and make sure you allow the ActiveX object to download and install (check the "yellow bar" at the top if needed to allow this). Once the Database download is completed, under Scan in the left column click My Computer to start the scan. This may take a very long time, so allow the scan to run and perhaps find something else to do.

When the scan completes click View Scan Report. Then click Save Report As, and using the dropdown box save the report as "Files of Type: -> Text file (.txt)" to a location where you can find it again. Use any name you wish for the log.

Then locate that log and copy/paste those contents back here please, along with the new OTMoveIt log and a new HijackThis log please.

frolma

Hi, I can't run kaspersky online.When it's at the end of "Updating the database",my computer turns automatycally off and reboot itself.
After this my computer works slowly.At any rate I've installed the
kaspersky trial version.Can I use it to make the scan and send you the log?
I'm sorry it seemed to be near the end.

Here's the MOVeIt's log

C:\WINDOWS\System32\112.CPX moved successfully.
C:\WINDOWS\System32\121.CPX moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08302008_192308

Thomas

The use of the Kaspersky online scan is more for what it looks at than what it cleans, and the methods it uses are a bit different than the installed version. The logs show you already had the installed version though, so not quite sure what you mean by installing it now. But yes, if you are running/ran a scan with Kaspersky now then post that log after please.

frolma

Hi, here's. I'll try to run kaspersky online again.

Part 1

Full Scan: completed 31/08/2008 4:20:50 (events: 430, objects: 363908, time: 06:33:47)
30/08/2008 21:47:02 Task started
30/08/2008 21:48:38 Detected: http://www.viruslist.com/en/advisories/20001 C:\Archivos de programa\Intel\Wireless\Bin\FrameworkPlugins\ConnMgr.dll
30/08/2008 21:50:35 Detected: http://www.viruslist.com/en/advisories/31454 C:\Archivos de programa\microsoft office\office11\excel.exe
30/08/2008 21:50:39 Detected: http://www.viruslist.com/en/advisories/29320 C:\Archivos de programa\microsoft office\office11\outlook.exe
30/08/2008 21:50:39 Detected: http://www.viruslist.com/en/advisories/31010 C:\Archivos de programa\java\jre1.5.0_09\bin\javaws.exe
30/08/2008 21:50:42 Detected: http://www.viruslist.com/en/advisories/31453 C:\Archivos de programa\microsoft office\office11\powerpnt.exe
30/08/2008 21:50:59 Detected: http://www.viruslist.com/en/advisories/30975 C:\Archivos de programa\microsoft office\office11\winword.exe
30/08/2008 21:53:02 Detected: http://www.viruslist.com/en/advisories/26725 C:\Archivos de programa\itunes\itunes.exe
30/08/2008 21:53:08 Detected: http://www.viruslist.com/en/advisories/30150 C:\Archivos de programa\microsoft office\office11\mspub.exe
30/08/2008 21:53:43 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\quicktimeplayer.exe
30/08/2008 21:53:51 Detected: http://www.viruslist.com/en/advisories/31010 C:\windows\system32\java.exe
30/08/2008 22:14:12 Detected: http://www.viruslist.com/en/advisories/30832 C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\AcroRd32.dll
30/08/2008 22:21:09 Detected: http://www.viruslist.com/en/advisories/29321 C:\Archivos de programa\Archivos comunes\Microsoft Shared\Office10\MSO.DLL
30/08/2008 22:21:13 Detected: http://www.viruslist.com/en/advisories/29321 C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE11\MSO.DLL
30/08/2008 23:27:32 Detected: http://www.viruslist.com/en/advisories/20001 C:\Archivos de programa\Intel\Wireless\Bin\FrameworkPlugins\ConnMgr.dll
30/08/2008 23:28:14 Detected: http://www.viruslist.com/en/advisories/26725 C:\Archivos de programa\itunes\itunes.exe
30/08/2008 23:29:37 Detected: http://www.viruslist.com/en/advisories/31010 C:\Archivos de programa\java\jre1.5.0_09\bin\java.exe
30/08/2008 23:29:37 Detected: http://www.viruslist.com/en/advisories/31010 C:\Archivos de programa\java\jre1.5.0_09\bin\javaws.exe
30/08/2008 23:58:27 Detected: http://www.viruslist.com/en/advisories/31454 C:\Archivos de programa\microsoft office\office11\excel.exe
30/08/2008 23:58:34 Detected: http://www.viruslist.com/en/advisories/30150 C:\Archivos de programa\microsoft office\office11\mspub.exe
30/08/2008 23:58:38 Detected: http://www.viruslist.com/en/advisories/29320 C:\Archivos de programa\microsoft office\office11\outlook.exe
30/08/2008 23:58:39 Detected: http://www.viruslist.com/en/advisories/31453 C:\Archivos de programa\microsoft office\office11\powerpnt.exe
30/08/2008 23:58:46 Detected: http://www.viruslist.com/en/advisories/30975 C:\Archivos de programa\microsoft office\office11\winword.exe
31/08/2008 0:24:25 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\PictureViewer.Resources\PictureViewer.qtr
31/08/2008 0:24:29 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\PictureViewer.Resources\da.lproj\PictureViewerLocalized.qtr
31/08/2008 0:24:30 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\quicktimeplayer.exe
31/08/2008 0:24:31 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\PictureViewer.Resources\de.lproj\PictureViewerLocalized.qtr
31/08/2008 0:24:33 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\PictureViewer.Resources\en.lproj\PictureViewerLocalized.qtr
31/08/2008 0:24:35 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\PictureViewer.Resources\es.lproj\PictureViewerLocalized.qtr
31/08/2008 0:24:36 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\PictureViewer.Resources\fi.lproj\PictureViewerLocalized.qtr
31/08/2008 0:24:38 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\PictureViewer.Resources\fr.lproj\PictureViewerLocalized.qtr
31/08/2008 0:24:40 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\PictureViewer.Resources\it.lproj\PictureViewerLocalized.qtr
31/08/2008 0:24:42 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\PictureViewer.Resources\ja.lproj\PictureViewerLocalized.qtr
31/08/2008 0:24:43 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\PictureViewer.Resources\nb.lproj\PictureViewerLocalized.qtr
31/08/2008 0:24:43 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\PictureViewer.Resources\ko.lproj\PictureViewerLocalized.qtr
31/08/2008 0:24:45 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\PictureViewer.Resources\nl.lproj\PictureViewerLocalized.qtr
31/08/2008 0:24:46 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\PictureViewer.Resources\sv.lproj\PictureViewerLocalized.qtr
31/08/2008 0:24:47 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\PictureViewer.Resources\zh_CN.lproj\PictureViewerLocalized.qtr
31/08/2008 0:24:48 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\PictureViewer.Resources\zh_TW.lproj\PictureViewerLocalized.qtr
31/08/2008 0:24:51 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\PropertyPanels\PanelHelperBase.Resources\PanelHelperBase.qtr
31/08/2008 0:24:52 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\PropertyPanels\PanelHelperBase.Resources\de.lproj\PanelHelperBaseLocalized.qtr
31/08/2008 0:24:52 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\PropertyPanels\PanelHelperBase.Resources\da.lproj\PanelHelperBaseLocalized.qtr
31/08/2008 0:24:53 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\PropertyPanels\PanelHelperBase.Resources\en.lproj\PanelHelperBaseLocalized.qtr
31/08/2008 0:24:53 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\PropertyPanels\PanelHelperBase.Resources\es.lproj\PanelHelperBaseLocalized.qtr
31/08/2008 0:24:54 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\PropertyPanels\PanelHelperBase.Resources\fi.lproj\PanelHelperBaseLocalized.qtr
31/08/2008 0:24:54 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\PropertyPanels\PanelHelperBase.Resources\fr.lproj\PanelHelperBaseLocalized.qtr
31/08/2008 0:24:55 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\PropertyPanels\PanelHelperBase.Resources\ja.lproj\PanelHelperBaseLocalized.qtr
31/08/2008 0:24:56 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\PropertyPanels\PanelHelperBase.Resources\it.lproj\PanelHelperBaseLocalized.qtr
31/08/2008 0:24:56 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\PropertyPanels\PanelHelperBase.Resources\ko.lproj\PanelHelperBaseLocalized.qtr
31/08/2008 0:24:57 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\PropertyPanels\PanelHelperBase.Resources\nb.lproj\PanelHelperBaseLocalized.qtr
31/08/2008 0:24:58 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\PropertyPanels\PanelHelperBase.Resources\nl.lproj\PanelHelperBaseLocalized.qtr
31/08/2008 0:24:58 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\PropertyPanels\PanelHelperBase.Resources\sv.lproj\PanelHelperBaseLocalized.qtr
31/08/2008 0:24:59 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\PropertyPanels\PanelHelperBase.Resources\zh_CN.lproj\PanelHelperBaseLocalized.qtr
31/08/2008 0:24:59 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\PropertyPanels\PanelHelperBase.Resources\zh_TW.lproj\PanelHelperBaseLocalized.qtr
31/08/2008 0:25:00 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\PropertyPanels\PropPanelHelpers.Resources\PropPanelHelpers.qtr
31/08/2008 0:25:01 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\PropertyPanels\PropPanelHelpers.Resources\da.lproj\PropPanelHelpersLocalized.qtr
31/08/2008 0:25:02 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\PropertyPanels\PropPanelHelpers.Resources\de.lproj\PropPanelHelpersLocalized.qtr
31/08/2008 0:25:02 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\PropertyPanels\PropPanelHelpers.Resources\en.lproj\PropPanelHelpersLocalized.qtr
31/08/2008 0:25:03 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\PropertyPanels\PropPanelHelpers.Resources\es.lproj\PropPanelHelpersLocalized.qtr
31/08/2008 0:25:03 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\PropertyPanels\PropPanelHelpers.Resources\fr.lproj\PropPanelHelpersLocalized.qtr
31/08/2008 0:25:04 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\PropertyPanels\PropPanelHelpers.Resources\fi.lproj\PropPanelHelpersLocalized.qtr
31/08/2008 0:25:05 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\PropertyPanels\PropPanelHelpers.Resources\it.lproj\PropPanelHelpersLocalized.qtr
31/08/2008 0:25:06 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\PropertyPanels\PropPanelHelpers.Resources\ja.lproj\PropPanelHelpersLocalized.qtr
31/08/2008 0:25:06 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\PropertyPanels\PropPanelHelpers.Resources\ko.lproj\PropPanelHelpersLocalized.qtr
31/08/2008 0:25:07 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\PropertyPanels\PropPanelHelpers.Resources\nb.lproj\PropPanelHelpersLocalized.qtr
31/08/2008 0:25:08 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\PropertyPanels\PropPanelHelpers.Resources\nl.lproj\PropPanelHelpersLocalized.qtr
31/08/2008 0:25:08 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\PropertyPanels\PropPanelHelpers.Resources\sv.lproj\PropPanelHelpersLocalized.qtr
31/08/2008 0:25:09 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\PropertyPanels\PropPanelHelpers.Resources\zh_CN.lproj\PropPanelHelpersLocalized.qtr
31/08/2008 0:25:09 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\PropertyPanels\PropPanelHelpers.Resources\zh_TW.lproj\PropPanelHelpersLocalized.qtr
31/08/2008 0:25:14 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTime.cpl
31/08/2008 0:25:15 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\CoreVideo.Resources\CoreVideo.qtr
31/08/2008 0:25:16 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\CoreVideo.Resources\da.lproj\CoreVideoLocalized.qtr
31/08/2008 0:25:16 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\CoreVideo.Resources\de.lproj\CoreVideoLocalized.qtr
31/08/2008 0:25:17 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\CoreVideo.Resources\en.lproj\CoreVideoLocalized.qtr
31/08/2008 0:25:18 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\CoreVideo.Resources\es.lproj\CoreVideoLocalized.qtr
31/08/2008 0:25:18 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\CoreVideo.Resources\fi.lproj\CoreVideoLocalized.qtr
31/08/2008 0:25:19 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\CoreVideo.Resources\it.lproj\CoreVideoLocalized.qtr
31/08/2008 0:25:19 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\CoreVideo.Resources\fr.lproj\CoreVideoLocalized.qtr
31/08/2008 0:25:20 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\CoreVideo.Resources\ja.lproj\CoreVideoLocalized.qtr
31/08/2008 0:25:21 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\CoreVideo.Resources\ko.lproj\CoreVideoLocalized.qtr
31/08/2008 0:25:22 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\CoreVideo.Resources\nb.lproj\CoreVideoLocalized.qtr
31/08/2008 0:25:22 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\CoreVideo.Resources\nl.lproj\CoreVideoLocalized.qtr
31/08/2008 0:25:23 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\CoreVideo.Resources\sv.lproj\CoreVideoLocalized.qtr
31/08/2008 0:25:23 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\CoreVideo.Resources\zh_CN.lproj\CoreVideoLocalized.qtr
31/08/2008 0:25:24 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\CoreVideo.Resources\zh_TW.lproj\CoreVideoLocalized.qtr
31/08/2008 0:25:26 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTime.Resources\QuickTime.qtr
31/08/2008 0:25:27 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTime.Resources\da.lproj\QuickTimeLocalized.qtr
31/08/2008 0:25:28 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTime.Resources\de.lproj\QuickTimeLocalized.qtr
31/08/2008 0:25:29 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTime.Resources\en.lproj\QuickTimeLocalized.qtr
31/08/2008 0:25:30 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTime.Resources\es.lproj\QuickTimeLocalized.qtr
31/08/2008 0:25:32 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTime.Resources\fi.lproj\QuickTimeLocalized.qtr
31/08/2008 0:25:33 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTime.Resources\fr.lproj\QuickTimeLocalized.qtr
31/08/2008 0:25:34 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTime.Resources\it.lproj\QuickTimeLocalized.qtr
31/08/2008 0:25:35 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTime.Resources\ja.lproj\QuickTimeLocalized.qtr
31/08/2008 0:25:37 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTime.Resources\ko.lproj\QuickTimeLocalized.qtr
31/08/2008 0:25:38 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTime.Resources\nb.lproj\QuickTimeLocalized.qtr
31/08/2008 0:25:39 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTime.Resources\nl.lproj\QuickTimeLocalized.qtr
31/08/2008 0:25:41 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTime.Resources\sv.lproj\QuickTimeLocalized.qtr
31/08/2008 0:25:41 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTime.Resources\zh_CN.lproj\QuickTimeLocalized.qtr
31/08/2008 0:25:43 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTime3GPP.Resources\QuickTime3GPP.qtr
31/08/2008 0:25:43 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTime.Resources\zh_TW.lproj\QuickTimeLocalized.qtr
31/08/2008 0:25:43 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTime3GPP.Resources\da.lproj\QuickTime3GPPLocalized.qtr
31/08/2008 0:25:44 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTime3GPP.Resources\de.lproj\QuickTime3GPPLocalized.qtr
31/08/2008 0:25:45 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTime3GPP.Resources\en.lproj\QuickTime3GPPLocalized.qtr
31/08/2008 0:25:46 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTime3GPP.Resources\es.lproj\QuickTime3GPPLocalized.qtr
31/08/2008 0:25:46 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTime3GPP.Resources\fi.lproj\QuickTime3GPPLocalized.qtr
31/08/2008 0:25:47 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTime3GPP.Resources\fr.lproj\QuickTime3GPPLocalized.qtr
31/08/2008 0:25:48 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTime3GPP.Resources\ja.lproj\QuickTime3GPPLocalized.qtr
31/08/2008 0:25:48 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTime3GPP.Resources\it.lproj\QuickTime3GPPLocalized.qtr
31/08/2008 0:25:50 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTime3GPP.Resources\ko.lproj\QuickTime3GPPLocalized.qtr
31/08/2008 0:25:50 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTime3GPP.Resources\nb.lproj\QuickTime3GPPLocalized.qtr
31/08/2008 0:25:50 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTime3GPP.Resources\nl.lproj\QuickTime3GPPLocalized.qtr
31/08/2008 0:25:52 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTime3GPP.Resources\sv.lproj\QuickTime3GPPLocalized.qtr
31/08/2008 0:25:52 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTime3GPP.Resources\zh_CN.lproj\QuickTime3GPPLocalized.qtr
31/08/2008 0:25:52 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTime3GPP.Resources\zh_TW.lproj\QuickTime3GPPLocalized.qtr
31/08/2008 0:25:54 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTime3GPPAuthoring.Resources\QuickTime3GPPAuthoring.qtr
31/08/2008 0:25:54 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTime3GPPAuthoring.Resources\da.lproj\QuickTime3GPPAuthoringLocalized.qtr
31/08/2008 0:25:54 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTime3GPPAuthoring.Resources\de.lproj\QuickTime3GPPAuthoringLocalized.qtr
31/08/2008 0:25:56 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTime3GPPAuthoring.Resources\es.lproj\QuickTime3GPPAuthoringLocalized.qtr
31/08/2008 0:25:56 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTime3GPPAuthoring.Resources\en.lproj\QuickTime3GPPAuthoringLocalized.qtr
31/08/2008 0:25:56 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTime3GPPAuthoring.Resources\fi.lproj\QuickTime3GPPAuthoringLocalized.qtr
31/08/2008 0:25:58 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTime3GPPAuthoring.Resources\fr.lproj\QuickTime3GPPAuthoringLocalized.qtr
31/08/2008 0:25:58 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTime3GPPAuthoring.Resources\it.lproj\QuickTime3GPPAuthoringLocalized.qtr
31/08/2008 0:25:58 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTime3GPPAuthoring.Resources\ja.lproj\QuickTime3GPPAuthoringLocalized.qtr
31/08/2008 0:26:00 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTime3GPPAuthoring.Resources\ko.lproj\QuickTime3GPPAuthoringLocalized.qtr
31/08/2008 0:26:00 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTime3GPPAuthoring.Resources\nb.lproj\QuickTime3GPPAuthoringLocalized.qtr
31/08/2008 0:26:00 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTime3GPPAuthoring.Resources\nl.lproj\QuickTime3GPPAuthoringLocalized.qtr
31/08/2008 0:26:02 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTime3GPPAuthoring.Resources\sv.lproj\QuickTime3GPPAuthoringLocalized.qtr
31/08/2008 0:26:02 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTime3GPPAuthoring.Resources\zh_CN.lproj\QuickTime3GPPAuthoringLocalized.qtr
31/08/2008 0:26:02 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTime3GPPAuthoring.Resources\zh_TW.lproj\QuickTime3GPPAuthoringLocalized.qtr
31/08/2008 0:26:03 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeAudioSupport.Resources\QuickTimeAudioSupport.qtr
31/08/2008 0:26:05 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeAudioSupport.Resources\da.lproj\QuickTimeAudioSupportLocalized.qtr
31/08/2008 0:26:05 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeAudioSupport.Resources\de.lproj\QuickTimeAudioSupportLocalized.qtr
31/08/2008 0:26:08 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeAudioSupport.Resources\en.lproj\QuickTimeAudioSupportLocalized.qtr
31/08/2008 0:26:09 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeAudioSupport.Resources\es.lproj\QuickTimeAudioSupportLocalized.qtr
31/08/2008 0:26:10 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeAudioSupport.Resources\fi.lproj\QuickTimeAudioSupportLocalized.qtr
31/08/2008 0:26:11 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeAudioSupport.Resources\fr.lproj\QuickTimeAudioSupportLocalized.qtr
31/08/2008 0:26:12 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeAudioSupport.Resources\it.lproj\QuickTimeAudioSupportLocalized.qtr
31/08/2008 0:26:13 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeAudioSupport.Resources\ja.lproj\QuickTimeAudioSupportLocalized.qtr
31/08/2008 0:26:14 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeAudioSupport.Resources\ko.lproj\QuickTimeAudioSupportLocalized.qtr
31/08/2008 0:26:16 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeAudioSupport.Resources\nb.lproj\QuickTimeAudioSupportLocalized.qtr
31/08/2008 0:26:16 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeAudioSupport.Resources\nl.lproj\QuickTimeAudioSupportLocalized.qtr
31/08/2008 0:26:18 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeAudioSupport.Resources\sv.lproj\QuickTimeAudioSupportLocalized.qtr
31/08/2008 0:26:20 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeAudioSupport.Resources\zh_CN.lproj\QuickTimeAudioSupportLocalized.qtr
31/08/2008 0:26:20 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeAudioSupport.Resources\zh_TW.lproj\QuickTimeAudioSupportLocalized.qtr
31/08/2008 0:26:22 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeAuthoring.Resources\QuickTimeAuthoring.qtr
31/08/2008 0:26:22 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeAuthoring.Resources\da.lproj\QuickTimeAuthoringLocalized.qtr
31/08/2008 0:26:24 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeAuthoring.Resources\de.lproj\QuickTimeAuthoringLocalized.qtr
31/08/2008 0:26:24 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeAuthoring.Resources\en.lproj\QuickTimeAuthoringLocalized.qtr
31/08/2008 0:26:26 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeAuthoring.Resources\es.lproj\QuickTimeAuthoringLocalized.qtr
31/08/2008 0:26:27 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeAuthoring.Resources\fi.lproj\QuickTimeAuthoringLocalized.qtr
31/08/2008 0:26:28 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeAuthoring.Resources\fr.lproj\QuickTimeAuthoringLocalized.qtr
31/08/2008 0:26:30 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeAuthoring.Resources\it.lproj\QuickTimeAuthoringLocalized.qtr
31/08/2008 0:26:30 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeAuthoring.Resources\ja.lproj\QuickTimeAuthoringLocalized.qtr
31/08/2008 0:26:32 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeAuthoring.Resources\ko.lproj\QuickTimeAuthoringLocalized.qtr
31/08/2008 0:26:33 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeAuthoring.Resources\nb.lproj\QuickTimeAuthoringLocalized.qtr
31/08/2008 0:26:34 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeAuthoring.Resources\nl.lproj\QuickTimeAuthoringLocalized.qtr
31/08/2008 0:26:35 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeAuthoring.Resources\sv.lproj\QuickTimeAuthoringLocalized.qtr
31/08/2008 0:26:36 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeAuthoring.Resources\zh_CN.lproj\QuickTimeAuthoringLocalized.qtr
31/08/2008 0:26:37 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeAuthoring.Resources\zh_TW.lproj\QuickTimeAuthoringLocalized.qtr
31/08/2008 0:26:38 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeCapture.Resources\QuickTimeCapture.qtr
31/08/2008 0:26:39 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeCapture.Resources\da.lproj\QuickTimeCaptureLocalized.qtr
31/08/2008 0:26:39 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeCapture.Resources\de.lproj\QuickTimeCaptureLocalized.qtr
31/08/2008 0:26:40 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeCapture.Resources\en.lproj\QuickTimeCaptureLocalized.qtr
31/08/2008 0:26:40 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeCapture.Resources\es.lproj\QuickTimeCaptureLocalized.qtr
31/08/2008 0:26:41 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeCapture.Resources\fi.lproj\QuickTimeCaptureLocalized.qtr
31/08/2008 0:26:42 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeCapture.Resources\fr.lproj\QuickTimeCaptureLocalized.qtr
31/08/2008 0:26:42 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeCapture.Resources\it.lproj\QuickTimeCaptureLocalized.qtr
31/08/2008 0:26:44 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeCapture.Resources\ja.lproj\QuickTimeCaptureLocalized.qtr
31/08/2008 0:26:44 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeCapture.Resources\ko.lproj\QuickTimeCaptureLocalized.qtr
31/08/2008 0:26:44 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeCapture.Resources\nb.lproj\QuickTimeCaptureLocalized.qtr
31/08/2008 0:26:45 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeCapture.Resources\nl.lproj\QuickTimeCaptureLocalized.qtr
31/08/2008 0:26:46 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeCapture.Resources\sv.lproj\QuickTimeCaptureLocalized.qtr
31/08/2008 0:26:46 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeCapture.Resources\zh_CN.lproj\QuickTimeCaptureLocalized.qtr
31/08/2008 0:26:47 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeCapture.Resources\zh_TW.lproj\QuickTimeCaptureLocalized.qtr
31/08/2008 0:26:48 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeEffects.Resources\da.lproj\QuickTimeEffectsLocalized.qtr
31/08/2008 0:26:48 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeEffects.Resources\QuickTimeEffects.qtr
31/08/2008 0:26:49 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeEffects.Resources\de.lproj\QuickTimeEffectsLocalized.qtr
31/08/2008 0:26:50 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeEffects.Resources\en.lproj\QuickTimeEffectsLocalized.qtr
31/08/2008 0:26:50 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeEffects.Resources\es.lproj\QuickTimeEffectsLocalized.qtr
31/08/2008 0:26:51 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeEffects.Resources\fi.lproj\QuickTimeEffectsLocalized.qtr
31/08/2008 0:26:52 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeEffects.Resources\fr.lproj\QuickTimeEffectsLocalized.qtr
31/08/2008 0:26:52 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeEffects.Resources\it.lproj\QuickTimeEffectsLocalized.qtr
31/08/2008 0:26:53 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeEffects.Resources\ja.lproj\QuickTimeEffectsLocalized.qtr
31/08/2008 0:26:54 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeEffects.Resources\ko.lproj\QuickTimeEffectsLocalized.qtr
31/08/2008 0:26:54 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeEffects.Resources\nb.lproj\QuickTimeEffectsLocalized.qtr
31/08/2008 0:26:55 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeEffects.Resources\nl.lproj\QuickTimeEffectsLocalized.qtr
31/08/2008 0:26:56 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeEffects.Resources\sv.lproj\QuickTimeEffectsLocalized.qtr
31/08/2008 0:26:56 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeEffects.Resources\zh_CN.lproj\QuickTimeEffectsLocalized.qtr
31/08/2008 0:26:57 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeEffects.Resources\zh_TW.lproj\QuickTimeEffectsLocalized.qtr
31/08/2008 0:26:58 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeEssentials.Resources\QuickTimeEssentials.qtr
31/08/2008 0:26:58 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeEssentials.Resources\da.lproj\QuickTimeEssentialsLocalized.qtr
31/08/2008 0:26:59 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeEssentials.Resources\de.lproj\QuickTimeEssentialsLocalized.qtr
31/08/2008 0:27:00 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeEssentials.Resources\en.lproj\QuickTimeEssentialsLocalized.qtr
31/08/2008 0:27:00 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeEssentials.Resources\es.lproj\QuickTimeEssentialsLocalized.qtr
31/08/2008 0:27:01 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeEssentials.Resources\fi.lproj\QuickTimeEssentialsLocalized.qtr
31/08/2008 0:27:02 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeEssentials.Resources\fr.lproj\QuickTimeEssentialsLocalized.qtr

frolma

Hi, here's part 2


31/08/2008 0:27:02 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeEssentials.Resources\it.lproj\QuickTimeEssentialsLocalized.qtr
31/08/2008 0:27:03 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeEssentials.Resources\ja.lproj\QuickTimeEssentialsLocalized.qtr
31/08/2008 0:27:04 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeEssentials.Resources\ko.lproj\QuickTimeEssentialsLocalized.qtr
31/08/2008 0:27:04 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeEssentials.Resources\nb.lproj\QuickTimeEssentialsLocalized.qtr
31/08/2008 0:27:05 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeEssentials.Resources\nl.lproj\QuickTimeEssentialsLocalized.qtr
31/08/2008 0:27:05 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeEssentials.Resources\sv.lproj\QuickTimeEssentialsLocalized.qtr
31/08/2008 0:27:06 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeEssentials.Resources\zh_CN.lproj\QuickTimeEssentialsLocalized.qtr
31/08/2008 0:27:07 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeEssentials.Resources\zh_TW.lproj\QuickTimeEssentialsLocalized.qtr
31/08/2008 0:27:07 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeH264.Resources\QuickTimeH264.qtr
31/08/2008 0:27:09 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeH264.Resources\da.lproj\QuickTimeH264Localized.qtr
31/08/2008 0:27:09 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeH264.Resources\en.lproj\QuickTimeH264Localized.qtr
31/08/2008 0:27:09 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeH264.Resources\de.lproj\QuickTimeH264Localized.qtr
31/08/2008 0:27:11 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeH264.Resources\es.lproj\QuickTimeH264Localized.qtr
31/08/2008 0:27:11 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeH264.Resources\fi.lproj\QuickTimeH264Localized.qtr
31/08/2008 0:27:11 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeH264.Resources\fr.lproj\QuickTimeH264Localized.qtr
31/08/2008 0:27:13 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeH264.Resources\it.lproj\QuickTimeH264Localized.qtr
31/08/2008 0:27:13 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeH264.Resources\ja.lproj\QuickTimeH264Localized.qtr
31/08/2008 0:27:13 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeH264.Resources\ko.lproj\QuickTimeH264Localized.qtr
31/08/2008 0:27:15 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeH264.Resources\nb.lproj\QuickTimeH264Localized.qtr
31/08/2008 0:27:15 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeH264.Resources\nl.lproj\QuickTimeH264Localized.qtr
31/08/2008 0:27:15 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeH264.Resources\sv.lproj\QuickTimeH264Localized.qtr
31/08/2008 0:27:17 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeH264.Resources\zh_TW.lproj\QuickTimeH264Localized.qtr
31/08/2008 0:27:17 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeH264.Resources\zh_CN.lproj\QuickTimeH264Localized.qtr
31/08/2008 0:27:17 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeImage.Resources\QuickTimeImage.qtr
31/08/2008 0:27:19 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeImage.Resources\de.lproj\QuickTimeImageLocalized.qtr
31/08/2008 0:27:19 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeImage.Resources\da.lproj\QuickTimeImageLocalized.qtr
31/08/2008 0:27:19 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeImage.Resources\en.lproj\QuickTimeImageLocalized.qtr
31/08/2008 0:27:20 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeImage.Resources\fi.lproj\QuickTimeImageLocalized.qtr
31/08/2008 0:27:21 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeImage.Resources\es.lproj\QuickTimeImageLocalized.qtr
31/08/2008 0:27:21 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeImage.Resources\fr.lproj\QuickTimeImageLocalized.qtr
31/08/2008 0:27:22 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeImage.Resources\it.lproj\QuickTimeImageLocalized.qtr
31/08/2008 0:27:23 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeImage.Resources\ja.lproj\QuickTimeImageLocalized.qtr
31/08/2008 0:27:23 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeImage.Resources\ko.lproj\QuickTimeImageLocalized.qtr
31/08/2008 0:27:24 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeImage.Resources\nb.lproj\QuickTimeImageLocalized.qtr
31/08/2008 0:27:25 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeImage.Resources\nl.lproj\QuickTimeImageLocalized.qtr
31/08/2008 0:27:25 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeImage.Resources\sv.lproj\QuickTimeImageLocalized.qtr
31/08/2008 0:27:26 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeImage.Resources\zh_CN.lproj\QuickTimeImageLocalized.qtr
31/08/2008 0:27:27 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeInternetExtras.Resources\QuickTimeInternetExtras.qtr
31/08/2008 0:27:27 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeImage.Resources\zh_TW.lproj\QuickTimeImageLocalized.qtr
31/08/2008 0:27:28 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeInternetExtras.Resources\da.lproj\QuickTimeInternetExtrasLocalized.qtr
31/08/2008 0:27:29 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeInternetExtras.Resources\de.lproj\QuickTimeInternetExtrasLocalized.qtr
31/08/2008 0:27:29 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeInternetExtras.Resources\en.lproj\QuickTimeInternetExtrasLocalized.qtr
31/08/2008 0:27:30 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeInternetExtras.Resources\es.lproj\QuickTimeInternetExtrasLocalized.qtr
31/08/2008 0:27:31 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeInternetExtras.Resources\fi.lproj\QuickTimeInternetExtrasLocalized.qtr
31/08/2008 0:27:31 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeInternetExtras.Resources\fr.lproj\QuickTimeInternetExtrasLocalized.qtr
31/08/2008 0:27:32 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeInternetExtras.Resources\it.lproj\QuickTimeInternetExtrasLocalized.qtr
31/08/2008 0:27:32 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeInternetExtras.Resources\ja.lproj\QuickTimeInternetExtrasLocalized.qtr
31/08/2008 0:27:33 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeInternetExtras.Resources\ko.lproj\QuickTimeInternetExtrasLocalized.qtr
31/08/2008 0:27:34 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeInternetExtras.Resources\nb.lproj\QuickTimeInternetExtrasLocalized.qtr
31/08/2008 0:27:35 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeInternetExtras.Resources\sv.lproj\QuickTimeInternetExtrasLocalized.qtr
31/08/2008 0:27:35 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeInternetExtras.Resources\nl.lproj\QuickTimeInternetExtrasLocalized.qtr
31/08/2008 0:27:36 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeInternetExtras.Resources\zh_CN.lproj\QuickTimeInternetExtrasLocalized.qtr
31/08/2008 0:27:37 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeInternetExtras.Resources\zh_TW.lproj\QuickTimeInternetExtrasLocalized.qtr
31/08/2008 0:27:37 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeMPEG.Resources\QuickTimeMPEG.qtr
31/08/2008 0:27:38 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeMPEG.Resources\da.lproj\QuickTimeMPEGLocalized.qtr
31/08/2008 0:27:39 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeMPEG.Resources\de.lproj\QuickTimeMPEGLocalized.qtr
31/08/2008 0:27:39 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeMPEG.Resources\en.lproj\QuickTimeMPEGLocalized.qtr
31/08/2008 0:27:39 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeMPEG.Resources\es.lproj\QuickTimeMPEGLocalized.qtr
31/08/2008 0:27:41 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeMPEG.Resources\fi.lproj\QuickTimeMPEGLocalized.qtr
31/08/2008 0:27:41 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeMPEG.Resources\fr.lproj\QuickTimeMPEGLocalized.qtr
31/08/2008 0:27:41 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeMPEG.Resources\it.lproj\QuickTimeMPEGLocalized.qtr
31/08/2008 0:27:43 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeMPEG.Resources\ja.lproj\QuickTimeMPEGLocalized.qtr
31/08/2008 0:27:43 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeMPEG.Resources\nb.lproj\QuickTimeMPEGLocalized.qtr
31/08/2008 0:27:43 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeMPEG.Resources\ko.lproj\QuickTimeMPEGLocalized.qtr
31/08/2008 0:27:44 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeMPEG.Resources\nl.lproj\QuickTimeMPEGLocalized.qtr
31/08/2008 0:27:45 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeMPEG.Resources\sv.lproj\QuickTimeMPEGLocalized.qtr
31/08/2008 0:27:45 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeMPEG.Resources\zh_CN.lproj\QuickTimeMPEGLocalized.qtr
31/08/2008 0:27:46 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeMPEG.Resources\zh_TW.lproj\QuickTimeMPEGLocalized.qtr
31/08/2008 0:27:47 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeMPEG4.Resources\QuickTimeMPEG4.qtr
31/08/2008 0:27:48 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeMPEG4.Resources\da.lproj\QuickTimeMPEG4Localized.qtr
31/08/2008 0:27:48 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeMPEG4.Resources\de.lproj\QuickTimeMPEG4Localized.qtr
31/08/2008 0:27:49 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeMPEG4.Resources\en.lproj\QuickTimeMPEG4Localized.qtr
31/08/2008 0:27:50 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeMPEG4.Resources\es.lproj\QuickTimeMPEG4Localized.qtr
31/08/2008 0:27:50 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeMPEG4.Resources\fi.lproj\QuickTimeMPEG4Localized.qtr
31/08/2008 0:27:51 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeMPEG4.Resources\fr.lproj\QuickTimeMPEG4Localized.qtr
31/08/2008 0:27:52 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeMPEG4.Resources\it.lproj\QuickTimeMPEG4Localized.qtr
31/08/2008 0:27:52 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeMPEG4.Resources\ja.lproj\QuickTimeMPEG4Localized.qtr
31/08/2008 0:27:53 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeMPEG4.Resources\ko.lproj\QuickTimeMPEG4Localized.qtr
31/08/2008 0:27:54 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeMPEG4.Resources\nb.lproj\QuickTimeMPEG4Localized.qtr
31/08/2008 0:27:54 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeMPEG4.Resources\sv.lproj\QuickTimeMPEG4Localized.qtr
31/08/2008 0:27:54 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeMPEG4.Resources\nl.lproj\QuickTimeMPEG4Localized.qtr
31/08/2008 0:27:56 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeMPEG4.Resources\zh_TW.lproj\QuickTimeMPEG4Localized.qtr
31/08/2008 0:27:56 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeMPEG4.Resources\zh_CN.lproj\QuickTimeMPEG4Localized.qtr
31/08/2008 0:27:56 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeMPEG4Authoring.Resources\QuickTimeMPEG4Authoring.qtr
31/08/2008 0:27:58 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeMPEG4Authoring.Resources\da.lproj\QuickTimeMPEG4AuthoringLocalized.qtr
31/08/2008 0:27:58 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeMPEG4Authoring.Resources\de.lproj\QuickTimeMPEG4AuthoringLocalized.qtr
31/08/2008 0:27:58 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeMPEG4Authoring.Resources\en.lproj\QuickTimeMPEG4AuthoringLocalized.qtr
31/08/2008 0:28:00 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeMPEG4Authoring.Resources\es.lproj\QuickTimeMPEG4AuthoringLocalized.qtr
31/08/2008 0:28:01 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeMPEG4Authoring.Resources\fi.lproj\QuickTimeMPEG4AuthoringLocalized.qtr
31/08/2008 0:28:01 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeMPEG4Authoring.Resources\fr.lproj\QuickTimeMPEG4AuthoringLocalized.qtr
31/08/2008 0:28:01 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeMPEG4Authoring.Resources\it.lproj\QuickTimeMPEG4AuthoringLocalized.qtr
31/08/2008 0:28:02 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeMPEG4Authoring.Resources\ja.lproj\QuickTimeMPEG4AuthoringLocalized.qtr
31/08/2008 0:28:03 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeMPEG4Authoring.Resources\ko.lproj\QuickTimeMPEG4AuthoringLocalized.qtr
31/08/2008 0:28:04 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeMPEG4Authoring.Resources\nb.lproj\QuickTimeMPEG4AuthoringLocalized.qtr
31/08/2008 0:28:04 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeMPEG4Authoring.Resources\nl.lproj\QuickTimeMPEG4AuthoringLocalized.qtr
31/08/2008 0:28:05 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeMPEG4Authoring.Resources\sv.lproj\QuickTimeMPEG4AuthoringLocalized.qtr
31/08/2008 0:28:06 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeMPEG4Authoring.Resources\zh_CN.lproj\QuickTimeMPEG4AuthoringLocalized.qtr
31/08/2008 0:28:06 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeMPEG4Authoring.Resources\zh_TW.lproj\QuickTimeMPEG4AuthoringLocalized.qtr
31/08/2008 0:28:07 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeMusic.Resources\QuickTimeMusic.qtr
31/08/2008 0:28:07 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeMusic.Resources\da.lproj\QuickTimeMusicLocalized.qtr
31/08/2008 0:28:08 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeMusic.Resources\de.lproj\QuickTimeMusicLocalized.qtr
31/08/2008 0:28:09 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeMusic.Resources\en.lproj\QuickTimeMusicLocalized.qtr
31/08/2008 0:28:09 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeMusic.Resources\es.lproj\QuickTimeMusicLocalized.qtr
31/08/2008 0:28:10 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeMusic.Resources\fi.lproj\QuickTimeMusicLocalized.qtr
31/08/2008 0:28:11 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeMusic.Resources\fr.lproj\QuickTimeMusicLocalized.qtr
31/08/2008 0:28:11 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeMusic.Resources\it.lproj\QuickTimeMusicLocalized.qtr
31/08/2008 0:28:12 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeMusic.Resources\ja.lproj\QuickTimeMusicLocalized.qtr
31/08/2008 0:28:13 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeMusic.Resources\ko.lproj\QuickTimeMusicLocalized.qtr
31/08/2008 0:28:13 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeMusic.Resources\nb.lproj\QuickTimeMusicLocalized.qtr
31/08/2008 0:28:14 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeMusic.Resources\nl.lproj\QuickTimeMusicLocalized.qtr
31/08/2008 0:28:14 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeMusic.Resources\sv.lproj\QuickTimeMusicLocalized.qtr
31/08/2008 0:28:15 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeMusic.Resources\zh_CN.lproj\QuickTimeMusicLocalized.qtr
31/08/2008 0:28:16 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeMusic.Resources\zh_TW.lproj\QuickTimeMusicLocalized.qtr
31/08/2008 0:28:17 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeQD3D.Resources\QuickTimeQD3D.qtr
31/08/2008 0:28:17 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeQD3D.Resources\da.lproj\QuickTimeQD3DLocalized.qtr
31/08/2008 0:28:18 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeQD3D.Resources\de.lproj\QuickTimeQD3DLocalized.qtr
31/08/2008 0:28:19 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeQD3D.Resources\en.lproj\QuickTimeQD3DLocalized.qtr
31/08/2008 0:28:19 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeQD3D.Resources\es.lproj\QuickTimeQD3DLocalized.qtr
31/08/2008 0:28:20 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeQD3D.Resources\fi.lproj\QuickTimeQD3DLocalized.qtr
31/08/2008 0:28:20 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeQD3D.Resources\fr.lproj\QuickTimeQD3DLocalized.qtr
31/08/2008 0:28:21 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeQD3D.Resources\it.lproj\QuickTimeQD3DLocalized.qtr
31/08/2008 0:28:21 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeQD3D.Resources\ja.lproj\QuickTimeQD3DLocalized.qtr
31/08/2008 0:28:22 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeQD3D.Resources\ko.lproj\QuickTimeQD3DLocalized.qtr
31/08/2008 0:28:25 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeQD3D.Resources\sv.lproj\QuickTimeQD3DLocalized.qtr
31/08/2008 0:28:25 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeQD3D.Resources\nl.lproj\QuickTimeQD3DLocalized.qtr
31/08/2008 0:28:25 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeQD3D.Resources\nb.lproj\QuickTimeQD3DLocalized.qtr
31/08/2008 0:28:26 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeQD3D.Resources\zh_CN.lproj\QuickTimeQD3DLocalized.qtr
31/08/2008 0:28:27 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeQD3D.Resources\zh_TW.lproj\QuickTimeQD3DLocalized.qtr
31/08/2008 0:28:27 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeStreaming.Resources\QuickTimeStreaming.qtr
31/08/2008 0:28:28 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeStreaming.Resources\da.lproj\QuickTimeStreamingLocalized.qtr
31/08/2008 0:28:29 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeStreaming.Resources\de.lproj\QuickTimeStreamingLocalized.qtr
31/08/2008 0:28:30 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeStreaming.Resources\en.lproj\QuickTimeStreamingLocalized.qtr
31/08/2008 0:28:31 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeStreaming.Resources\es.lproj\QuickTimeStreamingLocalized.qtr
31/08/2008 0:28:32 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeStreaming.Resources\fi.lproj\QuickTimeStreamingLocalized.qtr
31/08/2008 0:28:33 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeStreaming.Resources\fr.lproj\QuickTimeStreamingLocalized.qtr
31/08/2008 0:28:34 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeStreaming.Resources\it.lproj\QuickTimeStreamingLocalized.qtr
31/08/2008 0:28:35 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeStreaming.Resources\ja.lproj\QuickTimeStreamingLocalized.qtr
31/08/2008 0:28:35 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeStreaming.Resources\ko.lproj\QuickTimeStreamingLocalized.qtr
31/08/2008 0:28:36 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeStreaming.Resources\nb.lproj\QuickTimeStreamingLocalized.qtr
31/08/2008 0:28:37 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeStreaming.Resources\nl.lproj\QuickTimeStreamingLocalized.qtr
31/08/2008 0:28:38 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeStreaming.Resources\sv.lproj\QuickTimeStreamingLocalized.qtr
31/08/2008 0:28:39 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeStreaming.Resources\zh_CN.lproj\QuickTimeStreamingLocalized.qtr
31/08/2008 0:28:40 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeStreaming.Resources\zh_TW.lproj\QuickTimeStreamingLocalized.qtr
31/08/2008 0:28:40 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeStreamingAuthoring.Resources\QuickTimeStreamingAuthoring.qtr
31/08/2008 0:28:41 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeStreamingAuthoring.Resources\da.lproj\QuickTimeStreamingAuthoringLocalized.qtr
31/08/2008 0:28:41 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeStreamingAuthoring.Resources\de.lproj\QuickTimeStreamingAuthoringLocalized.qtr
31/08/2008 0:28:42 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeStreamingAuthoring.Resources\en.lproj\QuickTimeStreamingAuthoringLocalized.qtr
31/08/2008 0:28:42 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeStreamingAuthoring.Resources\es.lproj\QuickTimeStreamingAuthoringLocalized.qtr
31/08/2008 0:28:43 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeStreamingAuthoring.Resources\fi.lproj\QuickTimeStreamingAuthoringLocalized.qtr
31/08/2008 0:28:44 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeStreamingAuthoring.Resources\fr.lproj\QuickTimeStreamingAuthoringLocalized.qtr
31/08/2008 0:28:44 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeStreamingAuthoring.Resources\it.lproj\QuickTimeStreamingAuthoringLocalized.qtr
31/08/2008 0:28:44 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeStreamingAuthoring.Resources\ja.lproj\QuickTimeStreamingAuthoringLocalized.qtr
31/08/2008 0:28:45 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeStreamingAuthoring.Resources\ko.lproj\QuickTimeStreamingAuthoringLocalized.qtr
31/08/2008 0:28:45 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeStreamingAuthoring.Resources\nb.lproj\QuickTimeStreamingAuthoringLocalized.qtr
31/08/2008 0:28:45 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeStreamingAuthoring.Resources\nl.lproj\QuickTimeStreamingAuthoringLocalized.qtr
31/08/2008 0:28:47 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeStreamingAuthoring.Resources\sv.lproj\QuickTimeStreamingAuthoringLocalized.qtr
31/08/2008 0:28:47 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeStreamingAuthoring.Resources\zh_CN.lproj\QuickTimeStreamingAuthoringLocalized.qtr
31/08/2008 0:28:47 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeStreamingAuthoring.Resources\zh_TW.lproj\QuickTimeStreamingAuthoringLocalized.qtr
31/08/2008 0:28:49 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeStreamingExtras.Resources\QuickTimeStreamingExtras.qtr
31/08/2008 0:28:49 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeStreamingExtras.Resources\da.lproj\QuickTimeStreamingExtrasLocalized.qtr
31/08/2008 0:28:49 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeStreamingExtras.Resources\de.lproj\QuickTimeStreamingExtrasLocalized.qtr
31/08/2008 0:28:51 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeStreamingExtras.Resources\en.lproj\QuickTimeStreamingExtrasLocalized.qtr
31/08/2008 0:28:51 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeStreamingExtras.Resources\fi.lproj\QuickTimeStreamingExtrasLocalized.qtr
31/08/2008 0:28:51 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeStreamingExtras.Resources\es.lproj\QuickTimeStreamingExtrasLocalized.qtr
31/08/2008 0:28:53 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeStreamingExtras.Resources\fr.lproj\QuickTimeStreamingExtrasLocalized.qtr
31/08/2008 0:28:53 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeStreamingExtras.Resources\it.lproj\QuickTimeStreamingExtrasLocalized.qtr
31/08/2008 0:28:53 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeStreamingExtras.Resources\ja.lproj\QuickTimeStreamingExtrasLocalized.qtr
31/08/2008 0:28:55 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeStreamingExtras.Resources\ko.lproj\QuickTimeStreamingExtrasLocalized.qtr
31/08/2008 0:28:55 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeStreamingExtras.Resources\nl.lproj\QuickTimeStreamingExtrasLocalized.qtr
31/08/2008 0:28:56 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeStreamingExtras.Resources\nb.lproj\QuickTimeStreamingExtrasLocalized.qtr
31/08/2008 0:28:58 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeStreamingExtras.Resources\sv.lproj\QuickTimeStreamingExtrasLocalized.qtr
31/08/2008 0:28:58 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeStreamingExtras.Resources\zh_CN.lproj\QuickTimeStreamingExtrasLocalized.qtr
31/08/2008 0:28:58 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeStreamingExtras.Resources\zh_TW.lproj\QuickTimeStreamingExtrasLocalized.qtr
31/08/2008 0:29:00 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeVR.Resources\da.lproj\QuickTimeVRLocalized.qtr
31/08/2008 0:29:00 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeVR.Resources\QuickTimeVR.qtr
31/08/2008 0:29:00 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeVR.Resources\de.lproj\QuickTimeVRLocalized.qtr
31/08/2008 0:29:02 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeVR.Resources\en.lproj\QuickTimeVRLocalized.qtr
31/08/2008 0:29:02 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeVR.Resources\es.lproj\QuickTimeVRLocalized.qtr
31/08/2008 0:29:02 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeVR.Resources\fi.lproj\QuickTimeVRLocalized.qtr
31/08/2008 0:29:04 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeVR.Resources\it.lproj\QuickTimeVRLocalized.qtr
31/08/2008 0:29:04 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeVR.Resources\fr.lproj\QuickTimeVRLocalized.qtr
31/08/2008 0:29:04 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeVR.Resources\ja.lproj\QuickTimeVRLocalized.qtr
31/08/2008 0:29:06 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeVR.Resources\ko.lproj\QuickTimeVRLocalized.qtr
31/08/2008 0:29:06 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeVR.Resources\nb.lproj\QuickTimeVRLocalized.qtr
31/08/2008 0:29:06 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeVR.Resources\nl.lproj\QuickTimeVRLocalized.qtr
31/08/2008 0:29:07 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeVR.Resources\sv.lproj\QuickTimeVRLocalized.qtr
31/08/2008 0:29:08 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeVR.Resources\zh_CN.lproj\QuickTimeVRLocalized.qtr
31/08/2008 0:29:09 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeVR.Resources\zh_TW.lproj\QuickTimeVRLocalized.qtr
31/08/2008 0:29:09 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeVRAuthoring.Resources\QuickTimeVRAuthoring.qtr
31/08/2008 0:29:11 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeVRAuthoring.Resources\da.lproj\QuickTimeVRAuthoringLocalized.qtr
31/08/2008 0:29:11 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeVRAuthoring.Resources\de.lproj\QuickTimeVRAuthoringLocalized.qtr
31/08/2008 0:29:11 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeVRAuthoring.Resources\en.lproj\QuickTimeVRAuthoringLocalized.qtr
31/08/2008 0:29:12 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeVRAuthoring.Resources\es.lproj\QuickTimeVRAuthoringLocalized.qtr
31/08/2008 0:29:13 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeVRAuthoring.Resources\fi.lproj\QuickTimeVRAuthoringLocalized.qtr
31/08/2008 0:29:13 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeVRAuthoring.Resources\fr.lproj\QuickTimeVRAuthoringLocalized.qtr
31/08/2008 0:29:14 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeVRAuthoring.Resources\it.lproj\QuickTimeVRAuthoringLocalized.qtr
31/08/2008 0:29:14 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeVRAuthoring.Resources\ja.lproj\QuickTimeVRAuthoringLocalized.qtr
31/08/2008 0:29:15 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeVRAuthoring.Resources\ko.lproj\QuickTimeVRAuthoringLocalized.qtr
31/08/2008 0:29:16 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeVRAuthoring.Resources\nl.lproj\QuickTimeVRAuthoringLocalized.qtr
31/08/2008 0:29:16 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeVRAuthoring.Resources\nb.lproj\QuickTimeVRAuthoringLocalized.qtr
31/08/2008 0:29:17 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeVRAuthoring.Resources\sv.lproj\QuickTimeVRAuthoringLocalized.qtr
31/08/2008 0:29:18 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeVRAuthoring.Resources\zh_CN.lproj\QuickTimeVRAuthoringLocalized.qtr
31/08/2008 0:29:18 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeVRAuthoring.Resources\zh_TW.lproj\QuickTimeVRAuthoringLocalized.qtr
31/08/2008 0:29:21 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeWebHelper.Resources\da.lproj\QuickTimeWebHelperLocalized.qtr
31/08/2008 0:29:23 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeWebHelper.Resources\de.lproj\QuickTimeWebHelperLocalized.qtr
31/08/2008 0:29:24 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeWebHelper.Resources\QuickTimeWebHelper.qtr
31/08/2008 0:29:25 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeWebHelper.Resources\en.lproj\QuickTimeWebHelperLocalized.qtr
31/08/2008 0:29:25 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeWebHelper.Resources\es.lproj\QuickTimeWebHelperLocalized.qtr
31/08/2008 0:29:28 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeWebHelper.Resources\fi.lproj\QuickTimeWebHelperLocalized.qtr
31/08/2008 0:29:28 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeWebHelper.Resources\fr.lproj\QuickTimeWebHelperLocalized.qtr
31/08/2008 0:29:31 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeWebHelper.Resources\it.lproj\QuickTimeWebHelperLocalized.qtr
31/08/2008 0:29:31 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeWebHelper.Resources\ja.lproj\QuickTimeWebHelperLocalized.qtr
31/08/2008 0:29:33 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeWebHelper.Resources\ko.lproj\QuickTimeWebHelperLocalized.qtr
31/08/2008 0:29:34 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeWebHelper.Resources\nb.lproj\QuickTimeWebHelperLocalized.qtr
31/08/2008 0:29:35 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeWebHelper.Resources\nl.lproj\QuickTimeWebHelperLocalized.qtr
31/08/2008 0:29:36 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeWebHelper.Resources\sv.lproj\QuickTimeWebHelperLocalized.qtr
31/08/2008 0:29:38 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeWebHelper.Resources\zh_CN.lproj\QuickTimeWebHelperLocalized.qtr
31/08/2008 0:29:38 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QTSystem\QuickTimeWebHelper.Resources\zh_TW.lproj\QuickTimeWebHelperLocalized.qtr
31/08/2008 0:29:39 Detected: http://www.viruslist.com/en/advisories/29293 C:\Archivos de programa\quicktime\QuickTimePlayer.Resources\QuickTimePlayer.qtr
31/08/2008 1:21:45 Detected: Heur.Trojan.Generic C:\Documents and Settings\Propietario\Configuración local\Temp\Rar$EX00.625\Bittorrent_Downloader_1808_CL_DW_0299.EXE/WISE0009.BIN
31/08/2008 1:21:45 Detected: Heur.Trojan.Generic C:\Documents and Settings\Propietario\Configuración local\Temp\Rar$EX02.610\Bittorrent_Downloader_1808_CL_DW_0299.EXE/WISE0009.BIN
31/08/2008 1:21:46 Untreated: Heur.Trojan.Generic C:\Documents and Settings\Propietario\Configuración local\Temp\Rar$EX02.610\Bittorrent_Downloader_1808_CL_DW_0299.EXE/WISE0009.BIN Postponed
31/08/2008 1:21:46 Untreated: Heur.Trojan.Generic C:\Documents and Settings\Propietario\Configuración local\Temp\Rar$EX00.625\Bittorrent_Downloader_1808_CL_DW_0299.EXE/WISE0009.BIN Postponed
31/08/2008 1:21:46 Detected: Heur.Trojan.Generic C:\Documents and Settings\Propietario\Configuración local\Temp\Rar$EX00.625\Bittorrent_Downloader_1808_CL_DW_0299.EXE/WISE0009.BIN
31/08/2008 1:21:46 Detected: Heur.Trojan.Generic C:\Documents and Settings\Propietario\Configuración local\Temp\Rar$EX02.610\Bittorrent_Downloader_1808_CL_DW_0299.EXE/WISE0009.BIN
31/08/2008 2:30:30 Detected: http://www.viruslist.com/en/advisories/25023 C:\Documents and Settings\Propietario\Mis documentos\Pirateo\Photoshop Portable\Portable Adobe Photoshop CS2 v9.0 español\PlugIns\Formatos de archivo\BMP.8BI
31/08/2008 3:19:49 Detected: http://www.viruslist.com/en/advisories/31010 C:\windows\system32\java.exe
31/08/2008 3:19:49 Detected: http://www.viruslist.com/en/advisories/31010 C:\windows\system32\javaws.exe
31/08/2008 3:22:52 Detected: http://www.viruslist.com/en/advisories/29293 C:\windows\system32\QuickTime.qts
31/08/2008 3:36:55 Detected: http://www.viruslist.com/en/advisories/28083 C:\windows\system32\Macromed\Flash\Flash8.ocx
31/08/2008 3:36:55 Detected: http://www.viruslist.com/en/advisories/28083 C:\windows\system32\Macromed\Flash\Flash8b.ocx
31/08/2008 3:36:56 Detected: http://www.viruslist.com/en/advisories/28083 C:\windows\system32\Macromed\Flash\Flash9d.ocx
31/08/2008 4:20:50 Task completed

Thomas

C:\Documents and Settings\Propietario\Mis documentos\Pirateo\Photoshop Portable\Portable Adobe Photoshop CS2 v9.0 español\PlugIns\Formatos de archivo\BMP.8BI

You steal software created by hard working people? That is a crack version of Adobe. It also means I cannot assist you here any longer - the forum does not provide support to people who steal software.

frolma

Hi, I respect your opinion,but you're wrong about me.
I won't try to justify myself to have it.
I think it would be in vain. Any way thanks a lot for your job.

Thomas

Your response is considerate, and by coincidence in other thread work today I do now see methods like this to create portable applications like this. As the majority of Adobe CS versions, especially the more expensive CS3/Dreamweaver software, showing in requests in threads are obvious hack jobs, I do tend to go straight to that as a first decision.

The Kaspersky scan was not very productive - mostly showing advisories on known software vulnerable areas. Good that no active malware was found.

To avoid a repeat of the Kaspersky online scan just bringing on the same issues instead Disable your antivirus program and go here and run an online scan using ESET Online Scanner (you will need to use Internet Explorer for this scan). If you accept the Terms of Use, check the box and click Start. After the ActiveX Control has loaded, it will take a couple minutes for the scanner to get ready. Next, check the following boxes:

Remove found threats
Scan unwanted applications

Click Start. This scan may take a while, so please be patient. A log may open when the scan is complete (if not, go to C:\Program Files\EsetOnlineScanner\ and open the file log.txt). Click Edit - Select All then copy/paste that log back here.

Not quite the same level of current database that Kaspersky maintains but it is okay to check things there now.

Thomas

I will also apologize for any unwarranted remarks about the choices you might make.

frolma

Hi again, you need not apologise for anything ,you've taken a very lofty position
Thanks to help me again.
I've read, it can be a spybot variant. Would it be possible?
Here's the Eset's log

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3407 (20080902)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=976d8da343ae9546bd55bf58c0281373
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-09-02 07:50:17
# local_time=2008-09-02 09:50:17 (+0100, Hora de verano romance)
# country="Spain"
# osver=5.1.2600 NT Service Pack 2
# scanned=390174
# found=2
# scan_time=16683
C:\Documents and Settings\Propietario\Datos de programa\Sun\Java\Deployment\cache\javapi\v1.0\file\animan.class-42a3cd7b-367ebd70.class Java/TrojanDownloader.OpenStream.NAC trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\11.CPX a variant of Win32/Spy.Silentbanker trojan (unable to clean - deleted) 00000000000000000000000000000000

Thomas

Not sure what you meant by "spybot variant" - the infection?

One of those .CPX files picked up in that. Just to be sure we get all duplicates do this please.

Go to Start > Run and type:

cmd.exe

and ok. Copy and paste the below string after the prompt, then press Enter:

dir /s /a "c:\*.cpx*" > c:\find.txt && notepad c:\find.txt

Your drive will be scanned and when finished, Notepad will pop up with some information. Copy and paste it in this thread.

Once that Notepad textbox opens, also click at the prompt in the still open command console window and type exit to close that.

frolma

Hi,in the previous post i made a mistake.Where I said "spybot" I wanted
to say "sdbot" .These days I'm reading a lot about malware.
I say sdbot because I've found in my win reg. a file connected whit it.
HKEY CURRENT USER /software/Microsoft/search assistant/Acmru/5603/
Msdirectx.sys. I can't find it in my windows directory
For the moment I haven't deleted it. I'm waiting for your advice

Thomas

The infection is showing as removed, but we are just checking now for remaining files.

That's a hidden search auto-complete registry entry, created when that file name was searched for. These are encrypted as well in ROT13, meaningless and harmless more or less. Just a list item among many the user doesn't see.

Did you do the cmd file search yet?

frolma

Hi, and sorry, here's find.txt

El volumen de la unidad C no tiene etiqueta.
El n£mero de serie del volumen es: F084-9B57
Directorio de c:\WINDOWS\system32
02/09/2008 16:57 298 112.CPX
02/09/2008 16:57 408 121.CPX
02/03/2006 14:00 2.151 12520437.cpx
02/03/2006 14:00 2.233 12520850.cpx
17/04/2007 21:54 326 37407285612.CPX
20/04/2007 18:54 1.626 37407285631.CPX
6 archivos 7.042 bytes
Directorio de c:\WINDOWS\system32\dllcache
02/03/2006 14:00 2.151 12520437.cpx
02/03/2006 14:00 2.233 12520850.cpx
2 archivos 4.384 bytes
Directorio de c:\_OTMoveIt\MovedFiles\08302008_192308\WINDOWS\System32
28/08/2008 19:14 290 112.CPX
28/08/2008 19:14 422 121.CPX
2 archivos 712 bytes
Total de archivos en la lista:
10 archivos 12.138 bytes
0 dirs 40.194.453.504 bytes libres

Thomas

Hmmm - the files we removed earlier using OTMoveIt show as still there now. I would like to check copies of those to see if I can determine their use there, before we just go through some removal step again.


Make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"

Then locate the following hilighted folder, zip a copy of it (the entire folder), and send it to [noparse]jintan@cfl.rr.com[/noparse] as an attachment. Please place "Submitted Files-frolma-Icrontic" as the email Subject.

c:\_OTMoveIt\MovedFiles\08302008_192308\WINDOWS\System32

frolma

System32 has already been sent.

Thomas

I received the file, thanks. Provided at least one bit of additional info to check, but not much. One is a numerical list - perhaps a part of an algorithm or crypt key, and the other only contained a short script of encrypted code. But the first file did have some numbers point to a CLSID we can surely check for. And as there are similar but older files there perhaps then can add some info as well.


Close all browsers and open windows, and do a search ( Start - Search/Find - Files or Folders) for the following hilighted files/folders (shown in Bold), and if found, right click each and Rename it by adding ".old" to the name (so 112.CPX becomes 112.CPX.old).

c:\WINDOWS\system32\112.CPX
c:\WINDOWS\system32\121.CPX

---

Then open Notepad, type anything in the text area to give it content, and save that as the following files in the following locations:

c:\WINDOWS\system32\112.CPX
c:\WINDOWS\system32\121.CPX

Save each as "Save as type: All Files". So type something like "sdidfjeoreo" in an open Notepad and save it with the same name as a file you just changed. Just to keep the actual files out of play, and give whatever seems to want to recreate them something to see in their place.

---

Then zip a copy of the following files and again send them to me as an attachment please:

c:\WINDOWS\system32\dllcache\12520437.cpx
c:\WINDOWS\system32\dllcache\12520850.cpx

---

Click here to download Bobbi Flekman's Regsearch.zip to your desktop. Then unzip that, and click on the regsearch.exe to run the tool. In the display panel, copy and paste the following into the upper box:

8D20F8F8-C517-4B80-B803-63E1A62DA46B

Then click Okay. Once the scan completes a textbox will open - copy/paste those contents back here please (the RegSearch.txt log can also be found in the same location as the regearch.exe file you clicked).

frolma

Hi, uffffffffffff ! all is done (I think)


Windows Registry Editor Version 5.00
; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0
; Results at 05/09/2008 11:32:05 for strings:
; '8d20f8f8-c517-4b80-b803-63e1a62da46b'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS

; End Of The Log...

Thomas

[Windows Latin 1/437 (English)]
130:44
131:159
132:44

[Windows Latin 1(1252)/850 (Multilingual-Latin 1)]
130:44
131:159
132:44

Character translation/Code Page Translation Files. If you have been using any language translation software while we have been doing this work it would explain the recreation of the other ".cpx" files as well. Which suggests these are perhaps unfamiliar files but surely not malicious files.

However two scans have picked up similar files as malware. Since no other infection activity is showing here I will check with the Malwarebytes team and ask why their scan targeted those other files. Are there any problems or issues occurring there right now?

frolma

Well.....i just connect to my office bank and false screen still appears.
I've also tried safe mode and after one minut,more or less, my pc shuts down.
Sometimes my pc works very slow,especially when I try to see more than one video in youtube,for example.

Thomas

I wasn't aware you were attempting any bank access things there right now. I would never recommend doing any secure access or transactions on the same system torrent software is in use. All torrent users eventually download infection , and often of the type that seeks out and offloads personal data like bank information. The infection located so far is all related to trojan banker/spyware activities.

Be sure to go to a different computer and change all secure logins and passwords as soon as possible.


The scans are not picking up the active infection that still remains however, and unfortunately the one that lately stays the most current on these type infections is the Kaspersky online scan. I also do not know what this installed, and do not know what installed software there may include the infection in it's files and functions:

31/08/2008 1:21:46 Detected: Heur.Trojan.Generic C:\Documents and Settings\Propietario\Configuración local\Temp\Rar$EX02.610\Bittorrent_Downloader_1808_CL_DW_0299.EXE/WISE0009.BIN

@ECHO OFF
if exist winkey.txt del winkey.txt 
REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32" > winkey.txt
notepad winkey.txt

Open Notepad (Start - Run, type notepad and press Enter).

Copy/paste the above text into the open text box, then save this to your desktop as "newcheck.bat"

Be sure to include the "" quotes in the name. Then click on newcheck.bat. When the scan completes a textbox will open - copy/paste those contents back here please.

---

Download gmer.zip from here. Once downloaded, doubleclick on gmer.zip and unzip the file to its own folder.

When you have done this, doubleclick on Gmer.exe to run it.

Under the Rootkit/Malware tab look at the righthand side (under Files) and uncheck all drives with the exception of your C drive and then click on Scan (before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.