--- Search result list --- Smitfraud-C.: Configuración del usuario (Cambio en el registro, fixing failed) HKEY_USERS\S-1-5-21-426764551-1647371527-101265881-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\20x2p.com\*!=W=4 Smitfraud-C.: Configuración del usuario (Cambio en el registro, fixing failed) HKEY_USERS\S-1-5-21-426764551-1647371527-101265881-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\75tz.com\*!=W=4 Smitfraud-C.: Configuración del usuario (Cambio en el registro, fixing failed) HKEY_USERS\S-1-5-21-426764551-1647371527-101265881-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adulthell.com\*!=W=4 Smitfraud-C.: Configuración del usuario (Cambio en el registro, fixing failed) HKEY_USERS\S-1-5-21-426764551-1647371527-101265881-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\awmdabest.com\*!=W=4 Smitfraud-C.: Configuración del usuario (Cambio en el registro, fixing failed) HKEY_USERS\S-1-5-21-426764551-1647371527-101265881-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bin.wordsx.cc\*!=W=4 Smitfraud-C.: Configuración del usuario (Cambio en el registro, fixing failed) HKEY_USERS\S-1-5-21-426764551-1647371527-101265881-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cc20foreva.com\*!=W=4 Smitfraud-C.: Configuración del usuario (Cambio en el registro, fixing failed) HKEY_USERS\S-1-5-21-426764551-1647371527-101265881-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\crl.thawte.com\*!=W=4 Smitfraud-C.: Configuración del usuario (Cambio en el registro, fixing failed) HKEY_USERS\S-1-5-21-426764551-1647371527-101265881-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\datingforlove.org\*!=W=4 Smitfraud-C.: Configuración del usuario (Cambio en el registro, fixing failed) HKEY_USERS\S-1-5-21-426764551-1647371527-101265881-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\dl.ad-ware.cc\*!=W=4 Smitfraud-C.: Configuración del usuario (Cambio en el registro, fixing failed) HKEY_USERS\S-1-5-21-426764551-1647371527-101265881-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\e-finder.cc\*!=W=4 Smitfraud-C.: Configuración del usuario (Cambio en el registro, fixing failed) HKEY_USERS\S-1-5-21-426764551-1647371527-101265881-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ewizard.cc\*!=W=4 Smitfraud-C.: Configuración del usuario (Cambio en el registro, fixing failed) HKEY_USERS\S-1-5-21-426764551-1647371527-101265881-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\fast-look.com\*!=W=4 Smitfraud-C.: Configuración del usuario (Cambio en el registro, fixing failed) HKEY_USERS\S-1-5-21-426764551-1647371527-101265881-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-spy-cam.net\*!=W=4 Smitfraud-C.: Configuración del usuario (Cambio en el registro, fixing failed) HKEY_USERS\S-1-5-21-426764551-1647371527-101265881-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\fuck-fuck.org\*!=W=4 Smitfraud-C.: Configuración del usuario (Cambio en el registro, fixing failed) HKEY_USERS\S-1-5-21-426764551-1647371527-101265881-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ga31.com\*!=W=4 Smitfraud-C.: Configuración del usuario (Cambio en el registro, fixing failed) HKEY_USERS\S-1-5-21-426764551-1647371527-101265881-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\greg-tut.com\*!=W=4 Smitfraud-C.: Configuración del usuario (Cambio en el registro, fixing failed) HKEY_USERS\S-1-5-21-426764551-1647371527-101265881-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\letgohome.com\*!=W=4 Smitfraud-C.: Configuración del usuario (Cambio en el registro, fixing failed) HKEY_USERS\S-1-5-21-426764551-1647371527-101265881-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\love-catalog.net\*!=W=4 Smitfraud-C.: Configuración del usuario (Cambio en el registro, fixing failed) HKEY_USERS\S-1-5-21-426764551-1647371527-101265881-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\makechoice.com\*!=W=4 Smitfraud-C.: Configuración del usuario (Cambio en el registro, fixing failed) HKEY_USERS\S-1-5-21-426764551-1647371527-101265881-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\meetyourfriend.biz\*!=W=4 Smitfraud-C.: Configuración del usuario (Cambio en el registro, fixing failed) HKEY_USERS\S-1-5-21-426764551-1647371527-101265881-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\msnprotection.com\*!=W=4 Smitfraud-C.: Configuración del usuario (Cambio en el registro, fixing failed) HKEY_USERS\S-1-5-21-426764551-1647371527-101265881-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\new.8ad.com\*!=W=4 Smitfraud-C.: Configuración del usuario (Cambio en el registro, fixing failed) HKEY_USERS\S-1-5-21-426764551-1647371527-101265881-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\rf104.com\*!=W=4 Smitfraud-C.: Configuración del usuario (Cambio en el registro, fixing failed) HKEY_USERS\S-1-5-21-426764551-1647371527-101265881-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\s13.remove.cc\*!=W=4 Smitfraud-C.: Configuración del usuario (Cambio en el registro, fixing failed) HKEY_USERS\S-1-5-21-426764551-1647371527-101265881-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\s13.tempx.cc\*!=W=4 Smitfraud-C.: Configuración del usuario (Cambio en el registro, fixing failed) HKEY_USERS\S-1-5-21-426764551-1647371527-101265881-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\s2.kav.cc\*!=W=4 Smitfraud-C.: Configuración del usuario (Cambio en el registro, fixing failed) HKEY_USERS\S-1-5-21-426764551-1647371527-101265881-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\solongas.com\*!=W=4 Smitfraud-C.: Configuración del usuario (Cambio en el registro, fixing failed) HKEY_USERS\S-1-5-21-426764551-1647371527-101265881-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\super-spider.com\*!=W=4 Smitfraud-C.: Configuración del usuario (Cambio en el registro, fixing failed) HKEY_USERS\S-1-5-21-426764551-1647371527-101265881-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\t34rulit.com\*!=W=4 Smitfraud-C.: Configuración del usuario (Cambio en el registro, fixing failed) HKEY_USERS\S-1-5-21-426764551-1647371527-101265881-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\terra.hcworld.com\*!=W=4 Smitfraud-C.: Configuración del usuario (Cambio en el registro, fixing failed) HKEY_USERS\S-1-5-21-426764551-1647371527-101265881-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\toprefsys.com\*!=W=4 Smitfraud-C.: Configuración del usuario (Cambio en el registro, fixing failed) HKEY_USERS\S-1-5-21-426764551-1647371527-101265881-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\trackhits.cc\*!=W=4 Smitfraud-C.: Configuración del usuario (Cambio en el registro, fixing failed) HKEY_USERS\S-1-5-21-426764551-1647371527-101265881-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tracking.allposters.com\*!=W=4 Smitfraud-C.: Configuración del usuario (Cambio en el registro, fixing failed) HKEY_USERS\S-1-5-21-426764551-1647371527-101265881-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tracktraff.cc\*!=W=4 Smitfraud-C.: Configuración del usuario (Cambio en el registro, fixing failed) HKEY_USERS\S-1-5-21-426764551-1647371527-101265881-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\u45.cx\*!=W=4 Smitfraud-C.: Configuración del usuario (Cambio en el registro, fixing failed) HKEY_USERS\S-1-5-21-426764551-1647371527-101265881-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\u46.cx\*!=W=4 Smitfraud-C.: Configuración del usuario (Cambio en el registro, fixing failed) HKEY_USERS\S-1-5-21-426764551-1647371527-101265881-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\u47.cc\*!=W=4 Smitfraud-C.: Configuración del usuario (Cambio en el registro, fixing failed) HKEY_USERS\S-1-5-21-426764551-1647371527-101265881-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\u48.cc\*!=W=4 Smitfraud-C.: Configuración del usuario (Cambio en el registro, fixing failed) HKEY_USERS\S-1-5-21-426764551-1647371527-101265881-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\v-224.com\*!=W=4 Smitfraud-C.: Configuración del usuario (Cambio en el registro, fixing failed) HKEY_USERS\S-1-5-21-426764551-1647371527-101265881-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\veryeasysearch.com\*!=W=4 Smitfraud-C.: Configuración del usuario (Cambio en el registro, fixing failed) HKEY_USERS\S-1-5-21-426764551-1647371527-101265881-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\visitfriend.net\*!=W=4 Smitfraud-C.: Configuración del usuario (Cambio en el registro, fixing failed) HKEY_USERS\S-1-5-21-426764551-1647371527-101265881-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\vparivalka.com\*!=W=4 Smitfraud-C.: Configuración del usuario (Cambio en el registro, fixing failed) HKEY_USERS\S-1-5-21-426764551-1647371527-101265881-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\vv7.al.57e.net\*!=W=4 Smitfraud-C.: Configuración del usuario (Cambio en el registro, fixing failed) HKEY_USERS\S-1-5-21-426764551-1647371527-101265881-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webpidor.biz\*!=W=4 Smitfraud-C.: Configuración del usuario (Cambio en el registro, fixing failed) HKEY_USERS\S-1-5-21-426764551-1647371527-101265881-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\win-eto.com\*!=W=4 Smitfraud-C.: Configuración del usuario (Cambio en el registro, fixing failed) HKEY_USERS\S-1-5-21-426764551-1647371527-101265881-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\www.6o9.com\*!=W=4 Smitfraud-C.: Configuración del usuario (Cambio en el registro, fixing failed) HKEY_USERS\S-1-5-21-426764551-1647371527-101265881-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\www.niger.ru\*!=W=4 HitsLink: Cookie de seguimiento (Internet Explorer: Acer) (Cookie, fixed) --- Spybot - Search & Destroy version: 1.4 (build: 20050523) --- 2005-05-31 blindman.exe (1.0.0.1) 2005-05-31 SpybotSD.exe (1.4.0.3) 2005-05-31 TeaTimer.exe (1.4.0.2) 2005-05-31 Update.exe (1.4.0.0) 2005-07-12 unins000.exe (51.41.0.0) 2005-05-31 advcheck.dll (1.0.2.0) 2005-05-31 aports.dll (2.1.0.0) 2005-05-31 borlndmm.dll (7.0.4.453) 2005-05-31 delphimm.dll (7.0.4.453) 2005-05-31 SDHelper.dll (1.4.0.0) 2005-05-31 Tools.dll (2.0.0.2) 2005-05-31 UnzDll.dll (1.73.1.1) 2005-05-31 ZipDll.dll (1.73.2.0) 2005-04-26 Includes\Cookies.sbi (*) 2005-07-29 Includes\Dialer.sbi (*) 2005-08-04 Includes\Hijackers.sbi (*) 2005-06-23 Includes\Keyloggers.sbi (*) 2005-08-04 Includes\Malware.sbi (*) 2005-04-27 Includes\Revision.sbi (*) 2005-08-02 Includes\Security.sbi (*) 2005-08-04 Includes\Spybots.sbi (*) 2005-08-04 Includes\Trojans.sbi (*) 2005-02-17 Includes\Tracks.uti 2004-11-29 Includes\LSP.sbi (*) 2003-03-16 Includes\plugin-ignore.ini 2005-08-04 Includes\PUPS.sbi (*) 2003-10-29 Includes\Temporary.sbi (*) --- System information --- Windows XP (Build: 2600) Service Pack 1 / DataAccess: Security Update for Microsoft Data Access Components / Windows Media Player: Revisión del Reproductor de Windows Media [consulte Q828026 para obtener más información] / Windows Media Player / SP0: Revisión del Reproductor de Windows Media [consulte Q828026 para obtener más información] / Windows XP / SP1: Windows XP Service Pack 1a / Windows XP / SP2: Revisión de Windows XP - KB823182 / Windows XP / SP2: Revisión de Windows XP - KB823980 / Windows XP / SP2: Revisión de Windows XP - KB824105 / Windows XP / SP2: Revisión de Windows XP - KB824141 / Windows XP / SP2: Revisión de Windows XP - KB824146 / Windows XP / SP2: Revisión de Windows XP - KB825119 / Windows XP / SP2: Revisión de Windows XP - KB826939 / Windows XP / SP2: Revisión de Windows XP - KB828028 / Windows XP / SP2: Revisión de Windows XP - KB828035 / Windows XP / SP2: Paquete de revisión de Windows XP [Consulte q329256 para obtener más información ] / Windows XP / SP2: Paquete de revisión de Windows XP [Consulte Q329692 para obtener más información ] / Windows XP / SP2: Revisión de Windows XP (SP2) Q819696 --- Startup entries list --- Located: HK_LM:Run, command: file: Located: HK_LM:Run, ATIPTA command: C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe file: C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe size: 294912 MD5: ed37ec2f1c864803a1adf0429ce16475 Located: HK_LM:Run, HTpatch command: C:\WINDOWS\htpatch.exe file: C:\WINDOWS\htpatch.exe size: 28672 MD5: 80a2e031e64e1d00ad6693ca45425c2f Located: HK_LM:Run, iRiver Updater command: C:\Archivos de programa\iRiver\iRiver Manager\Updater\Updater.exe file: C:\Archivos de programa\iRiver\iRiver Manager\Updater\Updater.exe size: 204800 MD5: 5f49a87c4a1034836de146c56425db0a Located: HK_LM:Run, kdx command: C:\WINDOWS\kdx\KHost.exe file: C:\WINDOWS\kdx\KHost.exe size: 1757184 MD5: 3a0b1b2019386767f3e141ee4431224d Located: HK_LM:Run, Logitech Utility command: Logi_MwX.Exe file: C:\WINDOWS\Logi_MwX.Exe size: 19968 MD5: e57163001c8a279ab6b1a06b5834a463 Located: HK_LM:Run, MULTIMEDIA KEYBOARD command: C:\Archivos de programa\Keymaestro\Multimedia Keyboard\MMKeybd.exe file: C:\Archivos de programa\Keymaestro\Multimedia Keyboard\MMKeybd.exe size: 176128 MD5: 00132f7d7f3f673e2e3c91467be5a3dd Located: HK_LM:Run, NAV Agent command: C:\ARCHIV~1\NORTON~1\navapw32.exe file: C:\ARCHIV~1\NORTON~1\navapw32.exe size: 79480 MD5: 64c1cee7ea1344849965240c8a6c33fa Located: HK_LM:Run, o2cd command: C:\Archivos de programa\O2Micro\AudioDJ\o2cd.exe file: C:\Archivos de programa\O2Micro\AudioDJ\o2cd.exe size: 36864 MD5: ee235f0c382cb3208a6dfe10f279948e Located: HK_LM:Run, QuickTime Task command: "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime file: C:\Archivos de programa\QuickTime\qttask.exe size: 77824 MD5: a997e887c720e1a0472b11bd2c01a8e8 Located: HK_LM:Run, SoundMan command: SOUNDMAN.EXE file: C:\WINDOWS\SOUNDMAN.EXE size: 46592 MD5: 491b29d2495c5f69b23e449f8eee2d4a Located: HK_LM:Run, SSC_UserPrompt command: C:\Archivos de programa\Archivos comunes\Symantec Shared\Security Center\UsrPrmpt.exe file: C:\Archivos de programa\Archivos comunes\Symantec Shared\Security Center\UsrPrmpt.exe size: 218240 MD5: 391327c8d4b5c9d4967c719bcf43a668 Located: HK_LM:Run, Symantec NetDriver Monitor command: C:\ARCHIV~1\SYMNET~1\SNDMon.exe /Consumer file: C:\ARCHIV~1\SYMNET~1\SNDMon.exe size: 100056 MD5: f9418981ee4d7e995d359833adab59d5 Located: HK_LM:Run, TkBellExe command: "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot file: C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe size: 151597 MD5: a05da809ac0d86d916d09e3a908d3a06 Located: HK_LM:Run, WinampAgent command: "C:\Archivos de programa\Winamp3\winampa.exe" file: Located: HK_LM:Run, zBrowser Launcher command: C:\Archivos de programa\Logitech\iTouch\iTouch.exe file: C:\Archivos de programa\Logitech\iTouch\iTouch.exe size: 892928 MD5: 2e2400a4341e891abffa553bfd39161b Located: HK_LM:RunOnceEx, command: file: Located: HK_CU:Run, command: file: Located: HK_CU:Run, a-squared command: "C:\Archivos de programa\a2\a2guard.exe" file: C:\Archivos de programa\a2\a2guard.exe size: 1144320 MD5: a0eba67501c05fd5c95797924f40c400 Located: HK_CU:Run, ATI Launchpad command: "C:\Archivos de programa\ATI Multimedia\main\launchPd.EXE" file: C:\Archivos de programa\ATI Multimedia\main\launchPd.EXE size: 106570 MD5: de78cd4afd1fab852bce880ed0a46482 Located: HK_CU:Run, ATI Remote Control command: C:\Archivos de programa\ATI Multimedia\RemCtrl\ATIX10.exe file: C:\Archivos de programa\ATI Multimedia\RemCtrl\ATIX10.exe size: 159744 MD5: 2b4c44504205463e6b14ef72d9967a9d Located: HK_CU:Run, MediaScheduler command: C:\Archivos de programa\J River\Media Center\Media Scheduler.exe file: C:\Archivos de programa\J River\Media Center\Media Scheduler.exe size: 454656 MD5: fd63fe7ffa353d08fbc39afd291be73f Located: Inicio (común), hp psc 2000 Series.lnk command: C:\Archivos de programa\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe file: C:\Archivos de programa\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe size: 323646 MD5: 76266fcb3ec2e37c7b6477d6ba1e7869 Located: Inicio (común), hpoddt01.exe.lnk command: C:\Archivos de programa\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe file: C:\Archivos de programa\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe size: 28672 MD5: a564a22308a3f55235ba2478ee82992d Located: Inicio (común), Microsoft Office.lnk command: C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE file: C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE size: 83360 MD5: 5bc65464354a9fd3beaa28e18839734a Located: Inicio (común), Software Kodak EasyShare.lnk command: C:\Archivos de programa\Kodak\Kodak EasyShare software\bin\EasyShare.exe file: C:\Archivos de programa\Kodak\Kodak EasyShare software\bin\EasyShare.exe size: 614536 MD5: 1271f954e488bce02d6d8db5b37b5fe2 Located: WinLogon, crypt32chain command: crypt32.dll file: crypt32.dll Located: WinLogon, cryptnet command: cryptnet.dll file: cryptnet.dll Located: WinLogon, cscdll command: cscdll.dll file: cscdll.dll Located: WinLogon, ScCertProp command: wlnotify.dll file: wlnotify.dll Located: WinLogon, Schedule command: wlnotify.dll file: wlnotify.dll Located: WinLogon, sclgntfy command: sclgntfy.dll file: sclgntfy.dll Located: WinLogon, SensLogn command: WlNotify.dll file: WlNotify.dll Located: WinLogon, termsrv command: wlnotify.dll file: wlnotify.dll Located: WinLogon, wlballoon command: wlnotify.dll file: wlnotify.dll --- Browser helper object list --- --- ActiveX list --- DirectAnimation Java Classes (DirectAnimation Java Classes) DPF name: DirectAnimation Java Classes CLSID name: Installer: Codebase: file://C:\WINDOWS\Java\classes\dajava.cab description: classification: Legitimate known filename: %WINDIR%\Java\classes\dajava.cab info link: info source: Patrick M. Kolla Microsoft XML Parser for Java (Microsoft XML Parser for Java) DPF name: Microsoft XML Parser for Java CLSID name: Installer: Codebase: file://C:\WINDOWS\Java\classes\xmldso.cab description: classification: Legitimate known filename: %WINDIR%\Java\classes\xmldso.cab info link: info source: Patrick M. Kolla {0585238B-9CA6-4CCB-A9B2-FE4BA495E880} (AXWebMon Control) DPF name: CLSID name: AXWebMon Control Installer: C:\WINDOWS\Downloaded Program Files\AXWebMonProj1.inf Codebase: http://www.smilecam.com/home/ezwebcam/eng5/common/AXWebMonProj1.cab Path: C:\WINDOWS\DOWNLO~1\ Long name: AXWebMonProj1.ocx Short name: AXWEBM~1.OCX Date (created): 05/12/2002 12:50:14 Date (last access): 07/08/2005 Date (last write): 05/12/2002 12:50:14 Filesize: 489472 Attributes: archive MD5: 243B58E045095F866A6EC75F41221C05 CRC32: C22F6764 Version: 1.0.0.17 {0957C19A-D854-482A-A4F9-18856C723D7D} (XNC600NetCam Control) DPF name: CLSID name: XNC600NetCam Control Installer: C:\WINDOWS\Downloaded Program Files\XNC600NetCam.inf Codebase: http://80.38.190.62/XNC600NetCam.cab Path: C:\WINDOWS\DOWNLO~1\ Long name: XNC600NetCam.ocx Short name: XNC600~1.OCX Date (created): 09/10/2003 11:24:08 Date (last access): 07/08/2005 Date (last write): 09/10/2003 11:24:08 Filesize: 312304 Attributes: archive MD5: 3F52BD05988744D2F28A01DAF0526AE0 CRC32: AFFDA562 Version: 2.0.7.1 {33564D57-0000-0010-8000-00AA00389B71} () DPF name: CLSID name: Installer: C:\WINDOWS\Downloaded Program Files\WMV9VCM.inf Codebase: http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) DPF name: CLSID name: Office Update Installation Engine Installer: C:\WINDOWS\Downloaded Program Files\opuc.inf Codebase: http://office.microsoft.com/officeupdate/content/opuc.cab Path: C:\WINDOWS\ Long name: opuc.dll Short name: Date (created): 27/08/2003 04:10:30 Date (last access): 07/08/2005 Date (last write): 27/08/2003 04:10:30 Filesize: 314368 Attributes: archive MD5: 1E32EC4A8A17B19926B49EA5F6B79A76 CRC32: E98FC293 Version: 11.0.5626.0 {41F17733-B041-4099-A042-B518BB6A408C} () DPF name: CLSID name: Installer: Codebase: http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe description: QuickTime Installation classification: Legitimate known filename: QuickTimeInstaller.exe info link: info source: JavaCool {685BD16B-509F-4521-B4D3-E0CFB75CCC9B} (Dxviewer Control) DPF name: CLSID name: Dxviewer Control Installer: C:\WINDOWS\Downloaded Program Files\Dxv25.inf Codebase: http://80.34.10.43:81/download/dxv25.cab Path: C:\WINDOWS\System32\ Long name: dxv25.ocx Short name: Date (created): 01/12/2003 14:59:42 Date (last access): 07/08/2005 Date (last write): 01/12/2003 14:59:42 Filesize: 651264 Attributes: archive MD5: BFF9E496CF4FC8B906D3E15714019AEB CRC32: A68ECAA7 Version: 1.3.0.1 {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) DPF name: CLSID name: ActiveScan Installer Class Installer: C:\WINDOWS\Downloaded Program Files\asinst.inf Codebase: http://www.pandasoftware.com/activescan/as5free/asinst.cab Path: C:\WINDOWS\Downloaded Program Files\ Long name: asinst.dll Short name: Date (created): 01/08/2005 08:16:40 Date (last access): 07/08/2005 Date (last write): 01/08/2005 08:16:40 Filesize: 135168 Attributes: archive MD5: 48940CD1925A3616B8002B42540CD64C CRC32: 1CF9E9D6 Version: 57.8.0.0 {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) DPF name: CLSID name: Update Class Installer: C:\WINDOWS\Downloaded Program Files\iuctl.inf Codebase: http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37863.3666087963 description: Windows Update classification: Legitimate known filename: %WINDIR%\System32\iuctl.dll,iuengine.dll info link: info source: Patrick M. Kolla Path: C:\WINDOWS\System32\ Long name: iuctl.dll Short name: Date (created): 25/08/2003 18:06:50 Date (last access): 07/08/2005 Date (last write): 25/08/2003 18:06:50 Filesize: 115808 Attributes: archive MD5: 8757E24D6B002FD7E9EF3A6DF697BA57 CRC32: C4F85003 Version: 5.4.3790.14 {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) DPF name: CLSID name: Shockwave Flash Object Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf Codebase: http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab description: Macromedia Shockwave Flash Player classification: Legitimate known filename: info link: info source: Patrick M. Kolla Path: C:\WINDOWS\System32\macromed\flash\ Long name: Flash.ocx Short name: FLASH.OCX Date (created): 08/12/2003 14:01:58 Date (last access): 07/08/2005 Date (last write): 08/12/2003 14:01:58 Filesize: 933888 Attributes: archive MD5: F7E435D02F7A48120B746E33254A70BC CRC32: 02AF493D Version: 7.0.19.0 {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) DPF name: CLSID name: Secure Delivery Installer: C:\WINDOWS\Downloaded Program Files\kdx.inf Codebase: http://www.gamespot.com/KDX22/download/kdx.cab --- Process list --- PID: 0 ( 0) [System] PID: 652 ( 4) \SystemRoot\System32\smss.exe PID: 708 ( 652) \??\C:\WINDOWS\system32\csrss.exe PID: 736 ( 652) \??\C:\WINDOWS\system32\winlogon.exe PID: 780 ( 736) C:\WINDOWS\system32\services.exe size: 101888 MD5: ACC8572712929FCF02326274DEBB1CE8 PID: 792 ( 736) C:\WINDOWS\system32\lsass.exe size: 11776 MD5: 125B40A5FDED8FCFB343207D0975E020 PID: 952 ( 780) C:\WINDOWS\system32\svchost.exe size: 12800 MD5: A4750C0EC60195A38C88721C4A5C93AA PID: 1000 ( 780) C:\WINDOWS\System32\svchost.exe size: 12800 MD5: A4750C0EC60195A38C88721C4A5C93AA PID: 1100 ( 780) C:\WINDOWS\System32\svchost.exe size: 12800 MD5: A4750C0EC60195A38C88721C4A5C93AA PID: 1148 ( 780) C:\WINDOWS\System32\svchost.exe size: 12800 MD5: A4750C0EC60195A38C88721C4A5C93AA PID: 1276 ( 780) C:\WINDOWS\system32\spoolsv.exe size: 51200 MD5: 0DC4E2ABE070D0E25E7C89CCE6610D6F PID: 1408 ( 780) C:\Archivos de programa\Keymaestro\Multimedia Keyboard\nhksrv.exe size: 28672 MD5: 522215532916836B9CA19EE30658F3C1 PID: 1428 ( 780) C:\WINDOWS\System32\CTSvcCDA.EXE size: 44032 MD5: 3C8B6609712F4FF78E521F6DCFC4032B PID: 1448 ( 780) C:\Archivos de programa\ewido\security suite\ewidoctrl.exe size: 16448 MD5: 867D9D1FA818F8629BB7A4A26E94B06A PID: 1480 ( 780) C:\WINDOWS\system32\drivers\KodakCCS.exe size: 294972 MD5: A97812A623D23727E50F501F95719B23 PID: 1508 ( 780) C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe size: 270336 MD5: 4F0079377DCE09383958ABCC2E827750 PID: 1536 ( 780) C:\Archivos de programa\Norton AntiVirus\navapsvc.exe size: 116344 MD5: 53BE818271D60AD04F348DB4902F32BC PID: 1716 ( 780) C:\WINDOWS\System32\ScsiAccess.EXE size: 181312 MD5: ED9C5CF6CC611EC8AC4A77C3F58F0601 PID: 1744 ( 780) C:\WINDOWS\System32\svchost.exe size: 12800 MD5: A4750C0EC60195A38C88721C4A5C93AA PID: 1796 ( 780) C:\WINDOWS\System32\wdfmgr.exe size: 38912 MD5: AB0A7CA90D9E3D6A193905DC1715DED0 PID: 1852 ( 780) C:\WINDOWS\System32\MsPMSPSv.exe size: 53520 MD5: 581176F60885AEF8F78C6E38DCC3CDF9 PID: 556 ( 508) C:\WINDOWS\Explorer.EXE size: 1006592 MD5: 64764B2B0B0314932AA8EC10C30EB2AE PID: 700 ( 556) C:\WINDOWS\SOUNDMAN.EXE size: 46592 MD5: 491B29D2495C5F69B23E449F8EEE2D4A PID: 108 ( 556) C:\Archivos de programa\O2Micro\AudioDJ\o2cd.exe size: 36864 MD5: EE235F0C382CB3208A6DFE10F279948E PID: 796 ( 556) C:\WINDOWS\htpatch.exe size: 28672 MD5: 80A2E031E64E1D00AD6693CA45425C2F PID: 976 ( 556) C:\Archivos de programa\Keymaestro\Multimedia Keyboard\MMKeybd.exe size: 176128 MD5: 00132F7D7F3F673E2E3C91467BE5A3DD PID: 988 ( 556) C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe size: 294912 MD5: ED37EC2F1C864803A1ADF0429CE16475 PID: 1028 ( 556) C:\ARCHIV~1\NORTON~1\navapw32.exe size: 79480 MD5: 64C1CEE7EA1344849965240C8A6C33FA PID: 1060 ( 556) C:\Archivos de programa\QuickTime\qttask.exe size: 77824 MD5: A997E887C720E1A0472B11BD2C01A8E8 PID: 1080 ( 556) C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe size: 151597 MD5: A05DA809AC0D86D916D09E3A908D3A06 PID: 1112 ( 712) C:\Archivos de programa\Logitech\MouseWare\system\em_exec.exe size: 37888 MD5: 17E2EFB3A3E4A77150D1C277B51437CD PID: 1140 ( 556) C:\Archivos de programa\Logitech\iTouch\iTouch.exe size: 892928 MD5: 2E2400A4341E891ABFFA553BFD39161B PID: 1108 ( 556) C:\Archivos de programa\iRiver\iRiver Manager\Updater\Updater.exe size: 204800 MD5: 5F49A87C4A1034836DE146C56425DB0A PID: 1212 ( 556) C:\WINDOWS\kdx\KHost.exe size: 1757184 MD5: 3A0B1B2019386767F3E141EE4431224D PID: 832 ( 556) C:\Archivos de programa\ATI Multimedia\RemCtrl\ATIX10.exe size: 159744 MD5: 2B4C44504205463E6B14EF72D9967A9D PID: 1464 ( 556) C:\Archivos de programa\J River\Media Center\Media Scheduler.exe size: 454656 MD5: FD63FE7FFA353D08FBC39AFD291BE73F PID: 1636 ( 556) C:\Archivos de programa\a2\a2guard.exe size: 1144320 MD5: A0EBA67501C05FD5C95797924F40C400 PID: 1980 ( 952) C:\WINDOWS\System32\rundll32.exe size: 31744 MD5: C1FF0868432E86DC75620E32C83FB933 PID: 1888 ( 556) C:\Archivos de programa\Kodak\Kodak EasyShare software\bin\EasyShare.exe size: 614536 MD5: 1271F954E488BCE02D6D8DB5B37B5FE2 PID: 240 ( 556) C:\Archivos de programa\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe size: 28672 MD5: A564A22308A3F55235BA2478EE82992D PID: 320 ( 556) C:\Archivos de programa\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe size: 323646 MD5: 76266FCB3EC2E37C7B6477D6BA1E7869 PID: 1116 ( 976) C:\Archivos de programa\Keymaestro\Multimedia Keyboard\TrayMon.exe size: 114688 MD5: AE0FA4AB08885FF7834AC1BFF8256C74 PID: 2088 ( 952) C:\Archivos de programa\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe size: 286720 MD5: 3786555153E28AA2A239B2352E657970 PID: 2164 ( 780) C:\WINDOWS\System32\HPZipm12.exe size: 65795 MD5: FB03F341FF5380394BF2EE52F1979925 PID: 2448 (2088) C:\Archivos de programa\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe size: 311296 MD5: 9617ED95D177636848988A8B513F2571 PID: 2556 ( 556) C:\Archivos de programa\Spybot - Search & Destroy\SpybotSD.exe size: 4393096 MD5: 09CA174A605B480318731E691DC98539 PID: 4 ( 0) System --- Browser start & search pages list --- Spybot - Search & Destroy browser pages report, 07/08/2005 22:15:42 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page C:\WINDOWS\System32\blank.htm HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar http://search.msn.com/spbasic.htm HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page about:blank HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page_bak http://www.google.es/ HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL http://ie.search.msn.com HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\CustomizeSearch http://ie.search.msn.com HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page %SystemRoot%\system32\blank.htm HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page about:blank HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm --- Winsock Layered Service Provider list --- Protocol 0: MSAFD Tcpip [TCP/IP] GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP IP protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD Tcpip [*] Protocol 1: MSAFD Tcpip [UDP/IP] GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP IP protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD Tcpip [*] Protocol 2: MSAFD Tcpip [RAW/IP] GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP IP protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD Tcpip [*] Protocol 3: RSVP UDP Service Provider GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A} Filename: %SystemRoot%\system32\rsvpsp.dll Description: Microsoft Windows NT/2k/XP RVSP DB filename: %SystemRoot%\system32\rsvpsp.dll DB protocol: RSVP * Service Provider Protocol 4: RSVP TCP Service Provider GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A} Filename: %SystemRoot%\system32\rsvpsp.dll Description: Microsoft Windows NT/2k/XP RVSP DB filename: %SystemRoot%\system32\rsvpsp.dll DB protocol: RSVP * Service Provider Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8B2B99FF-48C3-4134-91E8-31CC5C6F3795}] SEQPACKET 1 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8B2B99FF-48C3-4134-91E8-31CC5C6F3795}] DATAGRAM 1 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7FD153A9-3D29-4458-97CD-2F625F38633C}] SEQPACKET 0 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7FD153A9-3D29-4458-97CD-2F625F38633C}] DATAGRAM 0 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7D03ABE5-41B6-491E-A2F8-2D54429084FD}] SEQPACKET 2 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7D03ABE5-41B6-491E-A2F8-2D54429084FD}] DATAGRAM 2 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0748C5F7-639A-4105-B21D-2A35A9D5265B}] SEQPACKET 3 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0748C5F7-639A-4105-B21D-2A35A9D5265B}] DATAGRAM 3 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DBE54EF5-A743-45F1-9A58-D8E5834984E0}] SEQPACKET 4 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DBE54EF5-A743-45F1-9A58-D8E5834984E0}] DATAGRAM 4 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Namespace Provider 0: Tcpip GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B} Filename: %SystemRoot%\System32\mswsock.dll Description: Microsoft Windows NT/2k/XP TCP/IP name space provider DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: TCP/IP Namespace Provider 1: NTDS GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC} Filename: %SystemRoot%\System32\winrnr.dll Description: Microsoft Windows NT/2k/XP name space provider DB filename: %SystemRoot%\system32\winrnr.dll DB protocol: NTDS Namespace Provider 2: Espacio de nombre NLA (Network Location Awareness) GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83} Filename: %SystemRoot%\System32\mswsock.dll Description: Microsoft Windows NT/2k/XP name space provider DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: NLA-Namespace