Hola, desde hace un tiempo entro a mi maquina un supuesto antivirus (ps guard) q infecto mi computador, desde entonces he intentado desinstalarlo pero ha sido en vano, intente quitarlo en ambiente de pruebas pero tampoco funciono, borre lo que me pareció que no formaba parte de mis programas, pero como yo no programe originalmente el sistema no tengo ni idea que es lo que tengo que borrar... cuado corro el ad ware me dice que tengo un malware pero que el no puede borrar o por lo menos no lo logra, y como mi windows es 98 la herramienta de ayuda q encontre de microsoft no me sirve x q es para win2000, xp en adelante.
Sinceramente agraderceria la ayuda que me puedan brindar, ya q entiendo q este malware le da paso expedito a cualquier gusano, troyano y cuanta otra porqueria exite.
Saludos
Madelainne
MALWARE
-
msc hotline sat
- Mensajes: 93500
- Registrado: 09 Mar 2004, 20:39
- Ubicación: BARCELONA (ESPAÑA)
- Contactar:
Es muy conocido y lo tenemos controlado:
Descarga el ELISTARA.EXE, arranca en modo seguro y lanzalo:
ELISTARA:
http://www.zonavirus.com/descargas/elistara.asp
Y nos comentas el resultado como respuesta de este Tema, gracias
saludos
ms, 26-1-2006
Descarga el ELISTARA.EXE, arranca en modo seguro y lanzalo:
ELISTARA:
Y nos comentas el resultado como respuesta de este Tema, gracias
saludos
ms, 26-1-2006
Última edición por msc hotline sat el 28 Ene 2006, 19:03, editado 1 vez en total.
msc hotline sat Virus Research Engineer Antes de preguntar - Normas Basicas - Mensajes Privados - Repetir Temas - Continuar Temas - Titulos del Tema - Antivirus Online
PARECE Q SI
PERO MI ANTIVIRUS DICE QUE SIGO TENIENDO UN TROJAN.ALEMOND... :'(
AUN ASÍ LES AGRADEZCO MUCHO, JUSTO HOY ESTUVO POR AQUÍ EL TÉCNICO QUE REVISA ESTA MAQUINA Y NO SUPO QUE HACER... VOY A INTENTAR DE NUEVO CORRER EL PROGRAMA EN MODO DE PRUEBAS... AUNQUE YA LO CORRÍ TRES VECES Y EL TOJAN.ALEMOND SIGUE SIENDO REPORTADO POR LA COMPU...
SALUDOS
MADELAINNE
AUN ASÍ LES AGRADEZCO MUCHO, JUSTO HOY ESTUVO POR AQUÍ EL TÉCNICO QUE REVISA ESTA MAQUINA Y NO SUPO QUE HACER... VOY A INTENTAR DE NUEVO CORRER EL PROGRAMA EN MODO DE PRUEBAS... AUNQUE YA LO CORRÍ TRES VECES Y EL TOJAN.ALEMOND SIGUE SIENDO REPORTADO POR LA COMPU...
SALUDOS
MADELAINNE
-
msc hotline sat
- Mensajes: 93500
- Registrado: 09 Mar 2004, 20:39
- Ubicación: BARCELONA (ESPAÑA)
- Contactar:
Entendemos TROJAN ALEMOD
Diganos el fichero donde se lo detecta el AD_AWARE, o si no es este antispyware sino un antivirus el que se lo dice, díganos tambien el nombre del antivirus...y mire de moverlo al escritorio o a una carpeta de cuarentena y tras reiniciar volvcer a lanzar el AD-AWARE, a ver si asi lo puede eliminar, pero diganos en cualquier caso el nombre del fichero, gracias
saludos
ms, 28-1-2006
Diganos el fichero donde se lo detecta el AD_AWARE, o si no es este antispyware sino un antivirus el que se lo dice, díganos tambien el nombre del antivirus...y mire de moverlo al escritorio o a una carpeta de cuarentena y tras reiniciar volvcer a lanzar el AD-AWARE, a ver si asi lo puede eliminar, pero diganos en cualquier caso el nombre del fichero, gracias
saludos
ms, 28-1-2006
msc hotline sat Virus Research Engineer Antes de preguntar - Normas Basicas - Mensajes Privados - Repetir Temas - Continuar Temas - Titulos del Tema - Antivirus Online
OK ESTO ES LO QUE LE APLIQUE, Y AQUI ESTA LA DATA JUNTO AL FICHERO (EL FICHERO ES LA LOCACION VERDAD?)
c:\WINDOWS\Cookies\familia valdez@2o7[2].txt
VOY A CORRER EL SYMANTEC, PERO ES MUY LENTO, LES DEJARE SABER QUE OCURRE..
Ad-Aware SE Build 1.05
Logfile Created on:Sábado, 28 de Enero de 2006 03:56:37 p.m.
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R89 24.01.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):21 total references
Tracking Cookie(TAC index:3):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
28-01-06 03:56:37 p.m. - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : .DEFAULT\software\ahead\cover designer\recent file list
Description : list of recently used files in ahead cover designer
MRU List Object Recognized!
Location: : .DEFAULT\software\ahead\nero - burning rom\recent file list
Description : list of recently used files in nero burning rom
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\player\settings
Description : last save as directory used in jasc paint shop pro
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\office\10.0\clip organizer\search\last query
Description : last query in microsoft clip organizer
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\office\10.0\excel\recent files
Description : list of recent files used by microsoft excel
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\office\10.0\powerpoint\recent file list
Description : list of recent files used by microsoft powerpoint
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\doc find spec mru
Description : list of recently used search terms for locating files using the microsoft windows operating system
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\findcomputermru
Description : list of recently used search terms for locating computers using the microsoft windows operating system
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run
MRU List Object Recognized!
Location: : .DEFAULT\software\nico mak computing\winzip\filemenu
Description : winzip recently used archives
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [KERNEL32.DLL]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4293876619
Threads : 5
Priority : High
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Sistema operativo Microsoft(R) Windows(R)
CompanyName : Microsoft Corporation
FileDescription : Componente del núcleo del kernel Win32
InternalName : KERNEL32
LegalCopyright : Copyright (C) Microsoft Corp. 1991-1999
OriginalFilename : KERNEL32.DLL
#:2 [MSGSRV32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294929799
Threads : 1
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Sistema operativo Microsoft(R) Windows(R)
CompanyName : Microsoft Corporation
FileDescription : Servidor de mensajes VxD de 32 bits de Windows
InternalName : MSGSRV32
LegalCopyright : Copyright (C) Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE
#:3 [MPREXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294942487
Threads : 2
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft(R) Windows(R) Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright (C) Microsoft Corp. 1993-1998
OriginalFilename : MPREXE.EXE
#:4 [MSTASK.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294962663
Threads : 2
Priority : Normal
FileVersion : 4.71.1972.1
ProductVersion : 4.71.1972.1
ProductName : Programador de tareas de Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Motor de Programador de tareas
InternalName : TaskScheduler
LegalCopyright : Copyright (C) Microsoft Corp. 2000
OriginalFilename : mstask.exe
#:5 [MOSEARCH.EXE]
FilePath : C:\ARCHIVOS DE PROGRAMA\ARCHIVOS COMUNES\SYSTEM\MOSEARCH\BIN\
ProcessID : 4294844035
Threads : 8
Priority : Normal
FileVersion : 10.109.3705.2
ProductVersion : 10.109.3705.2
ProductName : PKM
CompanyName : Microsoft Corporation
FileDescription : Microsoft Office Search Service
InternalName : mosearch.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1998. All rights reserved.
LegalTrademarks : Microsoft (R) is a registered trademark of Microsoft Corporation.
Windows(TM) is a trademark of Microsoft Corporation.
OriginalFilename : mosearch.exe
Comments : Microsoft Office Search Service
#:6 [MDM.EXE]
FilePath : C:\ARCHIVOS DE PROGRAMA\ARCHIVOS COMUNES\MICROSOFT SHARED\VS7DEBUG\
ProcessID : 4294859159
Threads : 4
Priority : Normal
FileVersion : 7.00.9064.9150
ProductVersion : 7.00.9064.9150
ProductName : Microsoft Development Environment
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1997-2000
OriginalFilename : mdm.exe
#:7 [RTVSCN95.EXE]
FilePath : C:\ARCHIVOS DE PROGRAMA\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\
ProcessID : 4294854795
Threads : 32
Priority : Normal
FileVersion : 8.1.0.825
ProductVersion : 8.1.0.825
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright (C) Symantec Corporation 1991-2003
#:8 [mmtask.tsk]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294874987
Threads : 1
Priority : Normal
FileVersion : 4.03.1998
ProductVersion : 4.03.1998
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : mmtask.tsk
#:9 [DEFWATCH.EXE]
FilePath : C:\ARCHIVOS DE PROGRAMA\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\
ProcessID : 4294871963
Threads : 2
Priority : Normal
FileVersion : 8.1.0.825
ProductVersion : 8.1.0.825
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Virus Definition Daemon
InternalName : DefWatch
LegalCopyright : Copyright © 1998 Symantec Corporation
OriginalFilename : DefWatch.exe
#:10 [EXPLORER.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294878723
Threads : 16
Priority : Normal
FileVersion : 4.72.3110.1
ProductVersion : 4.72.3110.1
ProductName : Sistema operativo Microsoft(R) Windows NT(R)
CompanyName : Microsoft Corporation
FileDescription : Explorador de Windows
InternalName : explorer
LegalCopyright : (C) Microsoft Corporation 1981-1997
OriginalFilename : EXPLORER.EXE
#:11 [PSTORES.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294797795
Threads : 4
Priority : Normal
FileVersion : 5.00.1877.3
ProductVersion : 5.00.1877.3
ProductName : Microsoft(R) Windows NT(R) Operating System
CompanyName : Microsoft Corporation
FileDescription : Protected storage server
InternalName : Protected storage server
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1998
OriginalFilename : Protected storage server
#:12 [TASKMON.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294761779
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft(R) Windows(R) Operating System
CompanyName : Microsoft Corporation
FileDescription : Task Monitor
InternalName : TaskMon
LegalCopyright : Copyright (C) Microsoft Corp. 1998
OriginalFilename : TASKMON.EXE
#:13 [SYSTRAY.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294719011
Threads : 2
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Sistema operativo Microsoft(R) Windows(R)
CompanyName : Microsoft Corporation
FileDescription : Subprograma Bandeja de sistema
InternalName : SYSTRAY
LegalCopyright : Copyright (C) Microsoft Corp. 1993-1998
OriginalFilename : SYSTRAY.EXE
#:14 [RUNDLL32.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294641907
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Sistema operativo Microsoft(R) Windows(R)
CompanyName : Microsoft Corporation
FileDescription : Ejecutar un archivo DLL como una aplicación
InternalName : rundll
LegalCopyright : Copyright (C) Microsoft Corp. 1991-1998
OriginalFilename : RUNDLL.EXE
#:15 [INCD.EXE]
FilePath : C:\ARCHIVOS DE PROGRAMA\AHEAD\INCD\
ProcessID : 4294642671
Threads : 4
Priority : Normal
FileVersion : 4, 2, 4, 1
ProductVersion : 4, 2, 4, 1
ProductName : Ahead Software AG InCD
CompanyName : Ahead Software AG
FileDescription : InCD
InternalName : InCD
LegalCopyright : Copyright 1995-2004 Ahead Software AG and its licensors. All Rights Reserved.
LegalTrademarks : InCD is a trademark of Ahead Software AG
OriginalFilename : InCD.exe
#:16 [LOADQM.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294661399
Threads : 3
Priority : Normal
FileVersion : 5.4.1103.3
ProductVersion : 5.4.1103.3
ProductName : QMgr Loader
CompanyName : Microsoft Corporation
FileDescription : Microsoft QMgr
InternalName : LOADQM.EXE
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : LOADQM.EXE
#:17 [MSNAPPAU.EXE]
FilePath : C:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\ES-LA\
ProcessID : 4294657755
Threads : 2
Priority : Normal
#:18 [QTTASK.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294667267
Threads : 2
Priority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe
#:19 [STIMON.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294640383
Threads : 3
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Sistema operativo Microsoft(R) Windows(R)
CompanyName : Microsoft Corporation
FileDescription : Monitor de dispositivos de imagen estática
InternalName : STIMON
LegalCopyright : Copyright (C) Microsoft Corp. 1996-1998
OriginalFilename : STIMON.EXE
#:20 [HPCMPMGR.EXE]
FilePath : C:\ARCHIVOS DE PROGRAMA\HP\HPCORETECH\
ProcessID : 4294696163
Threads : 4
Priority : Normal
FileVersion : 2.1.1.0
ProductVersion : 2.1.5
ProductName : hp coretech (COmponent REuse TECHnology)
CompanyName : Hewlett-Packard Company
FileDescription : HP Framework Component Manager Service
InternalName : HPComponentManagerService module
LegalCopyright : Copyright (C) Hewlett-Packard. 2002-2004
OriginalFilename : HpCmpMgr.exe
#:21 [HPWUSCHD.EXE]
FilePath : C:\ARCHIVOS DE PROGRAMA\HP\HP SOFTWARE UPDATE\
ProcessID : 4294701931
Threads : 1
Priority : Normal
FileVersion : 1, 0, 0, 3
ProductVersion : 1, 0, 0, 3
ProductName : Hewlett-Packard hpwuSchd
CompanyName : Hewlett-Packard
FileDescription : hpwuSchd
InternalName : hpwuSchd
LegalCopyright : Copyright © 2003
OriginalFilename : hpwuSchd.exe
#:22 [HPQCMON.EXE]
FilePath : C:\ARCHIVOS DE PROGRAMA\HP\DIGITAL IMAGING\UNLOAD\
ProcessID : 4294697199
Threads : 1
Priority : Normal
FileVersion : 2.0.0.133
ProductVersion : 2.0.0.133
ProductName : HpqCmon Application
FileDescription : HpqCmon MFC Application
InternalName : HpqCmon
LegalCopyright : Copyright (C) 2001
OriginalFilename : HpqCmon.EXE
#:23 [HPGS2WND.EXE]
FilePath : C:\ARCHIVOS DE PROGRAMA\HP\HP SHARE-TO-WEB\
ProcessID : 4294581523
Threads : 3
Priority : Normal
FileVersion : 2,3,0,0\ 162
ProductVersion : 2,3,0,0\ 162
ProductName : Hewlett-Packard hpgs2wnd
CompanyName : Hewlett-Packard
FileDescription : hpgs2wnd
InternalName : hpgs2wnd
LegalCopyright : Copyright © 2001
OriginalFilename : hpgs2wnd.exe
#:24 [VPTRAY.EXE]
FilePath : C:\ARCHIVOS DE PROGRAMA\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\
ProcessID : 4294577295
Threads : 2
Priority : Normal
FileVersion : 8.1.0.825
ProductVersion : 8.1.0.825
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright (C) Symantec Corporation 1991-2003
#:25 [CTFMON.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294590159
Threads : 1
Priority : Normal
FileVersion : 1.00.2409.7 built by: Lab06_N
ProductVersion : 1.00.2409.7
ProductName : Microsoft(R) Windows NT(R) Operating System
CompanyName : Microsoft Corporation
FileDescription : Cicero Loader
InternalName : CICLOAD
LegalCopyright : Copyright (C) Microsoft Corporation. 1981-2001
OriginalFilename : CICLOAD.EXE
#:26 [WZQKPICK.EXE]
FilePath : C:\ARCHIVOS DE PROGRAMA\WINZIP\
ProcessID : 4294599071
Threads : 1
Priority : Normal
FileVersion : 1.0 (32-bit)
ProductVersion : 9.0 (6224)
ProductName : WinZip
CompanyName : WinZip Computing, Inc.
FileDescription : WinZip Executable
InternalName : WZQKPICK.EXE
LegalCopyright : Copyright (c) WinZip Computing, Inc. 1991-2004 - All Rights Reserved
LegalTrademarks : WinZip is a registered trademark of WinZip Computing, Inc
OriginalFilename : WZQKPICK.EXE
Comments : StringFileInfo: U.S. English
#:27 [WEBSHOTS.SCR]
FilePath : C:\ARCHIVOS DE PROGRAMA\WEBSHOTS\
ProcessID : 4294607147
Threads : 1
Priority : Normal
FileVersion : 2.2.0.4644
ProductVersion : 2.2.0.4644
ProductName : The Webshots Desktop
CompanyName : Webshots.com
FileDescription : Webshots Photo Manager
InternalName : Webshots2
LegalCopyright : Copyright (C) 2004
OriginalFilename : Webshots2.SCR
#:28 [HPQTRA08.EXE]
FilePath : C:\ARCHIVOS DE PROGRAMA\HP\DIGITAL IMAGING\BIN\
ProcessID : 4294528679
Threads : 5
Priority : Normal
FileVersion : 5.35.0.035
ProductVersion : 005.035.000.035
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP Digital Imaging Monitor (CUE)
InternalName : HPQTRA00
LegalCopyright : Copyright (C) Hewlett-Packard Co. 1995-2001
OriginalFilename : HPQTRA00.EXE
Comments : HP Digital Imaging Monitor (CUE)
#:29 [HPGS2WNF.EXE]
FilePath : C:\ARCHIVOS DE PROGRAMA\HP\HP SHARE-TO-WEB\
ProcessID : 4294533911
Threads : 2
Priority : Normal
FileVersion : 2, 6, 0, 162
ProductVersion : 2, 6, 0, 162
ProductName : hpgs2wnf Module
FileDescription : hpgs2wnf Module
InternalName : hpgs2wnf
LegalCopyright : Copyright 2001
OriginalFilename : hpgs2wnf.EXE
#:30 [PRINTKEY2000.EXE]
FilePath : C:\ARCHIVOS DE PROGRAMA\PRINTKEY2000\
ProcessID : 4294567819
Threads : 2
Priority : Normal
FileVersion : 5.1.0.0
ProductName : PrintKey
CompanyName : Fred's Software
InternalName : PrintKey
LegalCopyright : Copyright 1999 By Alfred Bolliger
Comments : Full Version
#:31 [SPOOL32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4293363095
Threads : 4
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft(R) Windows(R) Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler Sub System Process
InternalName : spool32
LegalCopyright : Copyright (C) Microsoft Corp. 1994 - 1998
OriginalFilename : spool32.exe
#:32 [WMIEXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4293362827
Threads : 3
Priority : Normal
FileVersion : 5.00.1755.1
ProductVersion : 5.00.1755.1
ProductName : Microsoft(R) Windows NT(R) Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1998
OriginalFilename : wmiexe.exe
#:33 [YMSGR_TRAY.EXE]
FilePath : C:\ARCHIVOS DE PROGRAMA\YAHOO!\MESSENGER\
ProcessID : 4293299215
Threads : 1
Priority : Normal
#:34 [DDHELP.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4293192703
Threads : 2
Priority : Realtime
FileVersion : 4.06.03.0518
ProductVersion : 4.06.03.0518
ProductName : Microsoft® DirectX for Windows® 95 and 98
CompanyName : Microsoft Corporation
FileDescription : Microsoft DirectX Helper
InternalName : ddhelp.exe
LegalCopyright : Copyright © Microsoft Corp. 1994-1999
OriginalFilename : ddhelp.exe
#:35 [MSNMSGR.EXE]
FilePath : C:\ARCHIVOS DE PROGRAMA\MSN MESSENGER\
ProcessID : 4293059243
Threads : 17
Priority : Normal
FileVersion : 7.0.0816
ProductVersion : 7.0.0816
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright (c) Microsoft Corporation 1997-2005
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe
#:36 [AD-AWARE.EXE]
FilePath : C:\ARCHIVOS DE PROGRAMA\LAVASOFT\AD-AWARE SE PERSONAL\
ProcessID : 4293183519
Threads : 2
Priority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 21
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 21
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 21
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : familia valdez@2o7[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:familiavaldez@2o7.net /
Expires : 27-01-11 02:21:08 p.m.
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 22
Deep scanning and examining files (c:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : familia valdez@2o7[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\familia valdez@2o7[2].txt
Disk Scan Result for c:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 23
Deep scanning and examining files (d:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for d:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 23
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 23
04:06:10 p.m. Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:09:32.820
Objects scanned:70326
Objects identified:2
Objects ignored:0
New critical objects:2
GRACIAS POR SU ATENTA AYUDA...
c:\WINDOWS\Cookies\familia valdez@2o7[2].txt
VOY A CORRER EL SYMANTEC, PERO ES MUY LENTO, LES DEJARE SABER QUE OCURRE..
Ad-Aware SE Build 1.05
Logfile Created on:Sábado, 28 de Enero de 2006 03:56:37 p.m.
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R89 24.01.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):21 total references
Tracking Cookie(TAC index:3):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
28-01-06 03:56:37 p.m. - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : .DEFAULT\software\ahead\cover designer\recent file list
Description : list of recently used files in ahead cover designer
MRU List Object Recognized!
Location: : .DEFAULT\software\ahead\nero - burning rom\recent file list
Description : list of recently used files in nero burning rom
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\player\settings
Description : last save as directory used in jasc paint shop pro
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\office\10.0\clip organizer\search\last query
Description : last query in microsoft clip organizer
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\office\10.0\excel\recent files
Description : list of recent files used by microsoft excel
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\office\10.0\powerpoint\recent file list
Description : list of recent files used by microsoft powerpoint
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\doc find spec mru
Description : list of recently used search terms for locating files using the microsoft windows operating system
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\findcomputermru
Description : list of recently used search terms for locating computers using the microsoft windows operating system
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run
MRU List Object Recognized!
Location: : .DEFAULT\software\nico mak computing\winzip\filemenu
Description : winzip recently used archives
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [KERNEL32.DLL]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4293876619
Threads : 5
Priority : High
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Sistema operativo Microsoft(R) Windows(R)
CompanyName : Microsoft Corporation
FileDescription : Componente del núcleo del kernel Win32
InternalName : KERNEL32
LegalCopyright : Copyright (C) Microsoft Corp. 1991-1999
OriginalFilename : KERNEL32.DLL
#:2 [MSGSRV32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294929799
Threads : 1
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Sistema operativo Microsoft(R) Windows(R)
CompanyName : Microsoft Corporation
FileDescription : Servidor de mensajes VxD de 32 bits de Windows
InternalName : MSGSRV32
LegalCopyright : Copyright (C) Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE
#:3 [MPREXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294942487
Threads : 2
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft(R) Windows(R) Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright (C) Microsoft Corp. 1993-1998
OriginalFilename : MPREXE.EXE
#:4 [MSTASK.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294962663
Threads : 2
Priority : Normal
FileVersion : 4.71.1972.1
ProductVersion : 4.71.1972.1
ProductName : Programador de tareas de Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Motor de Programador de tareas
InternalName : TaskScheduler
LegalCopyright : Copyright (C) Microsoft Corp. 2000
OriginalFilename : mstask.exe
#:5 [MOSEARCH.EXE]
FilePath : C:\ARCHIVOS DE PROGRAMA\ARCHIVOS COMUNES\SYSTEM\MOSEARCH\BIN\
ProcessID : 4294844035
Threads : 8
Priority : Normal
FileVersion : 10.109.3705.2
ProductVersion : 10.109.3705.2
ProductName : PKM
CompanyName : Microsoft Corporation
FileDescription : Microsoft Office Search Service
InternalName : mosearch.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1998. All rights reserved.
LegalTrademarks : Microsoft (R) is a registered trademark of Microsoft Corporation.
Windows(TM) is a trademark of Microsoft Corporation.
OriginalFilename : mosearch.exe
Comments : Microsoft Office Search Service
#:6 [MDM.EXE]
FilePath : C:\ARCHIVOS DE PROGRAMA\ARCHIVOS COMUNES\MICROSOFT SHARED\VS7DEBUG\
ProcessID : 4294859159
Threads : 4
Priority : Normal
FileVersion : 7.00.9064.9150
ProductVersion : 7.00.9064.9150
ProductName : Microsoft Development Environment
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1997-2000
OriginalFilename : mdm.exe
#:7 [RTVSCN95.EXE]
FilePath : C:\ARCHIVOS DE PROGRAMA\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\
ProcessID : 4294854795
Threads : 32
Priority : Normal
FileVersion : 8.1.0.825
ProductVersion : 8.1.0.825
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright (C) Symantec Corporation 1991-2003
#:8 [mmtask.tsk]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294874987
Threads : 1
Priority : Normal
FileVersion : 4.03.1998
ProductVersion : 4.03.1998
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : mmtask.tsk
#:9 [DEFWATCH.EXE]
FilePath : C:\ARCHIVOS DE PROGRAMA\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\
ProcessID : 4294871963
Threads : 2
Priority : Normal
FileVersion : 8.1.0.825
ProductVersion : 8.1.0.825
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Virus Definition Daemon
InternalName : DefWatch
LegalCopyright : Copyright © 1998 Symantec Corporation
OriginalFilename : DefWatch.exe
#:10 [EXPLORER.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294878723
Threads : 16
Priority : Normal
FileVersion : 4.72.3110.1
ProductVersion : 4.72.3110.1
ProductName : Sistema operativo Microsoft(R) Windows NT(R)
CompanyName : Microsoft Corporation
FileDescription : Explorador de Windows
InternalName : explorer
LegalCopyright : (C) Microsoft Corporation 1981-1997
OriginalFilename : EXPLORER.EXE
#:11 [PSTORES.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294797795
Threads : 4
Priority : Normal
FileVersion : 5.00.1877.3
ProductVersion : 5.00.1877.3
ProductName : Microsoft(R) Windows NT(R) Operating System
CompanyName : Microsoft Corporation
FileDescription : Protected storage server
InternalName : Protected storage server
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1998
OriginalFilename : Protected storage server
#:12 [TASKMON.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294761779
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft(R) Windows(R) Operating System
CompanyName : Microsoft Corporation
FileDescription : Task Monitor
InternalName : TaskMon
LegalCopyright : Copyright (C) Microsoft Corp. 1998
OriginalFilename : TASKMON.EXE
#:13 [SYSTRAY.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294719011
Threads : 2
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Sistema operativo Microsoft(R) Windows(R)
CompanyName : Microsoft Corporation
FileDescription : Subprograma Bandeja de sistema
InternalName : SYSTRAY
LegalCopyright : Copyright (C) Microsoft Corp. 1993-1998
OriginalFilename : SYSTRAY.EXE
#:14 [RUNDLL32.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294641907
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Sistema operativo Microsoft(R) Windows(R)
CompanyName : Microsoft Corporation
FileDescription : Ejecutar un archivo DLL como una aplicación
InternalName : rundll
LegalCopyright : Copyright (C) Microsoft Corp. 1991-1998
OriginalFilename : RUNDLL.EXE
#:15 [INCD.EXE]
FilePath : C:\ARCHIVOS DE PROGRAMA\AHEAD\INCD\
ProcessID : 4294642671
Threads : 4
Priority : Normal
FileVersion : 4, 2, 4, 1
ProductVersion : 4, 2, 4, 1
ProductName : Ahead Software AG InCD
CompanyName : Ahead Software AG
FileDescription : InCD
InternalName : InCD
LegalCopyright : Copyright 1995-2004 Ahead Software AG and its licensors. All Rights Reserved.
LegalTrademarks : InCD is a trademark of Ahead Software AG
OriginalFilename : InCD.exe
#:16 [LOADQM.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294661399
Threads : 3
Priority : Normal
FileVersion : 5.4.1103.3
ProductVersion : 5.4.1103.3
ProductName : QMgr Loader
CompanyName : Microsoft Corporation
FileDescription : Microsoft QMgr
InternalName : LOADQM.EXE
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : LOADQM.EXE
#:17 [MSNAPPAU.EXE]
FilePath : C:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\ES-LA\
ProcessID : 4294657755
Threads : 2
Priority : Normal
#:18 [QTTASK.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294667267
Threads : 2
Priority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe
#:19 [STIMON.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294640383
Threads : 3
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Sistema operativo Microsoft(R) Windows(R)
CompanyName : Microsoft Corporation
FileDescription : Monitor de dispositivos de imagen estática
InternalName : STIMON
LegalCopyright : Copyright (C) Microsoft Corp. 1996-1998
OriginalFilename : STIMON.EXE
#:20 [HPCMPMGR.EXE]
FilePath : C:\ARCHIVOS DE PROGRAMA\HP\HPCORETECH\
ProcessID : 4294696163
Threads : 4
Priority : Normal
FileVersion : 2.1.1.0
ProductVersion : 2.1.5
ProductName : hp coretech (COmponent REuse TECHnology)
CompanyName : Hewlett-Packard Company
FileDescription : HP Framework Component Manager Service
InternalName : HPComponentManagerService module
LegalCopyright : Copyright (C) Hewlett-Packard. 2002-2004
OriginalFilename : HpCmpMgr.exe
#:21 [HPWUSCHD.EXE]
FilePath : C:\ARCHIVOS DE PROGRAMA\HP\HP SOFTWARE UPDATE\
ProcessID : 4294701931
Threads : 1
Priority : Normal
FileVersion : 1, 0, 0, 3
ProductVersion : 1, 0, 0, 3
ProductName : Hewlett-Packard hpwuSchd
CompanyName : Hewlett-Packard
FileDescription : hpwuSchd
InternalName : hpwuSchd
LegalCopyright : Copyright © 2003
OriginalFilename : hpwuSchd.exe
#:22 [HPQCMON.EXE]
FilePath : C:\ARCHIVOS DE PROGRAMA\HP\DIGITAL IMAGING\UNLOAD\
ProcessID : 4294697199
Threads : 1
Priority : Normal
FileVersion : 2.0.0.133
ProductVersion : 2.0.0.133
ProductName : HpqCmon Application
FileDescription : HpqCmon MFC Application
InternalName : HpqCmon
LegalCopyright : Copyright (C) 2001
OriginalFilename : HpqCmon.EXE
#:23 [HPGS2WND.EXE]
FilePath : C:\ARCHIVOS DE PROGRAMA\HP\HP SHARE-TO-WEB\
ProcessID : 4294581523
Threads : 3
Priority : Normal
FileVersion : 2,3,0,0\ 162
ProductVersion : 2,3,0,0\ 162
ProductName : Hewlett-Packard hpgs2wnd
CompanyName : Hewlett-Packard
FileDescription : hpgs2wnd
InternalName : hpgs2wnd
LegalCopyright : Copyright © 2001
OriginalFilename : hpgs2wnd.exe
#:24 [VPTRAY.EXE]
FilePath : C:\ARCHIVOS DE PROGRAMA\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\
ProcessID : 4294577295
Threads : 2
Priority : Normal
FileVersion : 8.1.0.825
ProductVersion : 8.1.0.825
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright (C) Symantec Corporation 1991-2003
#:25 [CTFMON.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294590159
Threads : 1
Priority : Normal
FileVersion : 1.00.2409.7 built by: Lab06_N
ProductVersion : 1.00.2409.7
ProductName : Microsoft(R) Windows NT(R) Operating System
CompanyName : Microsoft Corporation
FileDescription : Cicero Loader
InternalName : CICLOAD
LegalCopyright : Copyright (C) Microsoft Corporation. 1981-2001
OriginalFilename : CICLOAD.EXE
#:26 [WZQKPICK.EXE]
FilePath : C:\ARCHIVOS DE PROGRAMA\WINZIP\
ProcessID : 4294599071
Threads : 1
Priority : Normal
FileVersion : 1.0 (32-bit)
ProductVersion : 9.0 (6224)
ProductName : WinZip
CompanyName : WinZip Computing, Inc.
FileDescription : WinZip Executable
InternalName : WZQKPICK.EXE
LegalCopyright : Copyright (c) WinZip Computing, Inc. 1991-2004 - All Rights Reserved
LegalTrademarks : WinZip is a registered trademark of WinZip Computing, Inc
OriginalFilename : WZQKPICK.EXE
Comments : StringFileInfo: U.S. English
#:27 [WEBSHOTS.SCR]
FilePath : C:\ARCHIVOS DE PROGRAMA\WEBSHOTS\
ProcessID : 4294607147
Threads : 1
Priority : Normal
FileVersion : 2.2.0.4644
ProductVersion : 2.2.0.4644
ProductName : The Webshots Desktop
CompanyName : Webshots.com
FileDescription : Webshots Photo Manager
InternalName : Webshots2
LegalCopyright : Copyright (C) 2004
OriginalFilename : Webshots2.SCR
#:28 [HPQTRA08.EXE]
FilePath : C:\ARCHIVOS DE PROGRAMA\HP\DIGITAL IMAGING\BIN\
ProcessID : 4294528679
Threads : 5
Priority : Normal
FileVersion : 5.35.0.035
ProductVersion : 005.035.000.035
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP Digital Imaging Monitor (CUE)
InternalName : HPQTRA00
LegalCopyright : Copyright (C) Hewlett-Packard Co. 1995-2001
OriginalFilename : HPQTRA00.EXE
Comments : HP Digital Imaging Monitor (CUE)
#:29 [HPGS2WNF.EXE]
FilePath : C:\ARCHIVOS DE PROGRAMA\HP\HP SHARE-TO-WEB\
ProcessID : 4294533911
Threads : 2
Priority : Normal
FileVersion : 2, 6, 0, 162
ProductVersion : 2, 6, 0, 162
ProductName : hpgs2wnf Module
FileDescription : hpgs2wnf Module
InternalName : hpgs2wnf
LegalCopyright : Copyright 2001
OriginalFilename : hpgs2wnf.EXE
#:30 [PRINTKEY2000.EXE]
FilePath : C:\ARCHIVOS DE PROGRAMA\PRINTKEY2000\
ProcessID : 4294567819
Threads : 2
Priority : Normal
FileVersion : 5.1.0.0
ProductName : PrintKey
CompanyName : Fred's Software
InternalName : PrintKey
LegalCopyright : Copyright 1999 By Alfred Bolliger
Comments : Full Version
#:31 [SPOOL32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4293363095
Threads : 4
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft(R) Windows(R) Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler Sub System Process
InternalName : spool32
LegalCopyright : Copyright (C) Microsoft Corp. 1994 - 1998
OriginalFilename : spool32.exe
#:32 [WMIEXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4293362827
Threads : 3
Priority : Normal
FileVersion : 5.00.1755.1
ProductVersion : 5.00.1755.1
ProductName : Microsoft(R) Windows NT(R) Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1998
OriginalFilename : wmiexe.exe
#:33 [YMSGR_TRAY.EXE]
FilePath : C:\ARCHIVOS DE PROGRAMA\YAHOO!\MESSENGER\
ProcessID : 4293299215
Threads : 1
Priority : Normal
#:34 [DDHELP.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4293192703
Threads : 2
Priority : Realtime
FileVersion : 4.06.03.0518
ProductVersion : 4.06.03.0518
ProductName : Microsoft® DirectX for Windows® 95 and 98
CompanyName : Microsoft Corporation
FileDescription : Microsoft DirectX Helper
InternalName : ddhelp.exe
LegalCopyright : Copyright © Microsoft Corp. 1994-1999
OriginalFilename : ddhelp.exe
#:35 [MSNMSGR.EXE]
FilePath : C:\ARCHIVOS DE PROGRAMA\MSN MESSENGER\
ProcessID : 4293059243
Threads : 17
Priority : Normal
FileVersion : 7.0.0816
ProductVersion : 7.0.0816
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright (c) Microsoft Corporation 1997-2005
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe
#:36 [AD-AWARE.EXE]
FilePath : C:\ARCHIVOS DE PROGRAMA\LAVASOFT\AD-AWARE SE PERSONAL\
ProcessID : 4293183519
Threads : 2
Priority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 21
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 21
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 21
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : familia valdez@2o7[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:familia
Expires : 27-01-11 02:21:08 p.m.
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 22
Deep scanning and examining files (c:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : familia valdez@2o7[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\familia valdez@2o7[2].txt
Disk Scan Result for c:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 23
Deep scanning and examining files (d:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for d:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 23
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 23
04:06:10 p.m. Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:09:32.820
Objects scanned:70326
Objects identified:2
Objects ignored:0
New critical objects:2
GRACIAS POR SU ATENTA AYUDA...
-
msc hotline sat
- Mensajes: 93500
- Registrado: 09 Mar 2004, 20:39
- Ubicación: BARCELONA (ESPAÑA)
- Contactar:
Pues no veo donde le indica nada del TROJAN ALEMOD ???
Solo un par de cookies que hacen referencia a c:\WINDOWS\Cookies\familia valdez@2o7[2].txt
Es un txt, vea lo que hay y en funcion de ello, obre en consecuencia..
Pero posteenos la parte de la deteccion de dicho troyano, gracias
saludos
ms, 29-1-2006
Solo un par de cookies que hacen referencia a c:\WINDOWS\Cookies\familia valdez@2o7[2].txt
Es un txt, vea lo que hay y en funcion de ello, obre en consecuencia..
Pero posteenos la parte de la deteccion de dicho troyano, gracias
saludos
ms, 29-1-2006
Última edición por msc hotline sat el 30 Ene 2006, 06:26, editado 1 vez en total.
msc hotline sat Virus Research Engineer Antes de preguntar - Normas Basicas - Mensajes Privados - Repetir Temas - Continuar Temas - Titulos del Tema - Antivirus Online
OK ESTE FUE EL RESULTADO DE SYMANTEC
Scan type: Manual Scan
Event: Virus Found!
Virus name: Trojan.Alemod
File: C:\WINDOWS\SYSTEM\WININET.DLL
Location: C:\WINDOWS\SYSTEM
Computer: FLIA VALDÉS
User: Familia Valdez
Action taken: Clean failed : Quarantine failed :
Date found: Sábado, 28 de Enero de 2006 04:25:31 p.m.
Scan type: Manual Scan
Event: Virus Found!
Virus name: Backdoor.Trojan
File: C:\Archivos de programa\MSN Messenger\MessengerDeluxe.zip>>MessengerDeluxe.exe
Location: Quarantine
Computer: FLIA VALDÉS
User: Familia Valdez
Action taken: Quarantine succeeded :
Date found: Sábado, 28 de Enero de 2006 04:33:12 p.m.
Scan type: Manual Scan
Event: Virus Found!
Virus name:
File: C:\Archivos de programa\MSN Messenger\MessengerDeluxe.zip
Location: Quarantine
Computer: FLIA VALDÉS
User: Familia Valdez
Action taken: Quarantine succeeded :
Date found: Sábado, 28 de Enero de 2006 04:33:12 p.m
Scan type: Manual Scan
Event: Virus Found!
Virus name: Trojan.Alemod
File: C:\WINDOWS\SYSTEM\WININET.DLL
Location: C:\WINDOWS\SYSTEM
Computer: FLIA VALDÉS
User: Familia Valdez
Action taken: Clean failed : Quarantine failed :
Date found: Sábado, 28 de Enero de 2006 04:25:31 p.m.
Scan type: Manual Scan
Event: Virus Found!
Virus name: Backdoor.Trojan
File: C:\Archivos de programa\MSN Messenger\MessengerDeluxe.zip>>MessengerDeluxe.exe
Location: Quarantine
Computer: FLIA VALDÉS
User: Familia Valdez
Action taken: Quarantine succeeded :
Date found: Sábado, 28 de Enero de 2006 04:33:12 p.m.
Scan type: Manual Scan
Event: Virus Found!
Virus name:
File: C:\Archivos de programa\MSN Messenger\MessengerDeluxe.zip
Location: Quarantine
Computer: FLIA VALDÉS
User: Familia Valdez
Action taken: Quarantine succeeded :
Date found: Sábado, 28 de Enero de 2006 04:33:12 p.m
-
msc hotline sat
- Mensajes: 93500
- Registrado: 09 Mar 2004, 20:39
- Ubicación: BARCELONA (ESPAÑA)
- Contactar:
Envienos los ficheros que detecta infectados y los analizaremos e implementaremos su control y eliminacion en nuestras utilidades:
C:\WINDOWS\SYSTEM\WININET.DLL
MessengerDeluxe.zip (Location: Quarantine)
Para ello anexelos a un mail dirigido azonavirus@satinfo.es en cuyo texto indica como referencia "REF Madekam1" y los aañozaremos, informandole al respecto
saludos
ms, 30-1-2006
C:\WINDOWS\SYSTEM\WININET.DLL
MessengerDeluxe.zip (Location: Quarantine)
Para ello anexelos a un mail dirigido a
saludos
ms, 30-1-2006
msc hotline sat Virus Research Engineer Antes de preguntar - Normas Basicas - Mensajes Privados - Repetir Temas - Continuar Temas - Titulos del Tema - Antivirus Online
HOLA, AHORA QUE ESTABA REVISANDO OTROS TEMAS SIMILARES RECORDE QUE EL ELISTARA COMENTO ALGO SOBRE UN LOGFILE Y UNA MUESTRA SE LOS ADJUNTO... EL SYMANTEC SIGUE DANDOME AVISOS SOBRE EL TROJAN.ALEMOND, QUE ESTA EN C:\\WINDOWS\SYSTEM\WININET.DLL
EL ELISTARA ME DICE QUE RECUPERE UN DLL EN MODO SEGURO SIMBOLO DEL SISTEMA (ALGO ASI) LA VERDAD NO CONOSCO MUCHO DE SISTEMA Y NO SE COMO FUNCIONA ESE MODO :'(
YA CORRI ELISTARA, AD-WARE, SPYBOT S&D Y SYMANTEC...
GRACIAS POR TODO
[18/08/2005 17:46:45:0660 0xfffc1931] Logging for process C:\ARCHIVOS DE PROGRAMA\PSGUARD\PSGUARD.EXE with pid 0xFFFC1931 started on 18/08/2005 17:46:45
[18/08/2005 17:46:45:0830 0xfffc1931] Creating settings
[18/08/2005 17:46:45:0830 0xfffc1931] CSettings::CSettings Using HKEY_LOCAL_MACHINE\Software\ShudderLTD\PSGuard as registry root
[18/08/2005 17:46:45:0830 0xfffc1931] Creating resources
[18/08/2005 17:46:45:0940 0xfffc1931] CSettings::Get Setting:ResourceDll Value:C:\Archivos de programa\PSGuard\Localization.dll
[18/08/2005 17:46:46:0050 0xfffc1931] Creating strings
[18/08/2005 17:46:46:0050 0xfffc1931] Creating Kernel
[18/08/2005 17:46:46:0430 0xfffc1931] CStrings::oprator[] requesting CLONE_CHECK_MUTEX
[18/08/2005 17:46:47:0200 0xfffc1931] Loading database...
[18/08/2005 17:46:47:0200 0xfffc1931] CSettings::Get Setting:DatabaseFile Value:C:\Archivos de programa\PSGuard\database.pkg
[18/08/2005 17:46:52:0420 0xfffc1931] Extracting database...
[18/08/2005 17:46:52:0640 0xfffc1931] Quering environment results
[18/08/2005 17:46:52:0640 0xfffc1931] Var: %autostart%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 17:46:52:0640 0xfffc1931] Var: %desktop%, Data: C:\WINDOWS\Escritorio
[18/08/2005 17:46:52:0640 0xfffc1931] Var: %desktopdirectory%, Data: %userprofile%\desktop
[18/08/2005 17:46:52:0640 0xfffc1931] Var: %favorites%, Data: C:\WINDOWS\Favoritos
[18/08/2005 17:46:52:0640 0xfffc1931] Var: %startmenu%, Data: C:\WINDOWS\Menú Inicio
[18/08/2005 17:46:52:0640 0xfffc1931] Var: %startup%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 17:46:52:0640 0xfffc1931] Var: %startupprograms%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 17:46:52:0640 0xfffc1931] Var: %system%, Data: C:\WINDOWS\SYSTEM
[18/08/2005 17:46:52:0640 0xfffc1931] Var: %systemdir%, Data: C:\WINDOWS\SYSTEM
[18/08/2005 17:46:52:0640 0xfffc1931] Var: %temp%, Data: C:\WINDOWS\TEMP
[18/08/2005 17:46:52:0640 0xfffc1931] Var: %windir%, Data: C:\WINDOWS
[18/08/2005 17:46:52:0640 0xfffc1931] Var: %window%, Data: C:\WINDOWS
[18/08/2005 17:46:52:0640 0xfffc1931] Var: %windows%, Data: C:\WINDOWS
[18/08/2005 17:46:52:0860 0xfffc1931] Creating scanner...
[18/08/2005 17:46:53:0730 0xfffc1931] Quering environment results
[18/08/2005 17:46:53:0730 0xfffc1931] Var: %autostart%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 17:46:53:0730 0xfffc1931] Var: %desktop%, Data: C:\WINDOWS\Escritorio
[18/08/2005 17:46:53:0730 0xfffc1931] Var: %desktopdirectory%, Data: %userprofile%\desktop
[18/08/2005 17:46:53:0730 0xfffc1931] Var: %favorites%, Data: C:\WINDOWS\Favoritos
[18/08/2005 17:46:53:0730 0xfffc1931] Var: %startmenu%, Data: C:\WINDOWS\Menú Inicio
[18/08/2005 17:46:53:0730 0xfffc1931] Var: %startup%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 17:46:53:0730 0xfffc1931] Var: %startupprograms%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 17:46:53:0730 0xfffc1931] Var: %system%, Data: C:\WINDOWS\SYSTEM
[18/08/2005 17:46:53:0730 0xfffc1931] Var: %systemdir%, Data: C:\WINDOWS\SYSTEM
[18/08/2005 17:46:53:0730 0xfffc1931] Var: %temp%, Data: C:\WINDOWS\TEMP
[18/08/2005 17:46:53:0790 0xfffc1931] Var: %windir%, Data: C:\WINDOWS
[18/08/2005 17:46:53:0790 0xfffc1931] Var: %window%, Data: C:\WINDOWS
[18/08/2005 17:46:53:0790 0xfffc1931] Var: %windows%, Data: C:\WINDOWS
[18/08/2005 17:46:53:0790 0xfffc1931] CSettings::Get Setting:SCAN_DEPTH Value:1
[18/08/2005 17:46:54:0280 0xfffc1931] Scaner created...
[18/08/2005 17:46:54:0390 0xfffc1931] Creating updater...
[18/08/2005 17:46:54:0390 0xfffc1931] CSettings::Get Setting:VersionInfo Value:APP_VER=3.3.0.4
DATABASE_VER=3.3.0.3
DATE=17/08/05
SIGNATURES=51780
[18/08/2005 17:46:54:0390 0xfffc1931] Updater created...
[18/08/2005 17:46:54:0450 0xfffc1931] Quering environment results
[18/08/2005 17:46:54:0450 0xfffc1931] Var: %autostart%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 17:46:54:0450 0xfffc1931] Var: %desktop%, Data: C:\WINDOWS\Escritorio
[18/08/2005 17:46:54:0450 0xfffc1931] Var: %desktopdirectory%, Data: %userprofile%\desktop
[18/08/2005 17:46:54:0450 0xfffc1931] Var: %favorites%, Data: C:\WINDOWS\Favoritos
[18/08/2005 17:46:54:0450 0xfffc1931] Var: %startmenu%, Data: C:\WINDOWS\Menú Inicio
[18/08/2005 17:46:54:0450 0xfffc1931] Var: %startup%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 17:46:54:0450 0xfffc1931] Var: %startupprograms%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 17:46:54:0450 0xfffc1931] Var: %system%, Data: C:\WINDOWS\SYSTEM
[18/08/2005 17:46:54:0450 0xfffc1931] Var: %systemdir%, Data: C:\WINDOWS\SYSTEM
[18/08/2005 17:46:54:0450 0xfffc1931] Var: %temp%, Data: C:\WINDOWS\TEMP
[18/08/2005 17:46:54:0450 0xfffc1931] Var: %windir%, Data: C:\WINDOWS
[18/08/2005 17:46:54:0450 0xfffc1931] Var: %window%, Data: C:\WINDOWS
[18/08/2005 17:46:54:0450 0xfffc1931] Var: %windows%, Data: C:\WINDOWS
[18/08/2005 17:46:54:0560 0xfffc1931] Quering environment results
[18/08/2005 17:46:54:0560 0xfffc1931] Var: %autostart%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 17:46:54:0560 0xfffc1931] Var: %desktop%, Data: C:\WINDOWS\Escritorio
[18/08/2005 17:46:54:0560 0xfffc1931] Var: %desktopdirectory%, Data: %userprofile%\desktop
[18/08/2005 17:46:54:0560 0xfffc1931] Var: %favorites%, Data: C:\WINDOWS\Favoritos
[18/08/2005 17:46:54:0560 0xfffc1931] Var: %startmenu%, Data: C:\WINDOWS\Menú Inicio
[18/08/2005 17:46:54:0560 0xfffc1931] Var: %startup%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 17:46:54:0560 0xfffc1931] Var: %startupprograms%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 17:46:54:0560 0xfffc1931] Var: %system%, Data: C:\WINDOWS\SYSTEM
[18/08/2005 17:46:54:0560 0xfffc1931] Var: %systemdir%, Data: C:\WINDOWS\SYSTEM
[18/08/2005 17:46:54:0560 0xfffc1931] Var: %temp%, Data: C:\WINDOWS\TEMP
[18/08/2005 17:46:54:0560 0xfffc1931] Var: %windir%, Data: C:\WINDOWS
[18/08/2005 17:46:54:0560 0xfffc1931] Var: %window%, Data: C:\WINDOWS
[18/08/2005 17:46:54:0560 0xfffc1931] Var: %windows%, Data: C:\WINDOWS
[18/08/2005 17:46:55:0820 0xfffc1931] CStrings::oprator[] requesting SETUP_COPMPANY_NAME
[18/08/2005 17:46:55:0820 0xfffc1931] CStrings::oprator[] requesting SOFTWARE_ID
[18/08/2005 17:46:55:0820 0xfffc1931] Quarantine created...
[18/08/2005 17:46:56:0760 0xfffc1931] IESafeMode created...
[18/08/2005 17:46:56:0810 0xfffc1931] CStrings::oprator[] requesting SOFTWARE_ID
[18/08/2005 17:46:56:0810 0xfffc1931] CStrings::oprator[] requesting REGISTRY_SOFTWARE_ROOT
[18/08/2005 17:46:56:0810 0xfffc1931] CStrings::oprator[] requesting REGISTRY_SOFTWARE_ROOT
[18/08/2005 17:46:56:0810 0xfffc1931] CStrings::oprator[] requesting SOFTWARE_ID
[18/08/2005 17:46:56:0810 0xfffc1931] CSettings::Get Setting:InstallDir Value:C:\Archivos de programa\PSGuard
[18/08/2005 17:46:56:0810 0xfffc1931] CStrings::oprator[] requesting LICENSE_FILE
[18/08/2005 17:46:56:0810 0xfffc1931] CStrings::oprator[] requesting REGISTRY_SOFTWARE_ROOT
[18/08/2005 17:46:56:0810 0xfffc1931] CStrings::oprator[] requesting REGSTORAGE_KEY
[18/08/2005 17:46:56:0810 0xfffc1931] CStrings::oprator[] requesting FREETRIAL_ACTIVE
[18/08/2005 17:46:56:0810 0xfffc1931] RegEngine created...
[18/08/2005 17:46:56:0810 0xfffc1931] RealtimeMonitoring created...
[18/08/2005 17:46:56:0810 0xfffc1931] CRegEngine::CanWork 0
[18/08/2005 17:46:56:0810 0xfffc1931] SysInfo created...
[18/08/2005 17:46:56:0810 0xfffc1931] main Creating AVECORE::theApp
[18/08/2005 17:46:56:0810 0xfffc1931] Converting GUID's: OldAppCLSID: {79DDF2EF-D881-464B-B2AF-5AF8816A3964}, OldAppIID: {28FEDB90-53C7-4928-994A-CEE782606507}, NewAppCLSID: {35ED274E-3F42-4A78-BBDC-3B7D73E85578}, NewAppIID: {1545C103-D982-4C9F-B8EB-76076F78E7E7}
[18/08/2005 17:46:57:0630 0xfffc1931] CSettings::Get Setting:MinOnStartup Value:0
[18/08/2005 17:46:57:0630 0xfffc1931] CSettings::Get Setting:ScanOnStartup Value:1
[18/08/2005 17:46:57:0630 0xfffc1931] CSettings::Get Setting:StartAtWinStartup Value:1
[18/08/2005 17:46:57:0630 0xfffc1931] CSettings::Get Setting:EnableRTMonitoring Value:1
[18/08/2005 17:46:57:0630 0xfffc1931] CSettings::Get Setting:AlwaysBlockChanges Value:0
[18/08/2005 17:46:57:0630 0xfffc1931] CSettings::Get Setting:AlwaysBlockWhenNoAV Value:1
[18/08/2005 17:46:57:0630 0xfffc1931] CSettings::Get Setting:PerformUpdate Value:1
[18/08/2005 17:46:57:0630 0xfffc1931] CSettings::Get Setting:SCAN_PRIORITY Value:0
[18/08/2005 17:46:57:0630 0xfffc1931] CSettings::Get Setting:SCAN_DEPTH Value:1
[18/08/2005 17:46:57:0630 0xfffc1931] CSettings::Get Setting:UpdateInterval Value:3
[18/08/2005 17:46:57:0690 0xfffc1931] main AVECORE::theApp created successfully
[18/08/2005 17:46:57:0690 0xfffc1931] main Creating WNDLAYER::WindowLayer
[18/08/2005 17:46:58:0790 0xfffc1931] main WNDLAYER::WindowLayer created successfully
[18/08/2005 17:46:59:0230 0xfffc1931] CStrings::oprator[] requesting WND_CAPTION
[18/08/2005 17:46:59:0230 0xfffc1931] CSettings::Get Setting:ResourceDll Value:C:\Archivos de programa\PSGuard\Localization.dll
[18/08/2005 17:46:59:0230 0xfffc1931] CSettings::Get Setting:MinOnStartup Value:0
[18/08/2005 17:46:59:0230 0xfffc1931] CWindowLayer::CreateMainWindow starting...
[18/08/2005 17:46:59:0230 0xfffc1931] CWindowLayer::CreateMainWindow after CreateInstance...
[18/08/2005 17:46:59:0230 0xfffc1931] CLWindow::_CreateWnd starting...
[18/08/2005 17:46:59:0230 0xfffc1931] CLWindow::_CreateWnd before m_AxWeb.Create ...
[18/08/2005 17:46:59:0450 0xfffc1931] CLWindow::_CreateWnd before CreateControlEx...
[18/08/2005 17:46:59:0780 0xfffc1931] CLWindow::_CreateWnd before m_AxWeb.SetWindowPos...
[18/08/2005 17:46:59:0780 0xfffc1931] CLWindow::_CreateWnd before m_AxWeb.QueryControl...
[18/08/2005 17:46:59:0780 0xfffc1931] CLWindow::_CreateWnd before DispEventAdvise...
[18/08/2005 17:46:59:0780 0xfffc1931] CLWindow::_CreateWnd before OnAddWindow...
[18/08/2005 17:46:59:0780 0xfffc1931] CLWindow::_CreateWnd before Navigate...
[18/08/2005 17:47:03:0900 0xfffc1931] CLWindow::OnDocumentComplete Before MessageLoop
[18/08/2005 17:47:03:0900 0xfffc1931] CLWindow::OnDocumentComplete After MessageLoop
[18/08/2005 17:47:03:0900 0xfffc1931] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:47:04:0010 0xfffc1931] CLWindow::Navigate Before CreateWndSkin
[18/08/2005 17:47:05:0430 0xfffc1931] CLWindow::_CreateWnd after Navigate...
[18/08/2005 17:47:05:0430 0xfffc1931] CLWindow::_CreateWnd after get_Document...
[18/08/2005 17:47:05:0430 0xfffc1931] CLWindow::_CreateWnd after documentOperations...
[18/08/2005 17:47:05:0430 0xfffc1931] CLWindow::_CreateWnd before SetWindowPos...
[18/08/2005 17:47:05:0430 0xfffc1931] CLWindow::_CreateWnd before ShowWindow...
[18/08/2005 17:47:05:0490 0xfffc1931] CLWindow::_CreateWnd before modal-related operations...
[18/08/2005 17:47:05:0930 0xfffc1931] CLWindow::_CreateWnd before MessageLoop...
[18/08/2005 17:47:08:0780 0xfffc1931] CSettings::Get Setting:ScanOnStartup Value:1
[18/08/2005 17:47:08:0780 0xfffc1931] CScaner::CreateWorkerThread started
[18/08/2005 17:47:08:0780 0xfffc1931] CScaner::CreateWorkerThread Before the start scaner worker thread
[18/08/2005 17:47:08:0840 0xfffc1931] CScaner::CreateWorkerThread after start
[18/08/2005 17:47:08:0840 0xfffc1931] CScaner::CreateWorkerThread Before SetThreadPriority
[18/08/2005 17:47:08:0840 0xfffc1931] CSettings::Get Setting:SCAN_PRIORITY Value:0
[18/08/2005 17:47:08:0840 0xfffc1931] CScaner::CreateWorkerThread After SetThreadPriority, exiting
[18/08/2005 17:47:08:0890 0xfffc1931] CSettings::Get Setting:SCAN_DEPTH Value:1
[18/08/2005 17:47:10:0100 0xfffc1931] Adding object: class=8, path=C:\WINDOWS\SYSTEM\INTELL32.EXE, group=Trojan.intell32
[18/08/2005 17:47:11:0640 0xfffc1931] Quering environment results
[18/08/2005 17:47:11:0640 0xfffc1931] Var: %autostart%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 17:47:11:0640 0xfffc1931] Var: %desktop%, Data: C:\WINDOWS\Escritorio
[18/08/2005 17:47:11:0640 0xfffc1931] Var: %desktopdirectory%, Data: %userprofile%\desktop
[18/08/2005 17:47:11:0640 0xfffc1931] Var: %favorites%, Data: C:\WINDOWS\Favoritos
[18/08/2005 17:47:11:0640 0xfffc1931] Var: %startmenu%, Data: C:\WINDOWS\Menú Inicio
[18/08/2005 17:47:11:0640 0xfffc1931] Var: %startup%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 17:47:11:0640 0xfffc1931] Var: %startupprograms%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 17:47:11:0640 0xfffc1931] Var: %system%, Data: C:\WINDOWS\SYSTEM
[18/08/2005 17:47:11:0640 0xfffc1931] Var: %systemdir%, Data: C:\WINDOWS\SYSTEM
[18/08/2005 17:47:11:0640 0xfffc1931] Var: %temp%, Data: C:\WINDOWS\TEMP
[18/08/2005 17:47:11:0640 0xfffc1931] Var: %windir%, Data: C:\WINDOWS
[18/08/2005 17:47:11:0640 0xfffc1931] Var: %window%, Data: C:\WINDOWS
[18/08/2005 17:47:11:0640 0xfffc1931] Var: %windows%, Data: C:\WINDOWS
[18/08/2005 17:47:12:0740 0xfffc1931] Adding object: class=1, path=C:\WINDOWS\Downloaded Program Files\sponsoradulto.dll, group=SysWebTelecomInt
[18/08/2005 17:47:16:0580 0xfffc1931] Adding object: class=2, path=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Update, group=Trojan.InternetUpdate
[18/08/2005 17:47:18:0070 0xfffc1931] Adding object: class=2, path=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{511F9316-771B-4953-A268-1C36DA667FE9}, group=SysWebTelecomInt
[18/08/2005 17:47:18:0070 0xfffc1931] Adding object: class=2, path=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{511F9316-771B-4953-A268-1C36DA667FE9}, group=SysWebTelecomInt
[18/08/2005 17:47:19:0770 0xfffc1931] Adding object: class=2, path=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{10000000-1000-0000-1000-000000000000}, group=IST.SlotchBar
[18/08/2005 17:47:21:0860 0xfffc1931] Adding object: class=4, path=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\intell32.exe, group=Trojan.intell32
[18/08/2005 17:48:55:0940 0xfffb7081] Logging for process C:\ARCHIVOS DE PROGRAMA\PSGUARD\PSGUARD.EXE with pid 0xFFFB7081 started on 18/08/2005 17:48:55
[18/08/2005 17:48:56:0600 0xfffb7081] Creating settings
[18/08/2005 17:48:56:0660 0xfffb7081] CSettings::CSettings Using HKEY_LOCAL_MACHINE\Software\ShudderLTD\PSGuard as registry root
[18/08/2005 17:48:56:0660 0xfffb7081] Creating resources
[18/08/2005 17:48:56:0770 0xfffb7081] CSettings::Get Setting:ResourceDll Value:C:\Archivos de programa\PSGuard\Localization.dll
[18/08/2005 17:48:56:0880 0xfffb7081] Creating strings
[18/08/2005 17:48:56:0880 0xfffb7081] Creating Kernel
[18/08/2005 17:48:57:0100 0xfffb7081] CStrings::oprator[] requesting CLONE_CHECK_MUTEX
[18/08/2005 17:48:57:0100 0xfffb7081] Loading database...
[18/08/2005 17:48:57:0100 0xfffb7081] CSettings::Get Setting:DatabaseFile Value:C:\Archivos de programa\PSGuard\database.pkg
[18/08/2005 17:49:00:0450 0xfffb7081] Extracting database...
[18/08/2005 17:49:00:0720 0xfffb7081] Quering environment results
[18/08/2005 17:49:00:0720 0xfffb7081] Var: %autostart%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 17:49:00:0720 0xfffb7081] Var: %desktop%, Data: C:\WINDOWS\Escritorio
[18/08/2005 17:49:00:0720 0xfffb7081] Var: %desktopdirectory%, Data: %userprofile%\desktop
[18/08/2005 17:49:00:0720 0xfffb7081] Var: %favorites%, Data: C:\WINDOWS\Favoritos
[18/08/2005 17:49:00:0720 0xfffb7081] Var: %startmenu%, Data: C:\WINDOWS\Menú Inicio
[18/08/2005 17:49:00:0720 0xfffb7081] Var: %startup%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 17:49:00:0720 0xfffb7081] Var: %startupprograms%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 17:49:00:0720 0xfffb7081] Var: %system%, Data: C:\WINDOWS\SYSTEM
[18/08/2005 17:49:00:0720 0xfffb7081] Var: %systemdir%, Data: C:\WINDOWS\SYSTEM
[18/08/2005 17:49:00:0720 0xfffb7081] Var: %temp%, Data: C:\WINDOWS\TEMP
[18/08/2005 17:49:00:0720 0xfffb7081] Var: %windir%, Data: C:\WINDOWS
[18/08/2005 17:49:00:0720 0xfffb7081] Var: %window%, Data: C:\WINDOWS
[18/08/2005 17:49:00:0720 0xfffb7081] Var: %windows%, Data: C:\WINDOWS
[18/08/2005 17:49:00:0940 0xfffb7081] Creating scanner...
[18/08/2005 17:49:01:0710 0xfffb7081] Quering environment results
[18/08/2005 17:49:02:0040 0xfffb7081] Var: %autostart%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 17:49:02:0040 0xfffb7081] Var: %desktop%, Data: C:\WINDOWS\Escritorio
[18/08/2005 17:49:02:0040 0xfffb7081] Var: %desktopdirectory%, Data: %userprofile%\desktop
[18/08/2005 17:49:02:0040 0xfffb7081] Var: %favorites%, Data: C:\WINDOWS\Favoritos
[18/08/2005 17:49:02:0040 0xfffb7081] Var: %startmenu%, Data: C:\WINDOWS\Menú Inicio
[18/08/2005 17:49:02:0040 0xfffb7081] Var: %startup%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 17:49:02:0040 0xfffb7081] Var: %startupprograms%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 17:49:02:0040 0xfffb7081] Var: %system%, Data: C:\WINDOWS\SYSTEM
[18/08/2005 17:49:02:0040 0xfffb7081] Var: %systemdir%, Data: C:\WINDOWS\SYSTEM
[18/08/2005 17:49:02:0040 0xfffb7081] Var: %temp%, Data: C:\WINDOWS\TEMP
[18/08/2005 17:49:02:0040 0xfffb7081] Var: %windir%, Data: C:\WINDOWS
[18/08/2005 17:49:02:0040 0xfffb7081] Var: %window%, Data: C:\WINDOWS
[18/08/2005 17:49:02:0040 0xfffb7081] Var: %windows%, Data: C:\WINDOWS
[18/08/2005 17:49:02:0040 0xfffb7081] CSettings::Get Setting:SCAN_DEPTH Value:1
[18/08/2005 17:49:04:0070 0xfffb7081] Scaner created...
[18/08/2005 17:49:04:0070 0xfffb7081] Creating updater...
[18/08/2005 17:49:04:0180 0xfffb7081] CSettings::Get Setting:VersionInfo Value:APP_VER=3.3.0.4
DATABASE_VER=3.3.0.3
DATE=17/08/05
SIGNATURES=51780
[18/08/2005 17:49:04:0180 0xfffb7081] Updater created...
[18/08/2005 17:49:04:0290 0xfffb7081] Quering environment results
[18/08/2005 17:49:04:0290 0xfffb7081] Var: %autostart%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 17:49:04:0290 0xfffb7081] Var: %desktop%, Data: C:\WINDOWS\Escritorio
[18/08/2005 17:49:04:0290 0xfffb7081] Var: %desktopdirectory%, Data: %userprofile%\desktop
[18/08/2005 17:49:04:0290 0xfffb7081] Var: %favorites%, Data: C:\WINDOWS\Favoritos
[18/08/2005 17:49:04:0290 0xfffb7081] Var: %startmenu%, Data: C:\WINDOWS\Menú Inicio
[18/08/2005 17:49:04:0290 0xfffb7081] Var: %startup%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 17:49:04:0290 0xfffb7081] Var: %startupprograms%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 17:49:04:0290 0xfffb7081] Var: %system%, Data: C:\WINDOWS\SYSTEM
[18/08/2005 17:49:04:0290 0xfffb7081] Var: %systemdir%, Data: C:\WINDOWS\SYSTEM
[18/08/2005 17:49:04:0290 0xfffb7081] Var: %temp%, Data: C:\WINDOWS\TEMP
[18/08/2005 17:49:04:0290 0xfffb7081] Var: %windir%, Data: C:\WINDOWS
[18/08/2005 17:49:04:0290 0xfffb7081] Var: %window%, Data: C:\WINDOWS
[18/08/2005 17:49:04:0290 0xfffb7081] Var: %windows%, Data: C:\WINDOWS
[18/08/2005 17:49:04:0510 0xfffb7081] Quering environment results
[18/08/2005 17:49:04:0510 0xfffb7081] Var: %autostart%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 17:49:04:0510 0xfffb7081] Var: %desktop%, Data: C:\WINDOWS\Escritorio
[18/08/2005 17:49:04:0510 0xfffb7081] Var: %desktopdirectory%, Data: %userprofile%\desktop
[18/08/2005 17:49:04:0510 0xfffb7081] Var: %favorites%, Data: C:\WINDOWS\Favoritos
[18/08/2005 17:49:04:0510 0xfffb7081] Var: %startmenu%, Data: C:\WINDOWS\Menú Inicio
[18/08/2005 17:49:04:0510 0xfffb7081] Var: %startup%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 17:49:04:0510 0xfffb7081] Var: %startupprograms%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 17:49:04:0510 0xfffb7081] Var: %system%, Data: C:\WINDOWS\SYSTEM
[18/08/2005 17:49:04:0510 0xfffb7081] Var: %systemdir%, Data: C:\WINDOWS\SYSTEM
[18/08/2005 17:49:04:0510 0xfffb7081] Var: %temp%, Data: C:\WINDOWS\TEMP
[18/08/2005 17:49:04:0510 0xfffb7081] Var: %windir%, Data: C:\WINDOWS
[18/08/2005 17:49:04:0510 0xfffb7081] Var: %window%, Data: C:\WINDOWS
[18/08/2005 17:49:04:0510 0xfffb7081] Var: %windows%, Data: C:\WINDOWS
[18/08/2005 17:49:06:0380 0xfffb7081] CStrings::oprator[] requesting SETUP_COPMPANY_NAME
[18/08/2005 17:49:06:0380 0xfffb7081] CStrings::oprator[] requesting SOFTWARE_ID
[18/08/2005 17:49:06:0540 0xfffb7081] Quarantine created...
[18/08/2005 17:49:06:0870 0xfffb7081] IESafeMode created...
[18/08/2005 17:49:07:0310 0xfffb7081] CStrings::oprator[] requesting SOFTWARE_ID
[18/08/2005 17:49:07:0420 0xfffb7081] CStrings::oprator[] requesting REGISTRY_SOFTWARE_ROOT
[18/08/2005 17:49:07:0420 0xfffb7081] CStrings::oprator[] requesting REGISTRY_SOFTWARE_ROOT
[18/08/2005 17:49:07:0420 0xfffb7081] CStrings::oprator[] requesting SOFTWARE_ID
[18/08/2005 17:49:07:0420 0xfffb7081] CSettings::Get Setting:InstallDir Value:C:\Archivos de programa\PSGuard
[18/08/2005 17:49:07:0420 0xfffb7081] CStrings::oprator[] requesting LICENSE_FILE
[18/08/2005 17:49:07:0420 0xfffb7081] CStrings::oprator[] requesting REGISTRY_SOFTWARE_ROOT
[18/08/2005 17:49:07:0420 0xfffb7081] CStrings::oprator[] requesting REGSTORAGE_KEY
[18/08/2005 17:49:07:0420 0xfffb7081] CStrings::oprator[] requesting FREETRIAL_ACTIVE
[18/08/2005 17:49:07:0420 0xfffb7081] RegEngine created...
[18/08/2005 17:49:07:0420 0xfffb7081] RealtimeMonitoring created...
[18/08/2005 17:49:07:0420 0xfffb7081] CRegEngine::CanWork 0
[18/08/2005 17:49:07:0590 0xfffb7081] SysInfo created...
[18/08/2005 17:49:07:0590 0xfffb7081] main Creating AVECORE::theApp
[18/08/2005 17:49:07:0590 0xfffb7081] Converting GUID's: OldAppCLSID: {79DDF2EF-D881-464B-B2AF-5AF8816A3964}, OldAppIID: {28FEDB90-53C7-4928-994A-CEE782606507}, NewAppCLSID: {35ED274E-3F42-4A78-BBDC-3B7D73E85578}, NewAppIID: {1545C103-D982-4C9F-B8EB-76076F78E7E7}
[18/08/2005 17:49:13:0410 0xfffb7081] CSettings::Get Setting:MinOnStartup Value:0
[18/08/2005 17:49:13:0410 0xfffb7081] CSettings::Get Setting:ScanOnStartup Value:1
[18/08/2005 17:49:13:0410 0xfffb7081] CSettings::Get Setting:StartAtWinStartup Value:1
[18/08/2005 17:49:13:0410 0xfffb7081] CSettings::Get Setting:EnableRTMonitoring Value:1
[18/08/2005 17:49:13:0410 0xfffb7081] CSettings::Get Setting:AlwaysBlockChanges Value:0
[18/08/2005 17:49:13:0410 0xfffb7081] CSettings::Get Setting:AlwaysBlockWhenNoAV Value:1
[18/08/2005 17:49:13:0410 0xfffb7081] CSettings::Get Setting:PerformUpdate Value:1
[18/08/2005 17:49:13:0410 0xfffb7081] CSettings::Get Setting:SCAN_PRIORITY Value:0
[18/08/2005 17:49:13:0410 0xfffb7081] CSettings::Get Setting:SCAN_DEPTH Value:1
[18/08/2005 17:49:13:0410 0xfffb7081] CSettings::Get Setting:UpdateInterval Value:3
[18/08/2005 17:49:13:0520 0xfffb7081] main AVECORE::theApp created successfully
[18/08/2005 17:49:13:0520 0xfffb7081] main Creating WNDLAYER::WindowLayer
[18/08/2005 17:49:13:0900 0xfffb7081] main WNDLAYER::WindowLayer created successfully
[18/08/2005 17:49:14:0010 0xfffb7081] CStrings::oprator[] requesting WND_CAPTION
[18/08/2005 17:49:14:0010 0xfffb7081] CSettings::Get Setting:ResourceDll Value:C:\Archivos de programa\PSGuard\Localization.dll
[18/08/2005 17:49:14:0010 0xfffb7081] CSettings::Get Setting:MinOnStartup Value:0
[18/08/2005 17:49:14:0010 0xfffb7081] CWindowLayer::CreateMainWindow starting...
[18/08/2005 17:49:14:0010 0xfffb7081] CWindowLayer::CreateMainWindow after CreateInstance...
[18/08/2005 17:49:14:0010 0xfffb7081] CLWindow::_CreateWnd starting...
[18/08/2005 17:49:14:0010 0xfffb7081] CLWindow::_CreateWnd before m_AxWeb.Create ...
[18/08/2005 17:49:14:0010 0xfffb7081] CLWindow::_CreateWnd before CreateControlEx...
[18/08/2005 17:49:14:0340 0xfffb7081] CLWindow::_CreateWnd before m_AxWeb.SetWindowPos...
[18/08/2005 17:49:14:0340 0xfffb7081] CLWindow::_CreateWnd before m_AxWeb.QueryControl...
[18/08/2005 17:49:14:0340 0xfffb7081] CLWindow::_CreateWnd before DispEventAdvise...
[18/08/2005 17:49:14:0340 0xfffb7081] CLWindow::_CreateWnd before OnAddWindow...
[18/08/2005 17:49:14:0340 0xfffb7081] CLWindow::_CreateWnd before Navigate...
[18/08/2005 17:49:18:0460 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop
[18/08/2005 17:49:18:0460 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:18:0570 0xfffb7081] CLWindow::Navigate Before CreateWndSkin
[18/08/2005 17:49:19:0890 0xfffb7081] CLWindow::_CreateWnd after Navigate...
[18/08/2005 17:49:19:0890 0xfffb7081] CLWindow::_CreateWnd after get_Document...
[18/08/2005 17:49:19:0890 0xfffb7081] CLWindow::_CreateWnd after documentOperations...
[18/08/2005 17:49:19:0890 0xfffb7081] CLWindow::_CreateWnd before SetWindowPos...
[18/08/2005 17:49:19:0890 0xfffb7081] CLWindow::_CreateWnd before ShowWindow...
[18/08/2005 17:49:19:0890 0xfffb7081] CLWindow::_CreateWnd before modal-related operations...
[18/08/2005 17:49:20:0330 0xfffb7081] CLWindow::_CreateWnd before MessageLoop...
[18/08/2005 17:49:22:0750 0xfffb7081] CSettings::Get Setting:ScanOnStartup Value:1
[18/08/2005 17:49:22:0860 0xfffb7081] CScaner::CreateWorkerThread started
[18/08/2005 17:49:22:0860 0xfffb7081] CScaner::CreateWorkerThread Before the start scaner worker thread
[18/08/2005 17:49:22:0860 0xfffb7081] CScaner::CreateWorkerThread after start
[18/08/2005 17:49:22:0860 0xfffb7081] CScaner::CreateWorkerThread Before SetThreadPriority
[18/08/2005 17:49:22:0860 0xfffb7081] CSettings::Get Setting:SCAN_PRIORITY Value:0
[18/08/2005 17:49:22:0860 0xfffb7081] CScaner::CreateWorkerThread After SetThreadPriority, exiting
[18/08/2005 17:49:22:0910 0xfffb7081] CSettings::Get Setting:SCAN_DEPTH Value:1
[18/08/2005 17:49:25:0440 0xfffb7081] Adding object: class=8, path=C:\WINDOWS\SYSTEM\INTELL32.EXE, group=Trojan.intell32
[18/08/2005 17:49:26:0920 0xfffb7081] Quering environment results
[18/08/2005 17:49:26:0920 0xfffb7081] Var: %autostart%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 17:49:26:0920 0xfffb7081] Var: %desktop%, Data: C:\WINDOWS\Escritorio
[18/08/2005 17:49:26:0920 0xfffb7081] Var: %desktopdirectory%, Data: %userprofile%\desktop
[18/08/2005 17:49:26:0920 0xfffb7081] Var: %favorites%, Data: C:\WINDOWS\Favoritos
[18/08/2005 17:49:26:0920 0xfffb7081] Var: %startmenu%, Data: C:\WINDOWS\Menú Inicio
[18/08/2005 17:49:26:0920 0xfffb7081] Var: %startup%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 17:49:26:0920 0xfffb7081] Var: %startupprograms%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 17:49:26:0920 0xfffb7081] Var: %system%, Data: C:\WINDOWS\SYSTEM
[18/08/2005 17:49:26:0920 0xfffb7081] Var: %systemdir%, Data: C:\WINDOWS\SYSTEM
[18/08/2005 17:49:26:0920 0xfffb7081] Var: %temp%, Data: C:\WINDOWS\TEMP
[18/08/2005 17:49:26:0920 0xfffb7081] Var: %windir%, Data: C:\WINDOWS
[18/08/2005 17:49:26:0920 0xfffb7081] Var: %window%, Data: C:\WINDOWS
[18/08/2005 17:49:26:0920 0xfffb7081] Var: %windows%, Data: C:\WINDOWS
[18/08/2005 17:49:28:0350 0xfffb7081] Adding object: class=1, path=C:\WINDOWS\Downloaded Program Files\sponsoradulto.dll, group=SysWebTelecomInt
[18/08/2005 17:49:31:0210 0xfffb7081] Adding object: class=2, path=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Update, group=Trojan.InternetUpdate
[18/08/2005 17:49:33:0020 0xfffb7081] Adding object: class=2, path=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{511F9316-771B-4953-A268-1C36DA667FE9}, group=SysWebTelecomInt
[18/08/2005 17:49:33:0020 0xfffb7081] Adding object: class=2, path=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{511F9316-771B-4953-A268-1C36DA667FE9}, group=SysWebTelecomInt
[18/08/2005 17:49:34:0890 0xfffb7081] Adding object: class=2, path=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{10000000-1000-0000-1000-000000000000}, group=IST.SlotchBar
[18/08/2005 17:49:37:0410 0xfffb7081] Adding object: class=4, path=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\intell32.exe, group=Trojan.intell32
[18/08/2005 17:49:45:0270 0xfffb7081] CRegEngine::CanWork 0
[18/08/2005 17:49:45:0540 0xfffb7081] CLWindow::_CreateWnd starting...
[18/08/2005 17:49:45:0540 0xfffb7081] CLWindow::_CreateWnd before m_AxWeb.Create ...
[18/08/2005 17:49:45:0540 0xfffb7081] CLWindow::_CreateWnd before CreateControlEx...
[18/08/2005 17:49:45:0540 0xfffb7081] CLWindow::_CreateWnd before m_AxWeb.SetWindowPos...
[18/08/2005 17:49:45:0540 0xfffb7081] CLWindow::_CreateWnd before m_AxWeb.QueryControl...
[18/08/2005 17:49:45:0540 0xfffb7081] CLWindow::_CreateWnd before DispEventAdvise...
[18/08/2005 17:49:45:0540 0xfffb7081] CLWindow::_CreateWnd before OnAddWindow...
[18/08/2005 17:49:45:0540 0xfffb7081] CLWindow::_CreateWnd before Navigate...
[18/08/2005 17:49:45:0820 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop
[18/08/2005 17:49:45:0820 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop
[18/08/2005 17:49:45:0820 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:45:0820 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:45:0820 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:45:0820 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:45:0820 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:45:0820 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:45:0820 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:45:0820 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:45:0820 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:45:0820 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:45:0820 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:45:0820 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:45:0820 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:45:0820 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:45:0820 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:45:0820 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:45:0820 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:45:0820 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:45:0820 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:45:0820 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:45:0820 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:45:0820 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:45:0820 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:45:0820 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:45:0820 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:45:0820 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:45:0820 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:45:0820 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:45:0820 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:45:0820 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:45:0820 0xfffb7081] CLWindow::Navigate Before CreateWndSkin
[18/08/2005 17:49:47:0020 0xfffb7081] CLWindow::_CreateWnd after Navigate...
[18/08/2005 17:49:47:0020 0xfffb7081] CLWindow::_CreateWnd after get_Document...
[18/08/2005 17:49:47:0020 0xfffb7081] CLWindow::_CreateWnd after documentOperations...
[18/08/2005 17:49:47:0020 0xfffb7081] CLWindow::_CreateWnd before SetWindowPos...
[18/08/2005 17:49:47:0020 0xfffb7081] CLWindow::_CreateWnd before ShowWindow...
[18/08/2005 17:49:47:0020 0xfffb7081] CLWindow::_CreateWnd before modal-related operations...
[18/08/2005 17:49:47:0020 0xfffb7081] CLWindow::_CreateWnd before MessageLoop...
[18/08/2005 19:53:07:0140 0xfffb737f] Logging for process C:\ARCHIVOS DE PROGRAMA\PSGUARD\PSGUARD.EXE with pid 0xFFFB737F started on 18/08/2005 19:53:07
[18/08/2005 19:53:07:0850 0xfffb737f] Creating settings
[18/08/2005 19:53:07:0850 0xfffb737f] CSettings::CSettings Using HKEY_LOCAL_MACHINE\Software\ShudderLTD\PSGuard as registry root
[18/08/2005 19:53:07:0850 0xfffb737f] Creating resources
[18/08/2005 19:53:07:0850 0xfffb737f] CSettings::Get Setting:ResourceDll Value:C:\Archivos de programa\PSGuard\Localization.dll
[18/08/2005 19:53:07:0910 0xfffb737f] Creating strings
[18/08/2005 19:53:07:0910 0xfffb737f] Creating Kernel
[18/08/2005 19:53:07:0960 0xfffb737f] CStrings::oprator[] requesting CLONE_CHECK_MUTEX
[18/08/2005 19:53:07:0960 0xfffb737f] Loading database...
[18/08/2005 19:53:07:0960 0xfffb737f] CSettings::Get Setting:DatabaseFile Value:C:\Archivos de programa\PSGuard\database.pkg
[18/08/2005 19:53:18:0180 0xfffb737f] Extracting database...
[18/08/2005 19:53:18:0730 0xfffb737f] Quering environment results
[18/08/2005 19:53:18:0730 0xfffb737f] Var: %autostart%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 19:53:18:0730 0xfffb737f] Var: %desktop%, Data: C:\WINDOWS\Escritorio
[18/08/2005 19:53:18:0730 0xfffb737f] Var: %desktopdirectory%, Data: %userprofile%\desktop
[18/08/2005 19:53:18:0730 0xfffb737f] Var: %favorites%, Data: C:\WINDOWS\Favoritos
[18/08/2005 19:53:18:0730 0xfffb737f] Var: %startmenu%, Data: C:\WINDOWS\Menú Inicio
[18/08/2005 19:53:18:0730 0xfffb737f] Var: %startup%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 19:53:18:0730 0xfffb737f] Var: %startupprograms%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 19:53:18:0730 0xfffb737f] Var: %system%, Data: C:\WINDOWS\SYSTEM
[18/08/2005 19:53:18:0780 0xfffb737f] Var: %systemdir%, Data: C:\WINDOWS\SYSTEM
[18/08/2005 19:53:18:0780 0xfffb737f] Var: %temp%, Data: C:\WINDOWS\TEMP
[18/08/2005 19:53:18:0780 0xfffb737f] Var: %windir%, Data: C:\WINDOWS
[18/08/2005 19:53:18:0780 0xfffb737f] Var: %window%, Data: C:\WINDOWS
[18/08/2005 19:53:18:0780 0xfffb737f] Var: %windows%, Data: C:\WINDOWS
[18/08/2005 19:53:19:0000 0xfffb737f] Creating scanner...
[18/08/2005 19:53:19:0660 0xfffb737f] Quering environment results
[18/08/2005 19:53:19:0660 0xfffb737f] Var: %autostart%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 19:53:19:0660 0xfffb737f] Var: %desktop%, Data: C:\WINDOWS\Escritorio
[18/08/2005 19:53:19:0660 0xfffb737f] Var: %desktopdirectory%, Data: %userprofile%\desktop
[18/08/2005 19:53:19:0660 0xfffb737f] Var: %favorites%, Data: C:\WINDOWS\Favoritos
[18/08/2005 19:53:19:0660 0xfffb737f] Var: %startmenu%, Data: C:\WINDOWS\Menú Inicio
[18/08/2005 19:53:19:0660 0xfffb737f] Var: %startup%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 19:53:19:0660 0xfffb737f] Var: %startupprograms%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 19:53:19:0660 0xfffb737f] Var: %system%, Data: C:\WINDOWS\SYSTEM
[18/08/2005 19:53:19:0660 0xfffb737f] Var: %systemdir%, Data: C:\WINDOWS\SYSTEM
[18/08/2005 19:53:19:0660 0xfffb737f] Var: %temp%, Data: C:\WINDOWS\TEMP
[18/08/2005 19:53:19:0660 0xfffb737f] Var: %windir%, Data: C:\WINDOWS
[18/08/2005 19:53:19:0660 0xfffb737f] Var: %window%, Data: C:\WINDOWS
[18/08/2005 19:53:19:0660 0xfffb737f] Var: %windows%, Data: C:\WINDOWS
[18/08/2005 19:53:19:0660 0xfffb737f] CSettings::Get Setting:SCAN_DEPTH Value:1
[18/08/2005 19:53:20:0320 0xfffb737f] Scaner created...
[18/08/2005 19:53:20:0320 0xfffb737f] Creating updater...
[18/08/2005 19:53:20:0370 0xfffb737f] CSettings::Get Setting:VersionInfo Value:APP_VER=3.3.0.4
DATABASE_VER=3.3.0.3
DATE=17/08/05
SIGNATURES=51780
[18/08/2005 19:53:20:0370 0xfffb737f] Updater created...
[18/08/2005 19:53:21:0030 0xfffb737f] Quering environment results
[18/08/2005 19:53:21:0030 0xfffb737f] Var: %autostart%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 19:53:21:0030 0xfffb737f] Var: %desktop%, Data: C:\WINDOWS\Escritorio
[18/08/2005 19:53:21:0030 0xfffb737f] Var: %desktopdirectory%, Data: %userprofile%\desktop
[18/08/2005 19:53:21:0030 0xfffb737f] Var: %favorites%, Data: C:\WINDOWS\Favoritos
[18/08/2005 19:53:21:0030 0xfffb737f] Var: %startmenu%, Data: C:\WINDOWS\Menú Inicio
[18/08/2005 19:53:21:0030 0xfffb737f] Var: %startup%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 19:53:21:0030 0xfffb737f] Var: %startupprograms%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 19:53:21:0030 0xfffb737f] Var: %system%, Data: C:\WINDOWS\SYSTEM
[18/08/2005 19:53:21:0030 0xfffb737f] Var: %systemdir%, Data: C:\WINDOWS\SYSTEM
[18/08/2005 19:53:21:0030 0xfffb737f] Var: %temp%, Data: C:\WINDOWS\TEMP
[18/08/2005 19:53:21:0030 0xfffb737f] Var: %windir%, Data: C:\WINDOWS
[18/08/2005 19:53:21:0030 0xfffb737f] Var: %window%, Data: C:\WINDOWS
[18/08/2005 19:53:21:0030 0xfffb737f] Var: %windows%, Data: C:\WINDOWS
[18/08/2005 19:53:21:0030 0xfffb737f] Quering environment results
[18/08/2005 19:53:21:0030 0xfffb737f] Var: %autostart%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 19:53:21:0030 0xfffb737f] Var: %desktop%, Data: C:\WINDOWS\Escritorio
[18/08/2005 19:53:21:0030 0xfffb737f] Var: %desktopdirectory%, Data: %userprofile%\desktop
[18/08/2005 19:53:21:0030 0xfffb737f] Var: %favorites%, Data: C:\WINDOWS\Favoritos
[18/08/2005 19:53:21:0030 0xfffb737f] Var: %startmenu%, Data: C:\WINDOWS\Menú Inicio
[18/08/2005 19:53:21:0030 0xfffb737f] Var: %startup%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 19:53:21:0030 0xfffb737f] Var: %startupprograms%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 19:53:21:0030 0xfffb737f] Var: %system%, Data: C:\WINDOWS\SYSTEM
[18/08/2005 19:53:21:0030 0xfffb737f] Var: %systemdir%, Data: C:\WINDOWS\SYSTEM
[18/08/2005 19:53:21:0030 0xfffb737f] Var: %temp%, Data: C:\WINDOWS\TEMP
[18/08/2005 19:53:21:0030 0xfffb737f] Var: %windir%, Data: C:\WINDOWS
[18/08/2005 19:53:21:0030 0xfffb737f] Var: %window%, Data: C:\WINDOWS
[18/08/2005 19:53:21:0030 0xfffb737f] Var: %windows%, Data: C:\WINDOWS
[18/08/2005 19:53:21:0750 0xfffb737f] CStrings::oprator[] requesting SETUP_COPMPANY_NAME
[18/08/2005 19:53:21:0750 0xfffb737f] CStrings::oprator[] requesting SOFTWARE_ID
[18/08/2005 19:53:21:0860 0xfffb737f] Quarantine created...
[18/08/2005 19:53:21:0970 0xfffb737f] IESafeMode created...
[18/08/2005 19:53:22:0350 0xfffb737f] CStrings::oprator[] requesting SOFTWARE_ID
[18/08/2005 19:53:22:0350 0xfffb737f] CStrings::oprator[] requesting REGISTRY_SOFTWARE_ROOT
[18/08/2005 19:53:22:0350 0xfffb737f] CStrings::oprator[] requesting REGISTRY_SOFTWARE_ROOT
[18/08/2005 19:53:22:0350 0xfffb737f] CStrings::oprator[] requesting SOFTWARE_ID
[18/08/2005 19:53:22:0350 0xfffb737f] CSettings::Get Setting:InstallDir Value:C:\Archivos de programa\PSGuard
[18/08/2005 19:53:22:0350 0xfffb737f] CStrings::oprator[] requesting LICENSE_FILE
[18/08/2005 19:53:22:0350 0xfffb737f] CStrings::oprator[] requesting REGISTRY_SOFTWARE_ROOT
[18/08/2005 19:53:22:0350 0xfffb737f] CStrings::oprator[] requesting REGSTORAGE_KEY
[18/08/2005 19:53:22:0350 0xfffb737f] CStrings::oprator[] requesting FREETRIAL_ACTIVE
[18/08/2005 19:53:22:0350 0xfffb737f] RegEngine created...
[18/08/2005 19:53:22:0350 0xfffb737f] RealtimeMonitoring created...
[18/08/2005 19:53:22:0350 0xfffb737f] CRegEngine::CanWork 0
[18/08/2005 19:53:22:0350 0xfffb737f] SysInfo created...
[18/08/2005 19:53:22:0350 0xfffb737f] main Creating AVECORE::theApp
[18/08/2005 19:53:22:0350 0xfffb737f] Converting GUID's: OldAppCLSID: {79DDF2EF-D881-464B-B2AF-5AF8816A3964}, OldAppIID: {28FEDB90-53C7-4928-994A-CEE782606507}, NewAppCLSID: {35ED274E-3F42-4A78-BBDC-3B7D73E85578}, NewAppIID: {1545C103-D982-4C9F-B8EB-76076F78E7E7}
[18/08/2005 19:53:23:0940 0xfffb737f] CSettings::Get Setting:MinOnStartup Value:0
[18/08/2005 19:53:23:0940 0xfffb737f] CSettings::Get Setting:ScanOnStartup Value:1
[18/08/2005 19:53:23:0940 0xfffb737f] CSettings::Get Setting:StartAtWinStartup Value:1
[18/08/2005 19:53:23:0940 0xfffb737f] CSettings::Get Setting:EnableRTMonitoring Value:1
[18/08/2005 19:53:23:0940 0xfffb737f] CSettings::Get Setting:AlwaysBlockChanges Value:0
[18/08/2005 19:53:23:0940 0xfffb737f] CSettings::Get Setting:AlwaysBlockWhenNoAV Value:1
[18/08/2005 19:53:23:0940 0xfffb737f] CSettings::Get Setting:PerformUpdate Value:1
[18/08/2005 19:53:23:0940 0xfffb737f] CSettings::Get Setting:SCAN_PRIORITY Value:0
[18/08/2005 19:53:23:0940 0xfffb737f] CSettings::Get Setting:SCAN_DEPTH Value:1
[18/08/2005 19:53:23:0940 0xfffb737f] CSettings::Get Setting:UpdateInterval Value:3
[18/08/2005 19:53:24:0000 0xfffb737f] main AVECORE::theApp created successfully
[18/08/2005 19:53:24:0000 0xfffb737f] main Creating WNDLAYER::WindowLayer
[18/08/2005 19:53:24:0220 0xfffb737f] main WNDLAYER::WindowLayer created successfully
[18/08/2005 19:53:24:0220 0xfffb737f] CStrings::oprator[] requesting WND_CAPTION
[18/08/2005 19:53:24:0220 0xfffb737f] CSettings::Get Setting:ResourceDll Value:C:\Archivos de programa\PSGuard\Localization.dll
[18/08/2005 19:53:24:0220 0xfffb737f] CSettings::Get Setting:MinOnStartup Value:0
[18/08/2005 19:53:24:0220 0xfffb737f] CWindowLayer::CreateMainWindow starting...
[18/08/2005 19:53:24:0220 0xfffb737f] CWindowLayer::CreateMainWindow after CreateInstance...
[18/08/2005 19:53:24:0220 0xfffb737f] CLWindow::_CreateWnd starting...
[18/08/2005 19:53:24:0220 0xfffb737f] CLWindow::_CreateWnd before m_AxWeb.Create ...
[18/08/2005 19:53:24:0220 0xfffb737f] CLWindow::_CreateWnd before CreateControlEx...
[18/08/2005 19:53:24:0990 0xfffb737f] CLWindow::_CreateWnd before m_AxWeb.SetWindowPos...
[18/08/2005 19:53:24:0990 0xfffb737f] CLWindow::_CreateWnd before m_AxWeb.QueryControl...
[18/08/2005 19:53:24:0990 0xfffb737f] CLWindow::_CreateWnd before DispEventAdvise...
[18/08/2005 19:53:24:0990 0xfffb737f] CLWindow::_CreateWnd before OnAddWindow...
[18/08/2005 19:53:24:0990 0xfffb737f] CLWindow::_CreateWnd before Navigate...
[18/08/2005 19:53:30:0100 0xfffb737f] CLWindow::OnDocumentComplete Before MessageLoop
[18/08/2005 19:53:30:0100 0xfffb737f] CLWindow::OnDocumentComplete After MessageLoop
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 19:53:30:0260 0xfffb737f] CLWindow::Navigate Before CreateWndSkin
[18/08/2005 19:53:31:0520 0xfffb737f] CLWindow::_CreateWnd after Navigate...
[18/08/2005 19:53:31:0520 0xfffb737f] CLWindow::_CreateWnd after get_Document...
[18/08/2005 19:53:31:0520 0xfffb737f] CLWindow::_CreateWnd after documentOperations...
[18/08/2005 19:53:31:0520 0xfffb737f] CLWindow::_CreateWnd before SetWindowPos...
[18/08/2005 19:53:31:0520 0xfffb737f] CLWindow::_CreateWnd before ShowWindow...
[18/08/2005 19:53:31:0520 0xfffb737f] CLWindow::_CreateWnd before modal-related operations...
[18/08/2005 19:53:31:0850 0xfffb737f] CLWindow::_CreateWnd before MessageLoop...
[18/08/2005 19:53:34:0430 0xfffb737f] CSettings::Get Setting:ScanOnStartup Value:1
[18/08/2005 19:53:34:0430 0xfffb737f] CScaner::CreateWorkerThread started
[18/08/2005 19:53:34:0430 0xfffb737f] CScaner::CreateWorkerThread Before the start scaner worker thread
[18/08/2005 19:53:34:0430 0xfffb737f] CScaner::CreateWorkerThread after start
[18/08/2005 19:53:34:0430 0xfffb737f] CScaner::CreateWorkerThread Before SetThreadPriority
[18/08/2005 19:53:34:0430 0xfffb737f] CSettings::Get Setting:SCAN_PRIORITY Value:0
[18/08/2005 19:53:34:0430 0xfffb737f] CScaner::CreateWorkerThread After SetThreadPriority, exiting
[18/08/2005 19:53:34:0490 0xfffb737f] CSettings::Get Setting:SCAN_DEPTH Value:1
[18/08/2005 19:53:36:0080 0xfffb737f] Adding object: class=8, path=C:\WINDOWS\SYSTEM\INTELL32.EXE, group=Trojan.intell32
[18/08/2005 19:53:38:0440 0xfffb737f] Quering environment results
[18/08/2005 19:53:38:0440 0xfffb737f] Var: %autostart%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 19:53:38:0440 0xfffb737f] Var: %desktop%, Data: C:\WINDOWS\Escritorio
[18/08/2005 19:53:38:0440 0xfffb737f] Var: %desktopdirectory%, Data: %userprofile%\desktop
[18/08/2005 19:53:38:0440 0xfffb737f] Var: %favorites%, Data: C:\WINDOWS\Favoritos
[18/08/2005 19:53:38:0440 0xfffb737f] Var: %startmenu%, Data: C:\WINDOWS\Menú Inicio
[18/08/2005 19:53:38:0440 0xfffb737f] Var: %startup%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 19:53:38:0440 0xfffb737f] Var: %startupprograms%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 19:53:38:0440 0xfffb737f] Var: %system%, Data: C:\WINDOWS\SYSTEM
[18/08/2005 19:53:38:0440 0xfffb737f] Var: %systemdir%, Data: C:\WINDOWS\SYSTEM
[18/08/2005 19:53:38:0440 0xfffb737f] Var: %temp%, Data: C:\WINDOWS\TEMP
[18/08/2005 19:53:38:0440 0xfffb737f] Var: %windir%, Data: C:\WINDOWS
[18/08/2005 19:53:38:0440 0xfffb737f] Var: %window%, Data: C:\WINDOWS
[18/08/2005 19:53:38:0440 0xfffb737f] Var: %windows%, Data: C:\WINDOWS
[18/08/2005 19:53:39:0320 0xfffb737f] Adding object: class=1, path=C:\WINDOWS\Downloaded Program Files\sponsoradulto.dll, group=SysWebTelecomInt
[18/08/2005 19:53:41:0680 0xfffb737f] Adding object: class=2, path=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Update, group=Trojan.InternetUpdate
[18/08/2005 19:53:43:0060 0xfffb737f] Adding object: class=2, path=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{511F9316-771B-4953-A268-1C36DA667FE9}, group=SysWebTelecomInt
[18/08/2005 19:53:43:0060 0xfffb737f] Adding object: class=2, path=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{511F9316-771B-4953-A268-1C36DA667FE9}, group=SysWebTelecomInt
[18/08/2005 19:53:44:0820 0xfffb737f] Adding object: class=2, path=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{10000000-1000-0000-1000-000000000000}, group=IST.SlotchBar
[18/08/2005 19:53:46:0740 0xfffb737f] Adding object: class=4, path=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\intell32.exe, group=Trojan.intell32
[26/08/2005 17:30:41:0990 0xfffbc42b] Logging for process C:\ARCHIVOS DE PROGRAMA\PSGUARD\PSGUARD.EXE with pid 0xFFFBC42B started on 26/08/2005 17:30:41
[26/08/2005 17:30:42:0320 0xfffbc42b] Creating settings
[26/08/2005 17:30:42:0320 0xfffbc42b] CSettings::CSettings Using HKEY_LOCAL_MACHINE\Software\ShudderLTD\PSGuard as registry root
[26/08/2005 17:30:42:0320 0xfffbc42b] Creating resources
[26/08/2005 17:30:42:0320 0xfffbc42b] CSettings::Get Setting:ResourceDll Value:C:\Archivos de programa\PSGuard\Localization.dll
[26/08/2005 17:30:42:0380 0xfffbc42b] Creating strings
[26/08/2005 17:30:42:0380 0xfffbc42b] Creating Kernel
[26/08/2005 17:30:42:0380 0xfffbc42b] CStrings::oprator[] requesting CLONE_CHECK_MUTEX
[26/08/2005 17:30:42:0430 0xfffbc42b] Loading database...
[26/08/2005 17:30:42:0430 0xfffbc42b] CSettings::Get Setting:DatabaseFile Value:C:\Archivos de programa\PSGuard\database.pkg
[26/08/2005 17:30:44:0410 0xfffbc42b] Extracting database...
[26/08/2005 17:30:44:0520 0xfffbc42b] Quering environment results
[26/08/2005 17:30:44:0520 0xfffbc42b] Var: %autostart%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[26/08/2005 17:30:44:0520 0xfffbc42b] Var: %desktop%, Data: C:\WINDOWS\Escritorio
[26/08/2005 17:30:44:0520 0xfffbc42b] Var: %desktopdirectory%, Data: %userprofile%\desktop
[26/08/2005 17:30:44:0520 0xfffbc42b] Var: %favorites%, Data: C:\WINDOWS\Favoritos
[26/08/2005 17:30:44:0520 0xfffbc42b] Var: %startmenu%, Data: C:\WINDOWS\Menú Inicio
[26/08/2005 17:30:44:0520 0xfffbc42b] Var: %startup%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[26/08/2005 17:30:44:0520 0xfffbc42b] Var: %startupprograms%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[26/08/2005 17:30:44:0520 0xfffbc42b] Var: %system%, Data: C:\WINDOWS\SYSTEM
[26/08/2005 17:30:44:0520 0xfffbc42b] Var: %systemdir%, Data: C:\WINDOWS\SYSTEM
[26/08/2005 17:30:44:0520 0xfffbc42b] Var: %temp%, Data: C:\WINDOWS\TEMP
[26/08/2005 17:30:44:0520 0xfffbc42b] Var: %windir%, Data: C:\WINDOWS
[26/08/2005 17:30:44:0520 0xfffbc42b] Var: %window%, Data: C:\WINDOWS
[26/08/2005 17:30:44:0520 0xfffbc42b] Var: %windows%, Data: C:\WINDOWS
[26/08/2005 17:30:44:0680 0xfffbc42b] Creating scanner...
[26/08/2005 17:30:44:0900 0xfffbc42b] Quering environment results
[26/08/2005 17:30:44:0900 0xfffbc42b] Var: %autostart%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[26/08/2005 17:30:44:0900 0xfffbc42b] Var: %desktop%, Data: C:\WINDOWS\Escritorio
[26/08/2005 17:30:44:0900 0xfffb
EL ELISTARA ME DICE QUE RECUPERE UN DLL EN MODO SEGURO SIMBOLO DEL SISTEMA (ALGO ASI) LA VERDAD NO CONOSCO MUCHO DE SISTEMA Y NO SE COMO FUNCIONA ESE MODO :'(
YA CORRI ELISTARA, AD-WARE, SPYBOT S&D Y SYMANTEC...
GRACIAS POR TODO
[18/08/2005 17:46:45:0660 0xfffc1931] Logging for process C:\ARCHIVOS DE PROGRAMA\PSGUARD\PSGUARD.EXE with pid 0xFFFC1931 started on 18/08/2005 17:46:45
[18/08/2005 17:46:45:0830 0xfffc1931] Creating settings
[18/08/2005 17:46:45:0830 0xfffc1931] CSettings::CSettings Using HKEY_LOCAL_MACHINE\Software\ShudderLTD\PSGuard as registry root
[18/08/2005 17:46:45:0830 0xfffc1931] Creating resources
[18/08/2005 17:46:45:0940 0xfffc1931] CSettings::Get Setting:ResourceDll Value:C:\Archivos de programa\PSGuard\Localization.dll
[18/08/2005 17:46:46:0050 0xfffc1931] Creating strings
[18/08/2005 17:46:46:0050 0xfffc1931] Creating Kernel
[18/08/2005 17:46:46:0430 0xfffc1931] CStrings::oprator[] requesting CLONE_CHECK_MUTEX
[18/08/2005 17:46:47:0200 0xfffc1931] Loading database...
[18/08/2005 17:46:47:0200 0xfffc1931] CSettings::Get Setting:DatabaseFile Value:C:\Archivos de programa\PSGuard\database.pkg
[18/08/2005 17:46:52:0420 0xfffc1931] Extracting database...
[18/08/2005 17:46:52:0640 0xfffc1931] Quering environment results
[18/08/2005 17:46:52:0640 0xfffc1931] Var: %autostart%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 17:46:52:0640 0xfffc1931] Var: %desktop%, Data: C:\WINDOWS\Escritorio
[18/08/2005 17:46:52:0640 0xfffc1931] Var: %desktopdirectory%, Data: %userprofile%\desktop
[18/08/2005 17:46:52:0640 0xfffc1931] Var: %favorites%, Data: C:\WINDOWS\Favoritos
[18/08/2005 17:46:52:0640 0xfffc1931] Var: %startmenu%, Data: C:\WINDOWS\Menú Inicio
[18/08/2005 17:46:52:0640 0xfffc1931] Var: %startup%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 17:46:52:0640 0xfffc1931] Var: %startupprograms%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 17:46:52:0640 0xfffc1931] Var: %system%, Data: C:\WINDOWS\SYSTEM
[18/08/2005 17:46:52:0640 0xfffc1931] Var: %systemdir%, Data: C:\WINDOWS\SYSTEM
[18/08/2005 17:46:52:0640 0xfffc1931] Var: %temp%, Data: C:\WINDOWS\TEMP
[18/08/2005 17:46:52:0640 0xfffc1931] Var: %windir%, Data: C:\WINDOWS
[18/08/2005 17:46:52:0640 0xfffc1931] Var: %window%, Data: C:\WINDOWS
[18/08/2005 17:46:52:0640 0xfffc1931] Var: %windows%, Data: C:\WINDOWS
[18/08/2005 17:46:52:0860 0xfffc1931] Creating scanner...
[18/08/2005 17:46:53:0730 0xfffc1931] Quering environment results
[18/08/2005 17:46:53:0730 0xfffc1931] Var: %autostart%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 17:46:53:0730 0xfffc1931] Var: %desktop%, Data: C:\WINDOWS\Escritorio
[18/08/2005 17:46:53:0730 0xfffc1931] Var: %desktopdirectory%, Data: %userprofile%\desktop
[18/08/2005 17:46:53:0730 0xfffc1931] Var: %favorites%, Data: C:\WINDOWS\Favoritos
[18/08/2005 17:46:53:0730 0xfffc1931] Var: %startmenu%, Data: C:\WINDOWS\Menú Inicio
[18/08/2005 17:46:53:0730 0xfffc1931] Var: %startup%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 17:46:53:0730 0xfffc1931] Var: %startupprograms%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 17:46:53:0730 0xfffc1931] Var: %system%, Data: C:\WINDOWS\SYSTEM
[18/08/2005 17:46:53:0730 0xfffc1931] Var: %systemdir%, Data: C:\WINDOWS\SYSTEM
[18/08/2005 17:46:53:0730 0xfffc1931] Var: %temp%, Data: C:\WINDOWS\TEMP
[18/08/2005 17:46:53:0790 0xfffc1931] Var: %windir%, Data: C:\WINDOWS
[18/08/2005 17:46:53:0790 0xfffc1931] Var: %window%, Data: C:\WINDOWS
[18/08/2005 17:46:53:0790 0xfffc1931] Var: %windows%, Data: C:\WINDOWS
[18/08/2005 17:46:53:0790 0xfffc1931] CSettings::Get Setting:SCAN_DEPTH Value:1
[18/08/2005 17:46:54:0280 0xfffc1931] Scaner created...
[18/08/2005 17:46:54:0390 0xfffc1931] Creating updater...
[18/08/2005 17:46:54:0390 0xfffc1931] CSettings::Get Setting:VersionInfo Value:APP_VER=3.3.0.4
DATABASE_VER=3.3.0.3
DATE=17/08/05
SIGNATURES=51780
[18/08/2005 17:46:54:0390 0xfffc1931] Updater created...
[18/08/2005 17:46:54:0450 0xfffc1931] Quering environment results
[18/08/2005 17:46:54:0450 0xfffc1931] Var: %autostart%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 17:46:54:0450 0xfffc1931] Var: %desktop%, Data: C:\WINDOWS\Escritorio
[18/08/2005 17:46:54:0450 0xfffc1931] Var: %desktopdirectory%, Data: %userprofile%\desktop
[18/08/2005 17:46:54:0450 0xfffc1931] Var: %favorites%, Data: C:\WINDOWS\Favoritos
[18/08/2005 17:46:54:0450 0xfffc1931] Var: %startmenu%, Data: C:\WINDOWS\Menú Inicio
[18/08/2005 17:46:54:0450 0xfffc1931] Var: %startup%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 17:46:54:0450 0xfffc1931] Var: %startupprograms%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 17:46:54:0450 0xfffc1931] Var: %system%, Data: C:\WINDOWS\SYSTEM
[18/08/2005 17:46:54:0450 0xfffc1931] Var: %systemdir%, Data: C:\WINDOWS\SYSTEM
[18/08/2005 17:46:54:0450 0xfffc1931] Var: %temp%, Data: C:\WINDOWS\TEMP
[18/08/2005 17:46:54:0450 0xfffc1931] Var: %windir%, Data: C:\WINDOWS
[18/08/2005 17:46:54:0450 0xfffc1931] Var: %window%, Data: C:\WINDOWS
[18/08/2005 17:46:54:0450 0xfffc1931] Var: %windows%, Data: C:\WINDOWS
[18/08/2005 17:46:54:0560 0xfffc1931] Quering environment results
[18/08/2005 17:46:54:0560 0xfffc1931] Var: %autostart%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 17:46:54:0560 0xfffc1931] Var: %desktop%, Data: C:\WINDOWS\Escritorio
[18/08/2005 17:46:54:0560 0xfffc1931] Var: %desktopdirectory%, Data: %userprofile%\desktop
[18/08/2005 17:46:54:0560 0xfffc1931] Var: %favorites%, Data: C:\WINDOWS\Favoritos
[18/08/2005 17:46:54:0560 0xfffc1931] Var: %startmenu%, Data: C:\WINDOWS\Menú Inicio
[18/08/2005 17:46:54:0560 0xfffc1931] Var: %startup%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 17:46:54:0560 0xfffc1931] Var: %startupprograms%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 17:46:54:0560 0xfffc1931] Var: %system%, Data: C:\WINDOWS\SYSTEM
[18/08/2005 17:46:54:0560 0xfffc1931] Var: %systemdir%, Data: C:\WINDOWS\SYSTEM
[18/08/2005 17:46:54:0560 0xfffc1931] Var: %temp%, Data: C:\WINDOWS\TEMP
[18/08/2005 17:46:54:0560 0xfffc1931] Var: %windir%, Data: C:\WINDOWS
[18/08/2005 17:46:54:0560 0xfffc1931] Var: %window%, Data: C:\WINDOWS
[18/08/2005 17:46:54:0560 0xfffc1931] Var: %windows%, Data: C:\WINDOWS
[18/08/2005 17:46:55:0820 0xfffc1931] CStrings::oprator[] requesting SETUP_COPMPANY_NAME
[18/08/2005 17:46:55:0820 0xfffc1931] CStrings::oprator[] requesting SOFTWARE_ID
[18/08/2005 17:46:55:0820 0xfffc1931] Quarantine created...
[18/08/2005 17:46:56:0760 0xfffc1931] IESafeMode created...
[18/08/2005 17:46:56:0810 0xfffc1931] CStrings::oprator[] requesting SOFTWARE_ID
[18/08/2005 17:46:56:0810 0xfffc1931] CStrings::oprator[] requesting REGISTRY_SOFTWARE_ROOT
[18/08/2005 17:46:56:0810 0xfffc1931] CStrings::oprator[] requesting REGISTRY_SOFTWARE_ROOT
[18/08/2005 17:46:56:0810 0xfffc1931] CStrings::oprator[] requesting SOFTWARE_ID
[18/08/2005 17:46:56:0810 0xfffc1931] CSettings::Get Setting:InstallDir Value:C:\Archivos de programa\PSGuard
[18/08/2005 17:46:56:0810 0xfffc1931] CStrings::oprator[] requesting LICENSE_FILE
[18/08/2005 17:46:56:0810 0xfffc1931] CStrings::oprator[] requesting REGISTRY_SOFTWARE_ROOT
[18/08/2005 17:46:56:0810 0xfffc1931] CStrings::oprator[] requesting REGSTORAGE_KEY
[18/08/2005 17:46:56:0810 0xfffc1931] CStrings::oprator[] requesting FREETRIAL_ACTIVE
[18/08/2005 17:46:56:0810 0xfffc1931] RegEngine created...
[18/08/2005 17:46:56:0810 0xfffc1931] RealtimeMonitoring created...
[18/08/2005 17:46:56:0810 0xfffc1931] CRegEngine::CanWork 0
[18/08/2005 17:46:56:0810 0xfffc1931] SysInfo created...
[18/08/2005 17:46:56:0810 0xfffc1931] main Creating AVECORE::theApp
[18/08/2005 17:46:56:0810 0xfffc1931] Converting GUID's: OldAppCLSID: {79DDF2EF-D881-464B-B2AF-5AF8816A3964}, OldAppIID: {28FEDB90-53C7-4928-994A-CEE782606507}, NewAppCLSID: {35ED274E-3F42-4A78-BBDC-3B7D73E85578}, NewAppIID: {1545C103-D982-4C9F-B8EB-76076F78E7E7}
[18/08/2005 17:46:57:0630 0xfffc1931] CSettings::Get Setting:MinOnStartup Value:0
[18/08/2005 17:46:57:0630 0xfffc1931] CSettings::Get Setting:ScanOnStartup Value:1
[18/08/2005 17:46:57:0630 0xfffc1931] CSettings::Get Setting:StartAtWinStartup Value:1
[18/08/2005 17:46:57:0630 0xfffc1931] CSettings::Get Setting:EnableRTMonitoring Value:1
[18/08/2005 17:46:57:0630 0xfffc1931] CSettings::Get Setting:AlwaysBlockChanges Value:0
[18/08/2005 17:46:57:0630 0xfffc1931] CSettings::Get Setting:AlwaysBlockWhenNoAV Value:1
[18/08/2005 17:46:57:0630 0xfffc1931] CSettings::Get Setting:PerformUpdate Value:1
[18/08/2005 17:46:57:0630 0xfffc1931] CSettings::Get Setting:SCAN_PRIORITY Value:0
[18/08/2005 17:46:57:0630 0xfffc1931] CSettings::Get Setting:SCAN_DEPTH Value:1
[18/08/2005 17:46:57:0630 0xfffc1931] CSettings::Get Setting:UpdateInterval Value:3
[18/08/2005 17:46:57:0690 0xfffc1931] main AVECORE::theApp created successfully
[18/08/2005 17:46:57:0690 0xfffc1931] main Creating WNDLAYER::WindowLayer
[18/08/2005 17:46:58:0790 0xfffc1931] main WNDLAYER::WindowLayer created successfully
[18/08/2005 17:46:59:0230 0xfffc1931] CStrings::oprator[] requesting WND_CAPTION
[18/08/2005 17:46:59:0230 0xfffc1931] CSettings::Get Setting:ResourceDll Value:C:\Archivos de programa\PSGuard\Localization.dll
[18/08/2005 17:46:59:0230 0xfffc1931] CSettings::Get Setting:MinOnStartup Value:0
[18/08/2005 17:46:59:0230 0xfffc1931] CWindowLayer::CreateMainWindow starting...
[18/08/2005 17:46:59:0230 0xfffc1931] CWindowLayer::CreateMainWindow after CreateInstance...
[18/08/2005 17:46:59:0230 0xfffc1931] CLWindow::_CreateWnd starting...
[18/08/2005 17:46:59:0230 0xfffc1931] CLWindow::_CreateWnd before m_AxWeb.Create ...
[18/08/2005 17:46:59:0450 0xfffc1931] CLWindow::_CreateWnd before CreateControlEx...
[18/08/2005 17:46:59:0780 0xfffc1931] CLWindow::_CreateWnd before m_AxWeb.SetWindowPos...
[18/08/2005 17:46:59:0780 0xfffc1931] CLWindow::_CreateWnd before m_AxWeb.QueryControl...
[18/08/2005 17:46:59:0780 0xfffc1931] CLWindow::_CreateWnd before DispEventAdvise...
[18/08/2005 17:46:59:0780 0xfffc1931] CLWindow::_CreateWnd before OnAddWindow...
[18/08/2005 17:46:59:0780 0xfffc1931] CLWindow::_CreateWnd before Navigate...
[18/08/2005 17:47:03:0900 0xfffc1931] CLWindow::OnDocumentComplete Before MessageLoop
[18/08/2005 17:47:03:0900 0xfffc1931] CLWindow::OnDocumentComplete After MessageLoop
[18/08/2005 17:47:03:0900 0xfffc1931] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:47:03:0950 0xfffc1931] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:47:04:0010 0xfffc1931] CLWindow::Navigate Before CreateWndSkin
[18/08/2005 17:47:05:0430 0xfffc1931] CLWindow::_CreateWnd after Navigate...
[18/08/2005 17:47:05:0430 0xfffc1931] CLWindow::_CreateWnd after get_Document...
[18/08/2005 17:47:05:0430 0xfffc1931] CLWindow::_CreateWnd after documentOperations...
[18/08/2005 17:47:05:0430 0xfffc1931] CLWindow::_CreateWnd before SetWindowPos...
[18/08/2005 17:47:05:0430 0xfffc1931] CLWindow::_CreateWnd before ShowWindow...
[18/08/2005 17:47:05:0490 0xfffc1931] CLWindow::_CreateWnd before modal-related operations...
[18/08/2005 17:47:05:0930 0xfffc1931] CLWindow::_CreateWnd before MessageLoop...
[18/08/2005 17:47:08:0780 0xfffc1931] CSettings::Get Setting:ScanOnStartup Value:1
[18/08/2005 17:47:08:0780 0xfffc1931] CScaner::CreateWorkerThread started
[18/08/2005 17:47:08:0780 0xfffc1931] CScaner::CreateWorkerThread Before the start scaner worker thread
[18/08/2005 17:47:08:0840 0xfffc1931] CScaner::CreateWorkerThread after start
[18/08/2005 17:47:08:0840 0xfffc1931] CScaner::CreateWorkerThread Before SetThreadPriority
[18/08/2005 17:47:08:0840 0xfffc1931] CSettings::Get Setting:SCAN_PRIORITY Value:0
[18/08/2005 17:47:08:0840 0xfffc1931] CScaner::CreateWorkerThread After SetThreadPriority, exiting
[18/08/2005 17:47:08:0890 0xfffc1931] CSettings::Get Setting:SCAN_DEPTH Value:1
[18/08/2005 17:47:10:0100 0xfffc1931] Adding object: class=8, path=C:\WINDOWS\SYSTEM\INTELL32.EXE, group=Trojan.intell32
[18/08/2005 17:47:11:0640 0xfffc1931] Quering environment results
[18/08/2005 17:47:11:0640 0xfffc1931] Var: %autostart%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 17:47:11:0640 0xfffc1931] Var: %desktop%, Data: C:\WINDOWS\Escritorio
[18/08/2005 17:47:11:0640 0xfffc1931] Var: %desktopdirectory%, Data: %userprofile%\desktop
[18/08/2005 17:47:11:0640 0xfffc1931] Var: %favorites%, Data: C:\WINDOWS\Favoritos
[18/08/2005 17:47:11:0640 0xfffc1931] Var: %startmenu%, Data: C:\WINDOWS\Menú Inicio
[18/08/2005 17:47:11:0640 0xfffc1931] Var: %startup%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 17:47:11:0640 0xfffc1931] Var: %startupprograms%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 17:47:11:0640 0xfffc1931] Var: %system%, Data: C:\WINDOWS\SYSTEM
[18/08/2005 17:47:11:0640 0xfffc1931] Var: %systemdir%, Data: C:\WINDOWS\SYSTEM
[18/08/2005 17:47:11:0640 0xfffc1931] Var: %temp%, Data: C:\WINDOWS\TEMP
[18/08/2005 17:47:11:0640 0xfffc1931] Var: %windir%, Data: C:\WINDOWS
[18/08/2005 17:47:11:0640 0xfffc1931] Var: %window%, Data: C:\WINDOWS
[18/08/2005 17:47:11:0640 0xfffc1931] Var: %windows%, Data: C:\WINDOWS
[18/08/2005 17:47:12:0740 0xfffc1931] Adding object: class=1, path=C:\WINDOWS\Downloaded Program Files\sponsoradulto.dll, group=SysWebTelecomInt
[18/08/2005 17:47:16:0580 0xfffc1931] Adding object: class=2, path=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Update, group=Trojan.InternetUpdate
[18/08/2005 17:47:18:0070 0xfffc1931] Adding object: class=2, path=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{511F9316-771B-4953-A268-1C36DA667FE9}, group=SysWebTelecomInt
[18/08/2005 17:47:18:0070 0xfffc1931] Adding object: class=2, path=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{511F9316-771B-4953-A268-1C36DA667FE9}, group=SysWebTelecomInt
[18/08/2005 17:47:19:0770 0xfffc1931] Adding object: class=2, path=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{10000000-1000-0000-1000-000000000000}, group=IST.SlotchBar
[18/08/2005 17:47:21:0860 0xfffc1931] Adding object: class=4, path=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\intell32.exe, group=Trojan.intell32
[18/08/2005 17:48:55:0940 0xfffb7081] Logging for process C:\ARCHIVOS DE PROGRAMA\PSGUARD\PSGUARD.EXE with pid 0xFFFB7081 started on 18/08/2005 17:48:55
[18/08/2005 17:48:56:0600 0xfffb7081] Creating settings
[18/08/2005 17:48:56:0660 0xfffb7081] CSettings::CSettings Using HKEY_LOCAL_MACHINE\Software\ShudderLTD\PSGuard as registry root
[18/08/2005 17:48:56:0660 0xfffb7081] Creating resources
[18/08/2005 17:48:56:0770 0xfffb7081] CSettings::Get Setting:ResourceDll Value:C:\Archivos de programa\PSGuard\Localization.dll
[18/08/2005 17:48:56:0880 0xfffb7081] Creating strings
[18/08/2005 17:48:56:0880 0xfffb7081] Creating Kernel
[18/08/2005 17:48:57:0100 0xfffb7081] CStrings::oprator[] requesting CLONE_CHECK_MUTEX
[18/08/2005 17:48:57:0100 0xfffb7081] Loading database...
[18/08/2005 17:48:57:0100 0xfffb7081] CSettings::Get Setting:DatabaseFile Value:C:\Archivos de programa\PSGuard\database.pkg
[18/08/2005 17:49:00:0450 0xfffb7081] Extracting database...
[18/08/2005 17:49:00:0720 0xfffb7081] Quering environment results
[18/08/2005 17:49:00:0720 0xfffb7081] Var: %autostart%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 17:49:00:0720 0xfffb7081] Var: %desktop%, Data: C:\WINDOWS\Escritorio
[18/08/2005 17:49:00:0720 0xfffb7081] Var: %desktopdirectory%, Data: %userprofile%\desktop
[18/08/2005 17:49:00:0720 0xfffb7081] Var: %favorites%, Data: C:\WINDOWS\Favoritos
[18/08/2005 17:49:00:0720 0xfffb7081] Var: %startmenu%, Data: C:\WINDOWS\Menú Inicio
[18/08/2005 17:49:00:0720 0xfffb7081] Var: %startup%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 17:49:00:0720 0xfffb7081] Var: %startupprograms%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 17:49:00:0720 0xfffb7081] Var: %system%, Data: C:\WINDOWS\SYSTEM
[18/08/2005 17:49:00:0720 0xfffb7081] Var: %systemdir%, Data: C:\WINDOWS\SYSTEM
[18/08/2005 17:49:00:0720 0xfffb7081] Var: %temp%, Data: C:\WINDOWS\TEMP
[18/08/2005 17:49:00:0720 0xfffb7081] Var: %windir%, Data: C:\WINDOWS
[18/08/2005 17:49:00:0720 0xfffb7081] Var: %window%, Data: C:\WINDOWS
[18/08/2005 17:49:00:0720 0xfffb7081] Var: %windows%, Data: C:\WINDOWS
[18/08/2005 17:49:00:0940 0xfffb7081] Creating scanner...
[18/08/2005 17:49:01:0710 0xfffb7081] Quering environment results
[18/08/2005 17:49:02:0040 0xfffb7081] Var: %autostart%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 17:49:02:0040 0xfffb7081] Var: %desktop%, Data: C:\WINDOWS\Escritorio
[18/08/2005 17:49:02:0040 0xfffb7081] Var: %desktopdirectory%, Data: %userprofile%\desktop
[18/08/2005 17:49:02:0040 0xfffb7081] Var: %favorites%, Data: C:\WINDOWS\Favoritos
[18/08/2005 17:49:02:0040 0xfffb7081] Var: %startmenu%, Data: C:\WINDOWS\Menú Inicio
[18/08/2005 17:49:02:0040 0xfffb7081] Var: %startup%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 17:49:02:0040 0xfffb7081] Var: %startupprograms%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 17:49:02:0040 0xfffb7081] Var: %system%, Data: C:\WINDOWS\SYSTEM
[18/08/2005 17:49:02:0040 0xfffb7081] Var: %systemdir%, Data: C:\WINDOWS\SYSTEM
[18/08/2005 17:49:02:0040 0xfffb7081] Var: %temp%, Data: C:\WINDOWS\TEMP
[18/08/2005 17:49:02:0040 0xfffb7081] Var: %windir%, Data: C:\WINDOWS
[18/08/2005 17:49:02:0040 0xfffb7081] Var: %window%, Data: C:\WINDOWS
[18/08/2005 17:49:02:0040 0xfffb7081] Var: %windows%, Data: C:\WINDOWS
[18/08/2005 17:49:02:0040 0xfffb7081] CSettings::Get Setting:SCAN_DEPTH Value:1
[18/08/2005 17:49:04:0070 0xfffb7081] Scaner created...
[18/08/2005 17:49:04:0070 0xfffb7081] Creating updater...
[18/08/2005 17:49:04:0180 0xfffb7081] CSettings::Get Setting:VersionInfo Value:APP_VER=3.3.0.4
DATABASE_VER=3.3.0.3
DATE=17/08/05
SIGNATURES=51780
[18/08/2005 17:49:04:0180 0xfffb7081] Updater created...
[18/08/2005 17:49:04:0290 0xfffb7081] Quering environment results
[18/08/2005 17:49:04:0290 0xfffb7081] Var: %autostart%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 17:49:04:0290 0xfffb7081] Var: %desktop%, Data: C:\WINDOWS\Escritorio
[18/08/2005 17:49:04:0290 0xfffb7081] Var: %desktopdirectory%, Data: %userprofile%\desktop
[18/08/2005 17:49:04:0290 0xfffb7081] Var: %favorites%, Data: C:\WINDOWS\Favoritos
[18/08/2005 17:49:04:0290 0xfffb7081] Var: %startmenu%, Data: C:\WINDOWS\Menú Inicio
[18/08/2005 17:49:04:0290 0xfffb7081] Var: %startup%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 17:49:04:0290 0xfffb7081] Var: %startupprograms%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 17:49:04:0290 0xfffb7081] Var: %system%, Data: C:\WINDOWS\SYSTEM
[18/08/2005 17:49:04:0290 0xfffb7081] Var: %systemdir%, Data: C:\WINDOWS\SYSTEM
[18/08/2005 17:49:04:0290 0xfffb7081] Var: %temp%, Data: C:\WINDOWS\TEMP
[18/08/2005 17:49:04:0290 0xfffb7081] Var: %windir%, Data: C:\WINDOWS
[18/08/2005 17:49:04:0290 0xfffb7081] Var: %window%, Data: C:\WINDOWS
[18/08/2005 17:49:04:0290 0xfffb7081] Var: %windows%, Data: C:\WINDOWS
[18/08/2005 17:49:04:0510 0xfffb7081] Quering environment results
[18/08/2005 17:49:04:0510 0xfffb7081] Var: %autostart%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 17:49:04:0510 0xfffb7081] Var: %desktop%, Data: C:\WINDOWS\Escritorio
[18/08/2005 17:49:04:0510 0xfffb7081] Var: %desktopdirectory%, Data: %userprofile%\desktop
[18/08/2005 17:49:04:0510 0xfffb7081] Var: %favorites%, Data: C:\WINDOWS\Favoritos
[18/08/2005 17:49:04:0510 0xfffb7081] Var: %startmenu%, Data: C:\WINDOWS\Menú Inicio
[18/08/2005 17:49:04:0510 0xfffb7081] Var: %startup%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 17:49:04:0510 0xfffb7081] Var: %startupprograms%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 17:49:04:0510 0xfffb7081] Var: %system%, Data: C:\WINDOWS\SYSTEM
[18/08/2005 17:49:04:0510 0xfffb7081] Var: %systemdir%, Data: C:\WINDOWS\SYSTEM
[18/08/2005 17:49:04:0510 0xfffb7081] Var: %temp%, Data: C:\WINDOWS\TEMP
[18/08/2005 17:49:04:0510 0xfffb7081] Var: %windir%, Data: C:\WINDOWS
[18/08/2005 17:49:04:0510 0xfffb7081] Var: %window%, Data: C:\WINDOWS
[18/08/2005 17:49:04:0510 0xfffb7081] Var: %windows%, Data: C:\WINDOWS
[18/08/2005 17:49:06:0380 0xfffb7081] CStrings::oprator[] requesting SETUP_COPMPANY_NAME
[18/08/2005 17:49:06:0380 0xfffb7081] CStrings::oprator[] requesting SOFTWARE_ID
[18/08/2005 17:49:06:0540 0xfffb7081] Quarantine created...
[18/08/2005 17:49:06:0870 0xfffb7081] IESafeMode created...
[18/08/2005 17:49:07:0310 0xfffb7081] CStrings::oprator[] requesting SOFTWARE_ID
[18/08/2005 17:49:07:0420 0xfffb7081] CStrings::oprator[] requesting REGISTRY_SOFTWARE_ROOT
[18/08/2005 17:49:07:0420 0xfffb7081] CStrings::oprator[] requesting REGISTRY_SOFTWARE_ROOT
[18/08/2005 17:49:07:0420 0xfffb7081] CStrings::oprator[] requesting SOFTWARE_ID
[18/08/2005 17:49:07:0420 0xfffb7081] CSettings::Get Setting:InstallDir Value:C:\Archivos de programa\PSGuard
[18/08/2005 17:49:07:0420 0xfffb7081] CStrings::oprator[] requesting LICENSE_FILE
[18/08/2005 17:49:07:0420 0xfffb7081] CStrings::oprator[] requesting REGISTRY_SOFTWARE_ROOT
[18/08/2005 17:49:07:0420 0xfffb7081] CStrings::oprator[] requesting REGSTORAGE_KEY
[18/08/2005 17:49:07:0420 0xfffb7081] CStrings::oprator[] requesting FREETRIAL_ACTIVE
[18/08/2005 17:49:07:0420 0xfffb7081] RegEngine created...
[18/08/2005 17:49:07:0420 0xfffb7081] RealtimeMonitoring created...
[18/08/2005 17:49:07:0420 0xfffb7081] CRegEngine::CanWork 0
[18/08/2005 17:49:07:0590 0xfffb7081] SysInfo created...
[18/08/2005 17:49:07:0590 0xfffb7081] main Creating AVECORE::theApp
[18/08/2005 17:49:07:0590 0xfffb7081] Converting GUID's: OldAppCLSID: {79DDF2EF-D881-464B-B2AF-5AF8816A3964}, OldAppIID: {28FEDB90-53C7-4928-994A-CEE782606507}, NewAppCLSID: {35ED274E-3F42-4A78-BBDC-3B7D73E85578}, NewAppIID: {1545C103-D982-4C9F-B8EB-76076F78E7E7}
[18/08/2005 17:49:13:0410 0xfffb7081] CSettings::Get Setting:MinOnStartup Value:0
[18/08/2005 17:49:13:0410 0xfffb7081] CSettings::Get Setting:ScanOnStartup Value:1
[18/08/2005 17:49:13:0410 0xfffb7081] CSettings::Get Setting:StartAtWinStartup Value:1
[18/08/2005 17:49:13:0410 0xfffb7081] CSettings::Get Setting:EnableRTMonitoring Value:1
[18/08/2005 17:49:13:0410 0xfffb7081] CSettings::Get Setting:AlwaysBlockChanges Value:0
[18/08/2005 17:49:13:0410 0xfffb7081] CSettings::Get Setting:AlwaysBlockWhenNoAV Value:1
[18/08/2005 17:49:13:0410 0xfffb7081] CSettings::Get Setting:PerformUpdate Value:1
[18/08/2005 17:49:13:0410 0xfffb7081] CSettings::Get Setting:SCAN_PRIORITY Value:0
[18/08/2005 17:49:13:0410 0xfffb7081] CSettings::Get Setting:SCAN_DEPTH Value:1
[18/08/2005 17:49:13:0410 0xfffb7081] CSettings::Get Setting:UpdateInterval Value:3
[18/08/2005 17:49:13:0520 0xfffb7081] main AVECORE::theApp created successfully
[18/08/2005 17:49:13:0520 0xfffb7081] main Creating WNDLAYER::WindowLayer
[18/08/2005 17:49:13:0900 0xfffb7081] main WNDLAYER::WindowLayer created successfully
[18/08/2005 17:49:14:0010 0xfffb7081] CStrings::oprator[] requesting WND_CAPTION
[18/08/2005 17:49:14:0010 0xfffb7081] CSettings::Get Setting:ResourceDll Value:C:\Archivos de programa\PSGuard\Localization.dll
[18/08/2005 17:49:14:0010 0xfffb7081] CSettings::Get Setting:MinOnStartup Value:0
[18/08/2005 17:49:14:0010 0xfffb7081] CWindowLayer::CreateMainWindow starting...
[18/08/2005 17:49:14:0010 0xfffb7081] CWindowLayer::CreateMainWindow after CreateInstance...
[18/08/2005 17:49:14:0010 0xfffb7081] CLWindow::_CreateWnd starting...
[18/08/2005 17:49:14:0010 0xfffb7081] CLWindow::_CreateWnd before m_AxWeb.Create ...
[18/08/2005 17:49:14:0010 0xfffb7081] CLWindow::_CreateWnd before CreateControlEx...
[18/08/2005 17:49:14:0340 0xfffb7081] CLWindow::_CreateWnd before m_AxWeb.SetWindowPos...
[18/08/2005 17:49:14:0340 0xfffb7081] CLWindow::_CreateWnd before m_AxWeb.QueryControl...
[18/08/2005 17:49:14:0340 0xfffb7081] CLWindow::_CreateWnd before DispEventAdvise...
[18/08/2005 17:49:14:0340 0xfffb7081] CLWindow::_CreateWnd before OnAddWindow...
[18/08/2005 17:49:14:0340 0xfffb7081] CLWindow::_CreateWnd before Navigate...
[18/08/2005 17:49:18:0460 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop
[18/08/2005 17:49:18:0460 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:18:0520 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:18:0570 0xfffb7081] CLWindow::Navigate Before CreateWndSkin
[18/08/2005 17:49:19:0890 0xfffb7081] CLWindow::_CreateWnd after Navigate...
[18/08/2005 17:49:19:0890 0xfffb7081] CLWindow::_CreateWnd after get_Document...
[18/08/2005 17:49:19:0890 0xfffb7081] CLWindow::_CreateWnd after documentOperations...
[18/08/2005 17:49:19:0890 0xfffb7081] CLWindow::_CreateWnd before SetWindowPos...
[18/08/2005 17:49:19:0890 0xfffb7081] CLWindow::_CreateWnd before ShowWindow...
[18/08/2005 17:49:19:0890 0xfffb7081] CLWindow::_CreateWnd before modal-related operations...
[18/08/2005 17:49:20:0330 0xfffb7081] CLWindow::_CreateWnd before MessageLoop...
[18/08/2005 17:49:22:0750 0xfffb7081] CSettings::Get Setting:ScanOnStartup Value:1
[18/08/2005 17:49:22:0860 0xfffb7081] CScaner::CreateWorkerThread started
[18/08/2005 17:49:22:0860 0xfffb7081] CScaner::CreateWorkerThread Before the start scaner worker thread
[18/08/2005 17:49:22:0860 0xfffb7081] CScaner::CreateWorkerThread after start
[18/08/2005 17:49:22:0860 0xfffb7081] CScaner::CreateWorkerThread Before SetThreadPriority
[18/08/2005 17:49:22:0860 0xfffb7081] CSettings::Get Setting:SCAN_PRIORITY Value:0
[18/08/2005 17:49:22:0860 0xfffb7081] CScaner::CreateWorkerThread After SetThreadPriority, exiting
[18/08/2005 17:49:22:0910 0xfffb7081] CSettings::Get Setting:SCAN_DEPTH Value:1
[18/08/2005 17:49:25:0440 0xfffb7081] Adding object: class=8, path=C:\WINDOWS\SYSTEM\INTELL32.EXE, group=Trojan.intell32
[18/08/2005 17:49:26:0920 0xfffb7081] Quering environment results
[18/08/2005 17:49:26:0920 0xfffb7081] Var: %autostart%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 17:49:26:0920 0xfffb7081] Var: %desktop%, Data: C:\WINDOWS\Escritorio
[18/08/2005 17:49:26:0920 0xfffb7081] Var: %desktopdirectory%, Data: %userprofile%\desktop
[18/08/2005 17:49:26:0920 0xfffb7081] Var: %favorites%, Data: C:\WINDOWS\Favoritos
[18/08/2005 17:49:26:0920 0xfffb7081] Var: %startmenu%, Data: C:\WINDOWS\Menú Inicio
[18/08/2005 17:49:26:0920 0xfffb7081] Var: %startup%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 17:49:26:0920 0xfffb7081] Var: %startupprograms%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 17:49:26:0920 0xfffb7081] Var: %system%, Data: C:\WINDOWS\SYSTEM
[18/08/2005 17:49:26:0920 0xfffb7081] Var: %systemdir%, Data: C:\WINDOWS\SYSTEM
[18/08/2005 17:49:26:0920 0xfffb7081] Var: %temp%, Data: C:\WINDOWS\TEMP
[18/08/2005 17:49:26:0920 0xfffb7081] Var: %windir%, Data: C:\WINDOWS
[18/08/2005 17:49:26:0920 0xfffb7081] Var: %window%, Data: C:\WINDOWS
[18/08/2005 17:49:26:0920 0xfffb7081] Var: %windows%, Data: C:\WINDOWS
[18/08/2005 17:49:28:0350 0xfffb7081] Adding object: class=1, path=C:\WINDOWS\Downloaded Program Files\sponsoradulto.dll, group=SysWebTelecomInt
[18/08/2005 17:49:31:0210 0xfffb7081] Adding object: class=2, path=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Update, group=Trojan.InternetUpdate
[18/08/2005 17:49:33:0020 0xfffb7081] Adding object: class=2, path=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{511F9316-771B-4953-A268-1C36DA667FE9}, group=SysWebTelecomInt
[18/08/2005 17:49:33:0020 0xfffb7081] Adding object: class=2, path=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{511F9316-771B-4953-A268-1C36DA667FE9}, group=SysWebTelecomInt
[18/08/2005 17:49:34:0890 0xfffb7081] Adding object: class=2, path=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{10000000-1000-0000-1000-000000000000}, group=IST.SlotchBar
[18/08/2005 17:49:37:0410 0xfffb7081] Adding object: class=4, path=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\intell32.exe, group=Trojan.intell32
[18/08/2005 17:49:45:0270 0xfffb7081] CRegEngine::CanWork 0
[18/08/2005 17:49:45:0540 0xfffb7081] CLWindow::_CreateWnd starting...
[18/08/2005 17:49:45:0540 0xfffb7081] CLWindow::_CreateWnd before m_AxWeb.Create ...
[18/08/2005 17:49:45:0540 0xfffb7081] CLWindow::_CreateWnd before CreateControlEx...
[18/08/2005 17:49:45:0540 0xfffb7081] CLWindow::_CreateWnd before m_AxWeb.SetWindowPos...
[18/08/2005 17:49:45:0540 0xfffb7081] CLWindow::_CreateWnd before m_AxWeb.QueryControl...
[18/08/2005 17:49:45:0540 0xfffb7081] CLWindow::_CreateWnd before DispEventAdvise...
[18/08/2005 17:49:45:0540 0xfffb7081] CLWindow::_CreateWnd before OnAddWindow...
[18/08/2005 17:49:45:0540 0xfffb7081] CLWindow::_CreateWnd before Navigate...
[18/08/2005 17:49:45:0820 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop
[18/08/2005 17:49:45:0820 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop
[18/08/2005 17:49:45:0820 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:45:0820 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:45:0820 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:45:0820 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:45:0820 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:45:0820 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:45:0820 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:45:0820 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:45:0820 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:45:0820 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:45:0820 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:45:0820 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:45:0820 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:45:0820 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:45:0820 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:45:0820 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:45:0820 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:45:0820 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:45:0820 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:45:0820 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:45:0820 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:45:0820 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:45:0820 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:45:0820 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:45:0820 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:45:0820 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:45:0820 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:45:0820 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:45:0820 0xfffb7081] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 17:49:45:0820 0xfffb7081] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 17:49:45:0820 0xfffb7081] CLWindow::Navigate Before CreateWndSkin
[18/08/2005 17:49:47:0020 0xfffb7081] CLWindow::_CreateWnd after Navigate...
[18/08/2005 17:49:47:0020 0xfffb7081] CLWindow::_CreateWnd after get_Document...
[18/08/2005 17:49:47:0020 0xfffb7081] CLWindow::_CreateWnd after documentOperations...
[18/08/2005 17:49:47:0020 0xfffb7081] CLWindow::_CreateWnd before SetWindowPos...
[18/08/2005 17:49:47:0020 0xfffb7081] CLWindow::_CreateWnd before ShowWindow...
[18/08/2005 17:49:47:0020 0xfffb7081] CLWindow::_CreateWnd before modal-related operations...
[18/08/2005 17:49:47:0020 0xfffb7081] CLWindow::_CreateWnd before MessageLoop...
[18/08/2005 19:53:07:0140 0xfffb737f] Logging for process C:\ARCHIVOS DE PROGRAMA\PSGUARD\PSGUARD.EXE with pid 0xFFFB737F started on 18/08/2005 19:53:07
[18/08/2005 19:53:07:0850 0xfffb737f] Creating settings
[18/08/2005 19:53:07:0850 0xfffb737f] CSettings::CSettings Using HKEY_LOCAL_MACHINE\Software\ShudderLTD\PSGuard as registry root
[18/08/2005 19:53:07:0850 0xfffb737f] Creating resources
[18/08/2005 19:53:07:0850 0xfffb737f] CSettings::Get Setting:ResourceDll Value:C:\Archivos de programa\PSGuard\Localization.dll
[18/08/2005 19:53:07:0910 0xfffb737f] Creating strings
[18/08/2005 19:53:07:0910 0xfffb737f] Creating Kernel
[18/08/2005 19:53:07:0960 0xfffb737f] CStrings::oprator[] requesting CLONE_CHECK_MUTEX
[18/08/2005 19:53:07:0960 0xfffb737f] Loading database...
[18/08/2005 19:53:07:0960 0xfffb737f] CSettings::Get Setting:DatabaseFile Value:C:\Archivos de programa\PSGuard\database.pkg
[18/08/2005 19:53:18:0180 0xfffb737f] Extracting database...
[18/08/2005 19:53:18:0730 0xfffb737f] Quering environment results
[18/08/2005 19:53:18:0730 0xfffb737f] Var: %autostart%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 19:53:18:0730 0xfffb737f] Var: %desktop%, Data: C:\WINDOWS\Escritorio
[18/08/2005 19:53:18:0730 0xfffb737f] Var: %desktopdirectory%, Data: %userprofile%\desktop
[18/08/2005 19:53:18:0730 0xfffb737f] Var: %favorites%, Data: C:\WINDOWS\Favoritos
[18/08/2005 19:53:18:0730 0xfffb737f] Var: %startmenu%, Data: C:\WINDOWS\Menú Inicio
[18/08/2005 19:53:18:0730 0xfffb737f] Var: %startup%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 19:53:18:0730 0xfffb737f] Var: %startupprograms%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 19:53:18:0730 0xfffb737f] Var: %system%, Data: C:\WINDOWS\SYSTEM
[18/08/2005 19:53:18:0780 0xfffb737f] Var: %systemdir%, Data: C:\WINDOWS\SYSTEM
[18/08/2005 19:53:18:0780 0xfffb737f] Var: %temp%, Data: C:\WINDOWS\TEMP
[18/08/2005 19:53:18:0780 0xfffb737f] Var: %windir%, Data: C:\WINDOWS
[18/08/2005 19:53:18:0780 0xfffb737f] Var: %window%, Data: C:\WINDOWS
[18/08/2005 19:53:18:0780 0xfffb737f] Var: %windows%, Data: C:\WINDOWS
[18/08/2005 19:53:19:0000 0xfffb737f] Creating scanner...
[18/08/2005 19:53:19:0660 0xfffb737f] Quering environment results
[18/08/2005 19:53:19:0660 0xfffb737f] Var: %autostart%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 19:53:19:0660 0xfffb737f] Var: %desktop%, Data: C:\WINDOWS\Escritorio
[18/08/2005 19:53:19:0660 0xfffb737f] Var: %desktopdirectory%, Data: %userprofile%\desktop
[18/08/2005 19:53:19:0660 0xfffb737f] Var: %favorites%, Data: C:\WINDOWS\Favoritos
[18/08/2005 19:53:19:0660 0xfffb737f] Var: %startmenu%, Data: C:\WINDOWS\Menú Inicio
[18/08/2005 19:53:19:0660 0xfffb737f] Var: %startup%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 19:53:19:0660 0xfffb737f] Var: %startupprograms%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 19:53:19:0660 0xfffb737f] Var: %system%, Data: C:\WINDOWS\SYSTEM
[18/08/2005 19:53:19:0660 0xfffb737f] Var: %systemdir%, Data: C:\WINDOWS\SYSTEM
[18/08/2005 19:53:19:0660 0xfffb737f] Var: %temp%, Data: C:\WINDOWS\TEMP
[18/08/2005 19:53:19:0660 0xfffb737f] Var: %windir%, Data: C:\WINDOWS
[18/08/2005 19:53:19:0660 0xfffb737f] Var: %window%, Data: C:\WINDOWS
[18/08/2005 19:53:19:0660 0xfffb737f] Var: %windows%, Data: C:\WINDOWS
[18/08/2005 19:53:19:0660 0xfffb737f] CSettings::Get Setting:SCAN_DEPTH Value:1
[18/08/2005 19:53:20:0320 0xfffb737f] Scaner created...
[18/08/2005 19:53:20:0320 0xfffb737f] Creating updater...
[18/08/2005 19:53:20:0370 0xfffb737f] CSettings::Get Setting:VersionInfo Value:APP_VER=3.3.0.4
DATABASE_VER=3.3.0.3
DATE=17/08/05
SIGNATURES=51780
[18/08/2005 19:53:20:0370 0xfffb737f] Updater created...
[18/08/2005 19:53:21:0030 0xfffb737f] Quering environment results
[18/08/2005 19:53:21:0030 0xfffb737f] Var: %autostart%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 19:53:21:0030 0xfffb737f] Var: %desktop%, Data: C:\WINDOWS\Escritorio
[18/08/2005 19:53:21:0030 0xfffb737f] Var: %desktopdirectory%, Data: %userprofile%\desktop
[18/08/2005 19:53:21:0030 0xfffb737f] Var: %favorites%, Data: C:\WINDOWS\Favoritos
[18/08/2005 19:53:21:0030 0xfffb737f] Var: %startmenu%, Data: C:\WINDOWS\Menú Inicio
[18/08/2005 19:53:21:0030 0xfffb737f] Var: %startup%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 19:53:21:0030 0xfffb737f] Var: %startupprograms%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 19:53:21:0030 0xfffb737f] Var: %system%, Data: C:\WINDOWS\SYSTEM
[18/08/2005 19:53:21:0030 0xfffb737f] Var: %systemdir%, Data: C:\WINDOWS\SYSTEM
[18/08/2005 19:53:21:0030 0xfffb737f] Var: %temp%, Data: C:\WINDOWS\TEMP
[18/08/2005 19:53:21:0030 0xfffb737f] Var: %windir%, Data: C:\WINDOWS
[18/08/2005 19:53:21:0030 0xfffb737f] Var: %window%, Data: C:\WINDOWS
[18/08/2005 19:53:21:0030 0xfffb737f] Var: %windows%, Data: C:\WINDOWS
[18/08/2005 19:53:21:0030 0xfffb737f] Quering environment results
[18/08/2005 19:53:21:0030 0xfffb737f] Var: %autostart%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 19:53:21:0030 0xfffb737f] Var: %desktop%, Data: C:\WINDOWS\Escritorio
[18/08/2005 19:53:21:0030 0xfffb737f] Var: %desktopdirectory%, Data: %userprofile%\desktop
[18/08/2005 19:53:21:0030 0xfffb737f] Var: %favorites%, Data: C:\WINDOWS\Favoritos
[18/08/2005 19:53:21:0030 0xfffb737f] Var: %startmenu%, Data: C:\WINDOWS\Menú Inicio
[18/08/2005 19:53:21:0030 0xfffb737f] Var: %startup%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 19:53:21:0030 0xfffb737f] Var: %startupprograms%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 19:53:21:0030 0xfffb737f] Var: %system%, Data: C:\WINDOWS\SYSTEM
[18/08/2005 19:53:21:0030 0xfffb737f] Var: %systemdir%, Data: C:\WINDOWS\SYSTEM
[18/08/2005 19:53:21:0030 0xfffb737f] Var: %temp%, Data: C:\WINDOWS\TEMP
[18/08/2005 19:53:21:0030 0xfffb737f] Var: %windir%, Data: C:\WINDOWS
[18/08/2005 19:53:21:0030 0xfffb737f] Var: %window%, Data: C:\WINDOWS
[18/08/2005 19:53:21:0030 0xfffb737f] Var: %windows%, Data: C:\WINDOWS
[18/08/2005 19:53:21:0750 0xfffb737f] CStrings::oprator[] requesting SETUP_COPMPANY_NAME
[18/08/2005 19:53:21:0750 0xfffb737f] CStrings::oprator[] requesting SOFTWARE_ID
[18/08/2005 19:53:21:0860 0xfffb737f] Quarantine created...
[18/08/2005 19:53:21:0970 0xfffb737f] IESafeMode created...
[18/08/2005 19:53:22:0350 0xfffb737f] CStrings::oprator[] requesting SOFTWARE_ID
[18/08/2005 19:53:22:0350 0xfffb737f] CStrings::oprator[] requesting REGISTRY_SOFTWARE_ROOT
[18/08/2005 19:53:22:0350 0xfffb737f] CStrings::oprator[] requesting REGISTRY_SOFTWARE_ROOT
[18/08/2005 19:53:22:0350 0xfffb737f] CStrings::oprator[] requesting SOFTWARE_ID
[18/08/2005 19:53:22:0350 0xfffb737f] CSettings::Get Setting:InstallDir Value:C:\Archivos de programa\PSGuard
[18/08/2005 19:53:22:0350 0xfffb737f] CStrings::oprator[] requesting LICENSE_FILE
[18/08/2005 19:53:22:0350 0xfffb737f] CStrings::oprator[] requesting REGISTRY_SOFTWARE_ROOT
[18/08/2005 19:53:22:0350 0xfffb737f] CStrings::oprator[] requesting REGSTORAGE_KEY
[18/08/2005 19:53:22:0350 0xfffb737f] CStrings::oprator[] requesting FREETRIAL_ACTIVE
[18/08/2005 19:53:22:0350 0xfffb737f] RegEngine created...
[18/08/2005 19:53:22:0350 0xfffb737f] RealtimeMonitoring created...
[18/08/2005 19:53:22:0350 0xfffb737f] CRegEngine::CanWork 0
[18/08/2005 19:53:22:0350 0xfffb737f] SysInfo created...
[18/08/2005 19:53:22:0350 0xfffb737f] main Creating AVECORE::theApp
[18/08/2005 19:53:22:0350 0xfffb737f] Converting GUID's: OldAppCLSID: {79DDF2EF-D881-464B-B2AF-5AF8816A3964}, OldAppIID: {28FEDB90-53C7-4928-994A-CEE782606507}, NewAppCLSID: {35ED274E-3F42-4A78-BBDC-3B7D73E85578}, NewAppIID: {1545C103-D982-4C9F-B8EB-76076F78E7E7}
[18/08/2005 19:53:23:0940 0xfffb737f] CSettings::Get Setting:MinOnStartup Value:0
[18/08/2005 19:53:23:0940 0xfffb737f] CSettings::Get Setting:ScanOnStartup Value:1
[18/08/2005 19:53:23:0940 0xfffb737f] CSettings::Get Setting:StartAtWinStartup Value:1
[18/08/2005 19:53:23:0940 0xfffb737f] CSettings::Get Setting:EnableRTMonitoring Value:1
[18/08/2005 19:53:23:0940 0xfffb737f] CSettings::Get Setting:AlwaysBlockChanges Value:0
[18/08/2005 19:53:23:0940 0xfffb737f] CSettings::Get Setting:AlwaysBlockWhenNoAV Value:1
[18/08/2005 19:53:23:0940 0xfffb737f] CSettings::Get Setting:PerformUpdate Value:1
[18/08/2005 19:53:23:0940 0xfffb737f] CSettings::Get Setting:SCAN_PRIORITY Value:0
[18/08/2005 19:53:23:0940 0xfffb737f] CSettings::Get Setting:SCAN_DEPTH Value:1
[18/08/2005 19:53:23:0940 0xfffb737f] CSettings::Get Setting:UpdateInterval Value:3
[18/08/2005 19:53:24:0000 0xfffb737f] main AVECORE::theApp created successfully
[18/08/2005 19:53:24:0000 0xfffb737f] main Creating WNDLAYER::WindowLayer
[18/08/2005 19:53:24:0220 0xfffb737f] main WNDLAYER::WindowLayer created successfully
[18/08/2005 19:53:24:0220 0xfffb737f] CStrings::oprator[] requesting WND_CAPTION
[18/08/2005 19:53:24:0220 0xfffb737f] CSettings::Get Setting:ResourceDll Value:C:\Archivos de programa\PSGuard\Localization.dll
[18/08/2005 19:53:24:0220 0xfffb737f] CSettings::Get Setting:MinOnStartup Value:0
[18/08/2005 19:53:24:0220 0xfffb737f] CWindowLayer::CreateMainWindow starting...
[18/08/2005 19:53:24:0220 0xfffb737f] CWindowLayer::CreateMainWindow after CreateInstance...
[18/08/2005 19:53:24:0220 0xfffb737f] CLWindow::_CreateWnd starting...
[18/08/2005 19:53:24:0220 0xfffb737f] CLWindow::_CreateWnd before m_AxWeb.Create ...
[18/08/2005 19:53:24:0220 0xfffb737f] CLWindow::_CreateWnd before CreateControlEx...
[18/08/2005 19:53:24:0990 0xfffb737f] CLWindow::_CreateWnd before m_AxWeb.SetWindowPos...
[18/08/2005 19:53:24:0990 0xfffb737f] CLWindow::_CreateWnd before m_AxWeb.QueryControl...
[18/08/2005 19:53:24:0990 0xfffb737f] CLWindow::_CreateWnd before DispEventAdvise...
[18/08/2005 19:53:24:0990 0xfffb737f] CLWindow::_CreateWnd before OnAddWindow...
[18/08/2005 19:53:24:0990 0xfffb737f] CLWindow::_CreateWnd before Navigate...
[18/08/2005 19:53:30:0100 0xfffb737f] CLWindow::OnDocumentComplete Before MessageLoop
[18/08/2005 19:53:30:0100 0xfffb737f] CLWindow::OnDocumentComplete After MessageLoop
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete Before MessageLoop2
[18/08/2005 19:53:30:0150 0xfffb737f] CLWindow::OnDocumentComplete After MessageLoop2
[18/08/2005 19:53:30:0260 0xfffb737f] CLWindow::Navigate Before CreateWndSkin
[18/08/2005 19:53:31:0520 0xfffb737f] CLWindow::_CreateWnd after Navigate...
[18/08/2005 19:53:31:0520 0xfffb737f] CLWindow::_CreateWnd after get_Document...
[18/08/2005 19:53:31:0520 0xfffb737f] CLWindow::_CreateWnd after documentOperations...
[18/08/2005 19:53:31:0520 0xfffb737f] CLWindow::_CreateWnd before SetWindowPos...
[18/08/2005 19:53:31:0520 0xfffb737f] CLWindow::_CreateWnd before ShowWindow...
[18/08/2005 19:53:31:0520 0xfffb737f] CLWindow::_CreateWnd before modal-related operations...
[18/08/2005 19:53:31:0850 0xfffb737f] CLWindow::_CreateWnd before MessageLoop...
[18/08/2005 19:53:34:0430 0xfffb737f] CSettings::Get Setting:ScanOnStartup Value:1
[18/08/2005 19:53:34:0430 0xfffb737f] CScaner::CreateWorkerThread started
[18/08/2005 19:53:34:0430 0xfffb737f] CScaner::CreateWorkerThread Before the start scaner worker thread
[18/08/2005 19:53:34:0430 0xfffb737f] CScaner::CreateWorkerThread after start
[18/08/2005 19:53:34:0430 0xfffb737f] CScaner::CreateWorkerThread Before SetThreadPriority
[18/08/2005 19:53:34:0430 0xfffb737f] CSettings::Get Setting:SCAN_PRIORITY Value:0
[18/08/2005 19:53:34:0430 0xfffb737f] CScaner::CreateWorkerThread After SetThreadPriority, exiting
[18/08/2005 19:53:34:0490 0xfffb737f] CSettings::Get Setting:SCAN_DEPTH Value:1
[18/08/2005 19:53:36:0080 0xfffb737f] Adding object: class=8, path=C:\WINDOWS\SYSTEM\INTELL32.EXE, group=Trojan.intell32
[18/08/2005 19:53:38:0440 0xfffb737f] Quering environment results
[18/08/2005 19:53:38:0440 0xfffb737f] Var: %autostart%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 19:53:38:0440 0xfffb737f] Var: %desktop%, Data: C:\WINDOWS\Escritorio
[18/08/2005 19:53:38:0440 0xfffb737f] Var: %desktopdirectory%, Data: %userprofile%\desktop
[18/08/2005 19:53:38:0440 0xfffb737f] Var: %favorites%, Data: C:\WINDOWS\Favoritos
[18/08/2005 19:53:38:0440 0xfffb737f] Var: %startmenu%, Data: C:\WINDOWS\Menú Inicio
[18/08/2005 19:53:38:0440 0xfffb737f] Var: %startup%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 19:53:38:0440 0xfffb737f] Var: %startupprograms%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[18/08/2005 19:53:38:0440 0xfffb737f] Var: %system%, Data: C:\WINDOWS\SYSTEM
[18/08/2005 19:53:38:0440 0xfffb737f] Var: %systemdir%, Data: C:\WINDOWS\SYSTEM
[18/08/2005 19:53:38:0440 0xfffb737f] Var: %temp%, Data: C:\WINDOWS\TEMP
[18/08/2005 19:53:38:0440 0xfffb737f] Var: %windir%, Data: C:\WINDOWS
[18/08/2005 19:53:38:0440 0xfffb737f] Var: %window%, Data: C:\WINDOWS
[18/08/2005 19:53:38:0440 0xfffb737f] Var: %windows%, Data: C:\WINDOWS
[18/08/2005 19:53:39:0320 0xfffb737f] Adding object: class=1, path=C:\WINDOWS\Downloaded Program Files\sponsoradulto.dll, group=SysWebTelecomInt
[18/08/2005 19:53:41:0680 0xfffb737f] Adding object: class=2, path=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Update, group=Trojan.InternetUpdate
[18/08/2005 19:53:43:0060 0xfffb737f] Adding object: class=2, path=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{511F9316-771B-4953-A268-1C36DA667FE9}, group=SysWebTelecomInt
[18/08/2005 19:53:43:0060 0xfffb737f] Adding object: class=2, path=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{511F9316-771B-4953-A268-1C36DA667FE9}, group=SysWebTelecomInt
[18/08/2005 19:53:44:0820 0xfffb737f] Adding object: class=2, path=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{10000000-1000-0000-1000-000000000000}, group=IST.SlotchBar
[18/08/2005 19:53:46:0740 0xfffb737f] Adding object: class=4, path=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\intell32.exe, group=Trojan.intell32
[26/08/2005 17:30:41:0990 0xfffbc42b] Logging for process C:\ARCHIVOS DE PROGRAMA\PSGUARD\PSGUARD.EXE with pid 0xFFFBC42B started on 26/08/2005 17:30:41
[26/08/2005 17:30:42:0320 0xfffbc42b] Creating settings
[26/08/2005 17:30:42:0320 0xfffbc42b] CSettings::CSettings Using HKEY_LOCAL_MACHINE\Software\ShudderLTD\PSGuard as registry root
[26/08/2005 17:30:42:0320 0xfffbc42b] Creating resources
[26/08/2005 17:30:42:0320 0xfffbc42b] CSettings::Get Setting:ResourceDll Value:C:\Archivos de programa\PSGuard\Localization.dll
[26/08/2005 17:30:42:0380 0xfffbc42b] Creating strings
[26/08/2005 17:30:42:0380 0xfffbc42b] Creating Kernel
[26/08/2005 17:30:42:0380 0xfffbc42b] CStrings::oprator[] requesting CLONE_CHECK_MUTEX
[26/08/2005 17:30:42:0430 0xfffbc42b] Loading database...
[26/08/2005 17:30:42:0430 0xfffbc42b] CSettings::Get Setting:DatabaseFile Value:C:\Archivos de programa\PSGuard\database.pkg
[26/08/2005 17:30:44:0410 0xfffbc42b] Extracting database...
[26/08/2005 17:30:44:0520 0xfffbc42b] Quering environment results
[26/08/2005 17:30:44:0520 0xfffbc42b] Var: %autostart%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[26/08/2005 17:30:44:0520 0xfffbc42b] Var: %desktop%, Data: C:\WINDOWS\Escritorio
[26/08/2005 17:30:44:0520 0xfffbc42b] Var: %desktopdirectory%, Data: %userprofile%\desktop
[26/08/2005 17:30:44:0520 0xfffbc42b] Var: %favorites%, Data: C:\WINDOWS\Favoritos
[26/08/2005 17:30:44:0520 0xfffbc42b] Var: %startmenu%, Data: C:\WINDOWS\Menú Inicio
[26/08/2005 17:30:44:0520 0xfffbc42b] Var: %startup%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[26/08/2005 17:30:44:0520 0xfffbc42b] Var: %startupprograms%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[26/08/2005 17:30:44:0520 0xfffbc42b] Var: %system%, Data: C:\WINDOWS\SYSTEM
[26/08/2005 17:30:44:0520 0xfffbc42b] Var: %systemdir%, Data: C:\WINDOWS\SYSTEM
[26/08/2005 17:30:44:0520 0xfffbc42b] Var: %temp%, Data: C:\WINDOWS\TEMP
[26/08/2005 17:30:44:0520 0xfffbc42b] Var: %windir%, Data: C:\WINDOWS
[26/08/2005 17:30:44:0520 0xfffbc42b] Var: %window%, Data: C:\WINDOWS
[26/08/2005 17:30:44:0520 0xfffbc42b] Var: %windows%, Data: C:\WINDOWS
[26/08/2005 17:30:44:0680 0xfffbc42b] Creating scanner...
[26/08/2005 17:30:44:0900 0xfffbc42b] Quering environment results
[26/08/2005 17:30:44:0900 0xfffbc42b] Var: %autostart%, Data: C:\WINDOWS\Menú Inicio\Programas\Inicio
[26/08/2005 17:30:44:0900 0xfffbc42b] Var: %desktop%, Data: C:\WINDOWS\Escritorio
[26/08/2005 17:30:44:0900 0xfffb
-
msc hotline sat
- Mensajes: 93500
- Registrado: 09 Mar 2004, 20:39
- Ubicación: BARCELONA (ESPAÑA)
- Contactar:
Ya le pediremos el log del HJT si lo necesitamos, pero por ahora envienos los ficheros, pues el Wininet.DLL puede estar modificado por alguna variante no controlada por el elistara, y si no lo detecta, se lo implementaremos- Al respecto, el log que puede enviarnos en el del C:\infosat.txt, pero no envie mas logs que no le pidamos ...
Y el otro fichero ya está en cuarentena, pero veremos si se trata de una falsa alarma o qué pues al buscar informacion al respecto, he visto que enhttp://www.messengeradictos.com indican:
saludos
ms, 30-1-2006
Y el otro fichero ya está en cuarentena, pero veremos si se trata de una falsa alarma o qué pues al buscar informacion al respecto, he visto que en
[quote] "Ya hemos dicho miles de veces que el Messenger Deluxe no lleva troyano alguno, lo unico es que requiere conectarse para poder descargar los paquetes y eso "Algunos Antivirus" lo detectan como actividad sospechosa[/quote]
saludos
ms, 30-1-2006
Última edición por msc hotline sat el 30 Ene 2006, 06:41, editado 2 veces en total.
msc hotline sat Virus Research Engineer Antes de preguntar - Normas Basicas - Mensajes Privados - Repetir Temas - Continuar Temas - Titulos del Tema - Antivirus Online
-
msc hotline sat
- Mensajes: 93500
- Registrado: 09 Mar 2004, 20:39
- Ubicación: BARCELONA (ESPAÑA)
- Contactar:
Recuerda, aparte de enviarnos las muestras en la forma indicada, peganos en tu proximo post el contenido del c:\infosat.txt, es el unico log que necesitamos por ahora, gracias
saludos
ms, 30-1-2006
saludos
ms, 30-1-2006
msc hotline sat Virus Research Engineer Antes de preguntar - Normas Basicas - Mensajes Privados - Repetir Temas - Continuar Temas - Titulos del Tema - Antivirus Online
OK, logre encender la maquina pero tuve que bajar la info a disquette x que ahora no me deja abrir internet, de echo para todas las aplicaciones que abro el symantec (q me esta volviendo loca de paso) me brinca con siete avisos del dichoso virus, aqui esta el contenido del infosat,
Sat Jan 28 11:30:38 2006
EliStartPage v11.04 (c)2006 S.G.H. / Satinfo S.L.
--------------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\WEB\RELATED.HTM --> Eliminado
C:\WINDOWS\SYSTEM\OLEEXT.DLL --> Oleloa Borrado añadido al WININIT.INI
Por favor, envienos una muestra del fichero
C:\WINDOWS\TEMP\SHNLOG.EXE.Muestra EliStartPage v11.04
a "virus@satinfo.es ". Gracias.
C:\WINDOWS\SYSTEM\SHNLOG.EXE --> Eliminado
C:\WINDOWS\Sites.ini --> Eliminado (Fichero Complementario).
C:\WINDOWS\SYSTEM\ptainfo1.ico --> Eliminado (Fichero Complementario).
C:\WINDOWS\SYSTEM\ptainfo2.ico --> Eliminado (Fichero Complementario).
Entrada Eliminada [HKLM\...\Run] "intell32.exe"="C:\WINDOWS\SYSTEM\intell32.exe"
Entrada Eliminada [HKLM\...\Run] "PSGuard"="C:\Archivos de programa\PSGuard\PSGuard.exe"
Eliminada Class, "{057E242F-2947-4E0A-8E61-A11345D97EA6}" -> NULL1
Eliminada Class, "{357A87ED-3E5D-437D-B334-DEB7EB4982A3}" -> NULL1
Eliminada Carpeta "%WinSys%\LogFiles"
Eliminada Carpeta "%Application Data%\Shudder Global Limited"
Eliminada Carpeta "%Archivos de Programa%\P.S.Guard"
Eliminadas las Paginas de Inicio y de Busqueda del IE
Eliminados Ficheros Temporales del IE
Sat Jan 28 11:37:03 2006
EliStartPage v11.04 (c)2006 S.G.H. / Satinfo S.L.
--------------------------------------------------
Lista de Acciones (por Exploración):
C:\WINDOWS\SYSTEM\WININET.DLL --> Infectado con el Gusano ALEMOD
C:\WINDOWS\SYSTEM\Tools\Counter.exe --> Eliminado, Restart
C:\WINDOWS\SYSTEM\Tools\Restart.exe --> Eliminado, Restart
C:\Archivos de programa\LimeWire\uninstall.exe --> AutoExtraible
C:\Mis documentos\My Music\LimeWireWin.exe --> AutoExtraible
Sat Jan 28 11:38:57 2006
EliStartPage v11.04 (c)2006 S.G.H. / Satinfo S.L.
--------------------------------------------------
Lista de Acciones (por Exploración):
C:\WINDOWS\SYSTEM\WININET.DLL --> Infectado con el Gusano ALEMOD
C:\Archivos de programa\LimeWire\uninstall.exe --> AutoExtraible
C:\Mis documentos\My Music\LimeWireWin.exe --> AutoExtraible
Sat Jan 28 11:39:48 2006
EliStartPage v11.04 (c)2006 S.G.H. / Satinfo S.L.
--------------------------------------------------
Lista de Acciones (por Exploración):
C:\WINDOWS\SYSTEM\WININET.DLL --> Infectado con el Gusano ALEMOD
C:\Archivos de programa\LimeWire\uninstall.exe --> AutoExtraible
C:\Mis documentos\My Music\LimeWireWin.exe --> AutoExtraible
Sat Jan 28 11:45:23 2006
EliStartPage v11.04 (c)2006 S.G.H. / Satinfo S.L.
--------------------------------------------------
Lista de Acciones (por Acción Directa):
Eliminada Class, "{357A87ED-3E5D-437D-B334-DEB7EB4982A3}" -> NULL1
Eliminadas las Paginas de Inicio y de Busqueda del IE
Sat Jan 28 11:56:25 2006
EliStartPage v11.04 (c)2006 S.G.H. / Satinfo S.L.
--------------------------------------------------
Lista de Acciones (por Exploración):
C:\Archivos de programa\LimeWire\uninstall.exe --> AutoExtraible
C:\Mis documentos\My Music\LimeWireWin.exe --> AutoExtraible
Sat Jan 28 12:08:22 2006
EliStartPage v11.04 (c)2006 S.G.H. / Satinfo S.L.
--------------------------------------------------
Lista de Acciones (por Exploración):
C:\Archivos de programa\LimeWire\uninstall.exe --> AutoExtraible
C:\Mis documentos\My Music\LimeWireWin.exe --> AutoExtraible
Sun Jan 29 21:55:06 2006
EliStartPage v11.04 (c)2006 S.G.H. / Satinfo S.L.
--------------------------------------------------
Lista de Acciones (por Acción Directa):
Eliminadas las Paginas de Inicio y de Busqueda del IE
Eliminados Ficheros Temporales del IE
Sun Jan 29 21:57:28 2006
EliStartPage v11.04 (c)2006 S.G.H. / Satinfo S.L.
--------------------------------------------------
Lista de Acciones (por Exploración):
C:\WINDOWS\SYSTEM\WININET.DLL --> Infectado con el Gusano ALEMOD
C:\Archivos de programa\LimeWire\uninstall.exe --> AutoExtraible
C:\Mis documentos\My Music\LimeWireWin.exe --> AutoExtraible
Sun Jan 29 22:08:35 2006
EliStartPage v11.04 (c)2006 S.G.H. / Satinfo S.L.
--------------------------------------------------
Lista de Acciones (por Acción Directa):
Eliminadas las Paginas de Inicio y de Busqueda del IE
Eliminados Ficheros Temporales del IE
Sun Jan 29 22:09:13 2006
EliStartPage v11.04 (c)2006 S.G.H. / Satinfo S.L.
--------------------------------------------------
Lista de Acciones (por Exploración):
C:\WINDOWS\SYSTEM\WININET.DLL --> Infectado con el Gusano ALEMOD
C:\Archivos de programa\LimeWire\uninstall.exe --> AutoExtraible
C:\Mis documentos\My Music\LimeWireWin.exe --> AutoExtraible
Sat Jan 28 11:30:38 2006
EliStartPage v11.04 (c)2006 S.G.H. / Satinfo S.L.
--------------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\WEB\RELATED.HTM --> Eliminado
C:\WINDOWS\SYSTEM\OLEEXT.DLL --> Oleloa Borrado añadido al WININIT.INI
Por favor, envienos una muestra del fichero
C:\WINDOWS\TEMP\SHNLOG.EXE.Muestra EliStartPage v11.04
a "
C:\WINDOWS\SYSTEM\SHNLOG.EXE --> Eliminado
C:\WINDOWS\Sites.ini --> Eliminado (Fichero Complementario).
C:\WINDOWS\SYSTEM\ptainfo1.ico --> Eliminado (Fichero Complementario).
C:\WINDOWS\SYSTEM\ptainfo2.ico --> Eliminado (Fichero Complementario).
Entrada Eliminada [HKLM\...\Run] "intell32.exe"="C:\WINDOWS\SYSTEM\intell32.exe"
Entrada Eliminada [HKLM\...\Run] "PSGuard"="C:\Archivos de programa\PSGuard\PSGuard.exe"
Eliminada Class, "{057E242F-2947-4E0A-8E61-A11345D97EA6}" -> NULL1
Eliminada Class, "{357A87ED-3E5D-437D-B334-DEB7EB4982A3}" -> NULL1
Eliminada Carpeta "%WinSys%\LogFiles"
Eliminada Carpeta "%Application Data%\Shudder Global Limited"
Eliminada Carpeta "%Archivos de Programa%\P.S.Guard"
Eliminadas las Paginas de Inicio y de Busqueda del IE
Eliminados Ficheros Temporales del IE
Sat Jan 28 11:37:03 2006
EliStartPage v11.04 (c)2006 S.G.H. / Satinfo S.L.
--------------------------------------------------
Lista de Acciones (por Exploración):
C:\WINDOWS\SYSTEM\WININET.DLL --> Infectado con el Gusano ALEMOD
C:\WINDOWS\SYSTEM\Tools\Counter.exe --> Eliminado, Restart
C:\WINDOWS\SYSTEM\Tools\Restart.exe --> Eliminado, Restart
C:\Archivos de programa\LimeWire\uninstall.exe --> AutoExtraible
C:\Mis documentos\My Music\LimeWireWin.exe --> AutoExtraible
Sat Jan 28 11:38:57 2006
EliStartPage v11.04 (c)2006 S.G.H. / Satinfo S.L.
--------------------------------------------------
Lista de Acciones (por Exploración):
C:\WINDOWS\SYSTEM\WININET.DLL --> Infectado con el Gusano ALEMOD
C:\Archivos de programa\LimeWire\uninstall.exe --> AutoExtraible
C:\Mis documentos\My Music\LimeWireWin.exe --> AutoExtraible
Sat Jan 28 11:39:48 2006
EliStartPage v11.04 (c)2006 S.G.H. / Satinfo S.L.
--------------------------------------------------
Lista de Acciones (por Exploración):
C:\WINDOWS\SYSTEM\WININET.DLL --> Infectado con el Gusano ALEMOD
C:\Archivos de programa\LimeWire\uninstall.exe --> AutoExtraible
C:\Mis documentos\My Music\LimeWireWin.exe --> AutoExtraible
Sat Jan 28 11:45:23 2006
EliStartPage v11.04 (c)2006 S.G.H. / Satinfo S.L.
--------------------------------------------------
Lista de Acciones (por Acción Directa):
Eliminada Class, "{357A87ED-3E5D-437D-B334-DEB7EB4982A3}" -> NULL1
Eliminadas las Paginas de Inicio y de Busqueda del IE
Sat Jan 28 11:56:25 2006
EliStartPage v11.04 (c)2006 S.G.H. / Satinfo S.L.
--------------------------------------------------
Lista de Acciones (por Exploración):
C:\Archivos de programa\LimeWire\uninstall.exe --> AutoExtraible
C:\Mis documentos\My Music\LimeWireWin.exe --> AutoExtraible
Sat Jan 28 12:08:22 2006
EliStartPage v11.04 (c)2006 S.G.H. / Satinfo S.L.
--------------------------------------------------
Lista de Acciones (por Exploración):
C:\Archivos de programa\LimeWire\uninstall.exe --> AutoExtraible
C:\Mis documentos\My Music\LimeWireWin.exe --> AutoExtraible
Sun Jan 29 21:55:06 2006
EliStartPage v11.04 (c)2006 S.G.H. / Satinfo S.L.
--------------------------------------------------
Lista de Acciones (por Acción Directa):
Eliminadas las Paginas de Inicio y de Busqueda del IE
Eliminados Ficheros Temporales del IE
Sun Jan 29 21:57:28 2006
EliStartPage v11.04 (c)2006 S.G.H. / Satinfo S.L.
--------------------------------------------------
Lista de Acciones (por Exploración):
C:\WINDOWS\SYSTEM\WININET.DLL --> Infectado con el Gusano ALEMOD
C:\Archivos de programa\LimeWire\uninstall.exe --> AutoExtraible
C:\Mis documentos\My Music\LimeWireWin.exe --> AutoExtraible
Sun Jan 29 22:08:35 2006
EliStartPage v11.04 (c)2006 S.G.H. / Satinfo S.L.
--------------------------------------------------
Lista de Acciones (por Acción Directa):
Eliminadas las Paginas de Inicio y de Busqueda del IE
Eliminados Ficheros Temporales del IE
Sun Jan 29 22:09:13 2006
EliStartPage v11.04 (c)2006 S.G.H. / Satinfo S.L.
--------------------------------------------------
Lista de Acciones (por Exploración):
C:\WINDOWS\SYSTEM\WININET.DLL --> Infectado con el Gusano ALEMOD
C:\Archivos de programa\LimeWire\uninstall.exe --> AutoExtraible
C:\Mis documentos\My Music\LimeWireWin.exe --> AutoExtraible
-
msc hotline sat
- Mensajes: 93500
- Registrado: 09 Mar 2004, 20:39
- Ubicación: BARCELONA (ESPAÑA)
- Contactar:
Pues en el primer bloque, le pediamos una muestra, añadala a las que nos envie:
Por favor, envienos una muestra del fichero
C:\WINDOWS\TEMP\SHNLOG.EXE.Muestra EliStartPage v11.04
a "virus@satinfo.es ". Gracias.
y en el último bloque ya kew detectabamos el ALEMOD en el WININET.DLL:
C:\WINDOWS\SYSTEM\WININET.DLL --> Infectado con el Gusano ALEMOD
Este WININET.DLL deberá sobreescribirlo con el de otra máquina con igual sistema operativo, pues el malware lo sobreescribe a su manera y debe reemplazarse de la forma indicada o REPARANDO sistema con el CD de instalacion
saludos
ms, 30-1-2006
Por favor, envienos una muestra del fichero
C:\WINDOWS\TEMP\SHNLOG.EXE.Muestra EliStartPage v11.04
a "
y en el último bloque ya kew detectabamos el ALEMOD en el WININET.DLL:
C:\WINDOWS\SYSTEM\WININET.DLL --> Infectado con el Gusano ALEMOD
Este WININET.DLL deberá sobreescribirlo con el de otra máquina con igual sistema operativo, pues el malware lo sobreescribe a su manera y debe reemplazarse de la forma indicada o REPARANDO sistema con el CD de instalacion
saludos
ms, 30-1-2006
msc hotline sat Virus Research Engineer Antes de preguntar - Normas Basicas - Mensajes Privados - Repetir Temas - Continuar Temas - Titulos del Tema - Antivirus Online
Buenas Noches,
Agradezco mucho su gran ayuda... finalmente mi madre se llevo ayer el cpu a su trabajo y ahí le agregaron unos parches que le hacían falta a la maquina y la pusieron como esclava de otra maquina, ya hoy esta funcionando bien... de todas formas les agradezco de todo corazón toditita su ayuda...
Ya pueden dar por cerrado este problema...
Saludos,
Madelainne
Agradezco mucho su gran ayuda... finalmente mi madre se llevo ayer el cpu a su trabajo y ahí le agregaron unos parches que le hacían falta a la maquina y la pusieron como esclava de otra maquina, ya hoy esta funcionando bien... de todas formas les agradezco de todo corazón toditita su ayuda...
Ya pueden dar por cerrado este problema...
Saludos,
Madelainne
-
msc hotline sat
- Mensajes: 93500
- Registrado: 09 Mar 2004, 20:39
- Ubicación: BARCELONA (ESPAÑA)
- Contactar:
Pues nos alegramos de ello, y solucionado el problema, procedemos a cerrar el Tema
Aparte interesa que envie las muestras indicadas, para su estudio y posible potenciacion de las utilidades, en beneficio de los demás y del suyo propio algun día
saludos
ms, 1-2-2006
PD. Acusamos recibo de su mail que tambien nos ha enviado al respeto. ms.
Aparte interesa que envie las muestras indicadas, para su estudio y posible potenciacion de las utilidades, en beneficio de los demás y del suyo propio algun día
saludos
ms, 1-2-2006
PD. Acusamos recibo de su mail que tambien nos ha enviado al respeto. ms.
msc hotline sat Virus Research Engineer Antes de preguntar - Normas Basicas - Mensajes Privados - Repetir Temas - Continuar Temas - Titulos del Tema - Antivirus Online