le pase el Panda Antivirus (desactualizado 4 meses aprox.) y no encontraba nada, le pasé el Spyware Doctor actualizado y encontró varias cosas.

Pues luego el Regedit ya no se ejecutaba (cambié el nombre para que de), con un archivo reg que recomendaban en el foro pude hacer que entre en Modo a prueba de fallos (al que se cogaba al entrar).

Tampoco ejecutaba el Kaspersky, y no abría el Administrador de Tareas (ejecutando el el 'msedit'¿es así? púde hacer que abra el Admi).

Bueno, una vez usando ese archivo reg para que entre a Modo Prueba de fallos...al fin entró, entonces instalé el trial de Kaspersky (bajado ayer), y al intentar ejecutarlo no pasaba nada...entré a la carpeta del Kaspersky y le aumenté un '1' al nombre, entonces se ejecutó e hize un intelli scan y luego un scan completo...ahora no se si está solucionado todo (a primera vista si) pero les paso el reporte del Kaspersky para que me ayuden. Bueno no se si entrará...es muy largo
Full Scan: completed 29/07/2008 12:32:26 a.m. (events: 36, objects: 361622, time: 05:26:59 a.m.)
29/07/2008 12:32:26 a.m. Task completed
29/07/2008 12:32:26 a.m. Deleted: IRC-Worm.Win32.Delf.o G:\36osafe.exe
29/07/2008 12:32:26 a.m. Detected: IRC-Worm.Win32.Delf.o G:\36Osafe.exe/UPack
29/07/2008 12:32:26 a.m. Deleted: IRC-Worm.Win32.Delf.o c:\System Volume Information\_restore{ED29EC19-CAF0-48F6-BC69-33F2B5B19F2C}\RP277\a0166611.exe
29/07/2008 12:32:23 a.m. Detected: IRC-Worm.Win32.Delf.o c:\System Volume Information\_restore{ED29EC19-CAF0-48F6-BC69-33F2B5B19F2C}\RP277\A0166611.exe/UPack
29/07/2008 12:32:05 a.m. Untreated: IRC-Worm.Win32.Delf.o G:\36Osafe.exe/UPack Postponed
29/07/2008 12:32:05 a.m. Detected: IRC-Worm.Win32.Delf.o G:\36Osafe.exe/UPack
28/07/2008 10:43:38 p.m. Detected: http://www.viruslist.com/en/advisories/16239 c:\Datos Recuperados\Back Up\Downloadsc\emulePhoenix0.42e_1.5_binaries\emule Phoenix0.42e_1.5_binaries\emule.exe
28/07/2008 10:23:43 p.m. Untreated: IRC-Worm.Win32.Delf.o c:\System Volume Information\_restore{ED29EC19-CAF0-48F6-BC69-33F2B5B19F2C}\RP277\A0166611.exe/UPack Postponed
28/07/2008 10:23:43 p.m. Detected: IRC-Worm.Win32.Delf.o c:\System Volume Information\_restore{ED29EC19-CAF0-48F6-BC69-33F2B5B19F2C}\RP277\A0166611.exe/UPack
28/07/2008 10:03:33 p.m. Detected: http://www.viruslist.com/en/advisories/29239 c:\archivos de programa\PokerAcademyPro2\java\bin\java.exe
28/07/2008 09:37:28 p.m. Detected: http://www.viruslist.com/en/advisories/29239 c:\archivos de programa\Java\jre1.5.0_11\bin\java.exe
28/07/2008 09:36:54 p.m. Detected: http://www.viruslist.com/en/advisories/29787 c:\archivos de programa\mozilla firefox\firefox.exe
28/07/2008 09:36:49 p.m. Detected: http://www.viruslist.com/en/advisories/28083 c:\archivos de programa\mozilla firefox\plugins\NPSWF32.dll
28/07/2008 09:30:45 p.m. Detected: http://www.viruslist.com/en/advisories/28506 c:\archivos de programa\microsoft office\office10\excel.exe
28/07/2008 09:27:33 p.m. Detected: http://www.viruslist.com/en/advisories/27865 c:\archivos de programa\winamp\winamp.exe
28/07/2008 09:26:32 p.m. Detected: http://www.viruslist.com/en/advisories/29650 c:\archivos de programa\quicktime\quicktimeplayer.exe
28/07/2008 09:19:13 p.m. Detected: http://www.viruslist.com/en/advisories/29321 c:\archivos de programa\Archivos comunes\Microsoft Shared\Office10\MSO.DLL
28/07/2008 09:08:10 p.m. Detected: http://www.viruslist.com/en/advisories/28083 c:\Documents and Settings\JpAbLo\Configuración local\Temp\mProjector1773647059\FlashPlayer.3.1.1a .ocx
28/07/2008 09:07:06 p.m. Detected: http://www.viruslist.com/en/advisories/29321 c:\Documents and Settings\JpAbLo\Configuración local\Temp\$535E3E42.t$m
28/07/2008 09:06:15 p.m. Detected: http://www.viruslist.com/en/advisories/29321 c:\Documents and Settings\JpAbLo\Configuración local\Temp\$717B5DDD.t$m
28/07/2008 08:59:24 p.m. Detected: http://www.viruslist.com/en/advisories/28083 c:\Documents and Settings\Eunice\Configuración local\Temp\mProjector1773647059\FlashPlayer.3.1.1a .ocx
28/07/2008 08:44:07 p.m. Detected: http://www.viruslist.com/en/advisories/28083 c:\windows\system32\macromed\flash\~SS3F.tmp
28/07/2008 08:44:06 p.m. Detected: http://www.viruslist.com/en/advisories/28083 c:\windows\system32\macromed\flash\NPSWF32.dll
28/07/2008 08:44:05 p.m. Detected: http://www.viruslist.com/en/advisories/28083 c:\windows\system32\macromed\flash\Flash9b.ocx
28/07/2008 08:44:03 p.m. Detected: http://www.viruslist.com/en/advisories/26027 c:\windows\system32\macromed\flash\flash.ocx
28/07/2008 08:44:02 p.m. Detected: http://www.viruslist.com/en/advisories/28083 c:\windows\system32\macromed\flash\swflash.ocx
28/07/2008 07:11:56 p.m. Untreated: IRC-Worm.Win32.Delf.o c:\System Volume Information\_restore{ED29EC19-CAF0-48F6-BC69-33F2B5B19F2C}\RP277\A0166611.exe/UPack Postponed
28/07/2008 07:11:56 p.m. Detected: IRC-Worm.Win32.Delf.o c:\System Volume Information\_restore{ED29EC19-CAF0-48F6-BC69-33F2B5B19F2C}\RP277\A0166611.exe/UPack
28/07/2008 07:06:11 p.m. Detected: http://www.viruslist.com/en/advisories/26027 c:\windows\system32\macromed\flash\flash.ocx
28/07/2008 07:06:08 p.m. Detected: http://www.viruslist.com/en/advisories/29650 c:\archivos de programa\quicktime\quicktimeplayer.exe
28/07/2008 07:06:07 p.m. Detected: http://www.viruslist.com/en/advisories/29787 c:\archivos de programa\mozilla firefox\firefox.exe
28/07/2008 07:05:45 p.m. Detected: http://www.viruslist.com/en/advisories/27865 c:\archivos de programa\winamp\winamp.exe
28/07/2008 07:05:42 p.m. Detected: http://www.viruslist.com/en/advisories/28506 c:\archivos de programa\microsoft office\office10\excel.exe
28/07/2008 07:05:40 p.m. Detected: http://www.viruslist.com/en/advisories/26201 c:\archivos de programa\adobe\acrobat 6.0\reader\acrord32.exe
28/07/2008 07:05:27 p.m. Task started
Full Scan: completed 29/07/2008 12:32:26 a.m. (events: 36, objects: 361622, time: 05:26:59 a.m.)
28/07/2008 07:04:57 p.m. Task stopped
28/07/2008 07:04:47 p.m. Task started
Full Scan: completed 29/07/2008 12:32:26 a.m. (events: 36, objects: 361622, time: 05:26:59 a.m.)
28/07/2008 06:58:32 p.m. Task completed
28/07/2008 06:58:32 p.m. Deleted: IRC-Worm.Win32.Delf.o c:\windows\system32\36osafe.exe
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpm.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zxsweep.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonealarm.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zlclient.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZCAP.EXE\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZAPS.EXE\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZAPPRG.EXE\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZAPD.EXE\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZAP.EXE\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WrCtrl\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WrAdmin\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WoptiClean.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WIMMUN32\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WGFE95\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wfindv32.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WEBTRAP\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webscanx.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webscan.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WATCHDOG\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsstat.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsscan40.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsmon\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VSMAIN\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vshwin32.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsecomr.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Vscan40.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VPTRAY\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VPC32\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VIR - HELP\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vettray.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vet98.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vet95.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VET32.EXE\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VCONTROL.EXE\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VbCons\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbcmserv\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UpLive.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxPol.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxFwHlp.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxCfg.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAttachment.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAgent.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UIHost.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojDie.kxp\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Trojanwall.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojanDetector.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ToolsUp.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\thmail.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\thd32.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\thd.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\thav.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\th32upd.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\th32.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\th.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TFAK\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds2 - nt.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds2 - 98.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TDS - 3 \Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TCM\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tca.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbscan.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TAUMON\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SysSafe.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Syscheck2.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\syscheck.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SYMTRAY\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SymProxySvc\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvc.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SWNETSUP\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SweepNet\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweep95.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SS3EDIT\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SREngPS.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SREng.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SPYXX\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sphinx.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smc.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SmartUp.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartassistant.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shcfg32.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sfc.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\serv95.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scrscan.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scanpm.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan95.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sbserv\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeweb.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safelive.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\runiep.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RULAUNCH\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RTVSCN95\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rsaupd.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsAgent.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwProxy.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwolusr.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RfwMain.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwcfg.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rescue.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regmon.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedt32.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegClean.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\REALMON\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTask.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ravt08.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavStub.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavStore.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMonD.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMon.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavCopy.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7win.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rav.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ras.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rapapp.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QHSET.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pview95.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pview95\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PROGRAMAUDITOR\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PROCESSMONITOR\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pqremove.com\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PORTMONITOR\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\POPROXY\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\POP3TRAP\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFWLiveUpdate.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pfwcon.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pfwagent.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFW.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pervacd.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pervac.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\perupd.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pertsk.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\persfw.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\perd.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\per.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcscan\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcntmon\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcfwallicon.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccwin98.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccwin97\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccmain.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcciomon.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Pavw.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Pavsched.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavproxy\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavmail.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavcl.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pav.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\padmin.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PADMIN\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\offguard.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NWTOOL16\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NWService\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NVSVC32\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvc95.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nupgrade.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NTXconfig\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NTVDM\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntrtscan\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nspclean.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nsched32.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npssvc\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npscheck\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notstart.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\normist.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32kui.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nmain.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nisum.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nisserv.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netutils\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NeoWatchLog\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ndd32\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navwnt.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVSetup.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navsched.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navrunr.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navnt.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navlu32.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVENGNAVEX15\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapw32.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapsvc.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\N32scanw.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\n32scan.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MWATCH\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpftray.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPFSERVICE\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\moolive.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Monitor.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmsk.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmqczj.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MINILOG\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MGHTML\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MCVSSHLD\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MCVSRTE\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MCUPDATE\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MCTOOL\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MCMNHDLR\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcconsol.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MCAGENT\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcafee\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MagicSet.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LUSPT\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lucomserver.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luall.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lookout.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdownadvanced.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown2000.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\loaddll.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LDSCAN\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LDPROMENU\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatchX.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch9x.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP_1.kxp\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP.kxp\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvwsc.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvupload.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVStub.kxp\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVScan.kxp\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvReport.kxp\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvolself.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvol.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP_1.kxp\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.kxp\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvfwMcl.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvfw.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvDetect.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVCenter.kxp\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KsLoader.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRepair.COM\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRegEx.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFWSvc.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpf.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMFilter.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMailMon.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KISLnchr.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\killhidepid.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVSetup.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KaScrScn.SCR\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kabaload.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Jedi.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jed.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ISRV95\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\isPwdSvc.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IsHelp.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmo.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iomon98.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iface.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Icsuppnt.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsupp95.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icssuppnt.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icmoon.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icmon.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icloadnt.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icload95.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IceSword.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmavsp.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IBMASN.EXE\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IAMSTATS\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamserv.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamapp.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GUARD\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GENERICS\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GBPOLL\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbmenu\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FTCleanerShell.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsmb32\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsma32\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsm32\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsgk32\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav32\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsaa\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\frw.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPROT95.EXE\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fprot.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp - win.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fnrb32\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\findviru.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\findt2005.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\filemon.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FileDsty.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fih32\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fch32\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fameh32\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f - stopw.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f - prot95.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f - prot.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f - agnt95.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EXPERT\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EVPN\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ETRUSTCIPE\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\espwatch.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\esafe.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EFPEADM\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EFINET32.EXE\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ecengine.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Dvp95_0.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dv95_o.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dv95.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DOORS\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DEFWATCH\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defscangui\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defalert\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CTRL\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CPDClnt\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CONNECTIONMONITOR\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CMGRDIAN\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clrav.com\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner3.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95ct.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Claw95cf.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet32.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfind.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiaudit.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiadmin.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfgWiz\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCAPP.EXE\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BullGuard\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackice.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackd.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVXW\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVXQUAR\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVXMONITORNT\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVXMONITOR9X\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupd32.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWINNT\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwin95.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsynmgr.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsched32.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Avrep32.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpupd.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avptc32.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpnt.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpmon.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpm.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpdos32.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpcc.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp32.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Avnt.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkwctl9\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkservice\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkserv.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvkServ\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkpop\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGW\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGSERV9\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvgServ\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgctrl.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGCC32\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ave32.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AutoTrace\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AutoGuarder.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autodown.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ATWATCH\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ATUPDATER\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ATCON\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arvmon.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apvxdwin.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AppSvc32.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ANTS\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivir\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\anti - trojan.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AMON9X\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\amon.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ALOGSERV\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AgentSvr.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ADVXDWIN\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adam.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe\Debugger
28/07/2008 06:58:32 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe\Debugger
28/07/2008 06:58:30 p.m. Disinfected: IRC-Worm.Win32.Delf.o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run\36Osafe
28/07/2008 06:58:29 p.m. Detected: IRC-Worm.Win32.Delf.o c:\windows\system32\36osafe.exe/UPack
28/07/2008 06:57:36 p.m. Untreated: IRC-Worm.Win32.Delf.o c:\windows\system32\36osafe.exe/UPack Postponed
28/07/2008 06:57:35 p.m. Detected: IRC-Worm.Win32.Delf.o c:\windows\system32\36osafe.exe/UPack
28/07/2008 06:56:39 p.m. Task started

Haz los siguientes, pasos, si no puedes ejecutar alguna de las herramientas, saltea los pasos y ejecuta Combofix.


Descarga las siguientes herramientas:

• MalwareBytes’ Anti-Malware
• CCleaner.

1. Desactiva Restaurar Sistema
2. Reinicia en Modo Seguro
3. Ejecuta CCleaner, usando primero su opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos, y luego usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad).
4. Ejecuta Malwarebytes' Anti-Malware *(Es importante seleccionar escaneo completo y la opción de quitar lo encontrado)

Ahora, reinicia en Modo Normal, y haz lo siguiente

- Descarga la herramienta ComboFix.exe y guárdala en el escritorio.

• Desactiva temporalmente el Antivirus y/o Antispyware.
• Cierra todas las ventanas abiertas.
• Hacele doble clic al archivo ComboFix.exe y seguí las instrucciones.
• Cuando termine, generara un registro en C:\ComboFix.txt.
  • *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
  • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.

• Reinicia y pega el reporte de C:\ComboFix.txt en este mismo mensaje, junto con el de Malwarebytes' Anti-Malware.

ComboFix 08-07-28.6 - JpAbLo 2008-07-30 0:36:06.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.34.3082.18.277 [GMT -4:00]
Se ejecuta desde: C:\Documents and Settings\JpAbLo\Escritorio\ComboFix.exe
* Creado un nuevo punto de restauración

ADVERTENCIA - ESTE EQUIPO NO TIENE INSTALADA LA CONSOLA DE RECUPERACION!
.

(((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\1rfw8hjr.com
C:\autorun.inf
C:\DOCUME~1\JpAbLo\CONFIG~1\Temp\ovlx.dll
C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr1.dat
C:\njibyekk.com
C:\qxbx9blb.com
C:\v.exe
C:\WINDOWS\recover.reg
C:\WINDOWS\system32\ckvo.exe
C:\WINDOWS\system32\ckvo0.dll
C:\WINDOWS\Temp\log.txt

----- BITS: Possible infected sites -----

http://acs.pandasoftware.com:80
.
(((((((((((((((((( Archivos creados desde 2008-06-28 - 2008-07-30 )))))))))))))))))))))))))))))))))
.

2008-07-29 22:57 . 2008-07-29 22:57 <DIR> d-------- C:\Documents and Settings\JpAbLo\Datos de programa\Malwarebytes
2008-07-29 22:57 . 2008-07-29 22:57 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Malwarebytes
2008-07-29 22:57 . 2008-07-29 22:57 <DIR> d-------- C:\Archivos de programa\Malwarebytes' Anti-Malware
2008-07-29 22:57 . 2008-07-23 20:09 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-29 22:57 . 2008-07-23 20:09 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-29 22:52 . 2008-07-29 22:52 <DIR> d-------- C:\Archivos de programa\CCleaner
2008-07-29 01:52 . 2008-07-29 01:52 <DIR> d-------- C:\Archivos de programa\Trend Micro
2008-07-28 19:18 . 2008-07-28 19:18 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-07-28 18:47 . 2008-07-28 18:47 <DIR> d-------- C:\WINDOWS\system32\%PersonalRootCertificateFolder %
2008-07-28 18:27 . 2008-07-28 18:27 <DIR> d-------- C:\Documents and Settings\Victor\Datos de programa\SUPERAntiSpyware.com
2008-07-28 18:27 . 2008-07-28 18:27 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\SUPERAntiSpyware.com
2008-07-28 18:27 . 2008-07-28 18:27 <DIR> d-------- C:\Archivos de programa\SUPERAntiSpyware
2008-07-28 18:27 . 2008-07-28 18:27 <DIR> d-------- C:\Archivos de programa\Archivos comunes\Wise Installation Wizard
2008-07-28 17:43 . 2007-02-19 00:21 27,054 --a------ C:\WINDOWS\SafeMode Repair.reg.reg
2008-07-28 17:16 . 2008-07-28 17:16 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-07-28 17:10 . 2008-07-29 03:40 96,559 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-07-28 17:10 . 2008-07-29 03:40 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-07-28 17:09 . 2008-07-28 17:09 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Kaspersky Lab
2008-07-28 17:09 . 2008-07-28 17:09 <DIR> d-------- C:\Archivos de programa\Kaspersky Lab
2008-07-28 17:09 . 2008-07-30 00:38 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-07-28 17:09 . 2008-07-30 00:38 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-07-28 17:09 . 2008-07-30 00:38 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-28 17:09 . 2008-07-30 00:38 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-28 04:56 . 2008-07-28 04:56 <DIR> d-------- C:\Archivos de programa\Spyware Doctor
2008-07-28 04:50 . 2008-07-28 04:50 <DIR> d--hs---- C:\FOUND.007
2008-07-28 03:51 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-07-28 00:28 . 2008-07-28 00:28 <DIR> d-------- C:\Archivos de programa\Panda Security
2008-07-27 16:32 . 2008-07-28 17:54 79,360 -r-hs---- C:\WINDOWS\system32\ckvo1.dll
2008-07-21 16:14 . 2008-07-21 16:14 <DIR> d-------- C:\Archivos de programa\Dictionary
2008-07-19 21:32 . 2008-07-19 21:32 <DIR> d-------- C:\Archivos de programa\Heavy Metal FAKK2
2008-07-19 20:52 . 2008-07-19 20:52 318,063 --a------ C:\WINDOWS\Sonic 3D Uninstaller.exe
2008-07-19 20:51 . 2008-07-19 20:51 <DIR> d-------- C:\Archivos de programa\Sonic 3D
2008-07-19 17:37 . 2008-07-19 17:37 <DIR> d-------- C:\Archivos de programa\GameShadow
2008-07-19 17:34 . 2005-04-26 08:01 40,960 -r------- C:\WINDOWS\IGLobbyReg.exe
2008-07-19 17:34 . 2005-03-18 15:09 1,078 --a------ C:\WINDOWS\GameSpy.ico
2008-07-19 17:20 . 2008-07-19 17:20 <DIR> d-------- C:\Archivos de programa\Pyro Studios
2008-07-17 02:51 . 2008-07-17 02:51 <DIR> d-------- C:\tmp
2008-07-16 23:57 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-15 17:47 . 2008-07-15 17:47 <DIR> d--hs---- C:\FOUND.006
2008-07-15 00:54 . 2008-07-15 00:54 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\sentinel
2008-07-14 22:23 . 2008-07-14 22:23 166 --a------ C:\WINDOWS\AvDetected.ini
2008-07-09 02:00 . 2008-07-09 02:00 <DIR> d-------- C:\Documents and Settings\JpAbLo\Datos de programa\Synthesia
2008-07-08 20:08 . 2008-07-23 03:10 890 --a------ C:\WINDOWS\Zillions.INI
2008-07-08 19:11 . 2008-07-08 19:11 <DIR> d-------- C:\Archivos de programa\PokerAcademyPro2
2008-07-08 19:10 . 2008-07-08 19:10 <DIR> d-------- C:\Archivos de programa\Zillions Development
2008-07-01 20:02 . 2008-07-08 14:04 91 --a------ C:\WINDOWS\CIV.INI
2008-07-01 14:03 . 2008-07-01 14:03 <DIR> d--hs---- C:\FOUND.005
2008-06-18 15:42 . 2008-06-18 15:42 <DIR> d-------- C:\Musica
2008-06-09 20:45 . 2008-06-09 20:45 <DIR> d-------- C:\Documents and Settings\Eunice\Datos de programa\fretsonfire

.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2008-07-27 22:09 2,048 ----a-w C:\Archivos de programa\Sonic 3Dsonic3d.ini
2008-06-20 17:04 34,328 ----a-w C:\Documents and Settings\Victor\Datos de programa\GDIPFONTCACHEV1.DAT
2008-04-25 22:24 34,328 ----a-w C:\Documents and Settings\JpAbLo\Datos de programa\GDIPFONTCACHEV1.DAT
2008-04-25 22:22 206,088 ----a-w C:\WINDOWS\system32\klogon.dll
2008-04-10 23:43 249,856 ------w C:\WINDOWS\Setup1.exe
2008-04-10 23:42 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-01-26 04:24 57,344 ----a-w C:\Documents and Settings\JpAbLo\lametritonus.dll
2008-01-26 04:24 162,304 ----a-w C:\Documents and Settings\JpAbLo\lame_enc.dll
2007-11-27 20:29 22,416 ----a-w C:\Documents and Settings\Eunice\Datos de programa\GDIPFONTCACHEV1.DAT
2004-10-01 19:00 40,960 ----a-w C:\Archivos de programa\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vac¡as & entradas leg¡timas predeterminadas no son mostradas

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 13:42 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ATIPTA"="C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-12 21:05 344064]
"RemoteControl"="C:\Archivos de programa\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"InCD"="C:\Archivos de programa\Ahead\InCD\InCD.exe" [2006-07-12 05:58 1397760]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2001-07-09 11:50 155648]
"LGODDFU"="C:\Archivos de programa\lg_fwupdate\fwupdate.exe" [2007-04-19 17:40 249856]
"QuickTime Task"="C:\Archivos de programa\QuickTime\qttask.exe" [2007-04-26 22:40 98304]
"Easy-PrintToolBox"="C:\Archivos de programa\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-13 21:10 409600]
"SunJavaUpdateSched"="C:\Archivos de programa\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"AVP"="C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-04-25 18:21 201992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 13:42 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"DisableWindowsUpdateAccess"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Archivos de programa\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-12-15 03:23 75520 C:\Archivos de programa\Java\jre1.5.0_11\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Archivos de programa\\Messenger\\MSMSGS.EXE"=
"C:\\Archivos de programa\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Archivos de programa\\MSN Messenger\\msnmsgr.exe"=
"C:\\Archivos de programa\\MSN Messenger\\livecall.exe"=
"C:\\Archivos de programa\\uTorrent\\uTorrent.exe"=
"C:\\Archivos de programa\\eMule\\emule.exe"=
"C:\\mIRC1\\mirc.exe"=
"C:\\Archivos de programa\\Heavy Metal FAKK2\\fakk2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]
R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboo t.sys [2008-06-19 17:24]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 20:07]
S2 avp1;avp1;C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp1.exe [2008-04-25 18:21]
S3 k310bus;Sony Ericsson K310 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k310bus.sys [2006-03-10 14:03]
S3 k310mdfl;Sony Ericsson K310 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k310mdfl.sys [2006-03-10 14:03]
S3 k310mdm;Sony Ericsson K310 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k310mdm.sys [2006-03-10 14:03]
S3 k310mgmt;Sony Ericsson K310 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k310mgmt.sys [2006-03-10 14:03]
S3 k310obex;Sony Ericsson K310 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k310obex.sys [2006-03-10 14:03]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - C:\1rfw8hjr.com
\Shell\explore\Command - C:\1rfw8hjr.com
\Shell\open\Command - C:\1rfw8hjr.com

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{82928530-14a6-11dd-bbec-0013eff144c6}]
\Shell\AutoRun\command - G:\36Osafe.exe
\Shell\Explore\Command - G:\36Osafe.exe
\Shell\Open\Command - G:\36Osafe.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{8dd54b4c-adb0-11dc-baf4-0013eff144c6}]
\Shell\AutoRun\command - H:\qxbx9blb.com
\Shell\explore\Command - H:\f0.cmd
\Shell\open\Command - H:\qxbx9blb.com

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{b1d0bc7a-54fe-11dd-bc7b-0013eff144c6}]
\Shell\AutoRun\command - G:\njibyekk.com
\Shell\explore\Command - G:\njibyekk.com
\Shell\open\Command - G:\njibyekk.com

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{dd601476-58dc-11dd-bc87-0013eff144c6}]
\Shell\AutoRun\command - d6fagcs8.cmd
\Shell\explore\Command - d6fagcs8.cmd
\Shell\open\Command - d6fagcs8.cmd
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-kamsoft - C:\WINDOWS\system32\ckvo.exe
Notify-gebcccb - gebcccb.dll
MSConfigStartUp-Load - C:\WINDOWS\svchost.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com.bo/
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://www.yahoo.com/
O8 -: Download All by FlashGet - C:\Archivos de programa\FlashGet\jc_all.htm
O8 -: Download using FlashGet - C:\Archivos de programa\FlashGet\jc_link.htm
O8 -: E&xportar a Microsoft Excel - C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O17 -: HKLM\CCS\Interface\{0FC746A4-DF12-43BF-8823-211DD7322F1C}: NameServer = 200.87.100.10,166.114.224.10


************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-30 00:40:02
Windows 5.1.2600 Service Pack 2 FAT NTAPI

escaneando procesos ocultos ...

escaneando entradas ocultas de autostart ...

escaneando archivos ocultos ...

el escaneo se completo con exito
archivos ocultos: 0