| Re: nuevo rootkit detectado en cada reinicio
buena aqui va el log del combofix:
ComboFix 08-05-01.1 - Pablo 2008-05-02 13:42:18.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.3082.18.1266 [GMT 2:00]
Se ejecuta desde: C:\Users\Pablo\Desktop\ComboFix.exe
* Creado un nuevo punto de restauración
* Resident AV is active
.
(((((((((((((((((( Archivos creados desde 2008-04-02 - 2008-05-02 )))))))))))))))))))))))))))))))))
.
2008-05-01 22:54 . 2008-05-01 22:54 0 --ah----- C:\Users\Default.LOG2
2008-05-01 22:54 . 2008-05-01 22:54 0 --ah----- C:\Users\Default.LOG1
2008-05-01 22:54 . 2008-05-01 22:54 0 --ah----- C:\ProgramData.LOG2
2008-05-01 22:54 . 2008-05-01 22:54 0 --ah----- C:\ProgramData.LOG1
2008-05-01 18:05 . 2008-05-01 18:05 54,156 --ah----- C:\Windows\QTFont.qfn
2008-05-01 18:05 . 2008-05-01 18:05 1,409 --a------ C:\Windows\QTFont.for
2008-05-01 17:08 . 2008-05-01 17:08 <DIR> d-------- C:\Program Files\FontUtilities
2008-05-01 17:05 . 2008-05-01 17:05 <DIR> d-------- C:\Users\Pablo\AppData\Roaming\Typograf
2008-05-01 17:00 . 2008-05-01 17:08 <DIR> d-------- C:\Program Files\Typograf
2008-05-01 16:59 . 2008-05-01 17:13 <DIR> d-------- C:\Program Files\AMP Font Viewer
2008-05-01 16:21 . 2008-05-01 16:43 <DIR> d-------- C:\Program Files\OLYMPUS
2008-05-01 16:18 . 2008-05-01 16:18 244 --ah----- C:\sqmnoopt19.sqm
2008-05-01 02:51 . 2008-05-01 02:51 <DIR> d-------- C:\Users\Pablo\AppData\Roaming\Extensis
2008-05-01 02:51 . 2008-05-01 11:45 <DIR> d-------- C:\Users\All Users\Extensis
2008-05-01 02:51 . 2008-05-01 11:45 <DIR> d-------- C:\ProgramData\Extensis
2008-05-01 01:41 . 2008-05-01 01:41 <DIR> d-------- C:\Program Files\IDT
2008-05-01 01:41 . 2007-09-05 21:24 1,900,544 --a------ C:\Windows\System32\stlang.dll
2008-05-01 01:41 . 2007-09-05 21:25 204,800 --a------ C:\Windows\System32\stacsv.exe
2008-04-30 23:36 . 2008-05-01 00:02 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-04-30 23:36 . 2008-05-01 00:02 <DIR> d-------- C:\ProgramData\Lavasoft
2008-04-30 23:25 . 2008-04-30 23:25 164 --a------ C:\install.dat
2008-04-30 21:18 . 2008-05-01 01:03 <DIR> d-------- C:\Program Files\IrfanView
2008-04-30 21:16 . 2008-04-30 21:16 <DIR> d-------- C:\Users\Pablo\AppData\Roaming\TuneUp Software
2008-04-30 21:16 . 2008-04-30 21:16 <DIR> d-------- C:\Users\All Users\TuneUp Software
2008-04-30 21:16 . 2008-04-30 21:16 <DIR> d-------- C:\ProgramData\TuneUp Software
2008-04-30 21:16 . 2008-04-30 21:16 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-04-30 21:16 . 2008-04-30 21:16 354,560 --a------ C:\Windows\System32\TuneUpDefragService.exe
2008-04-30 21:16 . 2008-04-04 14:51 28,416 --a------ C:\Windows\System32\uxtuneup.dll
2008-04-30 21:16 . 2008-04-04 14:51 16,640 --a------ C:\Windows\System32\authuitu.dll
2008-04-30 21:15 . 2008-05-01 22:59 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-29 15:11 . 2008-05-01 22:37 250 --a------ C:\Windows\gmer.ini
2008-04-29 15:08 . 2008-04-29 15:08 <DIR> d-------- C:\Users\All Users\Grisoft
2008-04-29 15:08 . 2008-04-29 15:08 <DIR> d-------- C:\ProgramData\Grisoft
2008-04-29 14:02 . 2008-04-29 14:02 <DIR> d-------- C:\Users\Pablo\Pavark
2008-04-27 20:25 . 2008-04-27 20:25 <DIR> d-------- C:\Windows\System32\Kaspersky Lab
2008-04-27 20:25 . 2008-04-27 20:25 <DIR> d-------- C:\Users\All Users\Kaspersky Lab
2008-04-27 20:25 . 2008-04-27 20:25 <DIR> d-------- C:\ProgramData\Kaspersky Lab
2008-04-27 17:20 . 2008-04-30 11:43 <DIR> d-------- C:\Program Files\Sophos
2008-04-27 17:19 . 2007-01-18 14:00 3,968 --a------ C:\Windows\System32\drivers\AvgArCln.sys
2008-04-27 16:12 . 2008-04-27 16:12 <DIR> d-------- C:\Program Files\FileASSASSIN
2008-04-27 16:11 . 2008-04-26 05:40 <DIR> d-------- C:\SDFix
2008-04-27 01:23 . 2008-05-01 18:39 <DIR> d-------- C:\Users\All Users\FLEXnet
2008-04-27 01:23 . 2008-05-01 18:39 <DIR> d-------- C:\ProgramData\FLEXnet
2008-04-27 01:19 . 2008-04-27 01:19 <DIR> d-------- C:\Users\All Users\ALM
2008-04-27 01:19 . 2008-04-27 01:19 <DIR> d-------- C:\ProgramData\ALM
2008-04-26 23:15 . 2008-04-26 23:15 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-04-26 21:51 . 2008-04-26 21:51 204,812 --a------ C:\Windows\Win32install.exe
2008-04-25 12:39 . 2008-05-01 22:35 <DIR> d-------- C:\Program Files\BASpeed 2008
2008-04-24 18:55 . 2008-05-01 16:18 232 --ah----- C:\sqmdata00.sqm
2008-04-24 11:52 . 2008-04-24 13:20 <DIR> d-------- C:\Program Files\Valve Hammer Editor
2008-04-23 14:47 . 2008-04-23 14:52 38 --a------ C:\Windows\camcodec100.ini
2008-04-23 14:46 . 2003-03-13 12:51 51,200 --a------ C:\Windows\System32\camcodec.dll
2008-04-23 14:46 . 2003-03-13 12:51 1,461 --a------ C:\Windows\System32\drivers\camcodec.inf
2008-04-23 10:37 . 2008-04-23 10:37 <DIR> d-------- C:\Program Files\QuickTime
2008-04-23 10:33 . 2008-04-23 10:33 <DIR> d-------- C:\Users\All Users\Apple
2008-04-23 10:33 . 2008-04-23 10:33 <DIR> d-------- C:\ProgramData\Apple
2008-04-22 14:07 . 2008-04-22 14:07 <DIR> d-------- C:\Users\Pablo\AppData\Roaming\Corel
2008-04-22 14:07 . 2008-04-22 14:07 1,056 --ahs---- C:\Windows\System32\KGyGaAvL.sys
2008-04-22 14:07 . 2008-04-22 14:07 8 -r-hs---- C:\Windows\System32\AAE1A19528.sys
2008-04-22 14:01 . 2008-04-22 14:01 <DIR> d-------- C:\Users\All Users\Corel
2008-04-22 14:01 . 2008-04-22 14:01 <DIR> d-------- C:\ProgramData\Corel
2008-04-22 14:01 . 2008-04-22 14:01 <DIR> d-------- C:\Program Files\Corel
2008-04-19 21:26 . 2008-04-24 20:48 <DIR> d-------- C:\Program Files\Pixtra
2008-04-19 21:26 . 2007-09-02 23:42 81,920 --------- C:\Windows\System32\PanoScreen.scr
2008-04-19 21:26 . 2001-03-20 00:35 24,576 --------- C:\Windows\System32\ypwp87a.dll
2008-04-19 18:06 . 2008-04-19 18:06 <DIR> d-------- C:\Program Files\PanaVue
2008-04-19 17:23 . 2008-04-19 22:12 <DIR> d-------- C:\Program Files\Yahoo!
2008-04-19 17:09 . 2008-04-26 16:09 <DIR> d-------- C:\Users\Pablo\AppData\Roaming\WTablet
2008-04-09 19:40 . 2008-02-22 04:50 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-04-08 21:49 . 2008-04-09 01:15 <DIR> d-------- C:\Program Files\Peter's XML Editor
2008-04-08 21:46 . 2008-04-09 19:16 <DIR> d-------- C:\Users\Pablo\AppData\Roaming\Open XML Editor
2008-04-08 21:46 . 2008-04-09 19:16 <DIR> d-------- C:\Program Files\Open XML Editor 1.4
2008-04-08 21:31 . 1999-10-30 01:00 167,936 --a------ C:\Windows\System32\ccrpftv6.ocx
2008-04-08 21:31 . 2001-02-23 18:12 102,400 --a------ C:\Windows\System32\MRActLabel.ocx
2008-04-08 21:31 . 2000-10-11 18:07 98,304 --a------ C:\Windows\System32\ccrpUCW6.dll
2008-04-08 21:31 . 2000-10-11 18:18 98,304 --a------ C:\Windows\System32\ccrpDtp6.ocx
2008-04-08 21:31 . 2001-07-05 15:05 40,448 --a------ C:\Windows\System32\dsofile.dll
2008-04-08 01:03 . 2008-04-08 01:03 <DIR> d-------- C:\Users\Pablo\AppData\Roaming\Alien Skin
2008-04-05 23:47 . 2008-04-05 23:47 <DIR> d-------- C:\Users\Pablo\AppData\Roaming\MAGIX
2008-04-05 23:47 . 2008-04-05 23:47 <DIR> d-------- C:\Users\All Users\MAGIX
2008-04-05 23:47 . 2008-04-05 23:47 <DIR> d-------- C:\ProgramData\MAGIX
2008-04-05 23:47 . 2008-04-05 23:47 <DIR> d-------- C:\Program Files\WMV9_VCM
2008-04-05 23:47 . 2003-04-18 15:29 44,544 --a------ C:\Windows\System32\msxml4a.dll
2008-04-05 23:46 . 2008-04-05 23:46 <DIR> d-------- C:\Users\All Users\Xara
2008-04-05 23:46 . 2008-04-05 23:46 <DIR> d-------- C:\ProgramData\Xara
2008-04-05 23:46 . 2007-04-27 09:43 120,200 --a------ C:\Windows\System32\DLLDEV32i.dll
2008-04-05 23:45 . 2008-04-05 23:47 <DIR> d-------- C:\Windows\System32\MAGIX
2008-04-05 23:45 . 2007-12-04 14:20 700,416 --a------ C:\Windows\System32\mgxoschk.dll
2008-04-05 23:45 . 2008-04-05 23:45 5,937 --a------ C:\Windows\mgxoschk.ini
.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2008-05-02 11:40 --------- d-----w C:\Users\Pablo\AppData\Roaming\uTorrent
2008-05-02 11:40 --------- d-----w C:\Users\Pablo\AppData\Roaming\MxBoost
2008-05-02 09:41 --------- d-----w C:\Program Files\eMule
2008-05-01 10:04 935 ----a-w C:\Windows\system32\drivers\stwrte.log
2008-05-01 09:56 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-04-30 12:48 --------- d-----w C:\Program Files\Team Fortress 2
2008-04-30 09:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-28 14:30 --------- d-----w C:\Program Files\Opera
2008-04-28 14:13 --------- d-----w C:\Program Files\FactuSol 2000
2008-04-27 15:01 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-26 23:18 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-24 16:05 --------- d-----w C:\Program Files\ESET
2008-04-23 10:53 --------- d---a-w C:\ProgramData\TEMP
2008-04-23 08:37 --------- d-----w C:\ProgramData\Apple Computer
2008-04-23 08:33 --------- d-----w C:\Program Files\Apple Software Update
2008-04-14 21:44 --------- d-----w C:\Program Files\Pinnacle
2008-04-09 18:17 --------- d-----w C:\Program Files\Windows Mail
2008-04-09 17:56 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-05 21:47 --------- d-----w C:\Program Files\Common Files\Xara
2008-04-05 21:46 --------- d-----w C:\Program Files\Xara
2008-04-04 09:51 --------- d-----w C:\Program Files\Samurize
2008-04-01 10:51 --------- d-----w C:\Program Files\sXe Injected
2008-03-31 13:03 --------- d-----w C:\Program Files\Maxthon2
2008-03-28 20:45 --------- d-----w C:\Program Files\Counter-Strike Source
2008-03-24 00:44 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_ 00_00.Wdf
2008-03-23 22:48 --------- d-----w C:\Program Files\VTFEdit2
2008-03-22 23:54 --------- d-----w C:\Program Files\7-Zip
2008-03-22 01:26 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_ 00.Wdf
2008-03-21 16:31 --------- d-----w C:\Program Files\MSN Messenger
2008-03-19 18:40 --------- d-----w C:\Program Files\TOSHIBA
2008-03-19 16:33 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-03-19 16:33 --------- d-----w C:\Program Files\Realtek
2008-03-19 16:18 174 --sha-w C:\Program Files\desktop.ini
2008-03-19 16:06 --------- d-----w C:\Program Files\Windows Sidebar
2008-03-19 16:06 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-03-19 16:06 --------- d-----w C:\Program Files\Windows Defender
2008-03-19 16:06 --------- d-----w C:\Program Files\Windows Collaboration
2008-03-19 16:06 --------- d-----w C:\Program Files\Windows Calendar
2008-03-19 14:50 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-03-19 14:50 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-03-19 10:41 --------- d-----w C:\ProgramData\XP
2008-03-19 10:41 --------- d-----w C:\ProgramData\Vista64
2008-03-18 13:07 --------- d-----w C:\Program Files\CCleaner
2008-03-16 23:24 --------- d-----w C:\ProgramData\ATI
2008-03-16 23:12 --------- d-----w C:\Program Files\ATI Technologies
2008-03-11 11:07 --------- d-----w C:\Program Files\Imperivm Civitas II
2008-03-09 13:52 674,600 ----a-w C:\Windows\System32\pbsvc.exe
2008-03-09 13:51 22,328 ----a-w C:\Users\Pablo\AppData\Roaming\PnkBstrK.sys
2008-03-06 18:07 --------- d-----w C:\Users\Pablo\AppData\Roaming\Ubisoft
2008-03-06 18:07 --------- d-----w C:\ProgramData\Ubisoft
2008-03-06 17:33 --------- d-----w C:\Program Files\Ubisoft
2008-03-06 17:28 --------- d-----w C:\ProgramData\Media Center Programs
2008-03-02 22:56 --------- d-----w C:\Users\Pablo\AppData\Roaming\GameServerBrowser
2008-03-02 22:56 --------- d-----w C:\ProgramData\GameServerBrowser
2008-03-02 13:17 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe
2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 04:21 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-22 05:05 615,992 ----a-w C:\Windows\System32\ci.dll
2008-02-22 05:01 826,880 ----a-w C:\Windows\System32\wininet.dll
2008-02-22 04:57 295,936 ----a-w C:\Windows\System32\gdi32.dll
2008-02-03 16:51 9,728 ----a-w C:\Windows\System32\ftlx041e.dll
2008-02-03 16:51 9,216 ----a-w C:\Windows\System32\ftlx0411.dll
2008-02-03 16:51 296,960 ----a-w C:\Windows\winhlp32.exe
2008-02-03 16:51 194,560 ----a-w C:\Windows\System32\ftsrch.dll
2008-01-19 07:33 204,812 --sh--r C:\Windows\System32\websploit.exe
.
((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"PMCLoader"="C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe" [2007-07-26 12:28 105544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-13 07:11 4489216 C:\Windows\RtHDVCpl.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-04-25 13:18 174872]
"IaNvSrv"="C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-07-24 19:00 33304]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 06:00 204800]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-12-21 01:30 949376]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [2007-11-01 00:01 54608]
"00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-10-11 15:02 712704]
"KeNotify"="C:\Program Files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 18:14 34352]
"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-10-11 19:02 431456]
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-11 02:45 1033512]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"msacm.divxa32"= divxa32.acm
"VIDC.CSCD"= camcodec.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WebrootSpySweeperService]
@=""
[HKLM\~\startupfolder\C:^Users^Pablo^AppData^Roamin g^Microsoft^Windows^Start Menu^Programs^Startup^LinkStash.lnk]
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
--a------ 2008-01-19 09:33 125952 C:\Windows\ehome\ehTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
--a------ 2007-08-30 11:50 205480 C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LinkStashMonitor]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
--a------ 2007-09-12 11:20 63048 C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCLoader]
--a------ 2007-07-26 12:28 105544 C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-19 09:38 1008184 C:\Program Files\Windows Defender\MSASCui.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
"ehTray.exe"=C:\Windows\ehome\ehTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"Windows Mobile Device Center"=%windir%\WindowsMobile\wmdc.exe
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
"ControlCenter3"=C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
"BrMfcWnd"=C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiSpywareOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3096845840-3661491298-2848018502-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{C6B075EE-DBA2-42B0-94F6-5BBA52CA1B36}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{5E081B3C-C655-4DEA-B648-35F8901A7F0A}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{3BF871AE-7668-4ECF-BA01-E70E87167FFD}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{3EEB4CB4-AAC2-4AD3-BF05-E240AC1C50C8}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{00DF0D12-31C9-46E7-9C8D-FE9E164839DD}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{B0B66535-ED7F-4934-887C-04DD52865470}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{D64BE65A-2AB4-4C26-8F07-3EA4441C3237}"= UDP:C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2
"{72DEE70A-9E0D-4F0E-ADEE-69D18F607AC6}"= TCP:C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2
"{40EAA753-9117-49F2-B1F8-4056CD828D0C}"= UDP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{431E001B-B3CF-485E-A251-F210695365F5}"= TCP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{90E5A753-AEB5-4370-8D33-1730FCE70B03}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{5DEFE465-18A6-41AC-9F5E-016842E89CD8}C:\\program files\\codemasters\\dirt\\dirt.exe"= UDP:C:\program files\codemasters\dirt\dirt.exe:DiRT Executable
"UDP Query User{F2E1367E-F660-4080-81B4-B7D15D4A3089}C:\\program files\\codemasters\\dirt\\dirt.exe"= TCP:C:\program files\codemasters\dirt\dirt.exe:DiRT Executable
"TCP Query User{235801B1-F15E-4192-9F85-36DC90809CB7}C:\\program files\\codemasters\\dirt\\dirt.exe"= UDP:C:\program files\codemasters\dirt\dirt.exe:DiRT Executable
"UDP Query User{975BC4B4-AC3C-4322-AAB1-A806510FE866}C:\\program files\\codemasters\\dirt\\dirt.exe"= TCP:C:\program files\codemasters\dirt\dirt.exe:DiRT Executable
"TCP Query User{E5F64B86-395D-4701-9DE4-7C459307849A}C:\\program files\\sega\\outrun2006 coast 2 coast\\or2006c2c.exe"= UDP:C:\program files\sega\outrun2006 coast 2 coast\or2006c2c.exe:OR2006C2C
"UDP Query User{9D495D60-C905-4770-BAAE-049BB9B1A37C}C:\\program files\\sega\\outrun2006 coast 2 coast\\or2006c2c.exe"= TCP:C:\program files\sega\outrun2006 coast 2 coast\or2006c2c.exe:OR2006C2C
"TCP Query User{1B2812A5-303E-421D-8C18-0E56D48AE9C9}C:\\program files\\flashget\\flashget.exe"= UDP:C:\program files\flashget\flashget.exe:FlashGet
"UDP Query User{FFEEFF3C-430A-4808-BE41-8F9C4ECBE5B3}C:\\program files\\flashget\\flashget.exe"= TCP:C:\program files\flashget\flashget.exe:FlashGet
"TCP Query User{8A3EEA65-6239-4BD7-823F-C630070B1C30}C:\\program files\\aspyr\\guitar hero iii\\gh3.exe"= UDP:C:\program files\aspyr\guitar hero iii\gh3.exe:Guitar Hero III
"UDP Query User{5F632113-B773-4EFF-940B-F0B507894BD4}C:\\program files\\aspyr\\guitar hero iii\\gh3.exe"= TCP:C:\program files\aspyr\guitar hero iii\gh3.exe:Guitar Hero III
"TCP Query User{95BA8230-F723-4117-82D4-F22EC20155B3}C:\\program files\\maxthon2\\maxthon.exe"= UDP:C:\program files\maxthon2\maxthon.exe:Maxthon Browser
"UDP Query User{64616A42-257E-43C4-877D-F9F8FD391BC6}C:\\program files\\maxthon2\\maxthon.exe"= TCP:C:\program files\maxthon2\maxthon.exe:Maxthon Browser
"TCP Query User{3D83D148-08CF-4CA0-AC60-1EF8F955FB8F}C:\\program files\\videolan\\vlc\\vlc.exe"= UDP:C:\program files\videolan\vlc\vlc.exe:VLC media player
"UDP Query User{AFB174A2-826F-401C-9207-2C8FEF11E3F4}C:\\program files\\videolan\\vlc\\vlc.exe"= TCP:C:\program files\videolan\vlc\vlc.exe:VLC media player
"{FE7793F1-CA06-4CE4-8FA6-2196CA95CB25}"= UDP:C:\Program Files\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe:Supreme Commander
"{394197B6-0976-4A99-8419-B90BF7E3D4CC}"= TCP:C:\Program Files\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe:Supreme Commander
"{9C6866B3-31C0-4996-A2E7-0A8C247EB5BC}"= UDP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
"{2F49CF6A-7510-4364-B525-5C06CC6C106C}"= TCP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
"{18DC1777-24EA-4543-9E29-1A353E23C753}"= UDP:C:\Program Files\Ubisoft\THE SETTLERS - Construye tu Imperio\base\bin\Settlers6.exe:THE SETTLERS - Construye tu Imperio
"{893B7875-49FC-4C22-96DA-90AD9049FFED}"= TCP:C:\Program Files\Ubisoft\THE SETTLERS - Construye tu Imperio\base\bin\Settlers6.exe:THE SETTLERS - Construye tu Imperio
"TCP Query User{57A0A159-B370-4382-AC21-BE994E881D8B}C:\\users\\pablo\\desktop\\emule\\emu le.exe"= UDP:C:\users\pablo\desktop\emule\emule.exe:emule.e xe
"UDP Query User{29F47B94-E1FD-48C3-BBF9-A1EFE2F76A67}C:\\users\\pablo\\desktop\\emule\\emu le.exe"= TCP:C:\users\pablo\desktop\emule\emule.exe:emule.e xe
"{25D8CC85-11F6-431E-87F8-C72D5AA3FED1}"= UDP:C:\Program Files\THQ\Juiced2_HIN\Juiced2_HIN.exe:Juiced2_HIN
"{D3E3D680-9980-4554-8F38-13AA2C8F5C47}"= TCP:C:\Program Files\THQ\Juiced2_HIN\Juiced2_HIN.exe:Juiced2_HIN
"TCP Query User{6E97794B-0519-4BD2-9FF8-D7C725C6457B}C:\\program files\\activision value\\soldier of fortune payback\\sof3.exe"= UDP:C:\program files\activision value\soldier of fortune payback\sof3.exe:sof3
"UDP Query User{80D26EF1-A13F-4306-A0A3-B0F961D8975E}C:\\program files\\activision value\\soldier of fortune payback\\sof3.exe"= TCP:C:\program files\activision value\soldier of fortune payback\sof3.exe:sof3
"TCP Query User{33A94E62-BE9E-412C-BF56-D6F911FE87A4}C:\\program files\\uaz racing 4x4\\uaz4x4.exe"= UDP:C:\program files\uaz racing 4x4\uaz4x4.exe:UAZ 4x4
"UDP Query User{962549B6-27E9-458D-A42C-265944EF14E0}C:\\program files\\uaz racing 4x4\\uaz4x4.exe"= TCP:C:\program files\uaz racing 4x4\uaz4x4.exe:UAZ 4x4
"TCP Query User{64C93039-E85A-451D-9625-8FDCB5509AF5}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{A73496BD-E876-4E5F-B030-FCE54ADBDEB1}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{C5676F67-0FA5-46F5-90D4-C5C7F2E1DE2A}C:\\users\\pablo\\desktop\\counter-strike source\\hl2.exe"= UDP:C:\users\pablo\desktop\counter-strike source\hl2.exe:hl2.exe
"UDP Query User{36868FE6-4D8E-4A41-928B-17DAC1C12E56}C:\\users\\pablo\\desktop\\counter-strike source\\hl2.exe"= TCP:C:\users\pablo\desktop\counter-strike source\hl2.exe:hl2.exe
"TCP Query User{09AA7AFB-04BD-4819-9D96-A669700482CE}C:\\program files\\counter-strike source\\hl2.exe"= UDP:C:\program files\counter-strike source\hl2.exe:hl2
"UDP Query User{3E2EB070-B4B4-4FAC-A2FA-53D4512267C2}C:\\program files\\counter-strike source\\hl2.exe"= TCP:C:\program files\counter-strike source\hl2.exe:hl2
"TCP Query User{F9C6A091-A52E-4D0A-A385-BA8AE81E2BA8}C:\\program files\\counter-strike source\\hl2.exe"= UDP:C:\program files\counter-strike source\hl2.exe:hl2
"UDP Query User{0DA64399-A8EE-49C5-9F17-9D37565D216B}C:\\program files\\counter-strike source\\hl2.exe"= TCP:C:\program files\counter-strike source\hl2.exe:hl2
"TCP Query User{1844EE5A-8299-465C-AF84-B0A135A79BD1}C:\\program files\\battlestations midway\\battlestationsmidway.exe"= UDP:C:\program files\battlestations midway\battlestationsmidway.exe:Battlestationsmidw ay
"UDP Query User{F3B5FC88-BCE4-4055-9CEA-22443D81974A}C:\\program files\\battlestations midway\\battlestationsmidway.exe"= TCP:C:\program files\battlestations midway\battlestationsmidway.exe:Battlestationsmidw ay
"TCP Query User{C286377C-919A-4BE4-B89E-9F8FC26A424C}C:\\program files\\counter-strike 1.6 v31\\hltv.exe"= UDP:C:\program files\counter-strike 1.6 v31\hltv.exe:HLTV Launcher
"UDP Query User{1BF5819F-2E6A-4EBE-82A4-E7ADE7952C6F}C:\\program files\\counter-strike 1.6 v31\\hltv.exe"= TCP:C:\program files\counter-strike 1.6 v31\hltv.exe:HLTV Launcher
"TCP Query User{DF4EBEC0-786A-4E80-8ABA-1001C5213D2A}C:\\program files\\counter-strike 1.6 v31\\hlds.exe"= UDP:C:\program files\counter-strike 1.6 v31\hlds.exe:HLDS Launcher
"UDP Query User{85FC2923-B390-4395-B16D-675A34001CB1}C:\\program files\\counter-strike 1.6 v31\\hlds.exe"= TCP:C:\program files\counter-strike 1.6 v31\hlds.exe:HLDS Launcher
"TCP Query User{1D46A050-978C-4B9C-86A9-05F96550E6A2}C:\\program files\\america's army\\system\\armyops.exe"= UDP:C:\program files\america's army\system\armyops.exe:ArmyOps
"UDP Query User{B68E469F-F89C-4799-A9D4-77CCDF9507BD}C:\\program files\\america's army\\system\\armyops.exe"= TCP:C:\program files\america's army\system\armyops.exe:ArmyOps
"{7D989436-4D72-4E8F-8291-F61F21FA24E0}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{D7DF2ABB-A9EF-4A6E-9DB9-78770DFC2735}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{8E410282-73A5-4502-BB57-E5818FAF0D8B}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{9D6851A8-6604-4167-AC8C-1AC1A74F9D21}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{4504D12A-37B3-44B5-BFAA-D0D43CFA6698}C:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= UDP:C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp
"UDP Query User{0D832BBB-721F-49E5-8C05-CE0D32E22C8B}C:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= TCP:C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp
"{A96AAB35-B88E-4DB5-981D-8E14221763E2}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:Render Manager
"{FB61922C-F249-4518-8EC9-9D5B67D3F47E}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:Render Manager
"{3515E535-760F-472F-A142-01217280B4C1}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:Studio
"{CBFA5FDD-B1C1-44E8-A05F-A6506DCC9EF8}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:Studio
"{0D2E8799-0257-4CF6-9337-6897929B3FFD}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:PMSRegisterFile
"{7A9D49E4-B907-41E7-B1A0-3EFC0AE49D7A}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:PMSRegisterFile
"{E0309A3B-7B4C-474A-BA66-76716E156E8B}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:umi
"{7DC05C5F-D8FE-439F-AE0C-552C6972C8D8}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:umi
"{766F0D3D-12F2-42CA-8734-0726B4F4D1CE}"= UDP:C:\Program Files\Counter-Strike Source\srcds.exe:Counter-Strike Source Server
"{2AD7DE3A-09CC-429A-8C06-B0A8FDA8CEE4}"= TCP:C:\Program Files\Counter-Strike Source\srcds.exe:Counter-Strike Source Server
"TCP Query User{03662457-05B3-4410-B3FE-51C18625C312}C:\\program files\\nusphere\\phpdock\\phpdock.exe"= UDP:C:\program files\nusphere\phpdock\phpdock.exe:PHPDock
"UDP Query User{E696CE08-5A49-4C59-9C0D-8E99970B390C}C:\\program files\\nusphere\\phpdock\\phpdock.exe"= TCP:C:\program files\nusphere\phpdock\phpdock.exe:PHPDock
"TCP Query User{6DB49E1A-9029-472D-9BBA-8DF45CDABD41}C:\\program files\\scriptviewer\\scriptviewer.exe"= UDP:C:\program files\scriptviewer\scriptviewer.exe:ScriptViewer
"UDP Query User{581DD59C-6E11-42BB-A31F-E135847AB62E}C:\\program files\\scriptviewer\\scriptviewer.exe"= TCP:C:\program files\scriptviewer\scriptviewer.exe:ScriptViewer
"TCP Query User{9070A341-4006-443E-9B8F-098097C3311F}C:\\wamp\\bin\\apache\\apache2.2.6\\b in\\httpd.exe"= UDP:C:\wamp\bin\apache\apache2.2.6\bin\httpd.exe:A pache HTTP Server
"UDP Query User{1DDF03D5-6546-4E02-9F30-75446B0BE054}C:\\wamp\\bin\\apache\\apache2.2.6\\b in\\httpd.exe"= TCP:C:\wamp\bin\apache\apache2.2.6\bin\httpd.exe:A pache HTTP Server
"{5ECD8FF7-E987-42BB-8DB2-0132522D9566}"= UDP:C:\Program Files\SEGA\SEGA Rally\SEGA Rally.exe:SEGA Rally
"{9CD5A3FF-0D24-45C9-A039-5D6BE0035479}"= TCP:C:\Program Files\SEGA\SEGA Rally\SEGA Rally.exe:SEGA Rally
"{EE980DF6-602B-4F3E-A75C-2FD68AFB7947}"= UDP:C:\Program Files\SEGA\SEGA Rally\SEGA Rally_SSE1.exe:SEGA Rally
"{204E5631-6118-4FC0-BFD0-A2E95DE7C87D}"= TCP:C:\Program Files\SEGA\SEGA Rally\SEGA Rally_SSE1.exe:SEGA Rally
"TCP Query User{F11217CA-0143-4B7E-9E7F-9A3BA65774C4}C:\\program files\\counter-strike 1.6\\hlds.exe"= UDP:C:\program files\counter-strike 1.6\hlds.exe:HLDS Launcher
"UDP Query User{47136988-71B7-4CB7-AF3E-535930E32F75}C:\\program files\\counter-strike 1.6\\hlds.exe"= TCP:C:\program files\counter-strike 1.6\hlds.exe:HLDS Launcher
"TCP Query User{5818F954-F5A6-4297-B4E4-BCF6D9EF904C}C:\\program files\\counter-strike source\\srcds.exe"= UDP:C:\program files\counter-strike source\srcds.exe:srcds
"UDP Query User{380C5FBD-AAC5-44D0-BB0B-73EFC077540E}C:\\program files\\counter-strike source\\srcds.exe"= TCP:C:\program files\counter-strike source\srcds.exe:srcds
"TCP Query User{7445F6C9-EFF2-4E7C-8680-617C04A46960}C:\\program files\\cs source dedicated server\\dedicated server\\srcds.exe"= UDP:C:\program files\cs source dedicated server\dedicated server\srcds.exe:srcds
"UDP Query User{E0AE021A-3960-4E29-8EC6-A539FC8DCF1C}C:\\program files\\cs source dedicated server\\dedicated server\\srcds.exe"= TCP:C:\program files\cs source dedicated server\dedicated server\srcds.exe:srcds
"TCP Query User{72864D0C-7BF1-4552-908C-38535B69AB47}C:\\program files\\hlsw\\hlsw.exe"= UDP:C:\program files\hlsw\hlsw.exe:HLSW Application
"UDP Query User{E3D087DC-BF23-4991-9EF2-FE6E1F52B007}C:\\program files\\hlsw\\hlsw.exe"= TCP:C:\program files\hlsw\hlsw.exe:HLSW Application
"TCP Query User{898773B5-4493-4CE8-B813-BD2A36EF0382}C:\\srcds - copia\\srcds.exe"= UDP:C:\srcds - copia\srcds.exe:srcds
"UDP Query User{F3521015-00EC-44A4-81EB-48CAFB969F9C}C:\\srcds - copia\\srcds.exe"= TCP:C:\srcds - copia\srcds.exe:srcds
"TCP Query User{1850BB13-6A65-49C3-92D1-F1EB4D6C7AD8}C:\\srcds - copia\\srcds.exe"= UDP:C:\srcds - copia\srcds.exe:srcds
"UDP Query User{7644F290-A660-4294-9793-8A95DD5E29A7}C:\\srcds - copia\\srcds.exe"= TCP:C:\srcds - copia\srcds.exe:srcds
"TCP Query User{ED4942E2-7FA6-46EF-A925-47142AAD03A8}C:\\program files\\day of defeat source\\hl2.exe"= UDP:C:\program files\day of defeat source\hl2.exe:hl2
"UDP Query User{A742B248-C43A-4351-A1F1-2C0FC33D1B42}C:\\program files\\day of defeat source\\hl2.exe"= TCP:C:\program files\day of defeat source\hl2.exe:hl2
"TCP Query User{D0505269-9CB9-4DB9-8828-64C22919F6F2}C:\\srcds\\srcds.exe"= UDP:C:\srcds\srcds.exe:srcds
"UDP Query User{77288E43-D6D8-466C-A6F1-160CA12B6117}C:\\srcds\\srcds.exe"= TCP:C:\srcds\srcds.exe:srcds
"TCP Query User{C933739B-3A7E-4731-948D-04ACABF98800}C:\\program files\\cs source dedicated server\\dedicated server\\srcds.exe"= UDP:C:\program files\cs source dedicated server\dedicated server\srcds.exe:srcds
"UDP Query User{789199AA-08E6-4656-BF9A-C72B04C0D396}C:\\program files\\cs source dedicated server\\dedicated server\\srcds.exe"= TCP:C:\program files\cs source dedicated server\dedicated server\srcds.exe:srcds
"TCP Query User{D3559C88-D52F-4584-93EA-4603BCA36DBF}C:\\srcds\\srcds.exe"= UDP:C:\srcds\srcds.exe:srcds
"UDP Query User{8855985A-C086-447C-B36A-BBC0B90E421A}C:\\srcds\\srcds.exe"= TCP:C:\srcds\srcds.exe:srcds
"TCP Query User{28843465-3C60-420C-9461-2871B1D589FB}C:\\program files\\counter-strike\\hl.exe"= UDP:C:\program files\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{10BFFEE5-B012-4305-9FC1-71CBE6BCE090}C:\\program files\\counter-strike\\hl.exe"= TCP:C:\program files\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{1853F952-87B8-4358-9931-1608FE719791}C:\\program files\\counter-strike\\hlds.exe"= UDP:C:\program files\counter-strike\hlds.exe:HLDS Launcher
"UDP Query User{21F4679E-577F-4170-A1AB-427A3C8B925A}C:\\program files\\counter-strike\\hlds.exe"= TCP:C:\program files\counter-strike\hlds.exe:HLDS Launcher
"TCP Query User{2E725727-F3AB-4362-8576-B6203EF73FFD}C:\\program files\\counter-strike\\hl.exe"= UDP:C:\program files\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{E64B49DE-F2E5-408F-80E0-C32E17BADB12}C:\\program files\\counter-strike\\hl.exe"= TCP:C:\program files\counter-strike\hl.exe:Half-Life Launcher
"{7AA864BD-E8CA-408F-A6D0-180F893B02D0}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{E8CAEB2A-39E5-41AA-8BCF-83E2E3F12759}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{ED8F3082-F046-4244-9468-C8C7123B120C}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe :CrysisDedicatedServer_32
"{BB5AD67B-FEB3-48D6-8685-8DBE94D450FD}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe :CrysisDedicatedServer_32
"TCP Query User{9FE6F096-0626-4E5B-B4FD-EE48552E8B5C}C:\\program files\\counter-strike\\hlds.exe"= UDP:C:\program files\counter-strike\hlds.exe:HLDS Launcher
"UDP Query User{639303B2-9720-4485-8AB8-476A4189CF28}C:\\program files\\counter-strike\\hlds.exe"= TCP:C:\program files\counter-strike\hlds.exe:HLDS Launcher
"TCP Query User{3920D77D-44E5-4AB9-B341-6F448DBA6F46}D:\\srcds - original\\srcds.exe"= UDP:D:\srcds - original\srcds.exe:srcds
"UDP Query User{AFE1A276-E3AD-4734-90B6-761A85D88EA6}D:\\srcds - original\\srcds.exe"= TCP:D:\srcds - original\srcds.exe:srcds
"TCP Query User{3E617DD7-7E61-45D9-9EB2-1B64C13A4272}C:\\program files\\ubisoft\\tom clancy's rainbow six vegas\\binaries\\r6vegas_game.exe"= UDP:C:\program files\ubisoft\tom clancy's rainbow six vegas\binaries\r6vegas_game.exe:R6Vegas_Game
"UDP Query User{5E835BB6-45AB-4711-B684-54F8D5AE7AE5}C:\\program files\\ubisoft\\tom clancy's rainbow six vegas\\binaries\\r6vegas_game.exe"= TCP:C:\program files\ubisoft\tom clancy's rainbow six vegas\binaries\r6vegas_game.exe:R6Vegas_Game
"TCP Query User{CC0ED0B6-80FC-4C6A-88F7-CB82880C6BEE}C:\\program files\\team fortress 2\\hl2.exe"= UDP:C:\program files\team fortress 2\hl2.exe:hl2
"UDP Query User{0333E805-A4F1-4499-8E32-6350D87E5448}C:\\program files\\team fortress 2\\hl2.exe"= TCP:C:\program files\team fortress 2\hl2.exe:hl2
"TCP Query User{C557C4C8-875E-4CF2-BC57-F5AF718A29C1}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire
"UDP Query User{952B50A7-E4D0-4471-867E-4F8F7B6C7935}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire
"TCP Query User{F49E65BE-83D9-4987-8F53-74EED6848E1C}D:\\juegos\\team fortress 2 [vo0]\\team fortress 2\\team fortress 2\\hl2.exe"= UDP:D:\juegos\team fortress 2 [vo0]\team fortress 2\team fortress 2\hl2.exe:hl2
"UDP Query User{D1B9C836-A988-4496-8205-B666E744A9D9}D:\\juegos\\team fortress 2 [vo0]\\team fortress 2\\team fortress 2\\hl2.exe"= TCP:D:\juegos\team fortress 2 [vo0]\team fortress 2\team fortress 2\hl2.exe:hl2
"TCP Query User{FCFAD5AB-942E-4504-84CB-30FF420810BF}C:\\program files\\qtracker\\qtracker.exe"= UDP:C:\program files\qtracker\qtracker.exe:Qtracker
"UDP Query User{F6B71AAA-7B8A-4635-B4EF-301E987106C7}C:\\program files\\qtracker\\qtracker.exe"= TCP:C:\program files\qtracker\qtracker.exe:Qtracker
"TCP Query User{1E5C3F3D-5F0F-4149-A95D-93D0D696D02E}C:\\program files\\qtracker\\qtracker.exe"= UDP:C:\program files\qtracker\qtracker.exe:Qtracker
"UDP Query User{B6E3206A-BB67-4F62-BD1B-6A5F88B5C3A7}C:\\program files\\qtracker\\qtracker.exe"= TCP:C:\program files\qtracker\qtracker.exe:Qtracker
"TCP Query User{AED8E159-3264-41FA-B2B7-2D40B8BCBDDF}C:\\program files\\the all-seeing eye\\eye.exe"= UDP:C:\program files\the all-seeing eye\eye.exe:Yahoo! All-Seeing Eye
"UDP Query User{AB6A8430-C9CE-4570-A543-C1D4843790DD}C:\\program files\\the all-seeing eye\\eye.exe"= TCP:C:\program files\the all-seeing eye\eye.exe:Yahoo! All-Seeing Eye
"TCP Query User{6A67E2A7-1DE5-46FD-8386-3B5A3B899075}C:\\program files\\maxthon2\\modules\\mxdownloader\\mxdownload server.exe"= UDP:C:\program files\maxthon2\modules\mxdownloader\mxdownloadserv er.exe:MxDownloadServer
"UDP Query User{97CDB9CD-605D-41B0-A5A2-0E8DCF910EA8}C:\\program files\\maxthon2\\modules\\mxdownloader\\mxdownload server.exe"= TCP:C:\program files\maxthon2\modules\mxdownloader\mxdownloadserv er.exe:MxDownloadServer
"{66CA64F6-208E-41B4-BFE9-BE000DA399B3}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{4742CAF5-D309-4A4B-AB33-C6D8A0CB839E}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{2F5D0BAD-F38A-4187-A48C-C31947D6037A}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{92542627-A3E1-4D01-8309-4ABAA02E45F2}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{8E3323A3-940A-4222-BBD4-1D1F0B52A556}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{F81AD4F0-79BB-439C-A347-7E38FA1C03D0}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"TCP Query User{D3F13D1D-1192-4B91-A116-F467B10777DB}C:\\factusol\\revisiones.exe"= UDP:C:\factusol\revisiones.exe:Revisiones
"UDP Query User{BCEB1365-3DD2-493A-80D6-67330BC8D986}C:\\factusol\\revisiones.exe"= TCP:C:\factusol\revisiones.exe:Revisiones
"{D0F5B2A0-F339-4A56-8500-FA0C326E57CA}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{CBCE722D-5786-4252-A719-80E5412E2935}C:\\users\\pablo\\desktop\\team fortress 2 files\\qtracker\\qtracker.exe"= UDP:C:\users\pablo\desktop\team fortress 2 files\qtracker\qtracker.exe:qtracker.exe
"UDP Query User{2A784898-A09C-441D-B8B1-F4CACE8BCE84}C:\\users\\pablo\\desktop\\team fortress 2 files\\qtracker\\qtracker.exe"= TCP:C:\users\pablo\desktop\team fortress 2 files\qtracker\qtracker.exe:qtracker.exe
"{4C20A169-AB6A-4DF4-917E-ECD28BA0FFE9}"= UDP:C:\Program Files\eMule\emule.exe:eMule MorphXT
"{60B03902-7540-48E2-A9D2-ECEA7D9F3641}"= TCP:C:\Program Files\eMule\emule.exe:eMule MorphXT
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R0 CplIR;Embedded IR Driver;C:\Windows\system32\DRIVERS\CplIR.SYS [2007-03-06 15:01]
R0 iaNvStor;Intel(R) Turbo Memory Controller;C:\Windows\system32\DRIVERS\iaNvStor.sy s [2007-07-09 14:28]
R0 LPCFilter;LPC Lower Filter Driver;C:\Windows\system32\DRIVERS\LPCFilter.sys [2006-07-28 17:25]
R0 tos_sps32;TOSHIBA tos_sps32 Service;C:\Windows\system32\DRIVERS\tos_sps32.sys [2007-04-27 20:13]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-09-12 11:21]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\system32\drivers\LMIRfsDriver.sy s [2007-09-12 11:20]
R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2008-01-19 09:33]
R2 UxTuneUp;TuneUp Ampliación del thema;C:\Windows\System32\svchost.exe [2008-01-19 09:33]
R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [2008-01-19 09:33]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atik mdag.sys [2008-01-10 01:43]
R3 tosrfec;Bluetooth ACPI;C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-23 16:32]
R3 UVCFTR;UVCFTR;C:\Windows\system32\Drivers\UVCFTR_S .SYS [2007-04-16 10:19]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 12:43]
S3 athr;Controlador de dispositivo de LAN inalámbrica extensible Atheros;C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 09:30]
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\Windows\system32\Drivers\BrSerIf.sys [2006-09-03 01:53]
S3 Ltn_hyd7700pc;DiBcom DIB7700 based TV tuner device ;C:\Windows\system32\Drivers\Ltn_hyd7700pc.sys [2007-03-02 10:37]
S3 Ltn_rc;DiBcom Infrared Receiver ;C:\Windows\system32\DRIVERS\Ltn_rc.sys [2006-12-27 17:32]
S3 PctvVirtualNdis;Pinnacle Virtual Miniport;C:\Windows\system32\DRIVERS\PctvVirtualNd is.sys [2007-02-02 19:30]
S3 PPJoyBus;Parallel Port Joystick Bus device driver;C:\Windows\system32\drivers\PPJoyBus.sys [2004-10-24 09:11]
S3 PPortJoystick;Parallel Port Joystick device driver;C:\Windows\system32\drivers\PPortJoy.sys [2004-10-24 09:11]
S3 TNaviSrv;TOSHIBA Navi Support Service;C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [2007-06-28 17:25]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.ex e [2008-04-30 21:16]
S4 KR10I;KR10I;C:\Windows\system32\drivers\kr10i.sys [2007-01-18 16:40]
S4 KR10N;KR10N;C:\Windows\system32\drivers\kr10n.sys [2007-01-18 16:47]
S4 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-25 21:55]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{dc2f2e54-84c4-11dc-ad83-806e6f6e6963}]
\shell\AutoRun\command - F:\install.exe
*Newly Created Service* - CATCHME
.
Contenido de carpeta 'Tareas Programadas'
"2008-05-02 11:00:01 C:\Windows\Tasks\Mantenimiento con 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
.
************************************************** ************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-02 13:46:59
Windows 6.0.6001 Service Pack 1 NTFS
escaneando procesos ocultos ...
[0] 0x4589FFFF
escaneando entradas ocultas de autostart ...
escaneando archivos ocultos ...
el escaneo se completo con exito
archivos ocultos: 0
************************************************** ************************
.
Tiempo completado: 2008-05-02 13:47:46
ComboFix-quarantined-files.txt 2008-05-02 11:47:40
17 dirs 2,605,424,640 bytes libres
24 dirs 3,852,304,384 bytes libres
448 --- E O F --- 2008-05-01 21:42:06
Y ahora el resultado de avg Antirootkit:
estos antes de reiniciar
C:\Windows\System32\Drivers\a0kp07zh.SYS,Hidden driver file
C:\Windows\System32\Drivers\atx4i618.SYS,Hidden driver file
estos, habiendo eliminado los anteriores y nada mas terminar de cargar el escritorio:
C:\Windows\System32\Drivers\ap8o5600.SYS,Hidden driver file
C:\Windows\System32\Drivers\amb89rpj.SYS,Hidden driver file
El unico denominador comun esque siempre empiezan por "a" :D
Por ahora no noto nada raro en el ordenador todo parece ir bien pero esto me tiene con la mosca detras de la oreja.  |