Gracias

Ahora le paso todo los antirootkits posibles y ya pongo los resultados.
Tambien enviare esas dll a ver que encuentran.

Que se supone que debo poner en el subject al enviar los archivos a donde me comentas??



Aqui te dejo los logs de los antirootkits que instale, algunos no sirven para Vista 32.



Avira AntiRootkit Tool - Beta (1.0.1.17) no detecto nada

================================================== ================================================== ====
- Scan started viernes, 09 de mayo de 2008 - 12:52:48
================================================== ================================================== ====

--------------------------------------------------------------------------------------------------------
Configuration:
--------------------------------------------------------------------------------------------------------
- [X] Scan files
- [X] Scan registry
- [X] Scan processes
- [ ] Fast scan
- Working disk total size : 92.77 GB
- Working disk free size : 9.35 GB (10 %)
--------------------------------------------------------------------------------------------------------

Results:
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4 B-2AD3-4e50-B716-A66C15C63153}\InprocServer32 -> threadingmodel
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4 B-2AD3-4e50-B716-A66C15C63153}\InprocServer32 -> cd042efbbd7f7af1647644e76e06692b
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{604BB98 A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32 -> threadingmodel
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{604BB98 A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32 -> bca643cdc5c2726b20d2ecedcc62c59b
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{684373F B-9CD8-4e47-B990-5A4466C16034}\InprocServer32 -> threadingmodel
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{684373F B-9CD8-4e47-B990-5A4466C16034}\InprocServer32 -> 2c81e34222e8052573023a60d06dd016
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{74554CC D-F60F-4708-AD98-D0152D08C8B9}\InprocServer32 -> threadingmodel
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{74554CC D-F60F-4708-AD98-D0152D08C8B9}\InprocServer32 -> 2582ae41fb52324423be06337561aa48
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7EB537F 9-A916-4339-B91B-DED8E83632C0}\InprocServer32 -> threadingmodel
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7EB537F 9-A916-4339-B91B-DED8E83632C0}\InprocServer32 -> caaeda5fd7a9ed7697d9686d4b818472
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{948395E 8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32 -> threadingmodel
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{948395E 8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32 -> a4a1bcf2cc2b8bc3716b74b2b4522f5d
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{AC3ED30 B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32 -> threadingmodel
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{AC3ED30 B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32 -> 4d370831d2c43cd13623e232fed27b7b
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DE5654C A-EB84-4df9-915B-37E957082D6D}\InprocServer32 -> threadingmodel
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DE5654C A-EB84-4df9-915B-37E957082D6D}\InprocServer32 -> 1d68fe701cdea33e477eb204b76f993d
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{E39C35E 8-7488-4926-92B2-2F94619AC1A5}\InprocServer32 -> threadingmodel
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{E39C35E 8-7488-4926-92B2-2F94619AC1A5}\InprocServer32 -> 1fac81b91d8e3c5aa4b0a51804d844a3
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EACAFCE 5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32 -> threadingmodel
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EACAFCE 5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32 -> f5f62a6129303efb32fbe080bb27835b
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{F8F02AD D-7366-4186-9488-C21CB8B3DCEC}\InprocServer32 -> threadingmodel
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{F8F02AD D-7366-4186-9488-C21CB8B3DCEC}\InprocServer32 -> fd4e2e1a3940b94dceb5a6a021f2e3c6
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{FEE45DE 2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32 -> threadingmodel
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{FEE45DE 2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32 -> 8a8aec57dd6508a385616fbc86791ec2
Hidden key : HKEY_LOCAL_MACHINE\Software\Microsoft\MediaPlayer\ Preferences\hme
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\MediaPlayer\ Preferences -> oemserviceoverride11
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\MediaPlayer\ Preferences -> wmpnssfirewallportsopen
Hidden key : HKEY_LOCAL_MACHINE\Software\Microsoft\VSTA\8.0\Pro jects\{F184B08F-C81C-45F6-A57F-5ABD9991F28F}\AddItemTemplates\TemplateDirs\{164B1 0B9-B200-11D0-8C61-00A0C91E29D5}\/1
Hidden key : HKEY_LOCAL_MACHINE\Software\Microsoft\VSTA\8.0\Pro jects\{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}\AddItemTemplates\TemplateDirs\{FAE04 EC1-301F-11D3-BF4B-00C04F79EFBC}\/1

--------------------------------------------------------------------------------------------------------
Files: 0/365006
Registry items: 29/472479
Processes: 0/57
Scan time: 00:22:15
--------------------------------------------------------------------------------------------------------
Active processes:
- hnpocljg.exe (PID 6132) (Avira AntiRootkit Tool - Beta)
- System (PID 4)
- smss.exe (PID 536)
- csrss.exe (PID 668)
- wininit.exe (PID 728)
- csrss.exe (PID 740)
- services.exe (PID 772)
- lsass.exe (PID 788)
- lsm.exe (PID 796)
- winlogon.exe (PID 840)
- svchost.exe (PID 984)
- PresentationFontCache.exe (PID 1032)
- svchost.exe (PID 1076)
- svchost.exe (PID 1128)
- Ati2evxx.exe (PID 1196)
- svchost.exe (PID 1240)
- svchost.exe (PID 1276)
- svchost.exe (PID 1296)
- audiodg.exe (PID 1392)
- SLsvc.exe (PID 1424)
- svchost.exe (PID 1468)
- Ati2evxx.exe (PID 1588)
- svchost.exe (PID 1672)
- spoolsv.exe (PID 276)
- taskeng.exe (PID 368)
- dwm.exe (PID 392)
- explorer.exe (PID 636)
- svchost.exe (PID 632)
- svchost.exe (PID 1384)
- IAANTmon.exe (PID 1872)
- nod32krn.exe (PID 2168)
- PnkBstrA.exe (PID 2204)
- PnkBstrB.exe (PID 2248)
- svchost.exe (PID 2292)
- RtHDVCpl.exe (PID 2408)
- IAAnotif.exe (PID 2432)
- nod32kui.exe (PID 2648)
- MOM.exe (PID 2684)
- KeNotify.exe (PID 2692)
- TPwrMain.exe (PID 2700)
- wmdc.exe (PID 2712)
- SynTPEnh.exe (PID 2724)
- svchost.exe (PID 2760)
- TosCoSrv.exe (PID 2792)
- svchost.exe (PID 2904)
- TCrdMain.exe (PID 3088)
- SDWinSec.exe (PID 3144)
- SynToshiba.exe (PID 3484)
- svchost.exe (PID 3768)
- mobsync.exe (PID 3932)
- CCC.exe (PID 1172)
- taskeng.exe (PID 3584)
- wmpnscfg.exe (PID 2264)
- SynTPHelper.exe (PID 1460)
- emule.exe (PID 2360)
- infocard.exe (PID 2016)
- avirarkd.exe (PID 6104)
================================================== ================================================== ====
- Scan finished viernes, 09 de mayo de 2008 - 13:15:03
================================================== ================================================== ====










F-Secure no detecto nada

05/09/08 12:29:15 [Info]: BlackLight Engine 1.0.70 initialized
05/09/08 12:29:15 [Info]: OS: 6.0 build 6001 (Service Pack 1)
05/09/08 12:29:15 [Note]: 7019 4
05/09/08 12:29:15 [Note]: 7005 0
05/09/08 12:29:17 [Note]: 7006 0
05/09/08 12:29:17 [Note]: 7027 0
05/09/08 12:29:17 [Note]: 7035 0
05/09/08 12:29:17 [Note]: 7026 0
05/09/08 12:29:17 [Note]: 7026 0
05/09/08 12:29:21 [Note]: FSRAW library version 1.7.1024
05/09/08 12:29:26 [Note]: 4015 239870
05/09/08 12:29:26 [Note]: 4027 239870 131072
05/09/08 12:29:26 [Note]: 4020 239869 131072
05/09/08 12:29:26 [Note]: 4022 239869
05/09/08 12:31:10 [Note]: 4015 61234
05/09/08 12:31:10 [Note]: 4027 61234 65536
05/09/08 12:31:10 [Note]: 4020 61233 65536
05/09/08 12:31:10 [Note]: 4018 61233 65536
05/09/08 12:31:19 [Note]: 4015 93717
05/09/08 12:31:19 [Note]: 4027 93717 16842752
05/09/08 12:31:19 [Note]: 4020 77604 327680
05/09/08 12:31:19 [Note]: 4018 77604 327680
05/09/08 12:32:06 [Note]: 4015 61234
05/09/08 12:32:06 [Note]: 4027 61234 65536
05/09/08 12:32:06 [Note]: 4020 61233 65536
05/09/08 12:32:06 [Note]: 4018 61233 65536
05/09/08 12:32:09 [Note]: 4015 2018
05/09/08 12:32:09 [Note]: 4027 2018 196608
05/09/08 12:32:09 [Note]: 4020 1985 196608
05/09/08 12:32:09 [Note]: 4018 1985 196608
05/09/08 12:50:30 [Note]: 7007 0