Tema: ayuda con hijackthis
Ver Mensaje Individual
  post #3 (permalink)  
Antiguo 20/06/08, 22:17:08
bachis bachis está offline
Usuario
  
Registrado: jul 2007
Ubicación: cordoba
Mensajes: 3
Re: ayuda con hijackthis
segui todos los pasos como me dijiste...ahi va el log...




ComboFix 08-06-20.1 - bachi 2008-06-20 22:01:21.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.3082.18.322 [GMT -3:00]
Se ejecuta desde: C:\Users\bachi\Desktop\ComboFix.exe
* Creado un nuevo punto de restauración
* Resident AV is active

.

(((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\x64

.
(((((((((((((((((( Archivos creados desde 2008-05-21 - 2008-06-21 )))))))))))))))))))))))))))))))))
.

2008-06-20 21:48 . 2008-06-20 21:48 <DIR> d-------- C:\Program Files\CCleaner
2008-06-20 21:08 . 2008-06-20 21:08 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-06-20 21:08 . 2008-06-20 21:08 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-06-20 21:06 . 2008-06-20 21:06 <DIR> d-------- C:\Users\bachi\AppData\Roaming\SUPERAntiSpyware.co m
2008-06-20 21:06 . 2008-06-20 21:07 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-20 21:05 . 2008-06-20 21:05 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-20 11:57 . 2008-06-20 11:57 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-18 14:16 . 2008-06-18 14:17 <DIR> d-------- C:\Users\bachi\AppData\Roaming\SpywareRemover
2008-06-16 15:42 . 2008-06-16 15:42 <DIR> d-------- C:\Users\bachi\AppData\Roaming\PCToolsFirewallPlus
2008-06-16 15:28 . 2008-06-16 16:04 <DIR> d-------- C:\Program Files\PC Tools Firewall Plus
2008-06-16 15:28 . 2008-06-16 15:28 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-06-16 15:28 . 2008-03-12 09:30 159,896 --a------ C:\Windows\System32\drivers\pctfw2.sys
2008-06-16 15:28 . 2008-02-25 16:38 93,440 --a------ C:\Windows\System32\drivers\pctfw.sys
2008-06-16 15:28 . 2008-02-21 08:56 40,856 --a------ C:\Windows\System32\drivers\pctmp.sys
2008-06-16 15:28 . 2008-02-21 08:56 18,328 --a------ C:\Windows\System32\drivers\pctssipc.sys
2008-06-16 15:10 . 2008-06-16 15:10 <DIR> d-------- C:\Users\bachi\AppData\Roaming\PC Tools
2008-06-16 15:10 . 2008-06-16 15:20 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-06-16 15:10 . 2007-12-10 13:53 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys
2008-06-16 15:10 . 2007-12-10 13:53 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys
2008-06-16 15:10 . 2008-02-01 11:55 42,376 --a------ C:\Windows\System32\drivers\ikfilesec.sys
2008-06-16 15:10 . 2007-12-10 13:53 29,576 --a------ C:\Windows\System32\drivers\kcom.sys
2008-06-16 14:35 . 2008-06-20 21:10 <DIR> d-a------ C:\Users\All Users\TEMP
2008-06-16 14:35 . 2008-06-20 21:10 <DIR> d-a------ C:\ProgramData\TEMP
2008-06-15 17:38 . 2008-06-15 17:38 <DIR> d-------- C:\Users\bachi\lavasoft ad-aware 2008 + spyware doctor 2008 (keys + cracks incl )
2008-06-15 16:42 . 2008-06-15 17:49 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-06-15 16:42 . 2008-06-15 17:49 <DIR> d-------- C:\ProgramData\Lavasoft
2008-06-15 16:42 . 2008-06-15 17:52 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-11 23:34 . 2008-06-11 23:34 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_ 00.Wdf
2008-06-11 11:17 . 2008-05-10 00:35 885,248 --a------ C:\Windows\System32\RacEngn.dll
2008-06-11 11:17 . 2008-05-09 19:22 9,127 --a------ C:\Windows\System32\RacUR.xml
2008-06-11 11:17 . 2008-05-09 19:22 153 --a------ C:\Windows\System32\RacUREx.xml
2008-06-11 11:16 . 2008-04-24 23:12 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-06-11 11:16 . 2008-04-26 05:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-06-11 11:16 . 2008-04-25 01:35 826,880 --a------ C:\Windows\System32\wininet.dll
2008-06-11 11:16 . 2008-05-09 22:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-06-10 12:41 . 2008-06-10 12:41 <DIR> dr------- C:\Users\Public\Downloads
2008-06-10 12:26 . 2008-06-10 12:26 <DIR> d-------- C:\PerfLogs
2008-06-10 00:58 . 2008-01-19 04:33 2,623,488 --a------ C:\Windows\System32\SLsvc.exe
2008-06-10 00:58 . 2008-01-19 04:36 1,541,120 --a------ C:\Windows\System32\onex.dll
2008-06-10 00:56 . 2008-01-19 00:12 3,662,296 --a------ C:\Windows\System32\locale.nls
2008-06-10 00:55 . 2008-01-19 04:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-06-10 00:54 . 2008-01-19 04:35 3,072,000 --a------ C:\Windows\System32\networkmap.dll
2008-06-10 00:53 . 2008-01-19 03:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-06-10 00:52 . 2008-01-19 04:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe
2008-06-10 00:52 . 2008-01-05 08:31 145,455 --a------ C:\Windows\System32\perfmon.msc
2008-06-10 00:52 . 2008-01-05 08:22 144,909 --a------ C:\Windows\System32\fsmgmt.msc
2008-06-10 00:52 . 2008-01-05 08:34 15,181 --a------ C:\Windows\System32\gatherWirelessInfo.vbs
2008-06-10 00:52 . 2008-01-05 08:21 12,198 --a------ C:\Windows\System32\gatherWiredInfo.vbs
2008-06-10 00:52 . 2008-01-19 02:37 2,048 --a------ C:\Windows\System32\wertargets.wtl
2008-06-10 00:52 . 2008-01-05 08:31 3 --a------ C:\Windows\System32\drivers\MsftWdf_Kernel_01007_I nbox_Critical.Wdf
2008-06-10 00:51 . 2008-01-19 04:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-06-10 00:51 . 2008-01-19 04:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-06-10 00:51 . 2008-01-19 04:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-06-10 00:51 . 2008-01-19 04:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-06-10 00:51 . 2008-01-19 04:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-06-10 00:51 . 2008-01-19 04:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-06-10 00:51 . 2008-01-19 04:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-06-10 00:51 . 2008-01-19 04:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-06-10 00:51 . 2008-01-19 04:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-06-02 22:15 . 2008-06-11 22:51 <DIR> d-------- C:\Windows\System32\Adobe
2008-05-27 19:48 . 2008-03-07 23:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-27 19:48 . 2008-03-08 01:21 1,695,744 --a------ C:\Windows\System32\gameux.dll

.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2008-06-11 15:36 --------- d-----w C:\Program Files\Windows Mail
2008-06-10 15:41 174 --sha-w C:\Program Files\desktop.ini
2008-06-10 15:30 --------- d-----w C:\Program Files\Windows Sidebar
2008-06-10 15:30 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-06-10 15:30 --------- d-----w C:\Program Files\Windows Collaboration
2008-06-10 15:30 --------- d-----w C:\Program Files\Windows Calendar
2008-06-10 15:29 --------- d-----w C:\Program Files\Windows Defender
2008-06-10 15:03 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-06-10 15:03 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-05-15 03:12 --------- d-----w C:\Program Files\Ares
2008-05-15 03:06 --------- d-----w C:\Users\bachi\AppData\Roaming\LimeWire
2008-05-05 18:14 --------- d-----w C:\Program Files\DivX
2008-05-05 17:52 --------- d-----w C:\ProgramData\Apple Computer
2008-05-05 11:33 442,368 ----a-w C:\Windows\System32\{71c4a47f-4c66-a2d4-89dd-55f2eea14a93}.dll
2008-05-01 15:48 --------- d-----w C:\Program Files\Java
2008-05-01 15:44 --------- d-----w C:\Program Files\Common Files\Java
2008-04-29 16:40 --------- d-----w C:\Program Files\QuickTime
2008-03-31 21:25 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
.

((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 04:33 202240]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 10:46 4349952 C:\Windows\RtHDVCpl.exe]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-08 18:43 729088]
"NeroFilterCheck"="C:\Windows\system32\NeroCheck.e xe" [2001-07-09 10:50 155648]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-03-10 14:05 949376]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-02-11 20:13 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-02-11 20:13 166424]
"Persistence"="C:\Windows\system32\igfxpers.ex e" [2008-02-11 20:13 133656]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"00PCTFW"="C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" [2008-03-28 14:37 2598808]

C:\Users\bachi\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [16/03/2005 19:16:50 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= c:\progra~1\codecp~1\i263\i263_32.drv
"msacm.l3acm"= šðö
"vidc.DIV3"= c:\progra~1\codecp~1\divx3\divxc32.dll
"vidc.DIV4"= c:\progra~1\codecp~1\divx412\divx.dll
"vidc.xvid"= c:\progra~1\codecp~1\xvid\xvid.dll
"vidc.fvfw"= c:\progra~1\codecp~1\ffvfw\ffvfw.dll
"msacm.avis"= c:\progra~1\codecp~1\ffvfw\ffvfw.dll
"vidc.MPG4"= c:\progra~1\codecp~1\mpeg4\mpg4c32.dll
"vidc.MP42"= c:\progra~1\codecp~1\mpeg4\mpg4c32.dll
"vidc.MP43"= c:\progra~1\codecp~1\mpeg4\mpg4c32.dll
"VIDC.MJPG"= c:\progra~1\codecp~1\picvideo\pvmjpg21.dll
"VIDC.PIMJ"= c:\progra~1\codecp~1\picvideo\pvljpg20.dll
"VIDC.PVW2"= c:\progra~1\codecp~1\picvideo\pvwv220.dll
"VIDC.SJPG"= c:\progra~1\codecp~1\pmmjpeg\pmmjpeg.dll
"vidc.MJPX"= c:\progra~1\codecp~1\m3jpegv3\m3jpeg32.dll
"vidc.dmb1"= c:\progra~1\codecp~1\m3jpegv3\m3jpeg32.dll
"VIDC.HFYU"= c:\progra~1\codecp~1\huffyuv\huffyuv.dll
"VIDC.ZLIB"= c:\progra~1\codecp~1\lcljp\avizlib.dll
"VIDC.MSZH"= c:\progra~1\codecp~1\lcljp\avimszh.dll
"vidc.MVW1"= c:\progra~1\codecp~1\aware\icmw_32.dll
"vidc.dvmc"= c:\progra~1\codecp~1\mcdv\mcdvd_32.dll
"vidc.VP31"= c:\progra~1\codecp~1\on2vp3\vp31vfw.dll
"vidc.3IV2"= c:\progra~1\codecp~1\3ivx\3ivxvf~1.dll
"vidc.I263"= c:\progra~1\codecp~1\i263\i263_32.drv
"msacm.imc"= c:\progra~1\codecp~1\i263\imc32.acm
"VIDC.YMPG"= c:\progra~1\codecp~1\ympeg\ympgcdc.dll
"msacm.ympgacm"= c:\progra~1\codecp~1\ympeg\ympgacm.acm
"VIDC.WMV3"= c:\progra~1\codecp~1\wm9\wmv9vcm.dll
"msacm.lameacm"= c:\progra~1\codecp~1\mp3lame\lameacm.acm
"msacm.atrac3"= c:\progra~1\codecp~1\atrac3\atrac3.acm
"msacm.qmpeg"= c:\progra~1\codecp~1\qmpeg\qmpeg.acm
"msacm.uleaddv"= c:\progra~1\codecp~1\uleaddv\dvacm.acm
"msacm.vorbis"= c:\progra~1\codecp~1\vorbis\vorbis.acm
"msacm.divxa32"= c:\progra~1\codecp~1\wma\divxa32.acm
"msacm.msaudio2"= c:\progra~1\codecp~1\wma\msaud32h.acm
"msacm.msaudio1"= šðö

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\himem]
c:\windows\himem.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{c1bfe8f4-cda5-38f8-3db2-c543f8a0fb77}]
C:\Windows\system32\{2a220584-e6fc-33a9-8b21-664c62356373}.dll

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{6D0B1614-2D13-4902-AFFC-D8A5F9549BC5}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{A1887617-8BA1-429F-B735-7E664A9AE5E7}C:\\program files\\flashget.exe"= UDP:C:\program files\flashget.exe:FlashGet
"UDP Query User{F3FC0F35-1C78-4254-AF8F-E3F45E6170A0}C:\\program files\\flashget.exe"= TCP:C:\program files\flashget.exe:FlashGet
"TCP Query User{35C58201-99C6-4227-ADA8-855B2FC01C64}C:\\program files\\flashget.exe"= UDP:C:\program files\flashget.exe:FlashGet
"UDP Query User{F9CFC9DB-9BC4-4FB8-8D04-3280284EBE83}C:\\program files\\flashget.exe"= TCP:C:\program files\flashget.exe:FlashGet
"TCP Query User{DEB379D3-5C88-4AD6-A023-9033B06334DF}C:\\program files\\ares\\ares.exe"= UDP:C:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{C20BB657-395B-4DAE-AE78-8F2257386423}C:\\program files\\ares\\ares.exe"= TCP:C:\program files\ares\ares.exe:Ares p2p for windows
"TCP Query User{542344EE-0ADE-46E3-B405-47E2CE5C7EF4}C:\\program files\\ares\\ares.exe"= UDP:C:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{EA2A4A81-2C53-4739-ABAF-C022EBEF5A2A}C:\\program files\\ares\\ares.exe"= TCP:C:\program files\ares\ares.exe:Ares p2p for windows
"TCP Query User{2EA07971-010C-4BD8-A638-BFA86149A514}C:\\program files\\flashget\\flashget.exe"= UDP:C:\program files\flashget\flashget.exe:FlashGet
"UDP Query User{BE41444A-44B4-43C5-8DA7-C99C0F0AA3FD}C:\\program files\\flashget\\flashget.exe"= TCP:C:\program files\flashget\flashget.exe:FlashGet
"{CFFE8863-8618-4EE4-9DC6-2F5FF31719BC}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{1D1E01C8-E337-451E-8FB2-C9758961131B}C:\\program files\\flashget\\flashget.exe"= UDP:C:\program files\flashget\flashget.exe:FlashGet
"UDP Query User{ABE26590-A219-4B84-A850-C60EC326808A}C:\\program files\\flashget\\flashget.exe"= TCP:C:\program files\flashget\flashget.exe:FlashGet
"{8098F43F-33B4-4229-B33E-18E22B526A32}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{CD7145E4-1940-4D1A-8119-334B61D69F45}C:\\users\\bachi\\documents\\helbreat h\\helbreath.exe"= UDP:C:\users\bachi\documents\helbreath\helbreath.e xe:helbreath.exe
"UDP Query User{2071A131-D361-4764-BF9F-A98DC5BE789C}C:\\users\\bachi\\documents\\helbreat h\\helbreath.exe"= TCP:C:\users\bachi\documents\helbreath\helbreath.e xe:helbreath.exe
"TCP Query User{BA7C50B9-ED58-4D72-86FD-C55983F14785}C:\\users\\bachi\\documents\\helbreat h\\zserver\\hbserver 3.82\\gateserver.exe"= UDP:C:\users\bachi\documents\helbreath\zserver\hbs erver 3.82\gateserver.exe:gateserver.exe
"UDP Query User{F2BD216A-128B-4A26-92A4-240BC867934B}C:\\users\\bachi\\documents\\helbreat h\\zserver\\hbserver 3.82\\gateserver.exe"= TCP:C:\users\bachi\documents\helbreath\zserver\hbs erver 3.82\gateserver.exe:gateserver.exe
"TCP Query User{E351B893-D97F-4F82-A18B-D7088793344A}C:\\users\\bachi\\documents\\helbreat h\\zserver\\hbserver 3.82\\helbreath update server.exe"= UDP:C:\users\bachi\documents\helbreath\zserver\hbs erver 3.82\helbreath update server.exe:helbreath update server.exe
"UDP Query User{8A43FFD8-FCB2-461A-91A2-83B8DF8C0095}C:\\users\\bachi\\documents\\helbreat h\\zserver\\hbserver 3.82\\helbreath update server.exe"= TCP:C:\users\bachi\documents\helbreath\zserver\hbs erver 3.82\helbreath update server.exe:helbreath update server.exe
"TCP Query User{65FD423D-EAF7-49E0-A8E8-D259D5C157FB}C:\\users\\bachi\\documents\\helbreat h\\zserver\\hbserver 3.82\\gameservers\\aresden\\hgserver.exe"= UDP:C:\users\bachi\documents\helbreath\zserver\hbs erver 3.82\gameservers\aresden\hgserver.exe:hgserver.exe
"UDP Query User{060137D3-B402-4C04-ADCE-95968A1BE7F5}C:\\users\\bachi\\documents\\helbreat h\\zserver\\hbserver 3.82\\gameservers\\aresden\\hgserver.exe"= TCP:C:\users\bachi\documents\helbreath\zserver\hbs erver 3.82\gameservers\aresden\hgserver.exe:hgserver.exe
"TCP Query User{56C94653-77C6-42FB-B499-BCC09D0DCFBD}C:\\users\\bachi\\documents\\helbreat h\\zserver\\hbserver 3.82\\mainlserver.exe"= UDP:C:\users\bachi\documents\helbreath\zserver\hbs erver 3.82\mainlserver.exe:mainlserver.exe
"UDP Query User{E71EE8E7-624C-4FE0-BDCB-5116F9D2A63C}C:\\users\\bachi\\documents\\helbreat h\\zserver\\hbserver 3.82\\mainlserver.exe"= TCP:C:\users\bachi\documents\helbreath\zserver\hbs erver 3.82\mainlserver.exe:mainlserver.exe
"TCP Query User{94315A11-3BC1-4156-9C24-085D5C8761A4}C:\\users\\bachi\\documents\\helbreat h\\zserver\\hbserver 3.82\\gameservers\\custom\\hgserver.exe"= UDP:C:\users\bachi\documents\helbreath\zserver\hbs erver 3.82\gameservers\custom\hgserver.exe:hgserver.exe
"UDP Query User{5597EE4B-07A9-4A8C-B92F-35FEA8F9AB3B}C:\\users\\bachi\\documents\\helbreat h\\zserver\\hbserver 3.82\\gameservers\\custom\\hgserver.exe"= TCP:C:\users\bachi\documents\helbreath\zserver\hbs erver 3.82\gameservers\custom\hgserver.exe:hgserver.exe
"TCP Query User{DD3C78B6-6615-4E93-A679-7F0D97EA83D5}C:\\users\\bachi\\documents\\helbreat h\\zserver\\hbserver 3.82\\gameservers\\aresden\\hgserver.exe"= UDP:C:\users\bachi\documents\helbreath\zserver\hbs erver 3.82\gameservers\aresden\hgserver.exe:hgserver.exe
"UDP Query User{B05C6EC0-B24B-48DD-8D45-30D53F9C64A4}C:\\users\\bachi\\documents\\helbreat h\\zserver\\hbserver 3.82\\gameservers\\aresden\\hgserver.exe"= TCP:C:\users\bachi\documents\helbreath\zserver\hbs erver 3.82\gameservers\aresden\hgserver.exe:hgserver.exe
"TCP Query User{9260D3A5-B5E6-48AB-9A1E-B0CBA19D82B9}C:\\users\\bachi\\documents\\helbreat h\\zserver\\hbserver 3.82\\mainlserver.exe"= UDP:C:\users\bachi\documents\helbreath\zserver\hbs erver 3.82\mainlserver.exe:mainlserver.exe
"UDP Query User{BD467B3B-79EA-466F-9A8C-9F0084ACAF6E}C:\\users\\bachi\\documents\\helbreat h\\zserver\\hbserver 3.82\\mainlserver.exe"= TCP:C:\users\bachi\documents\helbreath\zserver\hbs erver 3.82\mainlserver.exe:mainlserver.exe
"TCP Query User{8E8E5548-1B40-4346-ACCD-81C2F2851AC0}C:\\users\\bachi\\documents\\helbreat h\\zserver\\hbserver 3.82\\helbreath update server.exe"= UDP:C:\users\bachi\documents\helbreath\zserver\hbs erver 3.82\helbreath update server.exe:helbreath update server.exe
"UDP Query User{AF4ECE09-CAFA-4D9E-BE50-996D737962C5}C:\\users\\bachi\\documents\\helbreat h\\zserver\\hbserver 3.82\\helbreath update server.exe"= TCP:C:\users\bachi\documents\helbreath\zserver\hbs erver 3.82\helbreath update server.exe:helbreath update server.exe
"TCP Query User{E416B479-12EA-40C5-BA6D-C53C49A50B43}C:\\users\\bachi\\documents\\helbreat h\\server\\hbserver 3.82\\gateserver.exe"= UDP:C:\users\bachi\documents\helbreath\server\hbse rver 3.82\gateserver.exe:gateserver.exe
"UDP Query User{7A79B84C-B9A1-498D-A27E-76396807A962}C:\\users\\bachi\\documents\\helbreat h\\server\\hbserver 3.82\\gateserver.exe"= TCP:C:\users\bachi\documents\helbreath\server\hbse rver 3.82\gateserver.exe:gateserver.exe
"TCP Query User{2AC97BFC-EE3E-47A6-94B6-30137FA6E6D9}C:\\users\\bachi\\documents\\helbreat h\\server\\hbserver 3.82\\gameservers\\aresden\\hgserver.exe"= UDP:C:\users\bachi\documents\helbreath\server\hbse rver 3.82\gameservers\aresden\hgserver.exe:hgserver.exe
"UDP Query User{FDF04C1D-317B-4C2F-BE2D-C13D8B75AA97}C:\\users\\bachi\\documents\\helbreat h\\server\\hbserver 3.82\\gameservers\\aresden\\hgserver.exe"= TCP:C:\users\bachi\documents\helbreath\server\hbse rver 3.82\gameservers\aresden\hgserver.exe:hgserver.exe
"TCP Query User{DF8940C5-D7C2-49A4-90E5-4ECA9D2B90F2}C:\\users\\bachi\\documents\\helbreat h\\server\\hbserver 3.82\\mainlserver.exe"= UDP:C:\users\bachi\documents\helbreath\server\hbse rver 3.82\mainlserver.exe:mainlserver.exe
"UDP Query User{F57FFD38-43D6-4D06-96CB-A3CD0084EF4F}C:\\users\\bachi\\documents\\helbreat h\\server\\hbserver 3.82\\mainlserver.exe"= TCP:C:\users\bachi\documents\helbreath\server\hbse rver 3.82\mainlserver.exe:mainlserver.exe
"TCP Query User{A5117EA0-4C9B-4F8B-BFBE-8F3C6FB287A7}C:\\users\\bachi\\documents\\helbreat h\\hb-bachi\\worldlserver.exe"= UDP:C:\users\bachi\documents\helbreath\hb-bachi\worldlserver.exe:worldlserver.exe
"UDP Query User{C3C64217-7E72-4D9D-86FF-0778E6F97BFD}C:\\users\\bachi\\documents\\helbreat h\\hb-bachi\\worldlserver.exe"= TCP:C:\users\bachi\documents\helbreath\hb-bachi\worldlserver.exe:worldlserver.exe
"TCP Query User{AFF1832D-AD63-46AF-905E-2FD37528FFF7}C:\\users\\bachi\\documents\\helbreat h\\hb-bachi\\gameservers\\aresden\\hgserver.exe"= UDP:C:\users\bachi\documents\helbreath\hb-bachi\gameservers\aresden\hgserver.exe:hgserver.ex e
"UDP Query User{D41C34E4-27B8-4045-AFE8-3F6C935B8C60}C:\\users\\bachi\\documents\\helbreat h\\hb-bachi\\gameservers\\aresden\\hgserver.exe"= TCP:C:\users\bachi\documents\helbreath\hb-bachi\gameservers\aresden\hgserver.exe:hgserver.ex e
"TCP Query User{2272C204-C4AA-4A1E-8920-8E3624A1A06D}C:\\users\\bachi\\documents\\helbreat h\\hb-bachi\\mainlserver.exe"= UDP:C:\users\bachi\documents\helbreath\hb-bachi\mainlserver.exe:mainlserver.exe
"UDP Query User{8263320C-48B9-4425-A153-5CCEF03C8C4E}C:\\users\\bachi\\documents\\helbreat h\\hb-bachi\\mainlserver.exe"= TCP:C:\users\bachi\documents\helbreath\hb-bachi\mainlserver.exe:mainlserver.exe
"TCP Query User{C2C62ACE-8E8B-41E2-8171-266B27270FCF}C:\\users\\bachi\\documents\\helbreat h\\hb-bachi\\gateserver.exe"= UDP:C:\users\bachi\documents\helbreath\hb-bachi\gateserver.exe:gateserver.exe
"UDP Query User{945C7699-582F-46AE-8BD1-0196D8BDD47E}C:\\users\\bachi\\documents\\helbreat h\\hb-bachi\\gateserver.exe"= TCP:C:\users\bachi\documents\helbreath\hb-bachi\gateserver.exe:gateserver.exe
"TCP Query User{F7C5463C-CC4D-4E82-AADE-4DE5C62766A6}C:\\users\\bachi\\documents\\helbreat h\\server oxy completo\\hb oxy 3.82\\gateserver.exe"= UDP:C:\users\bachi\documents\helbreath\server oxy completo\hb oxy 3.82\gateserver.exe:gateserver.exe
"UDP Query User{B7D0EF15-A81A-475C-A3F7-F2F8289F8E1E}C:\\users\\bachi\\documents\\helbreat h\\server oxy completo\\hb oxy 3.82\\gateserver.exe"= TCP:C:\users\bachi\documents\helbreath\server oxy completo\hb oxy 3.82\gateserver.exe:gateserver.exe
"TCP Query User{D8E72B70-8EC5-4ACB-8809-C14C99C7758A}C:\\users\\bachi\\documents\\helbreat h\\server oxy completo\\hb oxy 3.82\\gameservers\\aresden\\hgserver.exe"= UDP:C:\users\bachi\documents\helbreath\server oxy completo\hb oxy 3.82\gameservers\aresden\hgserver.exe:hgserver.exe
"UDP Query User{65EC2A11-16DD-4325-9989-27A1CC0116A9}C:\\users\\bachi\\documents\\helbreat h\\server oxy completo\\hb oxy 3.82\\gameservers\\aresden\\hgserver.exe"= TCP:C:\users\bachi\documents\helbreath\server oxy completo\hb oxy 3.82\gameservers\aresden\hgserver.exe:hgserver.exe
"TCP Query User{FE5F5181-1ACD-481B-BAE8-FE22C11AE13B}C:\\users\\bachi\\documents\\helbreat h\\server oxy completo\\hb oxy 3.82\\_3worldlserver.exe"= UDP:C:\users\bachi\documents\helbreath\server oxy completo\hb oxy 3.82\_3worldlserver.exe:_3worldlserver.exe
"UDP Query User{6434137A-E2F5-4338-AC15-316D0955AE28}C:\\users\\bachi\\documents\\helbreat h\\server oxy completo\\hb oxy 3.82\\_3worldlserver.exe"= TCP:C:\users\bachi\documents\helbreath\server oxy completo\hb oxy 3.82\_3worldlserver.exe:_3worldlserver.exe
"TCP Query User{08979951-1313-40A7-AED2-434068DBBB08}C:\\users\\bachi\\documents\\helbreat h\\server oxy completo\\hb oxy 3.82\\mainlserver.exe"= UDP:C:\users\bachi\documents\helbreath\server oxy completo\hb oxy 3.82\mainlserver.exe:mainlserver.exe
"UDP Query User{BB5B223B-39C9-4CBA-94EB-072877F2B049}C:\\users\\bachi\\documents\\helbreat h\\server oxy completo\\hb oxy 3.82\\mainlserver.exe"= TCP:C:\users\bachi\documents\helbreath\server oxy completo\hb oxy 3.82\mainlserver.exe:mainlserver.exe
"TCP Query User{BC2AB78B-2C51-4077-9CFC-14B8C7073574}C:\\users\\bachi\\documents\\helbreat h\\server oxy completo\\hb oxy 3.82\\mainlserver.exe"= UDP:C:\users\bachi\documents\helbreath\server oxy completo\hb oxy 3.82\mainlserver.exe:mainlserver.exe
"UDP Query User{2A5205EC-0BB3-45EF-9C06-66E59F02C82C}C:\\users\\bachi\\documents\\helbreat h\\server oxy completo\\hb oxy 3.82\\mainlserver.exe"= TCP:C:\users\bachi\documents\helbreath\server oxy completo\hb oxy 3.82\mainlserver.exe:mainlserver.exe
"TCP Query User{966D9798-F2AA-493A-8084-7837D7A5211A}C:\\users\\bachi\\documents\\helbreat h\\server oxy completo\\hb oxy 3.82\\_3worldlserver.exe"= UDP:C:\users\bachi\documents\helbreath\server oxy completo\hb oxy 3.82\_3worldlserver.exe:_3worldlserver.exe
"UDP Query User{682D8486-8D17-4147-9273-A66A274B83B7}C:\\users\\bachi\\documents\\helbreat h\\server oxy completo\\hb oxy 3.82\\_3worldlserver.exe"= TCP:C:\users\bachi\documents\helbreath\server oxy completo\hb oxy 3.82\_3worldlserver.exe:_3worldlserver.exe
"TCP Query User{1D5E91FC-F27B-43F5-85D6-963BF3C597FC}C:\\users\\bachi\\documents\\helbreat h\\onfire\\gateserver.exe"= UDP:C:\users\bachi\documents\helbreath\onfire\gate server.exe:gateserver.exe
"UDP Query User{4A7262B7-ACEF-4523-BEDF-293AC2F103C0}C:\\users\\bachi\\documents\\helbreat h\\onfire\\gateserver.exe"= TCP:C:\users\bachi\documents\helbreath\onfire\gate server.exe:gateserver.exe
"TCP Query User{6B0175F8-87FD-450D-A913-A71F0E8B7E44}C:\\users\\bachi\\documents\\helbreat h\\onfire\\mainlserver.exe"= UDP:C:\users\bachi\documents\helbreath\onfire\main lserver.exe:mainlserver.exe
"UDP Query User{F9369385-39ED-4E4B-B735-8E4A980E54E7}C:\\users\\bachi\\documents\\helbreat h\\onfire\\mainlserver.exe"= TCP:C:\users\bachi\documents\helbreath\onfire\main lserver.exe:mainlserver.exe
"TCP Query User{773B84E6-B76E-4DC8-83AA-CB92867E6D94}C:\\users\\bachi\\documents\\helbreat h\\onfire\\worldlserver.exe"= UDP:C:\users\bachi\documents\helbreath\onfire\worl dlserver.exe:worldlserver.exe
"UDP Query User{3353E89D-189D-478D-A6C8-E48E2CBD2CD6}C:\\users\\bachi\\documents\\helbreat h\\onfire\\worldlserver.exe"= TCP:C:\users\bachi\documents\helbreath\onfire\worl dlserver.exe:worldlserver.exe
"TCP Query User{BBFDB792-0780-47AF-B2C8-D7FE467721B5}C:\\users\\bachi\\documents\\helbreat h\\onfire\\gameservers\\aresden\\hgserver.exe"= UDP:C:\users\bachi\documents\helbreath\onfire\game servers\aresden\hgserver.exe:hgserver.exe
"UDP Query User{08993901-74B1-45E2-BD3D-97EC94E2606A}C:\\users\\bachi\\documents\\helbreat h\\onfire\\gameservers\\aresden\\hgserver.exe"= TCP:C:\users\bachi\documents\helbreath\onfire\game servers\aresden\hgserver.exe:hgserver.exe
"TCP Query User{047CD4CC-5638-4AEF-9F88-793DD2EE0A0A}C:\\users\\bachi\\documents\\hbsiara\ \helbreath\\gateserver.exe"= UDP:C:\users\bachi\documents\hbsiara\helbreath\gat eserver.exe:gateserver.exe
"UDP Query User{892D5BAA-7ED5-43D2-81FA-E47629BFEAAF}C:\\users\\bachi\\documents\\hbsiara\ \helbreath\\gateserver.exe"= TCP:C:\users\bachi\documents\hbsiara\helbreath\gat eserver.exe:gateserver.exe
"TCP Query User{82E6D6B3-4E1F-4C56-8966-68BC8D3FEE0E}C:\\users\\bachi\\documents\\hbsiara\ \helbreath\\mainlserver.exe"= UDP:C:\users\bachi\documents\hbsiara\helbreath\mai nlserver.exe:mainlserver.exe
"UDP Query User{3FE5432A-30F5-4AFA-B6BD-08A0CB4E1321}C:\\users\\bachi\\documents\\hbsiara\ \helbreath\\mainlserver.exe"= TCP:C:\users\bachi\documents\hbsiara\helbreath\mai nlserver.exe:mainlserver.exe
"TCP Query User{DA5E8088-1D22-457F-8172-54EFCF899821}C:\\users\\bachi\\documents\\hbsiara\ \helbreath\\worldlserver.exe"= UDP:C:\users\bachi\documents\hbsiara\helbreath\wor ldlserver.exe:worldlserver.exe
"UDP Query User{9AFB7A02-6B99-4ADA-A479-76FE317F6FB1}C:\\users\\bachi\\documents\\hbsiara\ \helbreath\\worldlserver.exe"= TCP:C:\users\bachi\documents\hbsiara\helbreath\wor ldlserver.exe:worldlserver.exe
"TCP Query User{C20B74E4-49FD-4392-B09D-9052B61CBBA1}C:\\users\\bachi\\documents\\hbsiara\ \helbreath\\gameservers\\hgserver\\hgserver.exe"= UDP:C:\users\bachi\documents\hbsiara\helbreath\gam eservers\hgserver\hgserver.exe:hgserver.exe
"UDP Query User{56EBB1FA-5394-4D66-A3FB-A11C286BBE9D}C:\\users\\bachi\\documents\\hbsiara\ \helbreath\\gameservers\\hgserver\\hgserver.exe"= TCP:C:\users\bachi\documents\hbsiara\helbreath\gam eservers\hgserver\hgserver.exe:hgserver.exe
"TCP Query User{AACAD9F3-5F41-492A-BAD3-38D7643625FA}C:\\users\\bachi\\documents\\final server\\helbreath\\gateserver.exe"= UDP:C:\users\bachi\documents\final server\helbreath\gateserver.exe:gateserver.exe
"UDP Query User{9E0CB90A-A9B4-4493-9F04-1CB997AB105E}C:\\users\\bachi\\documents\\final server\\helbreath\\gateserver.exe"= TCP:C:\users\bachi\documents\final server\helbreath\gateserver.exe:gateserver.exe
"TCP Query User{CC66D2CC-E497-4138-8808-EB41D772D133}C:\\users\\bachi\\documents\\final server\\helbreath\\mainlserver.exe"= UDP:C:\users\bachi\documents\final server\helbreath\mainlserver.exe:mainlserver.exe
"UDP Query User{739367DC-6AFA-4BE5-AC20-73AC37406740}C:\\users\\bachi\\documents\\final server\\helbreath\\mainlserver.exe"= TCP:C:\users\bachi\documents\final server\helbreath\mainlserver.exe:mainlserver.exe
"TCP Query User{7D80347B-834E-4454-92D3-3E32113D7157}C:\\users\\bachi\\documents\\final server\\helbreath\\worldlserver.exe"= UDP:C:\users\bachi\documents\final server\helbreath\worldlserver.exe:worldlserver.exe
"UDP Query User{9C22F839-5B45-43D2-8C78-B66A1D89D42B}C:\\users\\bachi\\documents\\final server\\helbreath\\worldlserver.exe"= TCP:C:\users\bachi\documents\final server\helbreath\worldlserver.exe:worldlserver.exe
"TCP Query User{0E1E60C2-35A5-4662-9D4D-C048AB34BF04}C:\\users\\bachi\\documents\\final server\\helbreath\\gameservers\\hgserver\\hgserver .exe"= UDP:C:\users\bachi\documents\final server\helbreath\gameservers\hgserver\hgserver.exe :hgserver.exe
"UDP Query User{9E9FC424-8C5E-4373-8C27-D457EE785C88}C:\\users\\bachi\\documents\\final server\\helbreath\\gameservers\\hgserver\\hgserver .exe"= TCP:C:\users\bachi\documents\final server\helbreath\gameservers\hgserver\hgserver.exe :hgserver.exe
"TCP Query User{4D35A8A7-B835-420A-ACD4-1A81CE962757}C:\\users\\bachi\\documents\\final server\\final server 2\\helbreath\\mainlserver.exe"= UDP:C:\users\bachi\documents\final server\final server 2\helbreath\mainlserver.exe:mainlserver.exe
"UDP Query User{836D5D78-7AA7-4217-B77B-ED3705F87AEB}C:\\users\\bachi\\documents\\final server\\final server 2\\helbreath\\mainlserver.exe"= TCP:C:\users\bachi\documents\final server\final server 2\helbreath\mainlserver.exe:mainlserver.exe
"TCP Query User{2D6897E4-7665-46C3-80B7-3314912E8403}C:\\users\\bachi\\documents\\final server\\final server 2\\helbreath\\worldlserver.exe"= UDP:C:\users\bachi\documents\final server\final server 2\helbreath\worldlserver.exe:worldlserver.exe
"UDP Query User{381424E3-B918-45DB-8246-904AFD7D7F51}C:\\users\\bachi\\documents\\final server\\final server 2\\helbreath\\worldlserver.exe"= TCP:C:\users\bachi\documents\final server\final server 2\helbreath\worldlserver.exe:worldlserver.exe
"TCP Query User{2F12805B-15DE-4941-BC2A-ABD1F5520A2A}C:\\users\\bachi\\documents\\final server\\final server 2\\helbreath\\gameservers\\hgserver\\hgserver.exe" = UDP:C:\users\bachi\documents\final server\final server 2\helbreath\gameservers\hgserver\hgserver.exe:hgse rver.exe
"UDP Query User{7FACB64C-C2F4-44D3-A4C4-3E83E47DA2B1}C:\\users\\bachi\\documents\\final server\\final server 2\\helbreath\\gameservers\\hgserver\\hgserver.exe" = TCP:C:\users\bachi\documents\final server\final server 2\helbreath\gameservers\hgserver\hgserver.exe:hgse rver.exe
"TCP Query User{5F979511-8847-42DD-824D-79CC3953BD3B}C:\\users\\bachi\\documents\\final server\\final server 2\\helbreath\\gateserver.exe"= UDP:C:\users\bachi\documents\final server\final server 2\helbreath\gateserver.exe:gateserver.exe
"UDP Query User{65238A39-8138-4DE9-82AF-80C2AF283ECB}C:\\users\\bachi\\documents\\final server\\final server 2\\helbreath\\gateserver.exe"= TCP:C:\users\bachi\documents\final server\final server 2\helbreath\gateserver.exe:gateserver.exe
"TCP Query User{BB9D29B1-E07B-4C10-8A2A-705F317EA565}C:\\users\\bachi\\documents\\final server\\server 3\\3.82 server\\3.82\\server\\gateserver.exe"= UDP:C:\users\bachi\documents\final server\server 3\3.82 server\3.82\server\gateserver.exe:gateserver.exe
"UDP Query User{AD4A5B23-B2EB-49E3-A876-0D8BA0B30AD4}C:\\users\\bachi\\documents\\final server\\server 3\\3.82 server\\3.82\\server\\gateserver.exe"= TCP:C:\users\bachi\documents\final server\server 3\3.82 server\3.82\server\gateserver.exe:gateserver.exe
"TCP Query User{C14E41B3-4A01-4CEA-AF21-62B565F34910}C:\\users\\bachi\\documents\\final server\\server 3\\3.82 server\\3.82\\server\\mainlserver.exe"= UDP:C:\users\bachi\documents\final server\server 3\3.82 server\3.82\server\mainlserver.exe:mainlserver.exe
"UDP Query User{066568E9-1387-4D2B-B499-4FF96C641848}C:\\users\\bachi\\documents\\final server\\server 3\\3.82 server\\3.82\\server\\mainlserver.exe"= TCP:C:\users\bachi\documents\final server\server 3\3.82 server\3.82\server\mainlserver.exe:mainlserver.exe
"TCP Query User{70279C74-FAEA-4F92-A8D2-701B8A301995}C:\\users\\bachi\\documents\\final server\\server 3\\3.82 server\\3.82\\server\\worldlserver.exe"= UDP:C:\users\bachi\documents\final server\server 3\3.82 server\3.82\server\worldlserver.exe:worldlserver.e xe
"UDP Query User{C51C2FE7-1691-42B8-B585-DB6B809D67BB}C:\\users\\bachi\\documents\\final server\\server 3\\3.82 server\\3.82\\server\\worldlserver.exe"= TCP:C:\users\bachi\documents\final server\server 3\3.82 server\3.82\server\worldlserver.exe:worldlserver.e xe
"TCP Query User{434FCF25-0A9A-4D8B-B9FF-01ACA60B93EB}C:\\users\\bachi\\documents\\final server\\server 3\\3.82 server\\3.82\\server\\gameservers\\aresden\\hgserv er-v3.61-(521) heldenian fix cx!.exe"= UDP:C:\users\bachi\documents\final server\server 3\3.82 server\3.82\server\gameservers\aresden\hgserver-v3.61-(521) heldenian fix cx!.exe:hgserver-v3.61-(521) heldenian fix cx!.exe
"UDP Query User{D69F91D1-150F-4DC5-8999-3923295E6952}C:\\users\\bachi\\documents\\final server\\server 3\\3.82 server\\3.82\\server\\gameservers\\aresden\\hgserv er-v3.61-(521) heldenian fix cx!.exe"= TCP:C:\users\bachi\documents\final server\server 3\3.82 server\3.82\server\gameservers\aresden\hgserver-v3.61-(521) heldenian fix cx!.exe:hgserver-v3.61-(521) heldenian fix cx!.exe
"TCP Query User{8FCBAEB8-A7E4-47C0-BAD8-A8707FE2F2B7}C:\\users\\bachi\\documents\\final server\\server 3\\3.82 server\\3.82\\server\\gameservers\\aresden\\hgserv er.exe"= UDP:C:\users\bachi\documents\final server\server 3\3.82 server\3.82\server\gameservers\aresden\hgserver.ex e:hgserver.exe
"UDP Query User{5DC365D1-207E-4E45-8A45-307141117B2B}C:\\users\\bachi\\documents\\final server\\server 3\\3.82 server\\3.82\\server\\gameservers\\aresden\\hgserv er.exe"= TCP:C:\users\bachi\documents\final server\server 3\3.82 server\3.82\server\gameservers\aresden\hgserver.ex e:hgserver.exe
"TCP Query User{D969D8AE-3700-410A-B417-AA83AFADCA57}C:\\users\\bachi\\documents\\bachi server\\hbserver 3.82\\gateserver.exe"= UDP:C:\users\bachi\documents\bachi server\hbserver 3.82\gateserver.exe:gateserver.exe
"UDP Query User{4BADD77B-88FD-4326-960E-FD24FADDDC1B}C:\\users\\bachi\\documents\\bachi server\\hbserver 3.82\\gateserver.exe"= TCP:C:\users\bachi\documents\bachi server\hbserver 3.82\gateserver.exe:gateserver.exe
"TCP Query User{F27D886E-4C60-495B-B5DC-175A0DC2BC96}C:\\users\\bachi\\documents\\bachi server\\hbserver 3.82\\mainlserver.exe"= UDP:C:\users\bachi\documents\bachi server\hbserver 3.82\mainlserver.exe:mainlserver.exe
"UDP Query User{B309E516-0EC0-440A-9A54-2BE20B16A581}C:\\users\\bachi\\documents\\bachi server\\hbserver 3.82\\mainlserver.exe"= TCP:C:\users\bachi\documents\bachi server\hbserver 3.82\mainlserver.exe:mainlserver.exe
"TCP Query User{B0A73A08-BD5A-4EF0-8E94-A3F5F8474A55}C:\\users\\bachi\\documents\\bachi server\\hbserver 3.82\\gameservers\\aresden\\hgserver.exe"= UDP:C:\users\bachi\documents\bachi server\hbserver 3.82\gameservers\aresden\hgserver.exe:hgserver.exe
"UDP Query User{2BB2A759-427C-4C3D-9AFB-E9521EC0BDF6}C:\\users\\bachi\\documents\\bachi server\\hbserver 3.82\\gameservers\\aresden\\hgserver.exe"= TCP:C:\users\bachi\documents\bachi server\hbserver 3.82\gameservers\aresden\hgserver.exe:hgserver.exe
"TCP Query User{7EF17915-FF7D-422A-8776-070B886E03F6}C:\\users\\bachi\\documents\\bachi server\\hbserver 3.82\\gameservers\\neutrals\\hgserver.exe"= UDP:C:\users\bachi\documents\bachi server\hbserver 3.82\gameservers\neutrals\hgserver.exe:hgserver.ex e
"UDP Query User{C2609837-3A2D-4E5C-B042-9F0F5918D3AB}C:\\users\\bachi\\documents\\bachi server\\hbserver 3.82\\gameservers\\neutrals\\hgserver.exe"= TCP:C:\users\bachi\documents\bachi server\hbserver 3.82\gameservers\neutrals\hgserver.exe:hgserver.ex e
"TCP Query User{6723781D-F2F4-4C48-ABE6-12FA4BA71B38}C:\\users\\bachi\\documents\\helbreat h\\server oxy completo\\hbachi 3.82\\gateserver.exe"= UDP:C:\users\bachi\documents\helbreath\server oxy completo\hbachi 3.82\gateserver.exe:gateserver.exe
"UDP Query User{20F72022-8D59-4C9F-8F6C-D9426C784E9A}C:\\users\\bachi\\documents\\helbreat h\\server oxy completo\\hbachi 3.82\\gateserver.exe"= TCP:C:\users\bachi\documents\helbreath\server oxy completo\hbachi 3.82\gateserver.exe:gateserver.exe
"TCP Query User{98776EB5-809A-4978-A422-E55070AFA136}C:\\users\\bachi\\documents\\helbreat h\\server oxy completo\\hbachi 3.82\\mainlserver.exe"= UDP:C:\users\bachi\documents\helbreath\server oxy completo\hbachi 3.82\mainlserver.exe:mainlserver.exe
"UDP Query User{E3B32F68-88DE-4E81-B3C9-425A03BAE74B}C:\\users\\bachi\\documents\\helbreat h\\server oxy completo\\hbachi 3.82\\mainlserver.exe"= TCP:C:\users\bachi\documents\helbreath\server oxy completo\hbachi 3.82\mainlserver.exe:mainlserver.exe
"TCP Query User{29AE2164-477F-4763-B108-395E9C495558}C:\\users\\bachi\\documents\\helbreat h\\server oxy completo\\hbachi 3.82\\_3worldlserver.exe"= UDP:C:\users\bachi\documents\helbreath\server oxy completo\hbachi 3.82\_3worldlserver.exe:_3worldlserver.exe
"UDP Query User{D7DACC19-B579-492B-AC0A-84EF3AE39734}C:\\users\\bachi\\documents\\helbreat h\\server oxy completo\\hbachi 3.82\\_3worldlserver.exe"= TCP:C:\users\bachi\documents\helbreath\server oxy completo\hbachi 3.82\_3worldlserver.exe:_3worldlserver.exe
"TCP Query User{37260A49-1ADD-494F-BE60-799441DE0136}C:\\users\\bachi\\documents\\helbreat h\\server oxy completo\\hbachi 3.82\\gameservers\\aresden\\hgserver.exe"= UDP:C:\users\bachi\documents\helbreath\server oxy completo\hbachi 3.82\gameservers\aresden\hgserver.exe:hgserver.exe
"UDP Query User{E5DA20F8-4F18-4F94-A3A7-54F60F25EA65}C:\\users\\bachi\\documents\\helbreat h\\server oxy completo\\hbachi 3.82\\gameservers\\aresden\\hgserver.exe"= TCP:C:\users\bachi\documents\helbreath\server oxy completo\hbachi 3.82\gameservers\aresden\hgserver.exe:hgserver.exe
"TCP Query User{4EE9973D-B04C-4542-A43F-7621A4B0F3DA}C:\\users\\bachi\\documents\\servers\ \final server 2\\helbreath\\gateserver.exe"= UDP:C:\users\bachi\documents\servers\final server 2\helbreath\gateserver.exe:gateserver.exe
"UDP Query User{AED7B266-F93C-43C4-9107-73026AB28837}C:\\users\\bachi\\documents\\servers\ \final server 2\\helbreath\\gateserver.exe"= TCP:C:\users\bachi\documents\servers\final server 2\helbreath\gateserver.exe:gateserver.exe
"TCP Query User{BA0ACD76-765D-429A-B01C-9614A797656E}C:\\users\\bachi\\documents\\servers\ \final server 2\\helbreath\\worldlserver.exe"= UDP:C:\users\bachi\documents\servers\final server 2\helbreath\worldlserver.exe:worldlserver.exe
"UDP Query User{5E4B599B-CA90-48D7-8A5D-0A53DFD59C9C}C:\\users\\bachi\\documents\\servers\ \final server 2\\helbreath\\worldlserver.exe"= TCP:C:\users\bachi\documents\servers\final server 2\helbreath\worldlserver.exe:worldlserver.exe
"TCP Query User{E0F99407-45D7-447B-836B-0BCCD245A7A0}C:\\users\\bachi\\documents\\servers\ \final server 2\\helbreath\\mainlserver.exe"= UDP:C:\users\bachi\documents\servers\final server 2\helbreath\mainlserver.exe:mainlserver.exe
"UDP Query User{3BAE2245-E8F3-4F86-8572-FE7176E5AC53}C:\\users\\bachi\\documents\\servers\ \final server 2\\helbreath\\mainlserver.exe"= TCP:C:\users\bachi\documents\servers\final server 2\helbreath\mainlserver.exe:mainlserver.exe
"TCP Query User{46E02A44-49B8-41FF-8768-EE27703C11AC}C:\\users\\bachi\\documents\\servers\ \final server 2\\helbreath\\gameservers\\hgserver\\hgserver.exe" = UDP:C:\users\bachi\documents\servers\final server 2\helbreath\gameservers\hgserver\hgserver.exe:hgse rver.exe
"UDP Query User{4012C40A-3905-4A0A-ADD6-66340C83981E}C:\\users\\bachi\\documents\\servers\ \final server 2\\helbreath\\gameservers\\hgserver\\hgserver.exe" = TCP:C:\users\bachi\documents\servers\final server 2\helbreath\gameservers\hgserver\hgserver.exe:hgse rver.exe
"TCP Query User{F80EC62C-8A89-494B-99B0-B785A2FA1211}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{CDBCB880-03EF-4FCC-8973-BA82F1355237}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{89890F1D-5077-4A7C-94B3-1D0BE363CB32}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{1B70092E-74A8-402B-954D-CADE28C84819}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{C4806CB8-EA5B-47E1-9674-AF9657CFB7A0}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{24A9CE29-2D50-4AB3-964B-D0D5C7A79862}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 O2MDRDR;O2MDRDR;C:\Windows\system32\DRIVERS\o2medi a.sys [2005-11-14 09:28]
R0 O2SDRDR;O2SDRDR;C:\Windows\system32\DRIVERS\o2sd.s ys [2005-12-19 17:15]
R1 pctfw2;pctfw2;C:\Windows\System32\drivers\pctfw2.s ys [2008-03-12 09:30]
R1 pctmp;PC Tools Firewall Memory Protection Driver;C:\Windows\system32\drivers\pctmp.sys [2008-02-21 08:56]
R1 pctssipc;PC Tools Security Suite IPC Driver;C:\Windows\system32\drivers\pctssipc.sys [2008-02-21 08:56]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 19:36]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{c73a82e7-a4f9-11dc-9d64-000000000000}]
\shell\auto\command - Knight.exe open
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\shell\explore\command - Knight.exe open
\shell\find\command - Knight.exe open
\shell\install\command - Knight.exe open
\shell\open\command - Knight.exe open

*Newly Created Service* - CATCHME
*Newly Created Service* - SASDIFSV
*Newly Created Service* - SASKUTIL
.
************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-20 22:07:06
Windows 6.0.6001 Service Pack 1 NTFS

escaneando procesos ocultos ...

escaneando entradas ocultas de autostart ...

escaneando archivos ocultos ...


************************************************** ************************
.
Tiempo completado: 2008-06-20 22:08:41
ComboFix-quarantined-files.txt 2008-06-21 01:08:36

10 dirs 36,356,808,704 bytes libres
18 dirs 36,222,926,848 bytes libres

334 --- E O F --- 2008-06-20 13:59:07














desde ya muchas gracias por tu tiempo!
Responder Con Cita