Foro de Spyware - Foro de Hijackthis - Foro de Virus - InfoSpyware

Regresar   Foro de Spyware Spyware - Adware - Hijackers - Malwares Foro Oficial de HijackThis en español
Actualizar nuevo rootkit detectado en cada reinicio
Registrarse Lista de usuarios AntiSpywares AntiVirus
Respuesta
Página 1 de 2 1 2 >
 
Herramientas
  #1 (permalink)  
Antiguo 01/05/08, 07:42:34
Usuario
  
Registrado: dic 2006
Ubicación: Es
Mensajes: 13
nuevo rootkit detectado en cada reinicio
Hola buenas
hace unos dias la conexion empezo a irme lenta, sobretodo el ancho de banda de subida (30kb) se quedo en 3kb, nunca podia subir a mayor velocidad con la consecuente lentitud al navegar y demas.

Hice un scanner con NoD32 2.7 y no encontro nada, despues pase Spybot y tampoco encontro nada.
Adaware y solo habia cookies.
Spysweeper tampoco detecto nada sospechoso.
Segui probando con Kaspersky online y encontro un par de archivos sospechosos que borre.

Tambien probe con GMER que detecto un par de servicios ocultos funcionando y un par de .exe's en system32, asi que los borre.

Todo parecio funcionar correctamente pero ahora viene lo que me tiene intrigado,

Instale AVG Antirootkit free y me detecta 2 archivos .sys ocultos en la carpeta system32/Drivers los cuales seleciono para borrar, reinicio, me aparece un mensaje diciendo que ya estan eliminados y windows arranca normalmente. Pero si vuelvo a scanear con AVGantirootkit de nuevo me vuelve a detectar otros dos .sys ocultos con distinto nombre a los anteriores, siempre alfanumerico y aleatorio. De nuevo los elimino y repito el proceso de reinicio y asi hasta el infinito.

¿Que pasa con esos .sys?? Realmente pueden ser rootkit o que??
Ahora nismo no noto nada anormal al trabajar con ordenador ni internet. Pero me intriga porque nunca se desaparecen esos archivos.

ASi que dejo log de HJT por si se ve algo raro y si saben de alguna otra solucion.

Gracias



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:41:00, on 01/05/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\ESET\nod32kui.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Maxthon2\Maxthon.exe
C:\Users\Pablo\Desktop\spyware\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
O4 - HKLM\..\Run: [IaNvSrv] "C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe"
O4 - HKLM\..\Run: [SynTPStart] "C:\Program Files\Synaptics\SynTP\SynTPStart.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [HSON] "C:\Program Files\TOSHIBA\TBS\HSON.exe"
O4 - HKLM\..\Run: [00TCrdMain] "C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe"
O4 - HKLM\..\Run: [KeNotify] "C:\Program Files\TOSHIBA\Utilities\KeNotify.exe"
O4 - HKLM\..\Run: [TPwrMain] "C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?SP (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: Motor de Spy Sweeper de Webroot (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 8186 bytes
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiMeneame
Responder Con Cita
  #2 (permalink)  
Antiguo 01/05/08, 17:00:14
Avatar de ElPiedra
FS-Admin
  
Registrado: ene 2005
Ubicación: Miami
Mensajes: 23.858
Re: nuevo rootkit detectado en cada reinicio
Hola patalete,

HJT esta limpio y este por lo gral no ve Rootkits, por lo que vamos a probar con ComboFix y también seria bueno tener un reporte de AVG Antirootkit

- Descarga la herramienta ComboFix.exe y guárdala en el escritorio.
  • Desactiva temporalmente el Antivirus y/o Antispyware.
  • Cierra todas las ventanas abiertas.
  • Hacele doble clic al archivo ComboFix.exe y seguí las instrucciones.
  • Cuando termine, generara un registro en C:\ComboFix.txt.
    • *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
    • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.
Cita:
Atención!! No use ComboFix a menos que se le haya indicado específicamente en su mensaje por un integrante de nuestro Staff. Es una herramienta de gran alcance destinada por su creador a ser usada bajo la orientación y supervisión de un experto, no para uso privado. El uso de ComboFix incorrectamente podría generar problemas en su sistema. Por favor, lea las "Negaciones de la Garantía" de ComboFix.
  • Reinicia y pega el reporte de C:\ComboFix.txt en este mismo mensaje.



Salu2
__________________

Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog

* Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando.
* Para evitar Virus y Spywares al navegar por internet, USE FIREFOX !!
* No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiMeneame
Responder Con Cita
  #3 (permalink)  
Antiguo 02/05/08, 08:11:16
Usuario
  
Registrado: dic 2006
Ubicación: Es
Mensajes: 13
Re: nuevo rootkit detectado en cada reinicio
buena aqui va el log del combofix:


ComboFix 08-05-01.1 - Pablo 2008-05-02 13:42:18.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.3082.18.1266 [GMT 2:00]
Se ejecuta desde: C:\Users\Pablo\Desktop\ComboFix.exe
* Creado un nuevo punto de restauración
* Resident AV is active

.

(((((((((((((((((( Archivos creados desde 2008-04-02 - 2008-05-02 )))))))))))))))))))))))))))))))))
.

2008-05-01 22:54 . 2008-05-01 22:54 0 --ah----- C:\Users\Default.LOG2
2008-05-01 22:54 . 2008-05-01 22:54 0 --ah----- C:\Users\Default.LOG1
2008-05-01 22:54 . 2008-05-01 22:54 0 --ah----- C:\ProgramData.LOG2
2008-05-01 22:54 . 2008-05-01 22:54 0 --ah----- C:\ProgramData.LOG1
2008-05-01 18:05 . 2008-05-01 18:05 54,156 --ah----- C:\Windows\QTFont.qfn
2008-05-01 18:05 . 2008-05-01 18:05 1,409 --a------ C:\Windows\QTFont.for
2008-05-01 17:08 . 2008-05-01 17:08 <DIR> d-------- C:\Program Files\FontUtilities
2008-05-01 17:05 . 2008-05-01 17:05 <DIR> d-------- C:\Users\Pablo\AppData\Roaming\Typograf
2008-05-01 17:00 . 2008-05-01 17:08 <DIR> d-------- C:\Program Files\Typograf
2008-05-01 16:59 . 2008-05-01 17:13 <DIR> d-------- C:\Program Files\AMP Font Viewer
2008-05-01 16:21 . 2008-05-01 16:43 <DIR> d-------- C:\Program Files\OLYMPUS
2008-05-01 16:18 . 2008-05-01 16:18 244 --ah----- C:\sqmnoopt19.sqm
2008-05-01 02:51 . 2008-05-01 02:51 <DIR> d-------- C:\Users\Pablo\AppData\Roaming\Extensis
2008-05-01 02:51 . 2008-05-01 11:45 <DIR> d-------- C:\Users\All Users\Extensis
2008-05-01 02:51 . 2008-05-01 11:45 <DIR> d-------- C:\ProgramData\Extensis
2008-05-01 01:41 . 2008-05-01 01:41 <DIR> d-------- C:\Program Files\IDT
2008-05-01 01:41 . 2007-09-05 21:24 1,900,544 --a------ C:\Windows\System32\stlang.dll
2008-05-01 01:41 . 2007-09-05 21:25 204,800 --a------ C:\Windows\System32\stacsv.exe
2008-04-30 23:36 . 2008-05-01 00:02 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-04-30 23:36 . 2008-05-01 00:02 <DIR> d-------- C:\ProgramData\Lavasoft
2008-04-30 23:25 . 2008-04-30 23:25 164 --a------ C:\install.dat
2008-04-30 21:18 . 2008-05-01 01:03 <DIR> d-------- C:\Program Files\IrfanView
2008-04-30 21:16 . 2008-04-30 21:16 <DIR> d-------- C:\Users\Pablo\AppData\Roaming\TuneUp Software
2008-04-30 21:16 . 2008-04-30 21:16 <DIR> d-------- C:\Users\All Users\TuneUp Software
2008-04-30 21:16 . 2008-04-30 21:16 <DIR> d-------- C:\ProgramData\TuneUp Software
2008-04-30 21:16 . 2008-04-30 21:16 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-04-30 21:16 . 2008-04-30 21:16 354,560 --a------ C:\Windows\System32\TuneUpDefragService.exe
2008-04-30 21:16 . 2008-04-04 14:51 28,416 --a------ C:\Windows\System32\uxtuneup.dll
2008-04-30 21:16 . 2008-04-04 14:51 16,640 --a------ C:\Windows\System32\authuitu.dll
2008-04-30 21:15 . 2008-05-01 22:59 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-29 15:11 . 2008-05-01 22:37 250 --a------ C:\Windows\gmer.ini
2008-04-29 15:08 . 2008-04-29 15:08 <DIR> d-------- C:\Users\All Users\Grisoft
2008-04-29 15:08 . 2008-04-29 15:08 <DIR> d-------- C:\ProgramData\Grisoft
2008-04-29 14:02 . 2008-04-29 14:02 <DIR> d-------- C:\Users\Pablo\Pavark
2008-04-27 20:25 . 2008-04-27 20:25 <DIR> d-------- C:\Windows\System32\Kaspersky Lab
2008-04-27 20:25 . 2008-04-27 20:25 <DIR> d-------- C:\Users\All Users\Kaspersky Lab
2008-04-27 20:25 . 2008-04-27 20:25 <DIR> d-------- C:\ProgramData\Kaspersky Lab
2008-04-27 17:20 . 2008-04-30 11:43 <DIR> d-------- C:\Program Files\Sophos
2008-04-27 17:19 . 2007-01-18 14:00 3,968 --a------ C:\Windows\System32\drivers\AvgArCln.sys
2008-04-27 16:12 . 2008-04-27 16:12 <DIR> d-------- C:\Program Files\FileASSASSIN
2008-04-27 16:11 . 2008-04-26 05:40 <DIR> d-------- C:\SDFix
2008-04-27 01:23 . 2008-05-01 18:39 <DIR> d-------- C:\Users\All Users\FLEXnet
2008-04-27 01:23 . 2008-05-01 18:39 <DIR> d-------- C:\ProgramData\FLEXnet
2008-04-27 01:19 . 2008-04-27 01:19 <DIR> d-------- C:\Users\All Users\ALM
2008-04-27 01:19 . 2008-04-27 01:19 <DIR> d-------- C:\ProgramData\ALM
2008-04-26 23:15 . 2008-04-26 23:15 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-04-26 21:51 . 2008-04-26 21:51 204,812 --a------ C:\Windows\Win32install.exe
2008-04-25 12:39 . 2008-05-01 22:35 <DIR> d-------- C:\Program Files\BASpeed 2008
2008-04-24 18:55 . 2008-05-01 16:18 232 --ah----- C:\sqmdata00.sqm
2008-04-24 11:52 . 2008-04-24 13:20 <DIR> d-------- C:\Program Files\Valve Hammer Editor
2008-04-23 14:47 . 2008-04-23 14:52 38 --a------ C:\Windows\camcodec100.ini
2008-04-23 14:46 . 2003-03-13 12:51 51,200 --a------ C:\Windows\System32\camcodec.dll
2008-04-23 14:46 . 2003-03-13 12:51 1,461 --a------ C:\Windows\System32\drivers\camcodec.inf
2008-04-23 10:37 . 2008-04-23 10:37 <DIR> d-------- C:\Program Files\QuickTime
2008-04-23 10:33 . 2008-04-23 10:33 <DIR> d-------- C:\Users\All Users\Apple
2008-04-23 10:33 . 2008-04-23 10:33 <DIR> d-------- C:\ProgramData\Apple
2008-04-22 14:07 . 2008-04-22 14:07 <DIR> d-------- C:\Users\Pablo\AppData\Roaming\Corel
2008-04-22 14:07 . 2008-04-22 14:07 1,056 --ahs---- C:\Windows\System32\KGyGaAvL.sys
2008-04-22 14:07 . 2008-04-22 14:07 8 -r-hs---- C:\Windows\System32\AAE1A19528.sys
2008-04-22 14:01 . 2008-04-22 14:01 <DIR> d-------- C:\Users\All Users\Corel
2008-04-22 14:01 . 2008-04-22 14:01 <DIR> d-------- C:\ProgramData\Corel
2008-04-22 14:01 . 2008-04-22 14:01 <DIR> d-------- C:\Program Files\Corel
2008-04-19 21:26 . 2008-04-24 20:48 <DIR> d-------- C:\Program Files\Pixtra
2008-04-19 21:26 . 2007-09-02 23:42 81,920 --------- C:\Windows\System32\PanoScreen.scr
2008-04-19 21:26 . 2001-03-20 00:35 24,576 --------- C:\Windows\System32\ypwp87a.dll
2008-04-19 18:06 . 2008-04-19 18:06 <DIR> d-------- C:\Program Files\PanaVue
2008-04-19 17:23 . 2008-04-19 22:12 <DIR> d-------- C:\Program Files\Yahoo!
2008-04-19 17:09 . 2008-04-26 16:09 <DIR> d-------- C:\Users\Pablo\AppData\Roaming\WTablet
2008-04-09 19:40 . 2008-02-22 04:50 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-04-08 21:49 . 2008-04-09 01:15 <DIR> d-------- C:\Program Files\Peter's XML Editor
2008-04-08 21:46 . 2008-04-09 19:16 <DIR> d-------- C:\Users\Pablo\AppData\Roaming\Open XML Editor
2008-04-08 21:46 . 2008-04-09 19:16 <DIR> d-------- C:\Program Files\Open XML Editor 1.4
2008-04-08 21:31 . 1999-10-30 01:00 167,936 --a------ C:\Windows\System32\ccrpftv6.ocx
2008-04-08 21:31 . 2001-02-23 18:12 102,400 --a------ C:\Windows\System32\MRActLabel.ocx
2008-04-08 21:31 . 2000-10-11 18:07 98,304 --a------ C:\Windows\System32\ccrpUCW6.dll
2008-04-08 21:31 . 2000-10-11 18:18 98,304 --a------ C:\Windows\System32\ccrpDtp6.ocx
2008-04-08 21:31 . 2001-07-05 15:05 40,448 --a------ C:\Windows\System32\dsofile.dll
2008-04-08 01:03 . 2008-04-08 01:03 <DIR> d-------- C:\Users\Pablo\AppData\Roaming\Alien Skin
2008-04-05 23:47 . 2008-04-05 23:47 <DIR> d-------- C:\Users\Pablo\AppData\Roaming\MAGIX
2008-04-05 23:47 . 2008-04-05 23:47 <DIR> d-------- C:\Users\All Users\MAGIX
2008-04-05 23:47 . 2008-04-05 23:47 <DIR> d-------- C:\ProgramData\MAGIX
2008-04-05 23:47 . 2008-04-05 23:47 <DIR> d-------- C:\Program Files\WMV9_VCM
2008-04-05 23:47 . 2003-04-18 15:29 44,544 --a------ C:\Windows\System32\msxml4a.dll
2008-04-05 23:46 . 2008-04-05 23:46 <DIR> d-------- C:\Users\All Users\Xara
2008-04-05 23:46 . 2008-04-05 23:46 <DIR> d-------- C:\ProgramData\Xara
2008-04-05 23:46 . 2007-04-27 09:43 120,200 --a------ C:\Windows\System32\DLLDEV32i.dll
2008-04-05 23:45 . 2008-04-05 23:47 <DIR> d-------- C:\Windows\System32\MAGIX
2008-04-05 23:45 . 2007-12-04 14:20 700,416 --a------ C:\Windows\System32\mgxoschk.dll
2008-04-05 23:45 . 2008-04-05 23:45 5,937 --a------ C:\Windows\mgxoschk.ini

.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2008-05-02 11:40 --------- d-----w C:\Users\Pablo\AppData\Roaming\uTorrent
2008-05-02 11:40 --------- d-----w C:\Users\Pablo\AppData\Roaming\MxBoost
2008-05-02 09:41 --------- d-----w C:\Program Files\eMule
2008-05-01 10:04 935 ----a-w C:\Windows\system32\drivers\stwrte.log
2008-05-01 09:56 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-04-30 12:48 --------- d-----w C:\Program Files\Team Fortress 2
2008-04-30 09:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-28 14:30 --------- d-----w C:\Program Files\Opera
2008-04-28 14:13 --------- d-----w C:\Program Files\FactuSol 2000
2008-04-27 15:01 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-26 23:18 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-24 16:05 --------- d-----w C:\Program Files\ESET
2008-04-23 10:53 --------- d---a-w C:\ProgramData\TEMP
2008-04-23 08:37 --------- d-----w C:\ProgramData\Apple Computer
2008-04-23 08:33 --------- d-----w C:\Program Files\Apple Software Update
2008-04-14 21:44 --------- d-----w C:\Program Files\Pinnacle
2008-04-09 18:17 --------- d-----w C:\Program Files\Windows Mail
2008-04-09 17:56 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-05 21:47 --------- d-----w C:\Program Files\Common Files\Xara
2008-04-05 21:46 --------- d-----w C:\Program Files\Xara
2008-04-04 09:51 --------- d-----w C:\Program Files\Samurize
2008-04-01 10:51 --------- d-----w C:\Program Files\sXe Injected
2008-03-31 13:03 --------- d-----w C:\Program Files\Maxthon2
2008-03-28 20:45 --------- d-----w C:\Program Files\Counter-Strike Source
2008-03-24 00:44 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_ 00_00.Wdf
2008-03-23 22:48 --------- d-----w C:\Program Files\VTFEdit2
2008-03-22 23:54 --------- d-----w C:\Program Files\7-Zip
2008-03-22 01:26 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_ 00.Wdf
2008-03-21 16:31 --------- d-----w C:\Program Files\MSN Messenger
2008-03-19 18:40 --------- d-----w C:\Program Files\TOSHIBA
2008-03-19 16:33 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-03-19 16:33 --------- d-----w C:\Program Files\Realtek
2008-03-19 16:18 174 --sha-w C:\Program Files\desktop.ini
2008-03-19 16:06 --------- d-----w C:\Program Files\Windows Sidebar
2008-03-19 16:06 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-03-19 16:06 --------- d-----w C:\Program Files\Windows Defender
2008-03-19 16:06 --------- d-----w C:\Program Files\Windows Collaboration
2008-03-19 16:06 --------- d-----w C:\Program Files\Windows Calendar
2008-03-19 14:50 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-03-19 14:50 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-03-19 10:41 --------- d-----w C:\ProgramData\XP
2008-03-19 10:41 --------- d-----w C:\ProgramData\Vista64
2008-03-18 13:07 --------- d-----w C:\Program Files\CCleaner
2008-03-16 23:24 --------- d-----w C:\ProgramData\ATI
2008-03-16 23:12 --------- d-----w C:\Program Files\ATI Technologies
2008-03-11 11:07 --------- d-----w C:\Program Files\Imperivm Civitas II
2008-03-09 13:52 674,600 ----a-w C:\Windows\System32\pbsvc.exe
2008-03-09 13:51 22,328 ----a-w C:\Users\Pablo\AppData\Roaming\PnkBstrK.sys
2008-03-06 18:07 --------- d-----w C:\Users\Pablo\AppData\Roaming\Ubisoft
2008-03-06 18:07 --------- d-----w C:\ProgramData\Ubisoft
2008-03-06 17:33 --------- d-----w C:\Program Files\Ubisoft
2008-03-06 17:28 --------- d-----w C:\ProgramData\Media Center Programs
2008-03-02 22:56 --------- d-----w C:\Users\Pablo\AppData\Roaming\GameServerBrowser
2008-03-02 22:56 --------- d-----w C:\ProgramData\GameServerBrowser
2008-03-02 13:17 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe
2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 04:21 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-22 05:05 615,992 ----a-w C:\Windows\System32\ci.dll
2008-02-22 05:01 826,880 ----a-w C:\Windows\System32\wininet.dll
2008-02-22 04:57 295,936 ----a-w C:\Windows\System32\gdi32.dll
2008-02-03 16:51 9,728 ----a-w C:\Windows\System32\ftlx041e.dll
2008-02-03 16:51 9,216 ----a-w C:\Windows\System32\ftlx0411.dll
2008-02-03 16:51 296,960 ----a-w C:\Windows\winhlp32.exe
2008-02-03 16:51 194,560 ----a-w C:\Windows\System32\ftsrch.dll
2008-01-19 07:33 204,812 --sh--r C:\Windows\System32\websploit.exe
.

((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"PMCLoader"="C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe" [2007-07-26 12:28 105544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-13 07:11 4489216 C:\Windows\RtHDVCpl.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-04-25 13:18 174872]
"IaNvSrv"="C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-07-24 19:00 33304]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 06:00 204800]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-12-21 01:30 949376]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [2007-11-01 00:01 54608]
"00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-10-11 15:02 712704]
"KeNotify"="C:\Program Files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 18:14 34352]
"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-10-11 19:02 431456]
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-11 02:45 1033512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"msacm.divxa32"= divxa32.acm
"VIDC.CSCD"= camcodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WebrootSpySweeperService]
@=""

[HKLM\~\startupfolder\C:^Users^Pablo^AppData^Roamin g^Microsoft^Windows^Start Menu^Programs^Startup^LinkStash.lnk]
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
--a------ 2008-01-19 09:33 125952 C:\Windows\ehome\ehTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
--a------ 2007-08-30 11:50 205480 C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LinkStashMonitor]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
--a------ 2007-09-12 11:20 63048 C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCLoader]
--a------ 2007-07-26 12:28 105544 C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-19 09:38 1008184 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
"ehTray.exe"=C:\Windows\ehome\ehTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"Windows Mobile Device Center"=%windir%\WindowsMobile\wmdc.exe
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
"ControlCenter3"=C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
"BrMfcWnd"=C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiSpywareOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3096845840-3661491298-2848018502-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{C6B075EE-DBA2-42B0-94F6-5BBA52CA1B36}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{5E081B3C-C655-4DEA-B648-35F8901A7F0A}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{3BF871AE-7668-4ECF-BA01-E70E87167FFD}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{3EEB4CB4-AAC2-4AD3-BF05-E240AC1C50C8}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{00DF0D12-31C9-46E7-9C8D-FE9E164839DD}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{B0B66535-ED7F-4934-887C-04DD52865470}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{D64BE65A-2AB4-4C26-8F07-3EA4441C3237}"= UDP:C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2
"{72DEE70A-9E0D-4F0E-ADEE-69D18F607AC6}"= TCP:C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2
"{40EAA753-9117-49F2-B1F8-4056CD828D0C}"= UDP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{431E001B-B3CF-485E-A251-F210695365F5}"= TCP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{90E5A753-AEB5-4370-8D33-1730FCE70B03}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{5DEFE465-18A6-41AC-9F5E-016842E89CD8}C:\\program files\\codemasters\\dirt\\dirt.exe"= UDP:C:\program files\codemasters\dirt\dirt.exe:DiRT Executable
"UDP Query User{F2E1367E-F660-4080-81B4-B7D15D4A3089}C:\\program files\\codemasters\\dirt\\dirt.exe"= TCP:C:\program files\codemasters\dirt\dirt.exe:DiRT Executable
"TCP Query User{235801B1-F15E-4192-9F85-36DC90809CB7}C:\\program files\\codemasters\\dirt\\dirt.exe"= UDP:C:\program files\codemasters\dirt\dirt.exe:DiRT Executable
"UDP Query User{975BC4B4-AC3C-4322-AAB1-A806510FE866}C:\\program files\\codemasters\\dirt\\dirt.exe"= TCP:C:\program files\codemasters\dirt\dirt.exe:DiRT Executable
"TCP Query User{E5F64B86-395D-4701-9DE4-7C459307849A}C:\\program files\\sega\\outrun2006 coast 2 coast\\or2006c2c.exe"= UDP:C:\program files\sega\outrun2006 coast 2 coast\or2006c2c.exe:OR2006C2C
"UDP Query User{9D495D60-C905-4770-BAAE-049BB9B1A37C}C:\\program files\\sega\\outrun2006 coast 2 coast\\or2006c2c.exe"= TCP:C:\program files\sega\outrun2006 coast 2 coast\or2006c2c.exe:OR2006C2C
"TCP Query User{1B2812A5-303E-421D-8C18-0E56D48AE9C9}C:\\program files\\flashget\\flashget.exe"= UDP:C:\program files\flashget\flashget.exe:FlashGet
"UDP Query User{FFEEFF3C-430A-4808-BE41-8F9C4ECBE5B3}C:\\program files\\flashget\\flashget.exe"= TCP:C:\program files\flashget\flashget.exe:FlashGet
"TCP Query User{8A3EEA65-6239-4BD7-823F-C630070B1C30}C:\\program files\\aspyr\\guitar hero iii\\gh3.exe"= UDP:C:\program files\aspyr\guitar hero iii\gh3.exe:Guitar Hero III
"UDP Query User{5F632113-B773-4EFF-940B-F0B507894BD4}C:\\program files\\aspyr\\guitar hero iii\\gh3.exe"= TCP:C:\program files\aspyr\guitar hero iii\gh3.exe:Guitar Hero III
"TCP Query User{95BA8230-F723-4117-82D4-F22EC20155B3}C:\\program files\\maxthon2\\maxthon.exe"= UDP:C:\program files\maxthon2\maxthon.exe:Maxthon Browser
"UDP Query User{64616A42-257E-43C4-877D-F9F8FD391BC6}C:\\program files\\maxthon2\\maxthon.exe"= TCP:C:\program files\maxthon2\maxthon.exe:Maxthon Browser
"TCP Query User{3D83D148-08CF-4CA0-AC60-1EF8F955FB8F}C:\\program files\\videolan\\vlc\\vlc.exe"= UDP:C:\program files\videolan\vlc\vlc.exe:VLC media player
"UDP Query User{AFB174A2-826F-401C-9207-2C8FEF11E3F4}C:\\program files\\videolan\\vlc\\vlc.exe"= TCP:C:\program files\videolan\vlc\vlc.exe:VLC media player
"{FE7793F1-CA06-4CE4-8FA6-2196CA95CB25}"= UDP:C:\Program Files\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe:Supreme Commander
"{394197B6-0976-4A99-8419-B90BF7E3D4CC}"= TCP:C:\Program Files\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe:Supreme Commander
"{9C6866B3-31C0-4996-A2E7-0A8C247EB5BC}"= UDP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
"{2F49CF6A-7510-4364-B525-5C06CC6C106C}"= TCP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
"{18DC1777-24EA-4543-9E29-1A353E23C753}"= UDP:C:\Program Files\Ubisoft\THE SETTLERS - Construye tu Imperio\base\bin\Settlers6.exe:THE SETTLERS - Construye tu Imperio
"{893B7875-49FC-4C22-96DA-90AD9049FFED}"= TCP:C:\Program Files\Ubisoft\THE SETTLERS - Construye tu Imperio\base\bin\Settlers6.exe:THE SETTLERS - Construye tu Imperio
"TCP Query User{57A0A159-B370-4382-AC21-BE994E881D8B}C:\\users\\pablo\\desktop\\emule\\emu le.exe"= UDP:C:\users\pablo\desktop\emule\emule.exe:emule.e xe
"UDP Query User{29F47B94-E1FD-48C3-BBF9-A1EFE2F76A67}C:\\users\\pablo\\desktop\\emule\\emu le.exe"= TCP:C:\users\pablo\desktop\emule\emule.exe:emule.e xe
"{25D8CC85-11F6-431E-87F8-C72D5AA3FED1}"= UDP:C:\Program Files\THQ\Juiced2_HIN\Juiced2_HIN.exe:Juiced2_HIN
"{D3E3D680-9980-4554-8F38-13AA2C8F5C47}"= TCP:C:\Program Files\THQ\Juiced2_HIN\Juiced2_HIN.exe:Juiced2_HIN
"TCP Query User{6E97794B-0519-4BD2-9FF8-D7C725C6457B}C:\\program files\\activision value\\soldier of fortune payback\\sof3.exe"= UDP:C:\program files\activision value\soldier of fortune payback\sof3.exe:sof3
"UDP Query User{80D26EF1-A13F-4306-A0A3-B0F961D8975E}C:\\program files\\activision value\\soldier of fortune payback\\sof3.exe"= TCP:C:\program files\activision value\soldier of fortune payback\sof3.exe:sof3
"TCP Query User{33A94E62-BE9E-412C-BF56-D6F911FE87A4}C:\\program files\\uaz racing 4x4\\uaz4x4.exe"= UDP:C:\program files\uaz racing 4x4\uaz4x4.exe:UAZ 4x4
"UDP Query User{962549B6-27E9-458D-A42C-265944EF14E0}C:\\program files\\uaz racing 4x4\\uaz4x4.exe"= TCP:C:\program files\uaz racing 4x4\uaz4x4.exe:UAZ 4x4
"TCP Query User{64C93039-E85A-451D-9625-8FDCB5509AF5}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{A73496BD-E876-4E5F-B030-FCE54ADBDEB1}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{C5676F67-0FA5-46F5-90D4-C5C7F2E1DE2A}C:\\users\\pablo\\desktop\\counter-strike source\\hl2.exe"= UDP:C:\users\pablo\desktop\counter-strike source\hl2.exe:hl2.exe
"UDP Query User{36868FE6-4D8E-4A41-928B-17DAC1C12E56}C:\\users\\pablo\\desktop\\counter-strike source\\hl2.exe"= TCP:C:\users\pablo\desktop\counter-strike source\hl2.exe:hl2.exe
"TCP Query User{09AA7AFB-04BD-4819-9D96-A669700482CE}C:\\program files\\counter-strike source\\hl2.exe"= UDP:C:\program files\counter-strike source\hl2.exe:hl2
"UDP Query User{3E2EB070-B4B4-4FAC-A2FA-53D4512267C2}C:\\program files\\counter-strike source\\hl2.exe"= TCP:C:\program files\counter-strike source\hl2.exe:hl2
"TCP Query User{F9C6A091-A52E-4D0A-A385-BA8AE81E2BA8}C:\\program files\\counter-strike source\\hl2.exe"= UDP:C:\program files\counter-strike source\hl2.exe:hl2
"UDP Query User{0DA64399-A8EE-49C5-9F17-9D37565D216B}C:\\program files\\counter-strike source\\hl2.exe"= TCP:C:\program files\counter-strike source\hl2.exe:hl2
"TCP Query User{1844EE5A-8299-465C-AF84-B0A135A79BD1}C:\\program files\\battlestations midway\\battlestationsmidway.exe"= UDP:C:\program files\battlestations midway\battlestationsmidway.exe:Battlestationsmidw ay
"UDP Query User{F3B5FC88-BCE4-4055-9CEA-22443D81974A}C:\\program files\\battlestations midway\\battlestationsmidway.exe"= TCP:C:\program files\battlestations midway\battlestationsmidway.exe:Battlestationsmidw ay
"TCP Query User{C286377C-919A-4BE4-B89E-9F8FC26A424C}C:\\program files\\counter-strike 1.6 v31\\hltv.exe"= UDP:C:\program files\counter-strike 1.6 v31\hltv.exe:HLTV Launcher
"UDP Query User{1BF5819F-2E6A-4EBE-82A4-E7ADE7952C6F}C:\\program files\\counter-strike 1.6 v31\\hltv.exe"= TCP:C:\program files\counter-strike 1.6 v31\hltv.exe:HLTV Launcher
"TCP Query User{DF4EBEC0-786A-4E80-8ABA-1001C5213D2A}C:\\program files\\counter-strike 1.6 v31\\hlds.exe"= UDP:C:\program files\counter-strike 1.6 v31\hlds.exe:HLDS Launcher
"UDP Query User{85FC2923-B390-4395-B16D-675A34001CB1}C:\\program files\\counter-strike 1.6 v31\\hlds.exe"= TCP:C:\program files\counter-strike 1.6 v31\hlds.exe:HLDS Launcher
"TCP Query User{1D46A050-978C-4B9C-86A9-05F96550E6A2}C:\\program files\\america's army\\system\\armyops.exe"= UDP:C:\program files\america's army\system\armyops.exe:ArmyOps
"UDP Query User{B68E469F-F89C-4799-A9D4-77CCDF9507BD}C:\\program files\\america's army\\system\\armyops.exe"= TCP:C:\program files\america's army\system\armyops.exe:ArmyOps
"{7D989436-4D72-4E8F-8291-F61F21FA24E0}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{D7DF2ABB-A9EF-4A6E-9DB9-78770DFC2735}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{8E410282-73A5-4502-BB57-E5818FAF0D8B}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{9D6851A8-6604-4167-AC8C-1AC1A74F9D21}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{4504D12A-37B3-44B5-BFAA-D0D43CFA6698}C:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= UDP:C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp
"UDP Query User{0D832BBB-721F-49E5-8C05-CE0D32E22C8B}C:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= TCP:C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp
"{A96AAB35-B88E-4DB5-981D-8E14221763E2}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:Render Manager
"{FB61922C-F249-4518-8EC9-9D5B67D3F47E}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:Render Manager
"{3515E535-760F-472F-A142-01217280B4C1}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:Studio
"{CBFA5FDD-B1C1-44E8-A05F-A6506DCC9EF8}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:Studio
"{0D2E8799-0257-4CF6-9337-6897929B3FFD}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:PMSRegisterFile
"{7A9D49E4-B907-41E7-B1A0-3EFC0AE49D7A}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:PMSRegisterFile
"{E0309A3B-7B4C-474A-BA66-76716E156E8B}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:umi
"{7DC05C5F-D8FE-439F-AE0C-552C6972C8D8}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:umi
"{766F0D3D-12F2-42CA-8734-0726B4F4D1CE}"= UDP:C:\Program Files\Counter-Strike Source\srcds.exe:Counter-Strike Source Server
"{2AD7DE3A-09CC-429A-8C06-B0A8FDA8CEE4}"= TCP:C:\Program Files\Counter-Strike Source\srcds.exe:Counter-Strike Source Server
"TCP Query User{03662457-05B3-4410-B3FE-51C18625C312}C:\\program files\\nusphere\\phpdock\\phpdock.exe"= UDP:C:\program files\nusphere\phpdock\phpdock.exe:PHPDock
"UDP Query User{E696CE08-5A49-4C59-9C0D-8E99970B390C}C:\\program files\\nusphere\\phpdock\\phpdock.exe"= TCP:C:\program files\nusphere\phpdock\phpdock.exe:PHPDock
"TCP Query User{6DB49E1A-9029-472D-9BBA-8DF45CDABD41}C:\\program files\\scriptviewer\\scriptviewer.exe"= UDP:C:\program files\scriptviewer\scriptviewer.exe:ScriptViewer
"UDP Query User{581DD59C-6E11-42BB-A31F-E135847AB62E}C:\\program files\\scriptviewer\\scriptviewer.exe"= TCP:C:\program files\scriptviewer\scriptviewer.exe:ScriptViewer
"TCP Query User{9070A341-4006-443E-9B8F-098097C3311F}C:\\wamp\\bin\\apache\\apache2.2.6\\b in\\httpd.exe"= UDP:C:\wamp\bin\apache\apache2.2.6\bin\httpd.exe:A pache HTTP Server
"UDP Query User{1DDF03D5-6546-4E02-9F30-75446B0BE054}C:\\wamp\\bin\\apache\\apache2.2.6\\b in\\httpd.exe"= TCP:C:\wamp\bin\apache\apache2.2.6\bin\httpd.exe:A pache HTTP Server
"{5ECD8FF7-E987-42BB-8DB2-0132522D9566}"= UDP:C:\Program Files\SEGA\SEGA Rally\SEGA Rally.exe:SEGA Rally
"{9CD5A3FF-0D24-45C9-A039-5D6BE0035479}"= TCP:C:\Program Files\SEGA\SEGA Rally\SEGA Rally.exe:SEGA Rally
"{EE980DF6-602B-4F3E-A75C-2FD68AFB7947}"= UDP:C:\Program Files\SEGA\SEGA Rally\SEGA Rally_SSE1.exe:SEGA Rally
"{204E5631-6118-4FC0-BFD0-A2E95DE7C87D}"= TCP:C:\Program Files\SEGA\SEGA Rally\SEGA Rally_SSE1.exe:SEGA Rally
"TCP Query User{F11217CA-0143-4B7E-9E7F-9A3BA65774C4}C:\\program files\\counter-strike 1.6\\hlds.exe"= UDP:C:\program files\counter-strike 1.6\hlds.exe:HLDS Launcher
"UDP Query User{47136988-71B7-4CB7-AF3E-535930E32F75}C:\\program files\\counter-strike 1.6\\hlds.exe"= TCP:C:\program files\counter-strike 1.6\hlds.exe:HLDS Launcher
"TCP Query User{5818F954-F5A6-4297-B4E4-BCF6D9EF904C}C:\\program files\\counter-strike source\\srcds.exe"= UDP:C:\program files\counter-strike source\srcds.exe:srcds
"UDP Query User{380C5FBD-AAC5-44D0-BB0B-73EFC077540E}C:\\program files\\counter-strike source\\srcds.exe"= TCP:C:\program files\counter-strike source\srcds.exe:srcds
"TCP Query User{7445F6C9-EFF2-4E7C-8680-617C04A46960}C:\\program files\\cs source dedicated server\\dedicated server\\srcds.exe"= UDP:C:\program files\cs source dedicated server\dedicated server\srcds.exe:srcds
"UDP Query User{E0AE021A-3960-4E29-8EC6-A539FC8DCF1C}C:\\program files\\cs source dedicated server\\dedicated server\\srcds.exe"= TCP:C:\program files\cs source dedicated server\dedicated server\srcds.exe:srcds
"TCP Query User{72864D0C-7BF1-4552-908C-38535B69AB47}C:\\program files\\hlsw\\hlsw.exe"= UDP:C:\program files\hlsw\hlsw.exe:HLSW Application
"UDP Query User{E3D087DC-BF23-4991-9EF2-FE6E1F52B007}C:\\program files\\hlsw\\hlsw.exe"= TCP:C:\program files\hlsw\hlsw.exe:HLSW Application
"TCP Query User{898773B5-4493-4CE8-B813-BD2A36EF0382}C:\\srcds - copia\\srcds.exe"= UDP:C:\srcds - copia\srcds.exe:srcds
"UDP Query User{F3521015-00EC-44A4-81EB-48CAFB969F9C}C:\\srcds - copia\\srcds.exe"= TCP:C:\srcds - copia\srcds.exe:srcds
"TCP Query User{1850BB13-6A65-49C3-92D1-F1EB4D6C7AD8}C:\\srcds - copia\\srcds.exe"= UDP:C:\srcds - copia\srcds.exe:srcds
"UDP Query User{7644F290-A660-4294-9793-8A95DD5E29A7}C:\\srcds - copia\\srcds.exe"= TCP:C:\srcds - copia\srcds.exe:srcds
"TCP Query User{ED4942E2-7FA6-46EF-A925-47142AAD03A8}C:\\program files\\day of defeat source\\hl2.exe"= UDP:C:\program files\day of defeat source\hl2.exe:hl2
"UDP Query User{A742B248-C43A-4351-A1F1-2C0FC33D1B42}C:\\program files\\day of defeat source\\hl2.exe"= TCP:C:\program files\day of defeat source\hl2.exe:hl2
"TCP Query User{D0505269-9CB9-4DB9-8828-64C22919F6F2}C:\\srcds\\srcds.exe"= UDP:C:\srcds\srcds.exe:srcds
"UDP Query User{77288E43-D6D8-466C-A6F1-160CA12B6117}C:\\srcds\\srcds.exe"= TCP:C:\srcds\srcds.exe:srcds
"TCP Query User{C933739B-3A7E-4731-948D-04ACABF98800}C:\\program files\\cs source dedicated server\\dedicated server\\srcds.exe"= UDP:C:\program files\cs source dedicated server\dedicated server\srcds.exe:srcds
"UDP Query User{789199AA-08E6-4656-BF9A-C72B04C0D396}C:\\program files\\cs source dedicated server\\dedicated server\\srcds.exe"= TCP:C:\program files\cs source dedicated server\dedicated server\srcds.exe:srcds
"TCP Query User{D3559C88-D52F-4584-93EA-4603BCA36DBF}C:\\srcds\\srcds.exe"= UDP:C:\srcds\srcds.exe:srcds
"UDP Query User{8855985A-C086-447C-B36A-BBC0B90E421A}C:\\srcds\\srcds.exe"= TCP:C:\srcds\srcds.exe:srcds
"TCP Query User{28843465-3C60-420C-9461-2871B1D589FB}C:\\program files\\counter-strike\\hl.exe"= UDP:C:\program files\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{10BFFEE5-B012-4305-9FC1-71CBE6BCE090}C:\\program files\\counter-strike\\hl.exe"= TCP:C:\program files\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{1853F952-87B8-4358-9931-1608FE719791}C:\\program files\\counter-strike\\hlds.exe"= UDP:C:\program files\counter-strike\hlds.exe:HLDS Launcher
"UDP Query User{21F4679E-577F-4170-A1AB-427A3C8B925A}C:\\program files\\counter-strike\\hlds.exe"= TCP:C:\program files\counter-strike\hlds.exe:HLDS Launcher
"TCP Query User{2E725727-F3AB-4362-8576-B6203EF73FFD}C:\\program files\\counter-strike\\hl.exe"= UDP:C:\program files\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{E64B49DE-F2E5-408F-80E0-C32E17BADB12}C:\\program files\\counter-strike\\hl.exe"= TCP:C:\program files\counter-strike\hl.exe:Half-Life Launcher
"{7AA864BD-E8CA-408F-A6D0-180F893B02D0}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{E8CAEB2A-39E5-41AA-8BCF-83E2E3F12759}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{ED8F3082-F046-4244-9468-C8C7123B120C}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe :CrysisDedicatedServer_32
"{BB5AD67B-FEB3-48D6-8685-8DBE94D450FD}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe :CrysisDedicatedServer_32
"TCP Query User{9FE6F096-0626-4E5B-B4FD-EE48552E8B5C}C:\\program files\\counter-strike\\hlds.exe"= UDP:C:\program files\counter-strike\hlds.exe:HLDS Launcher
"UDP Query User{639303B2-9720-4485-8AB8-476A4189CF28}C:\\program files\\counter-strike\\hlds.exe"= TCP:C:\program files\counter-strike\hlds.exe:HLDS Launcher
"TCP Query User{3920D77D-44E5-4AB9-B341-6F448DBA6F46}D:\\srcds - original\\srcds.exe"= UDP:D:\srcds - original\srcds.exe:srcds
"UDP Query User{AFE1A276-E3AD-4734-90B6-761A85D88EA6}D:\\srcds - original\\srcds.exe"= TCP:D:\srcds - original\srcds.exe:srcds
"TCP Query User{3E617DD7-7E61-45D9-9EB2-1B64C13A4272}C:\\program files\\ubisoft\\tom clancy's rainbow six vegas\\binaries\\r6vegas_game.exe"= UDP:C:\program files\ubisoft\tom clancy's rainbow six vegas\binaries\r6vegas_game.exe:R6Vegas_Game
"UDP Query User{5E835BB6-45AB-4711-B684-54F8D5AE7AE5}C:\\program files\\ubisoft\\tom clancy's rainbow six vegas\\binaries\\r6vegas_game.exe"= TCP:C:\program files\ubisoft\tom clancy's rainbow six vegas\binaries\r6vegas_game.exe:R6Vegas_Game
"TCP Query User{CC0ED0B6-80FC-4C6A-88F7-CB82880C6BEE}C:\\program files\\team fortress 2\\hl2.exe"= UDP:C:\program files\team fortress 2\hl2.exe:hl2
"UDP Query User{0333E805-A4F1-4499-8E32-6350D87E5448}C:\\program files\\team fortress 2\\hl2.exe"= TCP:C:\program files\team fortress 2\hl2.exe:hl2
"TCP Query User{C557C4C8-875E-4CF2-BC57-F5AF718A29C1}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire
"UDP Query User{952B50A7-E4D0-4471-867E-4F8F7B6C7935}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire
"TCP Query User{F49E65BE-83D9-4987-8F53-74EED6848E1C}D:\\juegos\\team fortress 2 [vo0]\\team fortress 2\\team fortress 2\\hl2.exe"= UDP:D:\juegos\team fortress 2 [vo0]\team fortress 2\team fortress 2\hl2.exe:hl2
"UDP Query User{D1B9C836-A988-4496-8205-B666E744A9D9}D:\\juegos\\team fortress 2 [vo0]\\team fortress 2\\team fortress 2\\hl2.exe"= TCP:D:\juegos\team fortress 2 [vo0]\team fortress 2\team fortress 2\hl2.exe:hl2
"TCP Query User{FCFAD5AB-942E-4504-84CB-30FF420810BF}C:\\program files\\qtracker\\qtracker.exe"= UDP:C:\program files\qtracker\qtracker.exe:Qtracker
"UDP Query User{F6B71AAA-7B8A-4635-B4EF-301E987106C7}C:\\program files\\qtracker\\qtracker.exe"= TCP:C:\program files\qtracker\qtracker.exe:Qtracker
"TCP Query User{1E5C3F3D-5F0F-4149-A95D-93D0D696D02E}C:\\program files\\qtracker\\qtracker.exe"= UDP:C:\program files\qtracker\qtracker.exe:Qtracker
"UDP Query User{B6E3206A-BB67-4F62-BD1B-6A5F88B5C3A7}C:\\program files\\qtracker\\qtracker.exe"= TCP:C:\program files\qtracker\qtracker.exe:Qtracker
"TCP Query User{AED8E159-3264-41FA-B2B7-2D40B8BCBDDF}C:\\program files\\the all-seeing eye\\eye.exe"= UDP:C:\program files\the all-seeing eye\eye.exe:Yahoo! All-Seeing Eye
"UDP Query User{AB6A8430-C9CE-4570-A543-C1D4843790DD}C:\\program files\\the all-seeing eye\\eye.exe"= TCP:C:\program files\the all-seeing eye\eye.exe:Yahoo! All-Seeing Eye
"TCP Query User{6A67E2A7-1DE5-46FD-8386-3B5A3B899075}C:\\program files\\maxthon2\\modules\\mxdownloader\\mxdownload server.exe"= UDP:C:\program files\maxthon2\modules\mxdownloader\mxdownloadserv er.exe:MxDownloadServer
"UDP Query User{97CDB9CD-605D-41B0-A5A2-0E8DCF910EA8}C:\\program files\\maxthon2\\modules\\mxdownloader\\mxdownload server.exe"= TCP:C:\program files\maxthon2\modules\mxdownloader\mxdownloadserv er.exe:MxDownloadServer
"{66CA64F6-208E-41B4-BFE9-BE000DA399B3}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{4742CAF5-D309-4A4B-AB33-C6D8A0CB839E}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{2F5D0BAD-F38A-4187-A48C-C31947D6037A}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{92542627-A3E1-4D01-8309-4ABAA02E45F2}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{8E3323A3-940A-4222-BBD4-1D1F0B52A556}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{F81AD4F0-79BB-439C-A347-7E38FA1C03D0}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"TCP Query User{D3F13D1D-1192-4B91-A116-F467B10777DB}C:\\factusol\\revisiones.exe"= UDP:C:\factusol\revisiones.exe:Revisiones
"UDP Query User{BCEB1365-3DD2-493A-80D6-67330BC8D986}C:\\factusol\\revisiones.exe"= TCP:C:\factusol\revisiones.exe:Revisiones
"{D0F5B2A0-F339-4A56-8500-FA0C326E57CA}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{CBCE722D-5786-4252-A719-80E5412E2935}C:\\users\\pablo\\desktop\\team fortress 2 files\\qtracker\\qtracker.exe"= UDP:C:\users\pablo\desktop\team fortress 2 files\qtracker\qtracker.exe:qtracker.exe
"UDP Query User{2A784898-A09C-441D-B8B1-F4CACE8BCE84}C:\\users\\pablo\\desktop\\team fortress 2 files\\qtracker\\qtracker.exe"= TCP:C:\users\pablo\desktop\team fortress 2 files\qtracker\qtracker.exe:qtracker.exe
"{4C20A169-AB6A-4DF4-917E-ECD28BA0FFE9}"= UDP:C:\Program Files\eMule\emule.exe:eMule MorphXT
"{60B03902-7540-48E2-A9D2-ECEA7D9F3641}"= TCP:C:\Program Files\eMule\emule.exe:eMule MorphXT

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 CplIR;Embedded IR Driver;C:\Windows\system32\DRIVERS\CplIR.SYS [2007-03-06 15:01]
R0 iaNvStor;Intel(R) Turbo Memory Controller;C:\Windows\system32\DRIVERS\iaNvStor.sy s [2007-07-09 14:28]
R0 LPCFilter;LPC Lower Filter Driver;C:\Windows\system32\DRIVERS\LPCFilter.sys [2006-07-28 17:25]
R0 tos_sps32;TOSHIBA tos_sps32 Service;C:\Windows\system32\DRIVERS\tos_sps32.sys [2007-04-27 20:13]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-09-12 11:21]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\system32\drivers\LMIRfsDriver.sy s [2007-09-12 11:20]
R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2008-01-19 09:33]
R2 UxTuneUp;TuneUp Ampliación del thema;C:\Windows\System32\svchost.exe [2008-01-19 09:33]
R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [2008-01-19 09:33]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atik mdag.sys [2008-01-10 01:43]
R3 tosrfec;Bluetooth ACPI;C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-23 16:32]
R3 UVCFTR;UVCFTR;C:\Windows\system32\Drivers\UVCFTR_S .SYS [2007-04-16 10:19]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 12:43]
S3 athr;Controlador de dispositivo de LAN inalámbrica extensible Atheros;C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 09:30]
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\Windows\system32\Drivers\BrSerIf.sys [2006-09-03 01:53]
S3 Ltn_hyd7700pc;DiBcom DIB7700 based TV tuner device ;C:\Windows\system32\Drivers\Ltn_hyd7700pc.sys [2007-03-02 10:37]
S3 Ltn_rc;DiBcom Infrared Receiver ;C:\Windows\system32\DRIVERS\Ltn_rc.sys [2006-12-27 17:32]
S3 PctvVirtualNdis;Pinnacle Virtual Miniport;C:\Windows\system32\DRIVERS\PctvVirtualNd is.sys [2007-02-02 19:30]
S3 PPJoyBus;Parallel Port Joystick Bus device driver;C:\Windows\system32\drivers\PPJoyBus.sys [2004-10-24 09:11]
S3 PPortJoystick;Parallel Port Joystick device driver;C:\Windows\system32\drivers\PPortJoy.sys [2004-10-24 09:11]
S3 TNaviSrv;TOSHIBA Navi Support Service;C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [2007-06-28 17:25]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.ex e [2008-04-30 21:16]
S4 KR10I;KR10I;C:\Windows\system32\drivers\kr10i.sys [2007-01-18 16:40]
S4 KR10N;KR10N;C:\Windows\system32\drivers\kr10n.sys [2007-01-18 16:47]
S4 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-25 21:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{dc2f2e54-84c4-11dc-ad83-806e6f6e6963}]
\shell\AutoRun\command - F:\install.exe

*Newly Created Service* - CATCHME
.
Contenido de carpeta 'Tareas Programadas'
"2008-05-02 11:00:01 C:\Windows\Tasks\Mantenimiento con 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
.
************************************************** ************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-02 13:46:59
Windows 6.0.6001 Service Pack 1 NTFS

escaneando procesos ocultos ...

[0] 0x4589FFFF

escaneando entradas ocultas de autostart ...

escaneando archivos ocultos ...

el escaneo se completo con exito
archivos ocultos: 0

************************************************** ************************
.
Tiempo completado: 2008-05-02 13:47:46
ComboFix-quarantined-files.txt 2008-05-02 11:47:40

17 dirs 2,605,424,640 bytes libres
24 dirs 3,852,304,384 bytes libres

448 --- E O F --- 2008-05-01 21:42:06











Y ahora el resultado de avg Antirootkit:


estos antes de reiniciar

C:\Windows\System32\Drivers\a0kp07zh.SYS,Hidden driver file
C:\Windows\System32\Drivers\atx4i618.SYS,Hidden driver file


estos, habiendo eliminado los anteriores y nada mas terminar de cargar el escritorio:


C:\Windows\System32\Drivers\ap8o5600.SYS,Hidden driver file
C:\Windows\System32\Drivers\amb89rpj.SYS,Hidden driver file

El unico denominador comun esque siempre empiezan por "a" :D


Por ahora no noto nada raro en el ordenador todo parece ir bien pero esto me tiene con la mosca detras de la oreja.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiMeneame
Responder Con Cita
  #4 (permalink)  
Antiguo 07/05/08, 07:59:56
Usuario
  
Registrado: dic 2006
Ubicación: Es
Mensajes: 13
Re: nuevo rootkit detectado en cada reinicio
Algo llamativo en los ulitmos logs?

gracias
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiMeneame
Responder Con Cita
  #5 (permalink)  
Antiguo 09/05/08, 01:41:42
Avatar de ElPiedra
FS-Admin
  
Registrado: ene 2005
Ubicación: Miami
Mensajes: 23.858
Re: nuevo rootkit detectado en cada reinicio
Hola, perdón la demora, pero tu caso es algo complicado y estaba buscando algo mas de información.

Si hay un Rootkit en tu sistema, por lo que tendrías que probar varios de los programas Anti-Rootkits que tenemos a ver quien te lo puede detectar y eliminar.

GMER en su versión completa tendría que ser capaz de eliminar este, pero puede que lo tengas que ejecutar en modo seguro o ya sacando el disco y conectándolo en otra maquina para limpiar desde esta.

En todo caso anudaría si nos podes enviar alguna muestra de algún archivo infectados que te encuentren a nuestro Canal de InfoSpyware en BC para ver si lo podemos analizar y darte unos pasos mas puntuales.

Salu2
__________________

Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog

* Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando.
* Para evitar Virus y Spywares al navegar por internet, USE FIREFOX !!
* No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiMeneame
Responder Con Cita
  #6 (permalink)  
Antiguo 09/05/08, 06:31:10
Usuario
  
Registrado: dic 2006
Ubicación: Es
Mensajes: 13
Re: nuevo rootkit detectado en cada reinicio
Gracias

Ahora le paso todo los antirootkits posibles y ya pongo los resultados.
Tambien enviare esas dll a ver que encuentran.

Que se supone que debo poner en el subject al enviar los archivos a donde me comentas??



Aqui te dejo los logs de los antirootkits que instale, algunos no sirven para Vista 32.



Avira AntiRootkit Tool - Beta (1.0.1.17) no detecto nada

================================================== ================================================== ====
- Scan started viernes, 09 de mayo de 2008 - 12:52:48
================================================== ================================================== ====

--------------------------------------------------------------------------------------------------------
Configuration:
--------------------------------------------------------------------------------------------------------
- [X] Scan files
- [X] Scan registry
- [X] Scan processes
- [ ] Fast scan
- Working disk total size : 92.77 GB
- Working disk free size : 9.35 GB (10 %)
--------------------------------------------------------------------------------------------------------

Results:
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4 B-2AD3-4e50-B716-A66C15C63153}\InprocServer32 -> threadingmodel
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4 B-2AD3-4e50-B716-A66C15C63153}\InprocServer32 -> cd042efbbd7f7af1647644e76e06692b
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{604BB98 A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32 -> threadingmodel
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{604BB98 A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32 -> bca643cdc5c2726b20d2ecedcc62c59b
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{684373F B-9CD8-4e47-B990-5A4466C16034}\InprocServer32 -> threadingmodel
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{684373F B-9CD8-4e47-B990-5A4466C16034}\InprocServer32 -> 2c81e34222e8052573023a60d06dd016
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{74554CC D-F60F-4708-AD98-D0152D08C8B9}\InprocServer32 -> threadingmodel
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{74554CC D-F60F-4708-AD98-D0152D08C8B9}\InprocServer32 -> 2582ae41fb52324423be06337561aa48
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7EB537F 9-A916-4339-B91B-DED8E83632C0}\InprocServer32 -> threadingmodel
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7EB537F 9-A916-4339-B91B-DED8E83632C0}\InprocServer32 -> caaeda5fd7a9ed7697d9686d4b818472
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{948395E 8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32 -> threadingmodel
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{948395E 8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32 -> a4a1bcf2cc2b8bc3716b74b2b4522f5d
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{AC3ED30 B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32 -> threadingmodel
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{AC3ED30 B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32 -> 4d370831d2c43cd13623e232fed27b7b
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DE5654C A-EB84-4df9-915B-37E957082D6D}\InprocServer32 -> threadingmodel
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DE5654C A-EB84-4df9-915B-37E957082D6D}\InprocServer32 -> 1d68fe701cdea33e477eb204b76f993d
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{E39C35E 8-7488-4926-92B2-2F94619AC1A5}\InprocServer32 -> threadingmodel
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{E39C35E 8-7488-4926-92B2-2F94619AC1A5}\InprocServer32 -> 1fac81b91d8e3c5aa4b0a51804d844a3
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EACAFCE 5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32 -> threadingmodel
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EACAFCE 5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32 -> f5f62a6129303efb32fbe080bb27835b
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{F8F02AD D-7366-4186-9488-C21CB8B3DCEC}\InprocServer32 -> threadingmodel
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{F8F02AD D-7366-4186-9488-C21CB8B3DCEC}\InprocServer32 -> fd4e2e1a3940b94dceb5a6a021f2e3c6
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{FEE45DE 2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32 -> threadingmodel
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{FEE45DE 2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32 -> 8a8aec57dd6508a385616fbc86791ec2
Hidden key : HKEY_LOCAL_MACHINE\Software\Microsoft\MediaPlayer\ Preferences\hme
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\MediaPlayer\ Preferences -> oemserviceoverride11
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\MediaPlayer\ Preferences -> wmpnssfirewallportsopen
Hidden key : HKEY_LOCAL_MACHINE\Software\Microsoft\VSTA\8.0\Pro jects\{F184B08F-C81C-45F6-A57F-5ABD9991F28F}\AddItemTemplates\TemplateDirs\{164B1 0B9-B200-11D0-8C61-00A0C91E29D5}\/1
Hidden key : HKEY_LOCAL_MACHINE\Software\Microsoft\VSTA\8.0\Pro jects\{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}\AddItemTemplates\TemplateDirs\{FAE04 EC1-301F-11D3-BF4B-00C04F79EFBC}\/1

--------------------------------------------------------------------------------------------------------
Files: 0/365006
Registry items: 29/472479
Processes: 0/57
Scan time: 00:22:15
--------------------------------------------------------------------------------------------------------
Active processes:
- hnpocljg.exe (PID 6132) (Avira AntiRootkit Tool - Beta)
- System (PID 4)
- smss.exe (PID 536)
- csrss.exe (PID 668)
- wininit.exe (PID 728)
- csrss.exe (PID 740)
- services.exe (PID 772)
- lsass.exe (PID 788)
- lsm.exe (PID 796)
- winlogon.exe (PID 840)
- svchost.exe (PID 984)
- PresentationFontCache.exe (PID 1032)
- svchost.exe (PID 1076)
- svchost.exe (PID 1128)
- Ati2evxx.exe (PID 1196)
- svchost.exe (PID 1240)
- svchost.exe (PID 1276)
- svchost.exe (PID 1296)
- audiodg.exe (PID 1392)
- SLsvc.exe (PID 1424)
- svchost.exe (PID 1468)
- Ati2evxx.exe (PID 1588)
- svchost.exe (PID 1672)
- spoolsv.exe (PID 276)
- taskeng.exe (PID 368)
- dwm.exe (PID 392)
- explorer.exe (PID 636)
- svchost.exe (PID 632)
- svchost.exe (PID 1384)
- IAANTmon.exe (PID 1872)
- nod32krn.exe (PID 2168)
- PnkBstrA.exe (PID 2204)
- PnkBstrB.exe (PID 2248)
- svchost.exe (PID 2292)
- RtHDVCpl.exe (PID 2408)
- IAAnotif.exe (PID 2432)
- nod32kui.exe (PID 2648)
- MOM.exe (PID 2684)
- KeNotify.exe (PID 2692)
- TPwrMain.exe (PID 2700)
- wmdc.exe (PID 2712)
- SynTPEnh.exe (PID 2724)
- svchost.exe (PID 2760)
- TosCoSrv.exe (PID 2792)
- svchost.exe (PID 2904)
- TCrdMain.exe (PID 3088)
- SDWinSec.exe (PID 3144)
- SynToshiba.exe (PID 3484)
- svchost.exe (PID 3768)
- mobsync.exe (PID 3932)
- CCC.exe (PID 1172)
- taskeng.exe (PID 3584)
- wmpnscfg.exe (PID 2264)
- SynTPHelper.exe (PID 1460)
- emule.exe (PID 2360)
- infocard.exe (PID 2016)
- avirarkd.exe (PID 6104)
================================================== ================================================== ====
- Scan finished viernes, 09 de mayo de 2008 - 13:15:03
================================================== ================================================== ====










F-Secure no detecto nada

05/09/08 12:29:15 [Info]: BlackLight Engine 1.0.70 initialized
05/09/08 12:29:15 [Info]: OS: 6.0 build 6001 (Service Pack 1)
05/09/08 12:29:15 [Note]: 7019 4
05/09/08 12:29:15 [Note]: 7005 0
05/09/08 12:29:17 [Note]: 7006 0
05/09/08 12:29:17 [Note]: 7027 0
05/09/08 12:29:17 [Note]: 7035 0
05/09/08 12:29:17 [Note]: 7026 0
05/09/08 12:29:17 [Note]: 7026 0
05/09/08 12:29:21 [Note]: FSRAW library version 1.7.1024
05/09/08 12:29:26 [Note]: 4015 239870
05/09/08 12:29:26 [Note]: 4027 239870 131072
05/09/08 12:29:26 [Note]: 4020 239869 131072
05/09/08 12:29:26 [Note]: 4022 239869
05/09/08 12:31:10 [Note]: 4015 61234
05/09/08 12:31:10 [Note]: 4027 61234 65536
05/09/08 12:31:10 [Note]: 4020 61233 65536
05/09/08 12:31:10 [Note]: 4018 61233 65536
05/09/08 12:31:19 [Note]: 4015 93717
05/09/08 12:31:19 [Note]: 4027 93717 16842752
05/09/08 12:31:19 [Note]: 4020 77604 327680
05/09/08 12:31:19 [Note]: 4018 77604 327680
05/09/08 12:32:06 [Note]: 4015 61234
05/09/08 12:32:06 [Note]: 4027 61234 65536
05/09/08 12:32:06 [Note]: 4020 61233 65536
05/09/08 12:32:06 [Note]: 4018 61233 65536
05/09/08 12:32:09 [Note]: 4015 2018
05/09/08 12:32:09 [Note]: 4027 2018 196608
05/09/08 12:32:09 [Note]: 4020 1985 196608
05/09/08 12:32:09 [Note]: 4018 1985 196608
05/09/08 12:50:30 [Note]: 7007 0
Última edición por patalete fecha: 09/05/08 a las 09:18:47.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiMeneame
Responder Con Cita
  #7 (permalink)  
Antiguo 12/05/08, 17:39:29
Avatar de ElPiedra
FS-Admin
  
Registrado: ene 2005
Ubicación: Miami
Mensajes: 23.858
Re: nuevo rootkit detectado en cada reinicio
Hola, y no pudiste pasar GMER en su versión completa ??

En el subjet simplemente copia y pega la url de este tema para tenerlo como referencia y saber de que caso se trata.

Salu2
__________________

Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog

* Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando.
* Para evitar Virus y Spywares al navegar por internet, USE FIREFOX !!
* No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiMeneame
Responder Con Cita
  #8 (permalink)  
Antiguo 12/05/08, 21:12:45
Avatar de ElPiedra
FS-Admin
  
Registrado: ene 2005
Ubicación: Miami
Mensajes: 23.858
Re: nuevo rootkit detectado en cada reinicio
Hola patalete, Vuelvo a escribirte porque el día de hoy "GuillermoTell" del equipo de InfoSpyware me reportaba que en dos casos de similares características atendidos por el anteriormente, se habían solucionado reinstalando el Anti-Rootkit por lo que el problema parecería que es con este.

Te recomiendo probar reinstalando este antes de continuar.

Salu2
__________________

Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog

* Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando.
* Para evitar Virus y Spywares al navegar por internet, USE FIREFOX !!
* No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiMeneame
Responder Con Cita
  #9 (permalink)  
Antiguo 13/05/08, 08:16:00
Usuario
  
Registrado: dic 2006
Ubicación: Es
Mensajes: 13
Re: nuevo rootkit detectado en cada reinicio
Gracias
Ahora lo pruebo


He desinstalado y vuelto a instalar y nada. El AVG sigue diciendo que detecta 2 dll ocultas pero la verdad que yo no las consigo localizar de ninguna manera, siquiera para poder enviarlas a analizar.


Aqui va el log del gmer

GMER 1.0.14.14205 - http://www.gmer.net
Rootkit scan 2008-05-12 11:08:46
Windows 6.0.6001 Service Pack 1


---- System - GMER 1.0.14 ----

INT 0xB0 ? 91354CD0

---- Kernel code sections - GMER 1.0.14 ----

.text ntkrnlpa.exe!ZwQueryLicenseValue + D41 82076BB9 1 Byte [ 06 ]
_PAGELK C:\Windows\system32\ntkrnlpa.exe entry point in "_PAGELK" section [0x8210B4B0]
? C:\Windows\System32\Drivers\sptd.sys El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso.
.text USBPORT.SYS!DllUnload 8CDAC46F 5 Bytes JMP 881BD1C8
.text ajt1fms4.SYS 8C538000 22 Bytes [ 26, F2, 3D, 82, 10, F1, 3D, ... ]
.text ajt1fms4.SYS 8C538017 181 Bytes [ 00, 32, 57, 78, 82, 3D, 55, ... ]
.text ajt1fms4.SYS 8C5380CE 73 Bytes [ 00, 00, 00, 00, 01, C2, 03, ... ]
.text ajt1fms4.SYS 8C538118 185 Bytes [ 3F, 48, 3E, 8A, 3C, CC, 3D, ... ]
.text ajt1fms4.SYS 8C5381D2 22 Bytes [ E0, C2, E2, 84, E3, 46, E6, ... ]
.text ...
.text ak7dyh3m.SYS 8C0E3000 22 Bytes [ 26, F2, 3D, 82, 10, F1, 3D, ... ]
.text ak7dyh3m.SYS 8C0E3017 181 Bytes [ 00, 32, 57, 78, 82, 3D, 55, ... ]
.text ak7dyh3m.SYS 8C0E30CE 73 Bytes [ 00, 00, 00, 00, 01, C2, 03, ... ]
.text ak7dyh3m.SYS 8C0E3118 185 Bytes [ 3F, 48, 3E, 8A, 3C, CC, 3D, ... ]
.text ak7dyh3m.SYS 8C0E31D2 22 Bytes [ E0, C2, E2, 84, E3, 46, E6, ... ]
.text ...
PAGE spsys.sys!?SPVersion@@3PADA + 1A67 8C04903F 240 Bytes [ 8B, FF, 55, 8B, EC, 8B, 45, ... ]
PAGE spsys.sys!?SPVersion@@3PADA + 1B58 8C049130 6 Bytes [ 0E, 83, 78, 14, 01, 75 ]
PAGE spsys.sys!?SPVersion@@3PADA + 1B5F 8C049137 2214 Bytes [ 83, 78, 18, 37, 75, 02, B3, ... ]
PAGE spsys.sys!?SPVersion@@3PADA + 2406 8C0499DE 47 Bytes [ 04, BB, A8, 01, 00, 00, 8D, ... ]
PAGE spsys.sys!?SPVersion@@3PADA + 2436 8C049A0E 44 Bytes [ 05, 00, 00, 39, 54, 8D, D0, ... ]
PAGE ...
Última edición por patalete fecha: Hoy a las 17:12:02.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiMeneame
Responder Con Cita
  #10 (permalink)  
Antiguo Hoy, 17:15:32
Usuario
  
Registrado: dic 2006
Ubicación: Es
Mensajes: 13
Re: nuevo rootkit detectado en cada reinicio