Blog Registrarse Temas de Hoy AntiSpywares AntiVirus Glosario

Regresar   Foro de Spyware » Spyware - Adware - Hijackers - Malwares » Foro Oficial de HijackThis en español
Actualizar ayuda con hijackthis
         
Para evitar Virus, Spyware y ventanas emergentes, en InfoSpyware recomendamos navegar con: FIREFOX

Foro Oficial de HijackThis en español Analizamos tu log de HijackThis para eliminar Hijackers, Spyware, Adware, ToolBars, Virus, Troyanos y Malwares en gral. Antes lea las Políticas del Foro de HijackThis.

Respuesta
 
Herramientas
  post #1 (permalink)  
Antiguo 20/06/08, 11:11:48
Usuario
  
Registrado: jul 2007
Ubicación: cordoba
Mensajes: 3
ayuda con hijackthis
hola gente! es la primera vez que entro al foro en busca de ayuda...tengo varios spywares que me andan clavando la maquina con publicidades no deseadas y demas, me baje el programa y guarde el log del scan...necesito que alguien me ayude a eliminar los problemas ya que de esto mucho no entiendo...desde ya muchas gracias y un saludo grande!



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:03:55 p.m., on 20/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\jccatch.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLive.dll (file missing)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\getflash.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet.exe (file missing)
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet.exe (file missing)
O13 - Gopher Prefix:
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUpldes-ar.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/ES-AR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jre/6u5-b15/jinstall-6u5-windows-i586-jc.cab?AuthParam=1209656659_7f73012f29e94e99690cc6 74cd2f70c5&GroupName=JSC&BHost=javadl.sun.com&File Path=/ESD39/JSCDL/jre/6u5-b15/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 8263 bytes
Add Post to del.icio.usBookmark Post in TechnoratiMeneame
Responder Con Cita
  post #2 (permalink)  
Antiguo 20/06/08, 17:27:20
Avatar de GPastor
FS-Admin
  
Registrado: mar 2005
Ubicación: Callao - Perú
Mensajes: 17.032
Re: ayuda con hijackthis
Hola, te doy la bienvenida al Foro de InfoSpyware, sigue estos pasos:

Descarga, actualiza y ejecuta el programa:Descarga CCleaner y ejecútalo usando primero su opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos, y luego usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad).


- Descarga la herramienta ComboFix.exe y guárdala en el escritorio.
  • Desactiva temporalmente el Antivirus y/o Antispyware.
  • Cierra todas las ventanas abiertas.
  • Haz doble clic al archivo ComboFix.exe y sigue las instrucciones.
  • Cuando termine, generará un registro en C:\ComboFix.txt.
    • *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
    • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.
Cita:
Atención!! No use ComboFix a menos que se le haya indicado específicamente en su mensaje por un integrante de nuestro Staff. Es una herramienta de gran alcance destinada por su creador a ser usada bajo la orientación y supervisión de un experto, no para uso privado. El uso de ComboFix incorrectamente podría generar problemas en su sistema. Por favor, lea las "Negaciones de la Garantía" de ComboFix.
  • Reinicia y pega el reporte de C:\ComboFix.txt en este mismo mensaje.

Saludos

Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog

* Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando.
* Para evitar Virus y Spywares al navegar por internet, USE FIREFOX !!
* No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.
Add Post to del.icio.usBookmark Post in TechnoratiMeneame
Responder Con Cita
  post #3 (permalink)  
Antiguo 20/06/08, 21:17:08
Usuario
  
Registrado: jul 2007
Ubicación: cordoba
Mensajes: 3
Re: ayuda con hijackthis
segui todos los pasos como me dijiste...ahi va el log...




ComboFix 08-06-20.1 - bachi 2008-06-20 22:01:21.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.3082.18.322 [GMT -3:00]
Se ejecuta desde: C:\Users\bachi\Desktop\ComboFix.exe
* Creado un nuevo punto de restauración
* Resident AV is active

.

(((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\x64

.
(((((((((((((((((( Archivos creados desde 2008-05-21 - 2008-06-21 )))))))))))))))))))))))))))))))))
.

2008-06-20 21:48 . 2008-06-20 21:48 <DIR> d-------- C:\Program Files\CCleaner
2008-06-20 21:08 . 2008-06-20 21:08 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-06-20 21:08 . 2008-06-20 21:08 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-06-20 21:06 . 2008-06-20 21:06 <DIR> d-------- C:\Users\bachi\AppData\Roaming\SUPERAntiSpyware.co m
2008-06-20 21:06 . 2008-06-20 21:07 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-20 21:05 . 2008-06-20 21:05 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-20 11:57 . 2008-06-20 11:57 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-18 14:16 . 2008-06-18 14:17 <DIR> d-------- C:\Users\bachi\AppData\Roaming\SpywareRemover
2008-06-16 15:42 . 2008-06-16 15:42 <DIR> d-------- C:\Users\bachi\AppData\Roaming\PCToolsFirewallPlus
2008-06-16 15:28 . 2008-06-16 16:04 <DIR> d-------- C:\Program Files\PC Tools Firewall Plus
2008-06-16 15:28 . 2008-06-16 15:28 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-06-16 15:28 . 2008-03-12 09:30 159,896 --a------ C:\Windows\System32\drivers\pctfw2.sys
2008-06-16 15:28 . 2008-02-25 16:38 93,440 --a------ C:\Windows\System32\drivers\pctfw.sys
2008-06-16 15:28 . 2008-02-21 08:56 40,856 --a------ C:\Windows\System32\drivers\pctmp.sys
2008-06-16 15:28 . 2008-02-21 08:56 18,328 --a------ C:\Windows\System32\drivers\pctssipc.sys
2008-06-16 15:10 . 2008-06-16 15:10 <DIR> d-------- C:\Users\bachi\AppData\Roaming\PC Tools
2008-06-16 15:10 . 2008-06-16 15:20 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-06-16 15:10 . 2007-12-10 13:53 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys
2008-06-16 15:10 . 2007-12-10 13:53 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys
2008-06-16 15:10 . 2008-02-01 11:55 42,376 --a------ C:\Windows\System32\drivers\ikfilesec.sys
2008-06-16 15:10 . 2007-12-10 13:53 29,576 --a------ C:\Windows\System32\drivers\kcom.sys
2008-06-16 14:35 . 2008-06-20 21:10 <DIR> d-a------ C:\Users\All Users\TEMP
2008-06-16 14:35 . 2008-06-20 21:10 <DIR> d-a------ C:\ProgramData\TEMP
2008-06-15 17:38 . 2008-06-15 17:38 <DIR> d-------- C:\Users\bachi\lavasoft ad-aware 2008 + spyware doctor 2008 (keys + cracks incl )
2008-06-15 16:42 . 2008-06-15 17:49 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-06-15 16:42 . 2008-06-15 17:49 <DIR> d-------- C:\ProgramData\Lavasoft
2008-06-15 16:42 . 2008-06-15 17:52 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-11 23:34 . 2008-06-11 23:34 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_ 00.Wdf
2008-06-11 11:17 . 2008-05-10 00:35 885,248 --a------ C:\Windows\System32\RacEngn.dll
2008-06-11 11:17 . 2008-05-09 19:22 9,127 --a------ C:\Windows\System32\RacUR.xml
2008-06-11 11:17 . 2008-05-09 19:22 153 --a------ C:\Windows\System32\RacUREx.xml
2008-06-11 11:16 . 2008-04-24 23:12 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-06-11 11:16 . 2008-04-26 05:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-06-11 11:16 . 2008-04-25 01:35 826,880 --a------ C:\Windows\System32\wininet.dll
2008-06-11 11:16 . 2008-05-09 22:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-06-10 12:41 . 2008-06-10 12:41 <DIR> dr------- C:\Users\Public\Downloads
2008-06-10 12:26 . 2008-06-10 12:26 <DIR> d-------- C:\PerfLogs
2008-06-10 00:58 . 2008-01-19 04:33 2,623,488 --a------ C:\Windows\System32\SLsvc.exe
2008-06-10 00:58 . 2008-01-19 04:36 1,541,120 --a------ C:\Windows\System32\onex.dll
2008-06-10 00:56 . 2008-01-19 00:12 3,662,296 --a------ C:\Windows\System32\locale.nls
2008-06-10 00:55 . 2008-01-19 04:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-06-10 00:54 . 2008-01-19 04:35 3,072,000 --a------ C:\Windows\System32\networkmap.dll
2008-06-10 00:53 . 2008-01-19 03:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-06-10 00:52 . 2008-01-19 04:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe
2008-06-10 00:52 . 2008-01-05 08:31 145,455 --a------ C:\Windows\System32\perfmon.msc
2008-06-10 00:52 . 2008-01-05 08:22 144,909 --a------ C:\Windows\System32\fsmgmt.msc
2008-06-10 00:52 . 2008-01-05 08:34 15,181 --a------ C:\Windows\System32\gatherWirelessInfo.vbs
2008-06-10 00:52 . 2008-01-05 08:21 12,198 --a------ C:\Windows\System32\gatherWiredInfo.vbs
2008-06-10 00:52 . 2008-01-19 02:37 2,048 --a------ C:\Windows\System32\wertargets.wtl
2008-06-10 00:52 . 2008-01-05 08:31 3 --a------ C:\Windows\System32\drivers\MsftWdf_Kernel_01007_I nbox_Critical.Wdf
2008-06-10 00:51 . 2008-01-19 04:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-06-10 00:51 . 2008-01-19 04:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-06-10 00:51 . 2008-01-19 04:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-06-10 00:51 . 2008-01-19 04:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-06-10 00:51 . 2008-01-19 04:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-06-10 00:51 . 2008-01-19 04:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-06-10 00:51 . 2008-01-19 04:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-06-10 00:51 . 2008-01-19 04:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-06-10 00:51 . 2008-01-19 04:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-06-02 22:15 . 2008-06-11 22:51 <DIR> d-------- C:\Windows\System32\Adobe
2008-05-27 19:48 . 2008-03-07 23:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-27 19:48 . 2008-03-08 01:21 1,695,744 --a------ C:\Windows\System32\gameux.dll

.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2008-06-11 15:36 --------- d-----w C:\Program Files\Windows Mail
2008-06-10 15:41 174 --sha-w C:\Program Files\desktop.ini
2008-06-10 15:30 --------- d-----w C:\Program Files\Windows Sidebar
2008-06-10 15:30 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-06-10 15:30 --------- d-----w C:\Program Files\Windows Collaboration
2008-06-10 15:30 --------- d-----w C:\Program Files\Windows Calendar
2008-06-10 15:29 --------- d-----w C:\Program Files\Windows Defender
2008-06-10 15:03 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-06-10 15:03 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-05-15 03:12 --------- d-----w C:\Program Files\Ares
2008-05-15 03:06 --------- d-----w C:\Users\bachi\AppData\Roaming\LimeWire
2008-05-05 18:14 --------- d-----w C:\Program Files\DivX
2008-05-05 17:52 --------- d-----w C:\ProgramData\Apple Computer
2008-05-05 11:33 442,368 ----a-w C:\Windows\System32\{71c4a47f-4c66-a2d4-89dd-55f2eea14a93}.dll
2008-05-01 15:48 --------- d-----w C:\Program Files\Java
2008-05-01 15:44 --------- d-----w C:\Program Files\Common Files\Java
2008-04-29 16:40 --------- d-----w C:\Program Files\QuickTime
2008-03-31 21:25 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
.

((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 04:33 202240]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 10:46 4349952 C:\Windows\RtHDVCpl.exe]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-08 18:43 729088]
"NeroFilterCheck"="C:\Windows\system32\NeroCheck.e xe" [2001-07-09 10:50 155648]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-03-10 14:05 949376]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-02-11 20:13 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-02-11 20:13 166424]
"Persistence"="C:\Windows\system32\igfxpers.ex e" [2008-02-11 20:13 133656]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"00PCTFW"="C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" [2008-03-28 14:37 2598808]

C:\Users\bachi\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [16/03/2005 19:16:50 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= c:\progra~1\codecp~1\i263\i263_32.drv
"msacm.l3acm"= šðö
"vidc.DIV3"= c:\progra~1\codecp~1\divx3\divxc32.dll
"vidc.DIV4"= c:\progra~1\codecp~1\divx412\divx.dll
"vidc.xvid"= c:\progra~1\codecp~1\xvid\xvid.dll
"vidc.fvfw"= c:\progra~1\codecp~1\ffvfw\ffvfw.dll
"msacm.avis"= c:\progra~1\codecp~1\ffvfw\ffvfw.dll
"vidc.MPG4"= c:\progra~1\codecp~1\mpeg4\mpg4c32.dll
"vidc.MP42"= c:\progra~1\codecp~1\mpeg4\mpg4c32.dll
"vidc.MP43"= c:\progra~1\codecp~1\mpeg4\mpg4c32.dll
"VIDC.MJPG"= c:\progra~1\codecp~1\picvideo\pvmjpg21.dll
"VIDC.PIMJ"= c:\progra~1\codecp~1\picvideo\pvljpg20.dll
"VIDC.PVW2"= c:\progra~1\codecp~1\picvideo\pvwv220.dll
"VIDC.SJPG"= c:\progra~1\codecp~1\pmmjpeg\pmmjpeg.dll
"vidc.MJPX"= c:\progra~1\codecp~1\m3jpegv3\m3jpeg32.dll
"vidc.dmb1"= c:\progra~1\codecp~1\m3jpegv3\m3jpeg32.dll
"VIDC.HFYU"= c:\progra~1\codecp~1\huffyuv\huffyuv.dll
"VIDC.ZLIB"= c:\progra~1\codecp~1\lcljp\avizlib.dll
"VIDC.MSZH"= c:\progra~1\codecp~1\lcljp\avimszh.dll
"vidc.MVW1"= c:\progra~1\codecp~1\aware\icmw_32.dll
"vidc.dvmc"= c:\progra~1\codecp~1\mcdv\mcdvd_32.dll
"vidc.VP31"= c:\progra~1\codecp~1\on2vp3\vp31vfw.dll
"vidc.3IV2"= c:\progra~1\codecp~1\3ivx\3ivxvf~1.dll
"vidc.I263"= c:\progra~1\codecp~1\i263\i263_32.drv
"msacm.imc"= c:\progra~1\codecp~1\i263\imc32.acm
"VIDC.YMPG"= c:\progra~1\codecp~1\ympeg\ympgcdc.dll
"msacm.ympgacm"= c:\progra~1\codecp~1\ympeg\ympgacm.acm
"VIDC.WMV3"= c:\progra~1\codecp~1\wm9\wmv9vcm.dll
"msacm.lameacm"= c:\progra~1\codecp~1\mp3lame\lameacm.acm
"msacm.atrac3"= c:\progra~1\codecp~1\atrac3\atrac3.acm
"msacm.qmpeg"= c:\progra~1\codecp~1\qmpeg\qmpeg.acm
"msacm.uleaddv"= c:\progra~1\codecp~1\uleaddv\dvacm.acm
"msacm.vorbis"= c:\progra~1\codecp~1\vorbis\vorbis.acm
"msacm.divxa32"= c:\progra~1\codecp~1\wma\divxa32.acm
"msacm.msaudio2"= c:\progra~1\codecp~1\wma\msaud32h.acm
"msacm.msaudio1"= šðö

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\himem]
c:\windows\himem.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{c1bfe8f4-cda5-38f8-3db2-c543f8a0fb77}]
C:\Windows\system32\{2a220584-e6fc-33a9-8b21-664c62356373}.dll

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{6D0B1614-2D13-4902-AFFC-D8A5F9549BC5}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{A1887617-8BA1-429F-B735-7E664A9AE5E7}C:\\program files\\flashget.exe"= UDP:C:\program files\flashget.exe:FlashGet
"UDP Query User{F3FC0F35-1C78-4254-AF8F-E3F45E6170A0}C:\\program files\\flashget.exe"= TCP:C:\program files\flashget.exe:FlashGet
"TCP Query User{35C58201-99C6-4227-ADA8-855B2FC01C64}C:\\program files\\flashget.exe"= UDP:C:\program files\flashget.exe:FlashGet
"UDP Query User{F9CFC9DB-9BC4-4FB8-8D04-3280284EBE83}C:\\program files\\flashget.exe"= TCP:C:\program files\flashget.exe:FlashGet
"TCP Query User{DEB379D3-5C88-4AD6-A023-9033B06334DF}C:\\program files\\ares\\ares.exe"= UDP:C:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{C20BB657-395B-4DAE-AE78-8F2257386423}C:\\program files\\ares\\ares.exe"= TCP:C:\program files\ares\ares.exe:Ares p2p for windows
"TCP Query User{542344EE-0ADE-46E3-B405-47E2CE5C7EF4}C:\\program files\\ares\\ares.exe"= UDP:C:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{EA2A4A81-2C53-4739-ABAF-C022EBEF5A2A}C:\\program files\\ares\\ares.exe"= TCP:C:\program files\ares\ares.exe:Ares p2p for windows
"TCP Query User{2EA07971-010C-4BD8-A638-BFA86149A514}C:\\program files\\flashget\\flashget.exe"= UDP:C:\program files\flashget\flashget.exe:FlashGet
"UDP Query User{BE41444A-44B4-43C5-8DA7-C99C0F0AA3FD}C:\\program files\\flashget\\flashget.exe"= TCP:C:\program files\flashget\flashget.exe:FlashGet
"{CFFE8863-8618-4EE4-9DC6-2F5FF31719BC}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{1D1E01C8-E337-451E-8FB2-C9758961131B}C:\\program files\\flashget\\flashget.exe"= UDP:C:\program files\flashget\flashget.exe:FlashGet
"UDP Query User{ABE26590-A219-4B84-A850-C60EC326808A}C:\\program files\\flashget\\flashget.exe"= TCP:C:\program files\flashget\flashget.exe:FlashGet
"{8098F43F-33B4-4229-B33E-18E22B526A32}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{CD7145E4-1940-4D1A-8119-334B61D69F45}C:\\users\\bachi\\documents\\helbreat h\\helbreath.exe"= UDP:C:\users\bachi\documents\helbreath\helbreath.e xe:helbreath.exe
"UDP Query User{2071A131-D361-4764-BF9F-A98DC5BE789C}C:\\users\\bachi\\documents\\helbreat h\\helbreath.exe"= TCP:C:\users\bachi\documents\helbreath\helbreath.e xe:helbreath.exe
"TCP Query User{BA7C50B9-ED58-4D72-86FD-C55983F14785}C:\\users\\bachi\\documents\\helbreat h\\zserver\\hbserver 3.82\\gateserver.exe"= UDP:C:\users\bachi\documents\helbreath\zserver\hbs erver 3.82\gateserver.exe:gateserver.exe
"UDP Query User{F2BD216A-128B-4A26-92A4-240BC867934B}C:\\users\\bachi\\documents\\helbreat h\\zserver\\hbserver 3.82\\gateserver.exe"= TCP:C:\users\bachi\documents\helbreath\zserver\hbs erver 3.82\gateserver.exe:gateserver.exe
"TCP Query User{E351B893-D97F-4F82-A18B-D7088793344A}C:\\users\\bachi\\documents\\helbreat h\\zserver\\hbserver 3.82\\helbreath update server.exe"= UDP:C:\users\bachi\documents\helbreath\zserver\hbs erver 3.82\helbreath update server.exe:helbreath update server.exe
"UDP Query User{8A43FFD8-FCB2-461A-91A2-83B8DF8C0095}C:\\users\\bachi\\documents\\helbreat h\\zserver\\hbserver 3.82\\helbreath update server.exe"= TCP:C:\users\bachi\documents\helbreath\zserver\hbs erver 3.82\helbreath update server.exe:helbreath update server.exe
"TCP Query User{65FD423D-EAF7-49E0-A8E8-D259D5C157FB}C:\\users\\bachi\\documents\\helbreat h\\zserver\\hbserver 3.82\\gameservers\\aresden\\hgserver.exe"= UDP:C:\users\bachi\documents\helbreath\zserver\hbs erver 3.82\gameservers\aresden\hgserver.exe:hgserver.exe
"UDP Query User{060137D3-B402-4C04-ADCE-95968A1BE7F5}C:\\users\\bachi\\documents\\helbreat h\\zserver\\hbserver 3.82\\gameservers\\aresden\\hgserver.exe"= TCP:C:\users\bachi\documents\helbreath\zserver\hbs erver 3.82\gameservers\aresden\hgserver.exe:hgserver.exe
"TCP Query User{56C94653-77C6-42FB-B499-BCC09D0DCFBD}C:\\users\\bachi\\documents\\helbreat h\\zserver\\hbserver 3.82\\mainlserver.exe"= UDP:C:\users\bachi\documents\helbreath\zserver\hbs erver 3.82\mainlserver.exe:mainlserver.exe
"UDP Query User{E71EE8E7-624C-4FE0-BDCB-5116F9D2A63C}C:\\users\\bachi\\documents\\helbreat h\\zserver\\hbserver 3.82\\mainlserver.exe"= TCP:C:\users\bachi\documents\helbreath\zserver\hbs erver 3.82\mainlserver.exe:mainlserver.exe
"TCP Query User{94315A11-3BC1-4156-9C24-085D5C8761A4}C:\\users\\bachi\\documents\\helbreat h\\zserver\\hbserver 3.82\\gameservers\\custom\\hgserver.exe"= UDP:C:\users\bachi\documents\helbreath\zserver\hbs erver 3.82\gameservers\custom\hgserver.exe:hgserver.exe
"UDP Query User{5597EE4B-07A9-4A8C-B92F-35FEA8F9AB3B}C:\\users\\bachi\\documents\\helbreat h\\zserver\\hbserver 3.82\\gameservers\\custom\\hgserver.exe"= TCP:C:\users\bachi\documents\helbreath\zserver\hbs erver 3.82\gameservers\custom\hgserver.exe:hgserver.exe
"TCP Query User{DD3C78B6-6615-4E93-A679-7F0D97EA83D5}C:\\users\\bachi\\documents\\helbreat h\\zserver\\hbserver 3.82\\gameservers\\aresden\\hgserver.exe"= UDP:C:\users\bachi\documents\helbreath\zserver\hbs erver 3.82\gameservers\aresden\hgserver.exe:hgserver.exe
"UDP Query User{B05C6EC0-B24B-48DD-8D45-30D53F9C64A4}C:\\users\\bachi\\documents\\helbreat h\\zserver\\hbserver 3.82\\gameservers\\aresden\\hgserver.exe"= TCP:C:\users\bachi\documents\helbreath\zserver\hbs erver 3.82\gameservers\aresden\hgserver.exe:hgserver.exe
"TCP Query User{9260D3A5-B5E6-48AB-9A1E-B0CBA19D82B9}C:\\users\\bachi\\documents\\helbreat h\\zserver\\hbserver 3.82\\mainlserver.exe"= UDP:C:\users\bachi\documents\helbreath\zserver\hbs erver 3.82\mainlserver.exe:mainlserver.exe
"UDP Query User{BD467B3B-79EA-466F-9A8C-9F0084ACAF6E}C:\\users\\bachi\\documents\\helbreat h\\zserver\\hbserver 3.82\\mainlserver.exe"= TCP:C:\users\bachi\documents\helbreath\zserver\hbs erver 3.82\mainlserver.exe:mainlserver.exe
"TCP Query User{8E8E5548-1B40-4346-ACCD-81C2F2851AC0}C:\\users\\bachi\\documents\\helbreat h\\zserver\\hbserver 3.82\\helbreath update server.exe"= UDP:C:\users\bachi\documents\helbreath\zserver\hbs erver 3.82\helbreath update server.exe:helbreath update server.exe
"UDP Query User{AF4ECE09-CAFA-4D9E-BE50-996D737962C5}C:\\users\\bachi\\documents\\helbreat h\\zserver\\hbserver 3.82\\helbreath update server.exe"= TCP:C:\users\bachi\documents\helbreath\zserver\hbs erver 3.82\helbreath update server.exe:helbreath update server.exe
"TCP Query User{E416B479-12EA-40C5-BA6D-C53C49A50B43}C:\\users\\bachi\\documents\\helbreat h\\server\\hbserver 3.82\\gateserver.exe"= UDP:C:\users\bachi\documents\helbreath\server\hbse rver 3.82\gateserver.exe:gateserver.exe
"UDP Query User{7A79B84C-B9A1-498D-A27E-76396807A962}C:\\users\\bachi\\documents\\helbreat h\\server\\hbserver 3.82\\gateserver.exe"= TCP:C:\users\bachi\documents\helbreath\server\hbse rver 3.82\gateserver.exe:gateserver.exe
"TCP Query User{2AC97BFC-EE3E-47A6-94B6-30137FA6E6D9}C:\\users\\bachi\\documents\\helbreat h\\server\\hbserver 3.82\\gameservers\\aresden\\hgserver.exe"= UDP:C:\users\bachi\documents\helbreath\server\hbse rver 3.82\gameservers\aresden\hgserver.exe:hgserver.exe
"UDP Query User{FDF04C1D-317B-4C2F-BE2D-C13D8B75AA97}C:\\users\\bachi\\documents\\helbreat h\\server\\hbserver 3.82\\gameservers\\aresden\\hgserver.exe"= TCP:C:\users\bachi\documents\helbreath\server\hbse rver 3.82\gameservers\aresden\hgserver.exe:hgserver.exe
"TCP Query User{DF8940C5-D7C2-49A4-90E5-4ECA9D2B90F2}C:\\users\\bachi\\documents\\helbreat h\\server\\hbserver 3.82\\mainlserver.exe"= UDP:C:\users\bachi\documents\helbreath\server\hbse rver 3.82\mainlserver.exe:mainlserver.exe
"UDP Query User{F57FFD38-43D6-4D06-96CB-A3CD0084EF4F}C:\\users\\bachi\\documents\\helbreat h\\server\\hbserver 3.82\\mainlserver.exe"= TCP:C:\users\bachi\documents\helbreath\server\hbse rver 3.82\mainlserver.exe:mainlserver.exe
"TCP Query User{A5117EA0-4C9B-4F8B-BFBE-8F3C6FB287A7}C:\\users\\bachi\\documents\\helbreat h\\hb-bachi\\worldlserver.exe"= UDP:C:\users\bachi\documents\helbreath\hb-bachi\worldlserver.exe:worldlserver.exe
"UDP Query User{C3C64217-7E72-4D9D-86FF-0778E6F97BFD}C:\\users\\bachi\\documents\\helbreat h\\hb-bachi\\worldlserver.exe"= TCP:C:\users\bachi\documents\helbreath\hb-bachi\worldlserver.exe:worldlserver.exe
"TCP Query User{AFF1832D-AD63-46AF-905E-2FD37528FFF7}C:\\users\\bachi\\documents\\helbreat h\\hb-bachi\\gameservers\\aresden\\hgserver.exe"= UDP:C:\users\bachi\documents\helbreath\hb-bachi\gameservers\aresden\hgserver.exe:hgserver.ex e
"UDP Query User{D41C34E4-27B8-4045-AFE8-3F6C935B8C60}C:\\users\\bachi\\documents\\helbreat h\\hb-bachi\\gameservers\\aresden\\hgserver.exe"= TCP:C:\users\bachi\documents\helbreath\hb-bachi\gameservers\aresden\hgserver.exe:hgserver.ex e
"TCP Query User{2272C204-C4AA-4A1E-8920-8E3624A1A06D}C:\\users\\bachi\\documents\\helbreat h\\hb-bachi\\mainlserver.exe"= UDP:C:\users\bachi\documents\helbreath\hb-bachi\mainlserver.exe:mainlserver.exe
"UDP Query User{8263320C-48B9-4425-A153-5CCEF03C8C4E}C:\\users\\bachi\\documents\\helbreat h\\hb-bachi\\mainlserver.exe"= TCP:C:\users\bachi\documents\helbreath\hb-bachi\mainlserver.exe:mainlserver.exe
"TCP Query User{C2C62ACE-8E8B-41E2-8171-266B27270FCF}C:\\users\\bachi\\documents\\helbreat h\\hb-bachi\\gateserver.exe"= UDP:C:\users\bachi\documents\helbreath\hb-bachi\gateserver.exe:gateserver.exe
"UDP Query User{945C7699-582F-46AE-8BD1-0196D8BDD47E}C:\\users\\bachi\\documents\\helbreat h\\hb-bachi\\gateserver.exe"= TCP:C:\users\bachi\documents\helbreath\hb-bachi\gateserver.exe:gateserver.exe
"TCP Query User{F7C5463C-CC4D-4E82-AADE-4DE5C62766A6}C:\\users\\bachi\\documents\\helbreat h\\server oxy completo\\hb oxy 3.82\\gateserver.exe"= UDP:C:\users\bachi\documents\helbreath\server oxy completo\hb oxy 3.82\gateserver.exe:gateserver.exe
"UDP Query User{B7D0EF15-A81A-475C-A3F7-F2F8289F8E1E}C:\\users\\bachi\\documents\\helbreat h\\server oxy completo\\hb oxy 3.82\\gateserver.exe"= TCP:C:\users\bachi\documents\helbreath\server oxy completo\hb oxy 3.82\gateserver.exe:gateserver.exe
"TCP Query User{D8E72B70-8EC5-4ACB-8809-C14C99C7758A}C:\\users\\bachi\\documents\\helbreat h\\server oxy completo\\hb oxy 3.82\\gameservers\\aresden\\hgserver.exe"= UDP:C:\users\bachi\documents\helbreath\server oxy completo\hb oxy 3.82\gameservers\aresden\hgserver.exe:hgserver.exe
"UDP Query User{65EC2A11-16DD-4325-9989-27A1CC0116A9}C:\\users\\bachi\\documents\\helbreat h\\server oxy completo\\hb oxy 3.82\\gameservers\\aresden\\hgserver.exe"= TCP:C:\users\bachi\documents\helbreath\server oxy completo\hb oxy 3.82\gameservers\aresden\hgserver.exe:hgserver.exe
"TCP Query User{FE5F5181-1ACD-481B-BAE8-FE22C11AE13B}C:\\users\\bachi\\documents\\helbreat h\\server oxy completo\\hb oxy 3.82\\_3worldlserver.exe"= UDP:C:\users\bachi\documents\helbreath\server oxy completo\hb oxy 3.82\_3worldlserver.exe:_3worldlserver.exe
"UDP Query User{6434137A-E2F5-4338-AC15-316D0955AE28}C:\\users\\bachi\\documents\\helbreat h\\server oxy completo\\hb oxy 3.82\\_3worldlserver.exe"= TCP:C:\users\bachi\documents\helbreath\server oxy completo\hb oxy 3.82\_3worldlserver.exe:_3worldlserver.exe
"TCP Query User{08979951-1313-40A7-AED2-434068DBBB08}C:\\users\\bachi\\documents\\helbreat h\\server oxy completo\\hb oxy 3.82\\mainlserver.exe"= UDP:C:\users\bachi\documents\helbreath\server oxy completo\hb oxy 3.82\mainlserver.exe:mainlserver.exe
"UDP Query User{BB5B223B-39C9-4CBA-94EB-072877F2B049}C:\\users\\bachi\\documents\\helbreat h\\server oxy completo\\hb oxy 3.82\\mainlserver.exe"= TCP:C:\users\bachi\documents\helbreath\server oxy completo\hb oxy 3.82\mainlserver.exe:mainlserver.exe
"TCP Query User{BC2AB78B-2C51-4077-9CFC-14B8C7073574}C:\\users\\bachi\\documents\\helbreat h\\server oxy completo\\hb oxy 3.82\\mainlserver.exe"= UDP:C:\users\bachi\documents\helbreath\server oxy completo\hb oxy 3.82\mainlserver.exe:mainlserver.exe
"UDP Query User{2A5205EC-0BB3-45EF-9C06-66E59F02C82C}C:\\users\\bachi\\documents\\helbreat h\\server oxy completo\\hb oxy 3.82\\mainlserver.exe"= TCP:C:\users\bachi\documents\helbreath\server oxy completo\hb oxy 3.82\mainlserver.exe:mainlserver.exe
"TCP Query User{966D9798-F2AA-493A-8084-7837D7A5211A}C:\\users\\bachi\\documents\\helbreat h\\server oxy completo\\hb oxy 3.82\\_3worldlserver.exe"= UDP:C:\users\bachi\documents\helbreath\server oxy completo\hb oxy 3.82\_3worldlserver.exe:_3worldlserver.exe
"UDP Query User{682D8486-8D17-4147-9273-A66A274B83B7}C:\\users\\bachi\\documents\\helbreat h\\server oxy completo\\hb oxy 3.82\\_3worldlserver.exe"= TCP:C:\users\bachi\documents\helbreath\server oxy completo\hb oxy 3.82\_3worldlserver.exe:_3worldlserver.exe
"TCP Query User{1D5E91FC-F27B-43F5-85D6-963BF3C597FC}C:\\users\\bachi\\documents\\helbreat h\\onfire\\gateserver.exe"= UDP:C:\users\bachi\documents\helbreath\onfire\gate server.exe:gateserver.exe
"UDP Query User{4A7262B7-ACEF-4523-BEDF-293AC2F103C0}C:\\users\\bachi\\documents\\helbreat h\\onfire\\gateserver.exe"= TCP:C:\users\bachi\documents\helbreath\onfire\gate server.exe:gateserver.exe
"TCP Query User{6B0175F8-87FD-450D-A913-A71F0E8B7E44}C:\\users\\bachi\\documents\\helbreat h\\onfire\\mainlserver.exe"= UDP:C:\users\bachi\documents\helbreath\onfire\main lserver.exe:mainlserver.exe
"UDP Query User{F9369385-39ED-4E4B-B735-8E4A980E54E7}C:\\users\\bachi\\documents\\helbreat h\\onfire\\mainlserver.exe"= TCP:C:\users\bachi\documents\helbreath\onfire\main lserver.exe:mainlserver.exe
"TCP Query User{773B84E6-B76E-4DC8-83AA-CB92867E6D94}C:\\users\\bachi\\documents\\helbreat h\\onfire\\worldlserver.exe"= UDP:C:\users\bachi\documents\helbreath\onfire\worl dlserver.exe:worldlserver.exe
"UDP Query User{3353E89D-189D-478D-A6C8-E48E2CBD2CD6}C:\\users\\bachi\\documents\\helbreat h\\onfire\\worldlserver.exe"= TCP:C:\users\bachi\documents\helbreath\onfire\worl dlserver.exe:worldlserver.exe
"TCP Query User{BBFDB792-0780-47AF-B2C8-D7FE467721B5}C:\\users\\bachi\\documents\\helbreat h\\onfire\\gameservers\\aresden\\hgserver.exe"= UDP:C:\users\bachi\documents\helbreath\onfire\game servers\aresden\hgserver.exe:hgserver.exe
"UDP Query User{08993901-74B1-45E2-BD3D-97EC94E2606A}C:\\users\\bachi\\documents\\helbreat h\\onfire\\gameservers\\aresden\\hgserver.exe"= TCP:C:\users\bachi\documents\helbreath\onfire\game servers\aresden\hgserver.exe:hgserver.exe
"TCP Query User{047CD4CC-5638-4AEF-9F88-793DD2EE0A0A}C:\\users\\bachi\\documents\\hbsiara\ \helbreath\\gateserver.exe"= UDP:C:\users\bachi\documents\hbsiara\helbreath\gat eserver.exe:gateserver.exe
"UDP Query User{892D5BAA-7ED5-43D2-81FA-E47629BFEAAF}C:\\users\\bachi\\documents\\hbsiara\ \helbreath\\gateserver.exe"= TCP:C:\users\bachi\documents\hbsiara\helbreath\gat eserver.exe:gateserver.exe
"TCP Query User{82E6D6B3-4E1F-4C56-8966-68BC8D3FEE0E}C:\\users\\bachi\\documents\\hbsiara\ \helbreath\\mainlserver.exe"= UDP:C:\users\bachi\documents\hbsiara\helbreath\mai nlserver.exe:mainlserver.exe
"UDP Query User{3FE5432A-30F5-4AFA-B6BD-08A0CB4E1321}C:\\users\\bachi\\documents\\hbsiara\ \helbreath\\mainlserver.exe"= TCP:C:\users\bachi\documents\hbsiara\helbreath\mai nlserver.exe:mainlserver.exe
"TCP Query User{DA5E8088-1D22-457F-8172-54EFCF899821}C:\\users\\bachi\\documents\\hbsiara\ \helbreath\\worldlserver.exe"= UDP:C:\users\bachi\documents\hbsiara\helbreath\wor ldlserver.exe:worldlserver.exe
"UDP Query User{9AFB7A02-6B99-4ADA-A479-76FE317F6FB1}C:\\users\\bachi\\documents\\hbsiara\ \helbreath\\worldlserver.exe"= TCP:C:\users\bachi\documents\hbsiara\helbreath\wor ldlserver.exe:worldlserver.exe
"TCP Query User{C20B74E4-49FD-4392-B09D-9052B61CBBA1}C:\\users\\bachi\\documents\\hbsiara\ \helbreath\\gameservers\\hgserver\\hgserver.exe"= UDP:C:\users\bachi\documents\hbsiara\helbreath\gam eservers\hgserver\hgserver.exe:hgserver.exe
"UDP Query User{56EBB1FA-5394-4D66-A3FB-A11C286BBE9D}C:\\users\\bachi\\documents\\hbsiara\ \helbreath\\gameservers\\hgserver\\hgserver.exe"= TCP:C:\users\bachi\documents\hbsiara\helbreath\gam eservers\hgserver\hgserver.exe:hgserver.exe
"TCP Query User{AACAD9F3-5F41-492A-BAD3-38D7643625FA}C:\\users\\bachi\\documents\\final server\\helbreath\\gateserver.exe"= UDP:C:\users\bachi\documents\final server\helbreath\gateserver.exe:gateserver.exe
"UDP Query User{9E0CB90A-A9B4-4493-9F04-1CB997AB105E}C:\\users\\bachi\\documents\\final server\\helbreath\\gateserver.exe"= TCP:C:\users\bachi\documents\final server\helbreath\gateserver.exe:gateserver.exe
"TCP Query User{CC66D2CC-E497-4138-8808-EB41D772D133}C:\\users\\bachi\\documents\\final server\\helbreath\\mainlserver.exe"= UDP:C:\users\bachi\documents\final server\helbreath\mainlserver.exe:mainlserver.exe
"UDP Query User{739367DC-6AFA-4BE5-AC20-73AC37406740}C:\\users\\bachi\\documents\\final server\\helbreath\\mainlserver.exe"= TCP:C:\users\bachi\documents\final server\helbreath\mainlserver.exe:mainlserver.exe
"TCP Query User{7D80347B-834E-4454-92D3-3E32113D7157}C:\\users\\bachi\\documents\\final server\\helbreath\\worldlserver.exe"= UDP:C:\users\bachi\documents\final server\helbreath\worldlserver.exe:worldlserver.exe
"UDP Query User{9C22F839-5B45-43D2-8C78-B66A1D89D42B}C:\\users\\bachi\\documents\\final server\\helbreath\\worldlserver.exe"= TCP:C:\users\bachi\documents\final server\helbreath\worldlserver.exe:worldlserver.exe
"TCP Query User{0E1E60C2-35A5-4662-9D4D-C048AB34BF04}C:\\users\\bachi\\documents\\final server\\helbreath\\gameservers\\hgserver\\hgserver .exe"= UDP:C:\users\bachi\documents\final server\helbreath\gameservers\hgserver\hgserver.exe :hgserver.exe
"UDP Query User{9E9FC424-8C5E-4373-8C27-D457EE785C88}C:\\users\\bachi\\documents\\final server\\helbreath\\gameservers\\hgserver\\hgserver .exe"= TCP:C:\users\bachi\documents\final server\helbreath\gameservers\hgserver\hgserver.exe :hgserver.exe
"TCP Query User{4D35A8A7-B835-420A-ACD4-1A81CE962757}C:\\users\\bachi\\documents\\final server\\final server 2\\helbreath\\mainlserver.exe"= UDP:C:\users\bachi\documents\final server\final server 2\helbreath\mainlserver.exe:mainlserver.exe
"UDP Query User{836D5D78-7AA7-4217-B77B-ED3705F87AEB}C:\\users\\bachi\\documents\\final server\\final server 2\\helbreath\\mainlserver.exe"= TCP:C:\users\bachi\documents\final server\final server 2\helbreath\mainlserver.exe:mainlserver.exe
"TCP Query User{2D6897E4-7665-46C3-80B7-3314912E8403}C:\\users\\bachi\\documents\\final server\\final server 2\\helbreath\\worldlserver.exe"= UDP:C:\users\bachi\documents\final server\final server 2\helbreath\worldlserver.exe:worldlserver.exe
"UDP Query User{381424E3-B918-45DB-8246-904AFD7D7F51}C:\\users\\bachi\\documents\\final server\\final server 2\\helbreath\\worldlserver.exe"= TCP:C:\users\bachi\documents\final server\final server 2\helbreath\worldlserver.exe:worldlserver.exe
"TCP Query User{2F12805B-15DE-4941-BC2A-ABD1F5520A2A}C:\\users\\bachi\\documents\\final server\\final server 2\\helbreath\\gameservers\\hgserver\\hgserver.exe" = UDP:C:\users\bachi\documents\final server\final server 2\helbreath\gameservers\hgserver\hgserver.exe:hgse rver.exe
"UDP Query User{7FACB64C-C2F4-44D3-A4C4-3E83E47DA2B1}C:\\users\\bachi\\documents\\final server\\final server 2\\helbreath\\gameservers\\hgserver\\hgserver.exe" = TCP:C:\users\bachi\documents\final server\final server 2\helbreath\gameservers\hgserver\hgserver.exe:hgse rver.exe
"TCP Query User{5F979511-8847-42DD-824D-79CC3953BD3B}C:\\users\\bachi\\documents\\final server\\final server 2\\helbreath\\gateserver.exe"= UDP:C:\users\bachi\documents\final server\final server 2\helbreath\gateserver.exe:gateserver.exe
"UDP Query User{65238A39-8138-4DE9-82AF-80C2AF283ECB}C:\\users\\bachi\\documents\\final server\\final server 2\\helbreath\\gateserver.exe"= TCP:C:\users\bachi\documents\final server\final server 2\helbreath\gateserver.exe:gateserver.exe
"TCP Query User{BB9D29B1-E07B-4C10-8A2A-705F317EA565}C:\\users\\bachi\\documents\\final server\\server 3\\3.82 server\\3.82\\server\\gateserver.exe"= UDP:C:\users\bachi\documents\final server\server 3\3.82 server\3.82\server\gateserver.exe:gateserver.exe
"UDP Query User{AD4A5B23-B2EB-49E3-A876-0D8BA0B30AD4}C:\\users\\bachi\\documents\\final server\\server 3\\3.82 server\\3.82\\server\\gateserver.exe"= TCP:C:\users\bachi\documents\final server\server 3\3.82 server\3.82\server\gateserver.exe:gateserver.exe
"TCP Query User{C14E41B3-4A01-4CEA-AF21-62B565F34910}C:\\users\\bachi\\documents\\final server\\server 3\\3.82 server\\3.82\\server\\mainlserver.exe"= UDP:C:\users\bachi\documents\final server\server 3\3.82 server\3.82\server\mainlserver.exe:mainlserver.exe
"UDP Query User{066568E9-1387-4D2B-B499-4FF96C641848}C:\\users\\bachi\\documents\\final server\\server 3\\3.82 server\\3.82\\server\\mainlserver.exe"= TCP:C:\users\bachi\documents\final server\server 3\3.82 server\3.82\server\mainlserver.exe:mainlserver.exe
"TCP Query User{70279C74-FAEA-4F92-A8D2-701B8A301995}C:\\users\\bachi\\documents\\final server\\server 3\\3.82 server\\3.82\\server\\worldlserver.exe"= UDP:C:\users\bachi\documents\final server\server 3\3.82 server\3.82\server\worldlserver.exe:worldlserver.e xe
"UDP Query User{C51C2FE7-1691-42B8-B585-DB6B809D67BB}C:\\users\\bachi\\documents\\final server\\server 3\\3.82 server\\3.82\\server\\worldlserver.exe"= TCP:C:\users\bachi\documents\final server\server 3\3.82 server\3.82\server\worldlserver.exe:worldlserver.e xe
"TCP Query User{434FCF25-0A9A-4D8B-B9FF-01ACA60B93EB}C:\\users\\bachi\\documents\\final server\\server 3\\3.82 server\\3.82\\server\\gameservers\\aresden\\hgserv er-v3.61-(521) heldenian fix cx!.exe"= UDP:C:\users\bachi\documents\final server\server 3\3.82 server\3.82\server\gameservers\aresden\hgserver-v3.61-(521) heldenian fix cx!.exe:hgserver-v3.61-(521) heldenian fix cx!.exe
"UDP Query User{D69F91D1-150F-4DC5-8999-3923295E6952}C:\\users\\bachi\\documents\\final server\\server 3\\3.82 server\\3.82\\server\\gameservers\\aresden\\hgserv er-v3.61-(521) heldenian fix cx!.exe"= TCP:C:\users\bachi\documents\final server\server 3\3.82 server\3.82\server\gameservers\aresden\hgserver-v3.61-(521) heldenian fix cx!.exe:hgserver-v3.61-(521) heldenian fix cx!.exe
"TCP Query User{8FCBAEB8-A7E4-47C0-BAD8-A8707FE2F2B7}C:\\users\\bachi\\documents\\final server\\server 3\\3.82 server\\3.82\\server\\gameservers\\aresden\\hgserv er.exe"= UDP:C:\users\bachi\documents\final server\server 3\3.82 server\3.82\server\gameservers\aresden\hgserver.ex e:hgserver.exe
"UDP Query User{5DC365D1-207E-4E45-8A45-307141117B2B}C:\\users\\bachi\\documents\\final server\\server 3\\3.82 server\\3.82\\server\\gameservers\\aresden\\hgserv er.exe"= TCP:C:\users\bachi\documents\final server\server 3\3.82 server\3.82\server\gameservers\aresden\hgserver.ex e:hgserver.exe
"TCP Query User{D969D8AE-3700-410A-B417-AA83AFADCA57}C:\\users\\bachi\\documents\\bachi server\\hbserver 3.82\\gateserver.exe"= UDP:C:\users\bachi\documents\bachi server\hbserver 3.82\gateserver.exe:gateserver.exe
"UDP Query User{4BADD77B-88FD-4326-960E-FD24FADDDC1B}C:\\users\\bachi\\documents\\bachi server\\hbserver 3.82\\gateserver.exe"= TCP:C:\users\bachi\documents\bachi server\hbserver 3.82\gateserver.exe:gateserver.exe
"TCP Query User{F27D886E-4C60-495B-B5DC-175A0DC2BC96}C:\\users\\bachi\\documents\\bachi server\\hbserver 3.82\\mainlserver.exe"= UDP:C:\users\bachi\documents\bachi server\hbserver 3.82\mainlserver.exe:mainlserver.exe
"UDP Query User{B309E516-0EC0-440A-9A54-2BE20B16A581}C:\\users\\bachi\\documents\\bachi server\\hbserver 3.82\\mainlserver.exe"= TCP:C:\users\bachi\documents\bachi server\hbserver 3.82\mainlserver.exe:mainlserver.exe
"TCP Query User{B0A73A08-BD5A-4EF0-8E94-A3F5F8474A55}C:\\users\\bachi\\documents\\bachi server\\hbserver 3.82\\gameservers\\aresden\\hgserver.exe"= UDP:C:\users\bachi\documents\bachi server\hbserver 3.82\gameservers\aresden\hgserver.exe:hgserver.exe
"UDP Query User{2BB2A759-427C-4C3D-9AFB-E9521EC0BDF6}C:\\users\\bachi\\documents\\bachi server\\hbserver 3.82\\gameservers\\aresden\\hgserver.exe"= TCP:C:\users\bachi\documents\bachi server\hbserver 3.82\gameservers\aresden\hgserver.exe:hgserver.exe
"TCP Query User{7EF17915-FF7D-422A-8776-070B886E03F6}C:\\users\\bachi\\documents\\bachi server\\hbserver 3.82\\gameservers\\neutrals\\hgserver.exe"= UDP:C:\users\bachi\documents\bachi server\hbserver 3.82\gameservers\neutrals\hgserver.exe:hgserver.ex e
"UDP Query User{C2609837-3A2D-4E5C-B042-9F0F5918D3AB}C:\\users\\bachi\\documents\\bachi server\\hbserver 3.82\\gameservers\\neutrals\\hgserver.exe"= TCP:C:\users\bachi\documents\bachi server\hbserver 3.82\gameservers\neutrals\hgserver.exe:hgserver.ex e
"TCP Query User{6723781D-F2F4-4C48-ABE6-12FA4BA71B38}C:\\users\\bachi\\documents\\helbreat h\\server oxy completo\\hbachi 3.82\\gateserver.exe"= UDP:C:\users\bachi\documents\helbreath\server oxy completo\hbachi 3.82\gateserver.exe:gateserver.exe
"UDP Query User{20F72022-8D59-4C9F-8F6C-D9426C784E9A}C:\\users\\bachi\\documents\\helbreat h\\server oxy completo\\hbachi 3.82\\gateserver.exe"= TCP:C:\users\bachi\documents\helbreath\server oxy completo\hbachi 3.82\gateserver.exe:gateserver.exe
"TCP Query User{98776EB5-809A-4978-A422-E55070AFA136}C:\\users\\bachi\\documents\\helbreat h\\server oxy completo\\hbachi 3.82\\mainlserver.exe"= UDP:C:\users\bachi\documents\helbreath\server oxy completo\hbachi 3.82\mainlserver.exe:mainlserver.exe
"UDP Query User{E3B32F68-88DE-4E81-B3C9-425A03BAE74B}C:\\users\\bachi\\documents\\helbreat h\\server oxy completo\\hbachi 3.82\\mainlserver.exe"= TCP:C:\users\bachi\documents\helbreath\server oxy completo\hbachi 3.82\mainlserver.exe:mainlserver.exe
"TCP Query User{29AE2164-477F-4763-B108-395E9C495558}C:\\users\\bachi\\documents\\helbreat h\\server oxy completo\\hbachi 3.82\\_3worldlserver.exe"= UDP:C:\users\bachi\documents\helbreath\server oxy completo\hbachi 3.82\_3worldlserver.exe:_3worldlserver.exe
"UDP Query User{D7DACC19-B579-492B-AC0A-84EF3AE39734}C:\\users\\bachi\\documents\\helbreat h\\server oxy completo\\hbachi 3.82\\_3worldlserver.exe"= TCP:C:\users\bachi\documents\helbreath\server oxy completo\hbachi 3.82\_3worldlserver.exe:_3worldlserver.exe
"TCP Query User{37260A49-1ADD-494F-BE60-799441DE0136}C:\\users\\bachi\\documents\\helbreat h\\server oxy completo\\hbachi 3.82\\gameservers\\aresden\\hgserver.exe"= UDP:C:\users\bachi\documents\helbreath\server oxy completo\hbachi 3.82\gameservers\aresden\hgserver.exe:hgserver.exe
"UDP Query User{E5DA20F8-4F18-4F94-A3A7-54F60F25EA65}C:\\users\\bachi\\documents\\helbreat h\\server oxy completo\\hbachi 3.82\\gameservers\\aresden\\hgserver.exe"= TCP:C:\users\bachi\documents\helbreath\server oxy completo\hbachi 3.82\gameservers\aresden\hgserver.exe:hgserver.exe
"TCP Query User{4EE9973D-B04C-4542-A43F-7621A4B0F3DA}C:\\users\\bachi\\documents\\servers\ \final server 2\\helbreath\\gateserver.exe"= UDP:C:\users\bachi\documents\servers\final server 2\helbreath\gateserver.exe:gateserver.exe
"UDP Query User{AED7B266-F93C-43C4-9107-73026AB28837}C:\\users\\bachi\\documents\\servers\ \final server 2\\helbreath\\gateserver.exe"= TCP:C:\users\bachi\documents\servers\final server 2\helbreath\gateserver.exe:gateserver.exe
"TCP Query User{BA0ACD76-765D-429A-B01C-9614A797656E}C:\\users\\bachi\\documents\\servers\ \final server 2\\helbreath\\worldlserver.exe"= UDP:C:\users\bachi\documents\servers\final server 2\helbreath\worldlserver.exe:worldlserver.exe
"UDP Query User{5E4B599B-CA90-48D7-8A5D-0A53DFD59C9C}C:\\users\\bachi\\documents\\servers\ \final server 2\\helbreath\\worldlserver.exe"= TCP:C:\users\bachi\documents\servers\final server 2\helbreath\worldlserver.exe:worldlserver.exe
"TCP Query User{E0F99407-45D7-447B-836B-0BCCD245A7A0}C:\\users\\bachi\\documents\\servers\ \final server 2\\helbreath\\mainlserver.exe"= UDP:C:\users\bachi\documents\servers\final server 2\helbreath\mainlserver.exe:mainlserver.exe
"UDP Query User{3BAE2245-E8F3-4F86-8572-FE7176E5AC53}C:\\users\\bachi\\documents\\servers\ \final server 2\\helbreath\\mainlserver.exe"= TCP:C:\users\bachi\documents\servers\final server 2\helbreath\mainlserver.exe:mainlserver.exe
"TCP Query User{46E02A44-49B8-41FF-8768-EE27703C11AC}C:\\users\\bachi\\documents\\servers\ \final server 2\\helbreath\\gameservers\\hgserver\\hgserver.exe" = UDP:C:\users\bachi\documents\servers\final server 2\helbreath\gameservers\hgserver\hgserver.exe:hgse rver.exe
"UDP Query User{4012C40A-3905-4A0A-ADD6-66340C83981E}C:\\users\\bachi\\documents\\servers\ \final server 2\\helbreath\\gameservers\\hgserver\\hgserver.exe" = TCP:C:\users\bachi\documents\servers\final server 2\helbreath\gameservers\hgserver\hgserver.exe:hgse rver.exe
"TCP Query User{F80EC62C-8A89-494B-99B0-B785A2FA1211}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{CDBCB880-03EF-4FCC-8973-BA82F1355237}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{89890F1D-5077-4A7C-94B3-1D0BE363CB32}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{1B70092E-74A8-402B-954D-CADE28C84819}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{C4806CB8-EA5B-47E1-9674-AF9657CFB7A0}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{24A9CE29-2D50-4AB3-964B-D0D5C7A79862}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 O2MDRDR;O2MDRDR;C:\Windows\system32\DRIVERS\o2medi a.sys [2005-11-14 09:28]
R0 O2SDRDR;O2SDRDR;C:\Windows\system32\DRIVERS\o2sd.s ys [2005-12-19 17:15]
R1 pctfw2;pctfw2;C:\Windows\System32\drivers\pctfw2.s ys [2008-03-12 09:30]
R1 pctmp;PC Tools Firewall Memory Protection Driver;C:\Windows\system32\drivers\pctmp.sys [2008-02-21 08:56]
R1 pctssipc;PC Tools Security Suite IPC Driver;C:\Windows\system32\drivers\pctssipc.sys [2008-02-21 08:56]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 19:36]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{c73a82e7-a4f9-11dc-9d64-000000000000}]
\shell\auto\command - Knight.exe open
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\shell\explore\command - Knight.exe open
\shell\find\command - Knight.exe open
\shell\install\command - Knight.exe open
\shell\open\command - Knight.exe open

*Newly Created Service* - CATCHME
*Newly Created Service* - SASDIFSV
*Newly Created Service* - SASKUTIL
.
************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-20 22:07:06
Windows 6.0.6001 Service Pack 1 NTFS

escaneando procesos ocultos ...

escaneando entradas ocultas de autostart ...

escaneando archivos ocultos ...


************************************************** ************************
.
Tiempo completado: 2008-06-20 22:08:41
ComboFix-quarantined-files.txt 2008-06-21 01:08:36

10 dirs 36,356,808,704 bytes libres
18 dirs 36,222,926,848 bytes libres

334 --- E O F --- 2008-06-20 13:59:07














desde ya muchas gracias por tu tiempo!
Add Post to del.icio.usBookmark Post in TechnoratiMeneame
Responder Con Cita
  post #4 (permalink)  
Antiguo 22/06/08, 22:06:42
Avatar de GPastor
FS-Admin
  
Registrado: mar 2005
Ubicación: Callao - Perú
Mensajes: 17.032
Re: ayuda con hijackthis
ComboFix detectó y eliminó ya algunos Malwares, pero todavía quedaron algunas cosas para sacar, sigue estos pasos:

1.-Abrir el Notepad
  • Clic en INICIO > EJECUTAR >
  • Y ahí pones notepad.exe y ACEPTAR

2.- Ahora copia y pega este código dentro del Notepad

Código HTML:
KillAll::

File::
C:\Windows\System32\{71c4a47f-4c66-a2d4-89dd-55f2eea14a93}.dll
c:\windows\himem.exe
C:\Windows\system32\{2a220584-e6fc-33a9-8b21-664c62356373}.dll

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\himem]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{c1bfe8f4-cda5-38f8-3db2-c543f8a0fb77}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c73a82e7-a4f9-11dc-9d64-000000000000}]
3.- Graba este archivo con el nombre CFScript.txt

4.- Arrastrar y soltar el archivo CFScript.txt dentro del archivo ComboFix.exe como lo muestra la animación de abajo. Esto activara ComboFix nuevamente.



Reinicia y nos cuentas los resultados. junto con un nuevo reporte de ComboFix y uno de Hijackthis.

Saludos

Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog

* Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando.
* Para evitar Virus y Spywares al navegar por internet, USE FIREFOX !!
* No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.
Add Post to del.icio.usBookmark Post in TechnoratiMeneame
Responder Con Cita
  post #5 (permalink)  
Antiguo 23/06/08, 00:39:58
Usuario
  
Registrado: jul 2007
Ubicación: cordoba
Mensajes: 3
Re: ayuda con hijackthis
parece que no paso nada tengo el spyware doctor y me sigue detectando adware advertising y aplication tracking cookies...los borro y a los 10 minutos me los detecta de nuevo cuando scaneo la pc =S ...ademas ahora no puedo ver las vistas en mimiaturas de las carpetas!!! nose por que!! no se como subir una foto al foro pero en sintesis esos dos problemas tengo...te agradesco tu tiempo y tu ayuda, espero puedas ayudarme...un saludo grande
Add Post to del.icio.usBookmark Post in TechnoratiMeneame
Responder Con Cita
  post #6 (permalink)  
Antiguo 24/06/08, 16:40:08
Avatar de GPastor
FS-Admin
  
Registrado: mar 2005
Ubicación: Callao - Perú
Mensajes: 17.032
Re: ayuda con hijackthis
Las cookies siempre se crean al ingresar a ciertas páginas, pero no es nada de lo que debas preocuparte.

Con respecto a adware advertising sería cuestión de ver un reporte de Spyware Doctor para saber que es lo que está detectando.

Por cierto te pedí nuevos reportes de Hijackthis y ComboFix.

Saludos

Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog

* Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando.
* Para evitar Virus y Spywares al navegar por internet, USE FIREFOX !!
* No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.
Add Post to del.icio.usBookmark Post in TechnoratiMeneame
Responder Con Cita
Respuesta

« Tema Anterior | Próximo Tema »
Herramientas

Reglas del foro
No puedes crear nuevos temas
No puedes responder temas
No puedes subir adjuntos
No puedes editar tus mensajes
BB code is activado
Las caritas están activado
Código [IMG] está activado
Código HTML está desactivado
Trackbacks are desactivado
Pingbacks are desactivado
Refbacks are desactivado
Ir a

Temas Similares
Tema Autor Foro Respuestas Último mensaje
ayuda con log del HijackThis por favor (Terminado) kojacs Temas Solucionados 6 05/09/07 17:43:58
Como Restaurar El Fondo De Mi Escritorio Y Quitar El Letrero De Warning! KOCHOLATA Foro de Virus y Spywares 2 08/05/07 19:46:38
tenco un problema con la bara de tarea (solucionado) mohadip Temas Solucionados 9 04/12/05 20:02:32
Problema con pagina de inicio (About:Blank) (solucionado) Joselo1984 Temas Solucionados 17 09/08/05 22:46:54
Ayuda con HijackThis v1.99.1 (solucionado) By-Eugen35 Temas Solucionados 3 31/03/05 17:53:02




Todas las horas son GMT -4. La hora es 12:20:29.

Contáctanos - Políticas del Foro - InfoSpyware - Archivo - Blog  

Powered by: vBulletin, Versión 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
© Copyright 2005 - 2008 InfoSpyware ® Todos los derechos reservados.
InfoSpyware es miembro de ASAP - Alliance of Security Analysis Professionals

 

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148