No con todas las palabras de busqueda, pero con muchas aparecen pag rusas en los resultados a pesar de elegir "buscar pag en español" y ademas se abren en ventanas independientes en lugar de hacerlo en la misma. No son las tipicas pag de secuestro de navegador, como sitios porno, etc pero no me parece normal . En la imagen muestro de que hablo
Ya pase varios antispywares , el Elistara y no me encontraron nada. Como referencia, el KIS me mando a cuarentena al IEXPLORE.exe y a otras aplicaciones como el CCleaner estos dias y tuve que rescatarlas. Alguna idea?
Gracias
Resultados extraños en algunas búsquedas con google - SOLUCIONADO
Re: Resultados extraños en algunas busquedas con google
instalate el site avisor de McAfee para que veas si son problematicas o no las páginas.....y tambien bajate el spybot 1.5, actualizalo, ejecutalo y despues 2 veces le das inmunizar y asi páginas que dan problemas no te las dejara visualizar....prueba y nos dices....
La vida es hermosa....para que complicarnosla Re: Resultados extraños en algunas busquedas con google
Que tal flacoroo , el spybot es uno de los antispyware que no me encuentran nada, inmunice recien y me faltaban 126 sitios (sobre algo asi como de 50000) y el problema sigue igual. No me parece que los sitios que me muestra sean problematicos , si te refieres a que sean maliciosos ,mas bien lo problematico es el comportamiento de google... como si algo estuviera redirigiendo a google a que me agregue esos resultados a los normales.
Probe con Firefox y no hay problema, despues quise buscar "Kaspersky" con google y me mostraba una pag en blanco, cambie de buscador al de Yahoo y no hay problema , algo no esta bien
Saludos
Probe con Firefox y no hay problema, despues quise buscar "Kaspersky" con google y me mostraba una pag en blanco, cambie de buscador al de Yahoo y no hay problema , algo no esta bien
Saludos
-
msc hotline sat
- Mensajes: 93500
- Registrado: 09 Mar 2004, 20:39
- Ubicación: BARCELONA (ESPAÑA)
- Contactar:
Re: Resultados extraños en algunas busquedas con google
Pues posteanos el informe resultante tras lanzar el Kaspersky ONLINE:
SOLO TESTEO AV ONLINE
NOTA: Y de las opciones a escanear, escoger MIPC, para examinarlo todo. Dicho AV ONLINE no limpia, solo testea, asi que lo que pretendemos con ello es solo el informe, ya obraremos en consecuencia, pidiendo muestras para analizar, si hace falta,indicando la utilidad a probar para solucionarlo.
saludos
ms, 1 de Julio de 2008
SOLO TESTEO AV ONLINE
NOTA: Y de las opciones a escanear, escoger MIPC, para examinarlo todo. Dicho AV ONLINE no limpia, solo testea, asi que lo que pretendemos con ello es solo el informe, ya obraremos en consecuencia, pidiendo muestras para analizar, si hace falta,indicando la utilidad a probar para solucionarlo.
saludos
ms, 1 de Julio de 2008
Re: Resultados extraños en algunas busquedas con google
podemos hacer lo siguiente y pruebas, abre una pagina en IE ve al menu herramientas de a opciones de internet; donde dice historial de exploracion, entra a configuracion; hay 3 opciones, donde cie ver objetos y ver archivos elimina todo lo que se encuentra ahi y depues al salir le das aplicar y aceptar, te sales del IE y abres de nuevo una pagina y pruebas....
La vida es hermosa....para que complicarnosla -
msc hotline sat
- Mensajes: 93500
- Registrado: 09 Mar 2004, 20:39
- Ubicación: BARCELONA (ESPAÑA)
- Contactar:
Re: Resultados extraños en algunas busquedas con google
Lo indicado es típico de los DNS CHANGE o FLUSH...
A ver si lanzas el escaneo ONLINE y nos posteas el informe, para poder obrar e consecuenia
saludos
ms, 1 de Julio de 2008
A ver si lanzas el escaneo ONLINE y nos posteas el informe, para poder obrar e consecuenia
saludos
ms, 1 de Julio de 2008
msc hotline sat Virus Research Engineer Antes de preguntar - Normas Basicas - Mensajes Privados - Repetir Temas - Continuar Temas - Titulos del Tema - Antivirus Online
Re: Resultados extraños en algunas busquedas con google
Nada, el unico inconveniente que tuve es que use el vinculo a Kaspersky online que tengo en Mis favoritos y a pesar de aceptar que instale el ActiveX , nunca abrio la ventana para instalarlo, asi que probe con el NOD online , encontro solo un par de falsos positivos (Elis), luego probe con CA y solo encotro un troyano en la carpeta Restore asi que desactive Restaurar sistema, luego probe con el vinculo que pusiste arriba y esta vez si me permitio instalar el ActiveX , pero solo encontro un par de Not-a-virus.
Reitero que el KIS me mando el IEXPLORE.exe a cuarentena un par de veces dias atras de donde lo tuve que rescatar y ahora que me fijo, e IE7 no aparece en agregar o quitar programas ni tampoo me funciona el comando %windir%\ie7\spuninst\spuninst.exe, despues busque el spuninst.exe y no esta. Queria desinstalar el IE7 para reinstalarlo pero no conozco otro metodo..
Saludos
Pd ecribimos al mismo tiempo, ya leo lo que pusieron...
Reitero que el KIS me mando el IEXPLORE.exe a cuarentena un par de veces dias atras de donde lo tuve que rescatar y ahora que me fijo, e IE7 no aparece en agregar o quitar programas ni tampoo me funciona el comando %windir%\ie7\spuninst\spuninst.exe, despues busque el spuninst.exe y no esta. Queria desinstalar el IE7 para reinstalarlo pero no conozco otro metodo..
Saludos
Pd ecribimos al mismo tiempo, ya leo lo que pusieron...
Re: Resultados extraños en algunas busquedas con google
Hice lo que puso flacoroo, pero sigue igual. dos archivos no se dejaron eliminar, son el Yahoo! Chess y el CKAVWEBSCAN.
Saludos
Saludos
-
msc hotline sat
- Mensajes: 93500
- Registrado: 09 Mar 2004, 20:39
- Ubicación: BARCELONA (ESPAÑA)
- Contactar:
Re: Resultados extraños en algunas busquedas con google
No parece que los tengas, pero si es asi, envianoslos para analizarlos y controlarlos...
saludps
ms, 1 de Julio de 2008
saludps
ms, 1 de Julio de 2008
msc hotline sat Virus Research Engineer Antes de preguntar - Normas Basicas - Mensajes Privados - Repetir Temas - Continuar Temas - Titulos del Tema - Antivirus Online
Re: Resultados extraños en algunas busquedas con google
Pues no te equivocaste, ahora que me fije de nuevo ya no estan..
Saludos
Saludos
-
msc hotline sat
- Mensajes: 93500
- Registrado: 09 Mar 2004, 20:39
- Ubicación: BARCELONA (ESPAÑA)
- Contactar:
Re: Resultados extraños en algunas busquedas con google
A bueno, pues a ver como se comporta ahora el ordenador ???
saludos
ms, 1 de Julio de 2008
saludos
ms, 1 de Julio de 2008
msc hotline sat Virus Research Engineer Antes de preguntar - Normas Basicas - Mensajes Privados - Repetir Temas - Continuar Temas - Titulos del Tema - Antivirus Online
Re: Resultados extraños en algunas busquedas con google
No, nada, sigue igual.
A ver si no nos malintepretamos, yo me referia a los archivos que en apariencia no se dejaron eliminar ( Yahoo! Chess y el CKAVWEBSCAN) pero al querer verlos de nuevo ya no estaban..
De que otra forma puedo intentar desinstalar el IE7 y respecto a lo que dijiste de los Flush, hay alguna herramienta especial para ellos?
Gracias
A ver si no nos malintepretamos, yo me referia a los archivos que en apariencia no se dejaron eliminar ( Yahoo! Chess y el CKAVWEBSCAN) pero al querer verlos de nuevo ya no estaban..
De que otra forma puedo intentar desinstalar el IE7 y respecto a lo que dijiste de los Flush, hay alguna herramienta especial para ellos?
Gracias
-
msc hotline sat
- Mensajes: 93500
- Registrado: 09 Mar 2004, 20:39
- Ubicación: BARCELONA (ESPAÑA)
- Contactar:
Re: Resultados extraños en algunas busquedas con google
Para los FLUSH ya conocidos, los controlamos con el ELISTARA, y sobre los ficheros, si ya los has eliminado, nada que examinar ...
Pero efectivamente, los FLUSH no aparecen en el log del HJT ni SPROCES...
Voy a buscar algo para tratar de identificar los ficheros relacionado y asi poder pasar a controlarlos en nuestras proximas versiones.
Pues el RootKitDetector de McAFee nos puede dar informacion sobre procesos ocultos:
http://www.zonavirus.com/descargas/mcaf ... ective.asp
Posteanos el informe resultante a ver si nos da la pista necesaria...
saludos
ms, 2 de Julio de 2008
Pero efectivamente, los FLUSH no aparecen en el log del HJT ni SPROCES...
Voy a buscar algo para tratar de identificar los ficheros relacionado y asi poder pasar a controlarlos en nuestras proximas versiones.
Pues el RootKitDetector de McAFee nos puede dar informacion sobre procesos ocultos:
http://www.zonavirus.com/descargas/mcaf ... ective.asp
Posteanos el informe resultante a ver si nos da la pista necesaria...
saludos
ms, 2 de Julio de 2008
Re: Resultados extraños en algunas busquedas con google
Pues yo no elimine nada 
, estuvimos hablando de cosas distintas, si como creo te referias a los Not-a-Virus detectados por Kaspersky online, no creo que tengan que ver ya que son viejos conocidos de mucho antes que surgiera el problema..
Aqui va el reporte
McAfee(R) Rootkit Detective 1.1 scan report
On 02-07-2008 at 01:45:31
OS-Version 5.1.2600
Service Pack 3.0
====================================
Gracias
, estuvimos hablando de cosas distintas, si como creo te referias a los Not-a-Virus detectados por Kaspersky online, no creo que tengan que ver ya que son viejos conocidos de mucho antes que surgiera el problema.. Aqui va el reporte
McAfee(R) Rootkit Detective 1.1 scan report
On 02-07-2008 at 01:45:31
OS-Version 5.1.2600
Service Pack 3.0
====================================
Código: Seleccionar todo
Object-Type: SSDT-hook
Object-Name: ZwClose
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwConnectPort
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwCreateKey
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwCreateProcess
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwCreateProcessEx
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwCreateSection
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwCreateSymbolicLinkObject
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwCreateThread
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwDeleteKey
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwDeleteValueKey
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwDuplicateObject
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwEnumerateKey
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwEnumerateValueKey
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwFlushKey
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwInitializeRegistry
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwLoadDriver
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwLoadKey2
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwLoadKey
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwNotifyChangeKey
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwOpenFile
Object-Path: C:\WINDOWS\system32\drivers\kl1.sys
Object-Type: SSDT-hook
Object-Name: ZwOpenKey
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwOpenProcess
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwOpenSection
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwQueryKey
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwQueryMultipleValueKey
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwQuerySystemInformation
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwQueryValueKey
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwReplaceKey
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwRequestWaitReplyPort
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwRestoreKey
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwResumeThread
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwSaveKey
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwSetContextThread
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwSetInformationFile
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwSetInformationKey
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwSetSecurityObject
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwSetSystemInformation
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwSetValueKey
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwSuspendThread
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwSystemDebugControl
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwTerminateProcess
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwUnloadKey
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwWriteVirtualMemory
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_SYSTEM_CONTROL
Object-Path:
Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_POWER
Object-Path:
Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_CLEANUP
Object-Path:
Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_SHUTDOWN
Object-Path:
Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_INTERNAL_DEVICE_CONTROL
Object-Path:
Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_DEVICE_CONTROL
Object-Path:
Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_FLUSH_BUFFERS
Object-Path:
Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_WRITE
Object-Path:
Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_READ
Object-Path:
Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_CREATE
Object-Path:
Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg
Status: Unable to access registry key
Object-Type: Registry-value
Object-Name: s1
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg
Status: Hidden
Object-Type: Registry-value
Object-Name: s2
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg
Status: Hidden
Object-Type: Registry-value
Object-Name: g0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg
Status: Hidden
Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg
Status: Unable to access registry key
Object-Type: Registry-value
Object-Name: s1
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg
Status: Hidden
Object-Type: Registry-value
Object-Name: s2
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg
Status: Hidden
Object-Type: Registry-value
Object-Name: g0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg
Status: Hidden
Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFD709F0-AF39-11D2-B854-0000F81E8872}\Control
Status: Unable to access registry key
Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFD709F0-AF39-11D2-B854-0000F81E8872}\Implemented Categories
Status: Unable to access registry key
Object-Type: Registry-key
Object-Name: {BE0975F0-BBDD-11CF-97DF-00AA001F73C1}11D2-B854-0000F81E8872}\Implemented Categories
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFD709F0-AF39-11D2-B854-0000F81E8872}\Implemented Categories\{BE0975F0-BBDD-11CF-97DF-00AA001F73C1}
Status: Hidden
Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFD709F0-AF39-11D2-B854-0000F81E8872}\Implemented Categories\{BE0975F0-BBDD-11CF-97DF-00AA001F73C1}
Status: Unable to access registry key
Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFD709F0-AF39-11D2-B854-0000F81E8872}\InprocServer32
Status: Unable to access registry key
Object-Type: Registry-value
Object-Name: ThreadingModel
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFD709F0-AF39-11D2-B854-0000F81E8872}\InprocServer32
Status: Hidden
Object-Type: Registry-value
Object-Name: JavaClass
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFD709F0-AF39-11D2-B854-0000F81E8872}\InprocServer32
Status: Hidden
Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Google\NavClient
Status: Unable to access registry key
Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Advanced INF Setup\IE UserData NT\RegBackup
Status: Unable to access registry key
Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Advanced INF Setup\IE.HKCUZoneInfo\RegBackup
Status: Unable to access registry key
Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Advanced INF Setup\IE40.BrowseUI\RegBackup
Status: Unable to access registry key
Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Advanced INF Setup\IE40.UserAgent\RegBackup
Status: Unable to access registry key
Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Java VM\RNIModuleFlags
Status: Unable to access registry key
Object-Type: Registry-value
Object-Name: mtxjava.dll
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Java VM\RNIModuleFlags
Status: Hidden
Object-Type: Registry-value
Object-Name: jdbcdemo.dll
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Java VM\RNIModuleFlags
Status: Hidden
Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Java VM\Security
Status: Unable to access registry key
Object-Type: Registry-value
Object-Name: EditCustomPermissions
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Java VM\Security
Status: Hidden
Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Java VM\System Properties
Status: Unable to access registry key
Object-Type: Registry-value
Object-Name: com.ms.applet.enable.serversockets
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Java VM\System Properties
Status: Hidden
Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\SOW\EFS
Status: Unable to access registry key
Object-Type: Registry-key
Object-Name: PolicyRE\SOW\EFS
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\SOW\EFS\Policy
Status: Hidden
Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\SOW\EFS\Policy
Status: Unable to access registry key
Object-Type: Process
Object-Name: System Idle Process
Pid: 0
Object-Path:
Status: Visible
Object-Type: Process
Object-Name: services.exe
Pid: 1024
Object-Path: C:\WINDOWS\system32\services.exe
Status: Visible
Object-Type: Process
Object-Name: alg.exe
Pid: 2140
Object-Path: C:\WINDOWS\System32\alg.exe
Status: Visible
Object-Type: File/Folder
Object-Name: _restore{295CF48E-39B2-4F54-9827-F96C1107FAE6}(2)
Pid: n/a
Object-Path: C:\System Volume Information\_restore{295CF48E-39B2-4F54-9827-F96C1107FAE6}(2)
Status: Hidden
Object-Type: Process
Object-Name: svchost.exe
Pid: 1336
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible
Object-Type: Process
Object-Name: ioloServiceMana
Pid: 1244
Object-Path: C:\Archivos de programa\iolo\common\lib\ioloServiceManager.exe
Status: Visible
Object-Type: Process
Object-Name: System
Pid: 4
Object-Path:
Status: Visible
Object-Type: Process
Object-Name: S3Trayp.exe
Pid: 316
Object-Path: C:\WINDOWS\system32\S3Trayp.exe
Status: Visible
Object-Type: Process
Object-Name: svchost.exe
Pid: 1464
Object-Path: C:\WINDOWS\System32\svchost.exe
Status: Visible
Object-Type: Process
Object-Name: avp.exe
Pid: 1092
Object-Path: C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
Status: Visible
Object-Type: Process
Object-Name: smss.exe
Pid: 848
Object-Path: C:\WINDOWS\System32\smss.exe
Status: Visible
Object-Type: Process
Object-Name: ctfmon.exe
Pid: 384
Object-Path: C:\WINDOWS\system32\ctfmon.exe
Status: Visible
Object-Type: Process
Object-Name: lsass.exe
Pid: 1036
Object-Path: C:\WINDOWS\system32\lsass.exe
Status: Visible
Object-Type: Process
Object-Name: avp.exe
Pid: 356
Object-Path: C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
Status: Visible
Object-Type: Process
Object-Name: Webshots.scr
Pid: 480
Object-Path: C:\ARCHIV~1\Webshots\webshots.scr
Status: Visible
Object-Type: Process
Object-Name: DkService.exe
Pid: 1164
Object-Path: C:\Archivos de programa\Diskeeper Corporation\Diskeeper\DkService.exe
Status: Visible
Object-Type: Process
Object-Name: winlogon.exe
Pid: 980
Object-Path: C:\WINDOWS\system32\winlogon.exe
Status: Visible
Object-Type: Process
Object-Name: svchost.exe
Pid: 1600
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible
Object-Type: Process
Object-Name: Rootkit_Detecti
Pid: 2872
Object-Path: D:\Prog. Vs\RootKitDetector\Rootkit_Detective.exe
Status: Visible
Object-Type: Process
Object-Name: WLLoginProxy.ex
Pid: 2500
Object-Path: C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WLLoginProxy.exe
Status: Visible
Object-Type: Process
Object-Name: svchost.exe
Pid: 1200
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible
Object-Type: Process
Object-Name: svchost.exe
Pid: 1572
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible
Object-Type: Process
Object-Name: IEXPLORE.EXE
Pid: 584
Object-Path: C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
Status: Visible
Object-Type: Process
Object-Name: csrss.exe
Pid: 956
Object-Path: C:\WINDOWS\system32\csrss.exe
Status: Visible
Object-Type: Process
Object-Name: explorer.exe
Pid: 1948
Object-Path: C:\WINDOWS\Explorer.EXE
Status: Visible
Object-Type: Process
Object-Name: spoolsv.exe
Pid: 2012
Object-Path: C:\WINDOWS\system32\spoolsv.exe
Status: Visible
Object-Type: Process
Object-Name: ObjectDock.exe
Pid: 432
Object-Path: C:\Archivos de programa\Stardock\ObjectDock\ObjectDock.exe
Status: Visible
Scan complete. Found hidden Processes and Files: 1 .
Total files scanned: 17594
-
msc hotline sat
- Mensajes: 93500
- Registrado: 09 Mar 2004, 20:39
- Ubicación: BARCELONA (ESPAÑA)
- Contactar:
Re: Resultados extraños en algunas busquedas con google
No hay ficheros en procesoos ocultos, como harian los RootKits...
Pues será dificil, pero no desesperes, que hasta ahora hemos podido con todos...
En él veremos ficheros sospechosos que convendrá analizar y controlar.
saludos
ms, 2-06-2008
Pues será dificil, pero no desesperes, que hasta ahora hemos podido con todos...
En él veremos ficheros sospechosos que convendrá analizar y controlar.
saludos
ms, 2-06-2008
Re: Resultados extraños en algunas busquedas con google
Independientemente de lo que encontremos me gustaria ver la forma de reinstalar el IE7 ya que ahora se puso inestable, al tener algunas ventanas abiertas, en ocasiones se cierra solo.
Aqui va el reporte del fixwareout
Username "Administrador" - 02/07/2008 4:30:55 [Fixwareout edited 9/01/2007]
~~~~~ Prerun check
Se vació con éxito la caché de resolución de DNS.
System was rebooted successfully.
~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....
~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"S3Trayp"="S3Trayp.exe"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"AVP"="\"C:\\Archivos de programa\\Kaspersky Lab\\Kaspersky Internet Security 7.0\\avp.exe\""
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~
Gracias!
Aqui va el reporte del fixwareout
Username "Administrador" - 02/07/2008 4:30:55 [Fixwareout edited 9/01/2007]
~~~~~ Prerun check
Se vació con éxito la caché de resolución de DNS.
System was rebooted successfully.
~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....
~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"S3Trayp"="S3Trayp.exe"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"AVP"="\"C:\\Archivos de programa\\Kaspersky Lab\\Kaspersky Internet Security 7.0\\avp.exe\""
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~
Gracias!
-
msc hotline sat
- Mensajes: 93500
- Registrado: 09 Mar 2004, 20:39
- Ubicación: BARCELONA (ESPAÑA)
- Contactar:
Re: Resultados extraños en algunas busquedas con google
Pues envianos estos dos ficheros y los analizaremos:
S3Trayp.exe
cmicnfg.cpl
aunque inicialmente deberian ser:
https://www.file.net/process/s3trayp.exe.html
http://www.processlibrary.com/es/direct ... nfg/25816/
pero su nombre no implica su contenido... ya veremos !
Y dinos tras lo hecho persisten las anomalias...
saludos
ms, 2 de julio de 2008
S3Trayp.exe
cmicnfg.cpl
aunque inicialmente deberian ser:
https://www.file.net/process/s3trayp.exe.html
http://www.processlibrary.com/es/direct ... nfg/25816/
pero su nombre no implica su contenido... ya veremos !
Y dinos tras lo hecho persisten las anomalias...
saludos
ms, 2 de julio de 2008
Re: Resultados extraños en algunas busquedas con google
Archivos enviados, las anomalias persisten, la de google y tambien la del KIS. Hasta que pude ponerlo en la zona de confianza al IEXPLORE.exe ,lo mando varias veces a cuarentena ..
Un saludo
Un saludo
-
msc hotline sat
- Mensajes: 93500
- Registrado: 09 Mar 2004, 20:39
- Ubicación: BARCELONA (ESPAÑA)
- Contactar:
Re: Resultados extraños en algunas busquedas con google
Está claro que algo quiere intrusionar. Lo hace tambien si arranca sin el cable de red ???
De todas formas mañana aanalizaremos los ficheros e informaremos
saludos
ms, 2 de Julio de 2008
De todas formas mañana aanalizaremos los ficheros e informaremos
saludos
ms, 2 de Julio de 2008
Re: Resultados extraños en algunas busquedas con google
No te preocupes que yo ya me empeze a desesperar y por primera vez empeze a pensar en formatear :wink: . Pero soy de los que piensan en esa solucion como ultima alternativa.
Quise tener una segunda opinion y me instale el UnHackMe , no lo conozco y esta en ingles pero saque un log que si me autorizas lo subo. Me da 1 Prohibited , 18 Suspicious y 1 Warnings. De aqui saque una dll que mande a VirusTotal y de los 33 motores 16 dan positivo.. me late que por aqui podria venir asi que si me dices les envio la muestra.
Saludos
Quise tener una segunda opinion y me instale el UnHackMe , no lo conozco y esta en ingles pero saque un log que si me autorizas lo subo. Me da 1 Prohibited , 18 Suspicious y 1 Warnings. De aqui saque una dll que mande a VirusTotal y de los 33 motores 16 dan positivo.. me late que por aqui podria venir asi que si me dices les envio la muestra.
Saludos
Re: Resultados extraños en algunas busquedas con google
Si claro peganos el log resultante de lo que subiste a analizar a virustotal, sobre el otro no creo que haya problema que nos pegues el resultado tambien pero a ver que te dice Msc.. y por supuesto envianos la muestra para analizarla, gracias saludos
Re: Resultados extraños en algunas busquedas con google
Ok, espero la confirmación para subir el log del UnHackMe y aqui esta el resultado de VirusTotal, pongo solo los que dieron positivo.
MyCentriaInfoBar.dll Resultado: 16/33 (48.48%)
Gracias
MyCentriaInfoBar.dll Resultado: 16/33 (48.48%)
- AntiVir 7.8.0.64 2008.07.02 - TR/Agent.284658
- Authentium 5.1.0.4 2008.07.02 - W32/Heuristic-210!Eldorado
- AVG 7.5.0.516 2008.07.02 - Generic10.PNY
- BitDefender 7.2 2008.07.02 - Trojan.Generic.284534
- ClamAV 0.93.1 2008.07.02 - PUA.Packed.UPack
- DrWeb 4.44.0.09170 2008.07.02 - Adware.Mycentria.3
- eSafe 7.0.17.0 2008.07.02 - Win32.Looked.gen
- F-Prot 4.4.4.56 2008.07.02 - W32/Heuristic-210!Eldorado
- F-Secure 7.60.13501.0 2008.07.01 - W32/Suspicious_U.gen
- Norman 5.80.02 2008.07.02 - W32/Suspicious_U.gen
- Prevx1 V2 2008.07.02 - Malicious Software
- Sophos 4.30.0 2008.07.02 - Mal/EncPk-BW
- TheHacker 6.2.96.367 2008.07.02 -W32/Behav-Heuristic-060
- TrendMicro 8.700.0.1004 2008.07.02 -PAK_Generic.006
- VirusBuster 4.5.11.0 2008.07.02 - Packed/Upack
- Webwasher-Gateway 6.6.2 2008.07.02 -Trojan.Agent.284658
Gracias
-
msc hotline sat
- Mensajes: 93500
- Registrado: 09 Mar 2004, 20:39
- Ubicación: BARCELONA (ESPAÑA)
- Contactar:
Re: Resultados extraños en algunas busquedas con google
Pues ya ves que esta DLL (MyCentriaInfoBar.dll) no aparece en ningun otro log... Aleluya ! y bien por el UnHackMe y por tu intuicion al probarlo. No lo conocemos, tendremos que mirar lo que es y hace, no sea como los Fake Alert que instalan troyanos para así detectarlos 
En cuanto recibamos la muestra la analizaremos e informaremos, pero evidentemente es maliciosa, no sé si es la que causa la intrusion, pero vamos a por ella, y a ver si tirando del hilo ...
saludos
ms, 3 de Julio de 2008
NOTA:
y posteanos la relacion de estos otros que dices detectó : "1 Prohibited , 18 Suspicious y 1 Warnings"
En cuanto recibamos la muestra la analizaremos e informaremos, pero evidentemente es maliciosa, no sé si es la que causa la intrusion, pero vamos a por ella, y a ver si tirando del hilo ...
saludos
ms, 3 de Julio de 2008
NOTA:
y posteanos la relacion de estos otros que dices detectó : "1 Prohibited , 18 Suspicious y 1 Warnings"
Re: Resultados extraños en algunas busquedas con google
Bueno, esa dll esta en una carpeta de nombre MyCentria en archivos de programa que ni se de donde salio pero como aparece en agregar o quitar programas, voy a desinstalarlo .. salvo que me digas que me aguante para enviar mas datos 
Como dije al UnHackMe no lo conozco asi que te pongo una captura y el log
El archivo mchinjdrv.sys lo clasifica como "100% Bad" , lo busque mostrando archivos ocultos y del sistema pero no esta. Iba a preguntar si le daba al boton "It`s useless to me kill it" pero ya lo hice y cuando reinicio me lo sigue mostrando.
El log
SpyHolesList Version:2.3
02/07/2008 15:36:54
WinDir=C:\WINDOWS
Saludos
Como dije al UnHackMe no lo conozco asi que te pongo una captura y el log
- Captura del log de UnHackMe
- Resultados extraños en algunas busquedas con google.jpg (72.86 KiB) Visto 1843 veces
El log
SpyHolesList Version:2.3
02/07/2008 15:36:54
WinDir=C:\WINDOWS
Código: Seleccionar todo
Startup=C:\Documents and Settings\Administrador\Menú Inicio\Programas\Inicio\
Common Startup=C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\
Microsoft Windows XP Service Pack 3 (5.1.2600)
Internet Explorer 7.0.5730.13
[Internet Explorer]
[Default Home Page] :HKLM Default_Page_URL=http://www.microsoft.com/en/us/default.aspxisapi/redir.dll?prd=ie&pver=6&ar=msnhome
[Current Home Page] :HKCU Start Page=about:blank
[Current Home Page] :HKCU HOMEOldSP=""
[Search URL Template] :HKLM 1=""
[Search URL Template] :HKLM 2=""
[Search URL Template] :HKLM 3=""
[Search URL Template] :HKLM 4=""
[All Users Search] :HKLM Default_Search_URL=http://www.microsoft.com/en/us/default.aspxisapi/redir.dll?prd=ie&ar=iesearch
[All Users Search] :HKLM Search Page=http://www.microsoft.com/en/us/default.aspxisapi/redir.dll?prd=ie&ar=iesearch
[Current Users Search] :HKCU Search Page=http://www.microsoft.com/en/us/default.aspxisapi/redir.dll?prd=ie&ar=iesearch
[Current Users Search] :HKCU Search Bar=""
[IE Local Blank Page] :HKCU Local Page=""
[IE Local Blank Page] :HKLM Local Page=""
[Browser Helper Objects] {00C6482D-C502-44C8-8409-FCE54AD9C208}=C:\Archivos de programa\TechSmith\SnagIt 9\SnagItBHO.dll
[Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
[Browser Helper Objects] {9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
[Browser Helper Objects] {FFFC57DB-1DE3-4303-B24D-CEE6DCDD3D86}=C:\ARCHIV~1\MYCENT~1\InfoBar\MYCENT~1.DLL
[Auto Search URL] :HKCU provider=""
[Auto Search URL] :HKCU "Default Value"=""
[Search Assistant] :HKCU SearchAssistant=""
[Search Assistant] :HKLM SearchAssistant=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
[Search Assistant] :HKCU CustomizeSearch=""
[Search Assistant] :HKLM CustomizeSearch=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
[CustomizeSearch] :HKLM CustomizeSearch=""
[URLSearchHook] :HKCU {CFBFAE00-17A6-11D0-99CB-00C04FD64497}=C:\WINDOWS\system32\ieframe.dll
[Default Prefix] :HKLM "Default Value"=http://
[URL Default Prefixes] :HKLM ftp=ftp://
[URL Default Prefixes] :HKLM gopher=gopher://
[URL Default Prefixes] :HKLM www=http://
[URL Default Prefixes] :HKLM Home=http://
[URL Default Prefixes] :HKLM Mosaic=http://
[AboutURLs] :HKLM blank=res://mshtml.dll/blank.htm
[AboutURLs] :HKLM DesktopItemNavigationFailure=res://shdoclc.dll/navcancl.htm
[AboutURLs] :HKLM Home=270
[AboutURLs] :HKLM NavigationCanceled=res://ieframe.dll/navcancl.htm
[AboutURLs] :HKLM NavigationFailure=res://ieframe.dll/navcancl.htm
[AboutURLs] :HKLM NoAdd-ons=res://ieframe.dll/noaddon.htm
[AboutURLs] :HKLM NoAdd-onsInfo=res://ieframe.dll/noaddoninfo.htm
[AboutURLs] :HKLM OfflineInformation=res://ieframe.dll/offcancl.htm
[AboutURLs] :HKLM PostNotCached=res://ieframe.dll/repost.htm
[AboutURLs] :HKLM SecurityRisk=res://ieframe.dll/securityatrisk.htm
[AboutURLs] :HKLM Tabs=res://ieframe.dll/tabswelcome.htm
[User Style Sheet] :HKCU User Stylesheet=""
[User Style Sheet] :HKUS User Stylesheet=""
[User Style Sheet] :HKCU Use My Stylesheet=0
[User Style Sheet] :HKUS Use My Stylesheet=0
[Execute unsigned ActiveX in My Computer Zone] :HKCU 1201=1
[Execute unsigned ActiveX in My Computer Zone] :HKLM 1201=0
[Execute unsigned ActiveX in Local Intranet Zone] :HKCU 1201=3
[Execute unsigned ActiveX in Local Intranet Zone] :HKLM 1201=0
[Execute unsigned ActiveX in Internet Zone] :HKCU 1201=3
[Execute unsigned ActiveX in Internet Zone] :HKLM 1201=0
[Links Toolbar] :HKCU LinksFolderName=Vínculos
[Toolbars] :HKLM {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}=C:\Archivos de programa\TechSmith\SnagIt 9\SnagItIEAddin.dll
[Explorer Bars] :HKLM {4D5C8C25-D075-11d0-B416-00C04FB90376}=%SystemRoot%\system32\shdocvw.dll
[IE Extensions - All Users] :HKLM {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}=C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
[IE Extensions - All Users] :HKLM {92780B25-18CC-41C8-B9BE-3C9C571A8263}=C:\ARCHIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL
[IE Extensions - All Users] :HKLM {e2e2dd38-d088-4134-82b7-f2ba38496583}=%windir%\Network Diagnostic\xpnetdiag.exe
[Context menu items] :HKCU E&xportar a Microsoft Excel=res://C:\ARCHIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
[Proxy] :HKCU ProxyServer=""
[Proxy] :HKCU ProxyEnable=0
[Network Settings]
[Hosts File Path] :HKLM DataBasePath=%SystemRoot%\System32\drivers\etc
[Hosts File Contents] :HKLM 127.0.0.1 localhost
[Domain Name] :HKLM Domain=""
[Name Server] {1A6598FC-2179-4A7B-89B9-BB30DE120E29}=10.0.0.2
[WinSock2 Components] :HKLM mswsock.dll=%SystemRoot%\System32\mswsock.dll
[WinSock2 Components] :HKLM winrnr.dll=%SystemRoot%\System32\winrnr.dll
[WinSock2 Components] :HKLM rsvpsp.dll=%SystemRoot%\system32\rsvpsp.dll
[Software Components]
[Internet Components] :HKLM C:\WINDOWS\system32\mfc42.dll=C:\WINDOWS\system32\mfc42.dll
[Internet Components] :HKLM C:\WINDOWS\system32\msvcrt.dll=C:\WINDOWS\system32\msvcrt.dll
[Internet Components] :HKLM C:\WINDOWS\system32\olepro32.dll=C:\WINDOWS\system32\olepro32.dll
[Windows Shell]
[Display Scrap's Extensions] :HKLM NeverShowExt=""
[ScreenSaver] :HKCU SCRNSAVE.EXE=C:\ARCHIV~1\Webshots\webshots.scr
[System.ini] shell=Explorer.exe
[User Shell] :HKCU shell=""
[Main File Extensions] :HKLM .exe="%1" %*
[Main File Extensions] :HKLM .com="%1" %*
[Main File Extensions] :HKLM .pif="%1" %*
[Main File Extensions] :HKLM .cmd="%1" %*
[Main File Extensions] :HKLM .scr="%1" /S
[Main File Extensions] :HKLM .jpg=rundll32.exe C:\WINDOWS\system32\shimgvw.dll,ImageView_Fullscreen %1
[Main File Extensions] :HKLM .jpeg=rundll32.exe C:\WINDOWS\system32\shimgvw.dll,ImageView_Fullscreen %1
[UserInit Value] :HKLM UserInit=C:\WINDOWS\system32\userinit.exe,
[Winlogon Notification] :HKLM crypt32chain=crypt32.dll
[Winlogon Notification] :HKLM cryptnet=cryptnet.dll
[Winlogon Notification] :HKLM cscdll=cscdll.dll
[Winlogon Notification] :HKLM dimsntfy=%SystemRoot%\System32\dimsntfy.dll
[Winlogon Notification] :HKLM klogon=C:\WINDOWS\system32\klogon.dll
[Winlogon Notification] :HKLM ScCertProp=wlnotify.dll
[Winlogon Notification] :HKLM Schedule=wlnotify.dll
[Winlogon Notification] :HKLM sclgntfy=sclgntfy.dll
[Winlogon Notification] :HKLM SensLogn=WlNotify.dll
[Winlogon Notification] :HKLM termsrv=wlnotify.dll
[Winlogon Notification] :HKLM wlballoon=wlnotify.dll
[Shell Services DelayLoad] :HKLM WebCheck=C:\WINDOWS\system32\webcheck.dll
[Shell Services DelayLoad] :HKLM WPDShServiceObj=C:\WINDOWS\system32\WPDShServiceObj.dll
[Shell Services DelayLoad] :HKLM PostBootReminder=%SystemRoot%\system32\SHELL32.dll
[Shell Services DelayLoad] :HKLM CDBurn=%SystemRoot%\system32\SHELL32.dll
[Shell Services DelayLoad] :HKLM SysTray=C:\WINDOWS\system32\stobject.dll
[Prevents Display in Control Panel from running.] :HKCU NoDispCpl=0
[Disable Registry Tools] :HKCU DisableRegistryTools =0
[SharedTaskScheduler] :HKLM {438755C2-A8BA-11D1-B96B-00A0C90312E1}=%SystemRoot%\system32\browseui.dll
[SharedTaskScheduler] :HKLM {8C7461EF-2B13-11d2-BE35-3078302C2030}=%SystemRoot%\system32\browseui.dll
[Kernel Auto Boot]
[ActiveSetup] >{22d6f312-b0f6-11d0-94ab-0080c74c7e95}=C:\WINDOWS\inf\unregmp2.exe /ShowWMP
[ActiveSetup] {4b218e3e-bc98-4770-93d3-2731b9329278}
[ActiveSetup] {881dd1c5-3dcf-431b-b061-f3f88e8be88a}
[Bootexecute] :HKLM BootExecute=autocheck autochk *
autocheck
Partizan
[KnownDLLs] :HKLM advapi32=advapi32.dll
[KnownDLLs] :HKLM comdlg32=comdlg32.dll
[KnownDLLs] :HKLM DllDirectory=%SystemRoot%\system32
[KnownDLLs] :HKLM gdi32=gdi32.dll
[KnownDLLs] :HKLM imagehlp=imagehlp.dll
[KnownDLLs] :HKLM kernel32=kernel32.dll
[KnownDLLs] :HKLM lz32=lz32.dll
[KnownDLLs] :HKLM ole32=ole32.dll
[KnownDLLs] :HKLM oleaut32=oleaut32.dll
[KnownDLLs] :HKLM olecli32=olecli32.dll
[KnownDLLs] :HKLM olecnv32=olecnv32.dll
[KnownDLLs] :HKLM olesvr32=olesvr32.dll
[KnownDLLs] :HKLM olethk32=olethk32.dll
[KnownDLLs] :HKLM rpcrt4=rpcrt4.dll
[KnownDLLs] :HKLM shell32=shell32.dll
[KnownDLLs] :HKLM url=url.dll
[KnownDLLs] :HKLM urlmon=urlmon.dll
[KnownDLLs] :HKLM user32=user32.dll
[KnownDLLs] :HKLM version=version.dll
[KnownDLLs] :HKLM wininet=wininet.dll
[KnownDLLs] :HKLM wldap32=wldap32.dll
[Environment - Path] :HKLM Path=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\ARCHIV~1\DISKEE~1\DISKEE~1\
[List of Injected DLLs] :HKLM AppInit_DLLs=C:\ARCHIV~1\KASPER~1\KASPER~1.0\adialhk.dll
[Auto Services] AudioSrv
[Auto Services] AVP
[Auto Services] Browser
[Auto Services] CryptSvc
[Auto Services] DcomLaunch
[Auto Services] Dhcp
[Auto Services] Diskeeper
[Auto Services] dmserver
[Auto Services] Dnscache
[Auto Services] Eventlog
[Auto Services] helpsvc
[Auto Services] ioloFileInfoList
[Auto Services] ioloSystemService
[Auto Services] LanmanServer
[Auto Services] lanmanworkstation
[Auto Services] LmHosts
[Auto Services] PlugPlay
[Auto Services] PolicyAgent
[Auto Services] ProtectedStorage
[Auto Services] RpcSs
[Auto Services] SamSs
[Auto Services] Schedule
[Auto Services] seclogon
[Auto Services] SENS
[Auto Services] SharedAccess
[Auto Services] ShellHWDetection
[Auto Services] Spooler
[Auto Services] srservice
[Auto Services] Themes
[Auto Services] TrkWks
[Auto Services] UxTuneUp
[Auto Services] W32Time
[Auto Services] WebClient
[Auto Services] winmgmt
[Auto Services] wuauserv
[Auto Services] WZCSVC
[Drivers] ntkrnlpa.exe=C:\WINDOWS\SYSTEM32\NTKRNLPA.EXE
[Drivers] hal.dll=C:\WINDOWS\SYSTEM32\HAL.DLL
[Drivers] KDCOM.DLL=C:\WINDOWS\SYSTEM32\KDCOM.DLL
[Drivers] BOOTVID.dll=C:\WINDOWS\SYSTEM32\BOOTVID.DLL
[Drivers] spib.sys=spib.sys
[Drivers] WMILIB.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\WMILIB.SYS
[Drivers] SCSIPORT.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\SCSIPORT.SYS
[Drivers] ACPI.sys=C:\WINDOWS\system32\DRIVERS\ACPI.sys
[Drivers] Partizan.sys=C:\WINDOWS\system32\DRIVERS\Partizan.sys
[Drivers] pci.sys=C:\WINDOWS\system32\DRIVERS\pci.sys
[Drivers] isapnp.sys=C:\WINDOWS\system32\DRIVERS\isapnp.sys
[Drivers] viaide.sys=C:\WINDOWS\system32\DRIVERS\viaide.sys
[Drivers] PCIIDEX.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\PCIIDEX.SYS
[Drivers] MountMgr.sys=C:\WINDOWS\system32\DRIVERS\MountMgr.sys
[Drivers] ftdisk.sys=C:\WINDOWS\system32\DRIVERS\ftdisk.sys
[Drivers] dmload.sys=C:\WINDOWS\system32\DRIVERS\dmload.sys
[Drivers] dmio.sys=C:\WINDOWS\system32\DRIVERS\dmio.sys
[Drivers] PartMgr.sys=C:\WINDOWS\system32\DRIVERS\PartMgr.sys
[Drivers] videX32.sys=C:\WINDOWS\system32\DRIVERS\videX32.sys
[Drivers] VolSnap.sys=C:\WINDOWS\system32\DRIVERS\VolSnap.sys
[Drivers] atapi.sys=C:\WINDOWS\system32\DRIVERS\atapi.sys
[Drivers] viamraid.sys=C:\WINDOWS\system32\DRIVERS\viamraid.sys
[Drivers] disk.sys=C:\WINDOWS\system32\DRIVERS\disk.sys
[Drivers] CLASSPNP.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\CLASSPNP.SYS
[Drivers] fltMgr.sys=C:\WINDOWS\system32\DRIVERS\fltMgr.sys
[Drivers] KSecDD.sys=C:\WINDOWS\system32\DRIVERS\KSecDD.sys
[Drivers] Ntfs.sys=C:\WINDOWS\system32\DRIVERS\Ntfs.sys
[Drivers] NDIS.sys=C:\WINDOWS\system32\DRIVERS\NDIS.sys
[Drivers] Mup.sys=C:\WINDOWS\system32\DRIVERS\Mup.sys
[Drivers] kl1.sys=C:\WINDOWS\system32\DRIVERS\kl1.sys
[Drivers] TDI.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\TDI.SYS
[Drivers] gagp30kx.sys=C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
[Drivers] AmdK8.sys=C:\WINDOWS\SYSTEM32\DRIVERS\AMDK8.SYS
[Drivers] Vtmini.sys=C:\WINDOWS\SYSTEM32\DRIVERS\VTMINI.SYS
[Drivers] VIDEOPRT.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\VIDEOPRT.SYS
[Drivers] imapi.sys=C:\WINDOWS\SYSTEM32\DRIVERS\IMAPI.SYS
[Drivers] cdrom.sys=C:\WINDOWS\SYSTEM32\DRIVERS\CDROM.SYS
[Drivers] redbook.sys=C:\WINDOWS\SYSTEM32\DRIVERS\REDBOOK.SYS
[Drivers] ks.sys=C:\WINDOWS\SYSTEM32\DRIVERS\KS.SYS
[Drivers] usbuhci.sys=C:\WINDOWS\SYSTEM32\DRIVERS\USBUHCI.SYS
[Drivers] USBPORT.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\USBPORT.SYS
[Drivers] usbehci.sys=C:\WINDOWS\SYSTEM32\DRIVERS\USBEHCI.SYS
[Drivers] fdc.sys=C:\WINDOWS\SYSTEM32\DRIVERS\FDC.SYS
[Drivers] parport.sys=C:\WINDOWS\SYSTEM32\DRIVERS\PARPORT.SYS
[Drivers] gameenum.sys=C:\WINDOWS\SYSTEM32\DRIVERS\GAMEENUM.SYS
[Drivers] i8042prt.sys=C:\WINDOWS\SYSTEM32\DRIVERS\I8042PRT.SYS
[Drivers] kbdclass.sys=C:\WINDOWS\SYSTEM32\DRIVERS\KBDCLASS.SYS
[Drivers] mouclass.sys=C:\WINDOWS\SYSTEM32\DRIVERS\MOUCLASS.SYS
[Drivers] serial.sys=C:\WINDOWS\SYSTEM32\DRIVERS\SERIAL.SYS
[Drivers] serenum.sys=C:\WINDOWS\SYSTEM32\DRIVERS\SERENUM.SYS
[Drivers] cmuda.sys=C:\WINDOWS\SYSTEM32\DRIVERS\CMUDA.SYS
[Drivers] portcls.sys=C:\WINDOWS\SYSTEM32\DRIVERS\PORTCLS.SYS
[Drivers] drmk.sys=C:\WINDOWS\SYSTEM32\DRIVERS\DRMK.SYS
[Drivers] fetnd5bv.sys=C:\WINDOWS\SYSTEM32\DRIVERS\FETND5BV.SYS
[Drivers] klim5.sys=C:\WINDOWS\SYSTEM32\DRIVERS\KLIM5.SYS
[Drivers] audstub.sys=C:\WINDOWS\SYSTEM32\DRIVERS\AUDSTUB.SYS
[Drivers] rasl2tp.sys=C:\WINDOWS\SYSTEM32\DRIVERS\RASL2TP.SYS
[Drivers] ndistapi.sys=C:\WINDOWS\SYSTEM32\DRIVERS\NDISTAPI.SYS
[Drivers] ndiswan.sys=C:\WINDOWS\SYSTEM32\DRIVERS\NDISWAN.SYS
[Drivers] raspppoe.sys=C:\WINDOWS\SYSTEM32\DRIVERS\RASPPPOE.SYS
[Drivers] raspptp.sys=C:\WINDOWS\SYSTEM32\DRIVERS\RASPPTP.SYS
[Drivers] psched.sys=C:\WINDOWS\SYSTEM32\DRIVERS\PSCHED.SYS
[Drivers] msgpc.sys=C:\WINDOWS\SYSTEM32\DRIVERS\MSGPC.SYS
[Drivers] ptilink.sys=C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS
[Drivers] raspti.sys=C:\WINDOWS\SYSTEM32\DRIVERS\RASPTI.SYS
[Drivers] rdpdr.sys=C:\WINDOWS\SYSTEM32\DRIVERS\RDPDR.SYS
[Drivers] termdd.sys=C:\WINDOWS\SYSTEM32\DRIVERS\TERMDD.SYS
[Drivers] swenum.sys=C:\WINDOWS\SYSTEM32\DRIVERS\SWENUM.SYS
[Drivers] update.sys=C:\WINDOWS\SYSTEM32\DRIVERS\UPDATE.SYS
[Drivers] mssmbios.sys=C:\WINDOWS\SYSTEM32\DRIVERS\MSSMBIOS.SYS
[Drivers] NDProxy.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\NDPROXY.SYS
[Drivers] usbhub.sys=C:\WINDOWS\SYSTEM32\DRIVERS\USBHUB.SYS
[Drivers] USBD.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\USBD.SYS
[Drivers] flpydisk.sys=C:\WINDOWS\SYSTEM32\DRIVERS\FLPYDISK.SYS
[Drivers] Fs_Rec.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\FS_REC.SYS
[Drivers] Null.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\NULL.SYS
[Drivers] Beep.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\BEEP.SYS
[Drivers] vga.sys=C:\WINDOWS\SYSTEM32\DRIVERS\VGA.SYS
[Drivers] mnmdd.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\MNMDD.SYS
[Drivers] RDPCDD.sys=C:\WINDOWS\SYSTEM32\DRIVERS\RDPCDD.SYS
[Drivers] Msfs.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\MSFS.SYS
[Drivers] Npfs.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\NPFS.SYS
[Drivers] rasacd.sys=C:\WINDOWS\SYSTEM32\DRIVERS\RASACD.SYS
[Drivers] ipsec.sys=C:\WINDOWS\SYSTEM32\DRIVERS\IPSEC.SYS
[Drivers] tcpip.sys=C:\WINDOWS\SYSTEM32\DRIVERS\TCPIP.SYS
[Drivers] netbt.sys=C:\WINDOWS\SYSTEM32\DRIVERS\NETBT.SYS
[Drivers] afd.sys=C:\WINDOWS\SYSTEM32\DRIVERS\AFD.SYS
[Drivers] netbios.sys=C:\WINDOWS\SYSTEM32\DRIVERS\NETBIOS.SYS
[Drivers] rdbss.sys=C:\WINDOWS\SYSTEM32\DRIVERS\RDBSS.SYS
[Drivers] mrxsmb.sys=C:\WINDOWS\SYSTEM32\DRIVERS\MRXSMB.SYS
[Drivers] klif.sys=C:\WINDOWS\SYSTEM32\DRIVERS\KLIF.SYS
[Drivers] Fips.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\FIPS.SYS
[Drivers] ipnat.sys=C:\WINDOWS\SYSTEM32\DRIVERS\IPNAT.SYS
[Drivers] wanarp.sys=C:\WINDOWS\SYSTEM32\DRIVERS\WANARP.SYS
[Drivers] FileDisk.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\FILEDISK.SYS
[Drivers] Fastfat.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\FASTFAT.SYS
[Drivers] diskdump.sys=C:\WINDOWS\SYSTEM32\DRIVERS\DUMP_DISKDUMP.SYS
[Drivers] VIAMRAID.sys=C:\WINDOWS\SYSTEM32\DRIVERS\DUMP_VIAMRAID.SYS
[Drivers] win32k.sys=C:\WINDOWS\SYSTEM32\WIN32K.SYS
[Drivers] Dxapi.sys=C:\WINDOWS\SYSTEM32\DRIVERS\DXAPI.SYS
[Drivers] watchdog.sys=C:\WINDOWS\SYSTEM32\WATCHDOG.SYS
[Drivers] dxg.sys=C:\WINDOWS\SYSTEM32\DRIVERS\DXG.SYS
[Drivers] dxgthk.sys=C:\WINDOWS\SYSTEM32\DRIVERS\DXGTHK.SYS
[Drivers] vtdisp.dll=C:\WINDOWS\SYSTEM32\VTDISP.DLL
[Drivers] ndisuio.sys=C:\WINDOWS\SYSTEM32\DRIVERS\NDISUIO.SYS
[Drivers] wdmaud.sys=C:\WINDOWS\SYSTEM32\DRIVERS\WDMAUD.SYS
[Drivers] sysaudio.sys=C:\WINDOWS\SYSTEM32\DRIVERS\SYSAUDIO.SYS
[Drivers] splitter.sys=C:\WINDOWS\SYSTEM32\DRIVERS\SPLITTER.SYS
[Drivers] aec.sys=C:\WINDOWS\SYSTEM32\DRIVERS\AEC.SYS
[Drivers] swmidi.sys=C:\WINDOWS\SYSTEM32\DRIVERS\SWMIDI.SYS
[Drivers] DMusic.sys=C:\WINDOWS\SYSTEM32\DRIVERS\DMUSIC.SYS
[Drivers] kmixer.sys=C:\WINDOWS\SYSTEM32\DRIVERS\KMIXER.SYS
[Drivers] drmkaud.sys=C:\WINDOWS\SYSTEM32\DRIVERS\DRMKAUD.SYS
[Drivers] ntdll.dll=C:\WINDOWS\SYSTEM32\NTDLL.DLL
[Services detected by Partizan] :HKLM .NET CLR Data
[Services detected by Partizan] :HKLM .NET CLR Networking
[Services detected by Partizan] :HKLM .NET Data Provider for Oracle
[Services detected by Partizan] :HKLM .NET Data Provider for SqlServer
[Services detected by Partizan] :HKLM .NETFramework
[Services detected by Partizan] :HKLM Abiosdsk
[Services detected by Partizan] :HKLM abp480n5
[Services detected by Partizan] :HKLM ACPI=system32\DRIVERS\ACPI.sys
[Services detected by Partizan] :HKLM ACPIEC
[Services detected by Partizan] :HKLM adpu160m
[Services detected by Partizan] :HKLM aec=system32\drivers\aec.sys
[Services detected by Partizan] :HKLM AFD=\SystemRoot\System32\drivers\afd.sys
[Services detected by Partizan] :HKLM Aha154x
[Services detected by Partizan] :HKLM aic78u2
[Services detected by Partizan] :HKLM aic78xx
[Services detected by Partizan] :HKLM Alerter
[Services detected by Partizan] :HKLM ALG=%SystemRoot%\System32\alg.exe
[Services detected by Partizan] :HKLM AliIde
[Services detected by Partizan] :HKLM AmdK8=system32\DRIVERS\AmdK8.sys
[Services detected by Partizan] :HKLM amsint
[Services detected by Partizan] :HKLM AppMgmt=%SystemRoot%\system32\svchost.exe -k netsvcs
[Services detected by Partizan] :HKLM asc
[Services detected by Partizan] :HKLM asc3350p
[Services detected by Partizan] :HKLM asc3550
[Services detected by Partizan] :HKLM ASP.NET
[Services detected by Partizan] :HKLM ASP.NET_1.1.4322
[Services detected by Partizan] :HKLM ASP.NET_2.0.50727
[Services detected by Partizan] :HKLM aspnet_state=%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
[Services detected by Partizan] :HKLM AsyncMac=system32\DRIVERS\asyncmac.sys
[Services detected by Partizan] :HKLM atapi=system32\DRIVERS\atapi.sys
[Services detected by Partizan] :HKLM Atdisk
[Services detected by Partizan] :HKLM Atmarpc=system32\DRIVERS\atmarpc.sys
[Services detected by Partizan] :HKLM AudioSrv=%SystemRoot%\System32\svchost.exe -k netsvcs
[Services detected by Partizan] :HKLM audstub=system32\DRIVERS\audstub.sys
[Services detected by Partizan] :HKLM AVP="C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r
[Services detected by Partizan] :HKLM BattC
[Services detected by Partizan] :HKLM Beep
[Services detected by Partizan] :HKLM BITS=%SystemRoot%\system32\svchost.exe -k netsvcs
[Services detected by Partizan] :HKLM Browser=%SystemRoot%\system32\svchost.exe -k netsvcs
[Services detected by Partizan] :HKLM cbidf2k
[Services detected by Partizan] :HKLM cd20xrnt
[Services detected by Partizan] :HKLM Cdaudio
[Services detected by Partizan] :HKLM Cdfs
[Services detected by Partizan] :HKLM CDRom=system32\DRIVERS\cdrom.sys
[Services detected by Partizan] :HKLM Changer
[Services detected by Partizan] :HKLM Cisvc=%SystemRoot%\system32\cisvc.exe
[Services detected by Partizan] :HKLM ClipSrv=%SystemRoot%\system32\clipsrv.exe
[Services detected by Partizan] :HKLM clr_optimization_v2.0.50727_32=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
[Services detected by Partizan] :HKLM CmdIde
[Services detected by Partizan] :HKLM cmuda=system32\drivers\cmuda.sys
[Services detected by Partizan] :HKLM COMSysApp=C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
[Services detected by Partizan] :HKLM ContentFilter
[Services detected by Partizan] :HKLM ContentIndex
[Services detected by Partizan] :HKLM Cpqarray
[Services detected by Partizan] :HKLM CryptSvc=%SystemRoot%\system32\svchost.exe -k netsvcs
[Services detected by Partizan] :HKLM dac2w2k
[Services detected by Partizan] :HKLM dac960nt
[Services detected by Partizan] :HKLM DcomLaunch=%SystemRoot%\system32\svchost -k DcomLaunch
[Services detected by Partizan] :HKLM Dhcp=%SystemRoot%\system32\svchost.exe -k netsvcs
[Services detected by Partizan] :HKLM Disk=system32\DRIVERS\disk.sys
[Services detected by Partizan] :HKLM Diskeeper="C:\Archivos de programa\Diskeeper Corporation\Diskeeper\DkService.exe"
[Services detected by Partizan] :HKLM dmadmin=%SystemRoot%\System32\dmadmin.exe /com
[Services detected by Partizan] :HKLM dmboot=System32\drivers\dmboot.sys
[Services detected by Partizan] :HKLM dmio=System32\drivers\dmio.sys
[Services detected by Partizan] :HKLM dmload=System32\drivers\dmload.sys
[Services detected by Partizan] :HKLM dmserver=%SystemRoot%\System32\svchost.exe -k netsvcs
[Services detected by Partizan] :HKLM DMusic=system32\drivers\DMusic.sys
[Services detected by Partizan] :HKLM Dnscache=%SystemRoot%\system32\svchost.exe -k NetworkService
[Services detected by Partizan] :HKLM Dot3svc=%SystemRoot%\System32\svchost.exe -k dot3svc
[Services detected by Partizan] :HKLM dpti2o
[Services detected by Partizan] :HKLM drmkaud=system32\drivers\drmkaud.sys
[Services detected by Partizan] :HKLM EapHost=%SystemRoot%\System32\svchost.exe -k eapsvcs
[Services detected by Partizan] :HKLM Eventlog=%SystemRoot%\system32\services.exe
[Services detected by Partizan] :HKLM EventSystem=C:\WINDOWS\system32\svchost.exe -k netsvcs
[Services detected by Partizan] :HKLM Fastfat
[Services detected by Partizan] :HKLM FastUserSwitchingCompatibility=%SystemRoot%\System32\svchost.exe -k netsvcs
[Services detected by Partizan] :HKLM Fdc=system32\DRIVERS\fdc.sys
[Services detected by Partizan] :HKLM FET5X86V=system32\DRIVERS\fetnd5bv.sys
[Services detected by Partizan] :HKLM FETNDIS=system32\DRIVERS\fetnd5.sys
[Services detected by Partizan] :HKLM FileDisk
[Services detected by Partizan] :HKLM Fips
[Services detected by Partizan] :HKLM Flpydisk=system32\DRIVERS\flpydisk.sys
[Services detected by Partizan] :HKLM FltMgr=system32\DRIVERS\fltMgr.sys
[Services detected by Partizan] :HKLM Fs_Rec
[Services detected by Partizan] :HKLM Ftdisk=system32\DRIVERS\ftdisk.sys
[Services detected by Partizan] :HKLM gagp30kx=system32\DRIVERS\gagp30kx.sys
[Services detected by Partizan] :HKLM gameenum=system32\DRIVERS\gameenum.sys
[Services detected by Partizan] :HKLM Gpc=system32\DRIVERS\msgpc.sys
[Services detected by Partizan] :HKLM helpsvc=%SystemRoot%\System32\svchost.exe -k netsvcs
[Services detected by Partizan] :HKLM HidServ=%SystemRoot%\System32\svchost.exe -k netsvcs
[Services detected by Partizan] :HKLM hkmsvc=%SystemRoot%\System32\svchost.exe -k netsvcs
[Services detected by Partizan] :HKLM hpn
[Services detected by Partizan] :HKLM HTTP=System32\Drivers\HTTP.sys
[Services detected by Partizan] :HKLM HTTPFilter=%SystemRoot%\System32\svchost.exe -k HTTPFilter
[Services detected by Partizan] :HKLM i2omgmt
[Services detected by Partizan] :HKLM i2omp
[Services detected by Partizan] :HKLM i8042prt=system32\DRIVERS\i8042prt.sys
[Services detected by Partizan] :HKLM Imapi=system32\DRIVERS\imapi.sys
[Services detected by Partizan] :HKLM ImapiService=C:\WINDOWS\system32\imapi.exe
[Services detected by Partizan] :HKLM inetaccs
[Services detected by Partizan] :HKLM ini910u
[Services detected by Partizan] :HKLM Inport
[Services detected by Partizan] :HKLM IntelIde
[Services detected by Partizan] :HKLM ioloFileInfoList=C:\Archivos de programa\iolo\common\lib\ioloServiceManager.exe
[Services detected by Partizan] :HKLM ioloSystemService=C:\Archivos de programa\iolo\common\lib\ioloServiceManager.exe
[Services detected by Partizan] :HKLM Ip6Fw=system32\DRIVERS\Ip6Fw.sys
[Services detected by Partizan] :HKLM IpFilterDriver=system32\DRIVERS\ipfltdrv.sys
[Services detected by Partizan] :HKLM IpInIp=system32\DRIVERS\ipinip.sys
[Services detected by Partizan] :HKLM IpNat=system32\DRIVERS\ipnat.sys
[Services detected by Partizan] :HKLM IPSec=system32\DRIVERS\ipsec.sys
[Services detected by Partizan] :HKLM IRENUM=system32\DRIVERS\irenum.sys
[Services detected by Partizan] :HKLM ISAPISearch
[Services detected by Partizan] :HKLM isapnp=system32\DRIVERS\isapnp.sys
[Services detected by Partizan] :HKLM Kbdclass=system32\DRIVERS\kbdclass.sys
[Services detected by Partizan] :HKLM kl1=system32\drivers\kl1.sys
[Services detected by Partizan] :HKLM klif=\??\C:\WINDOWS\system32\drivers\klif.sys
[Services detected by Partizan] :HKLM klim5=system32\DRIVERS\klim5.sys
[Services detected by Partizan] :HKLM kmixer=system32\drivers\kmixer.sys
[Services detected by Partizan] :HKLM KSecDD
[Services detected by Partizan] :HKLM LanmanServer=%SystemRoot%\system32\svchost.exe -k netsvcs
[Services detected by Partizan] :HKLM lanmanworkstation=%SystemRoot%\system32\svchost.exe -k netsvcs
[Services detected by Partizan] :HKLM lbrtfdc
[Services detected by Partizan] :HKLM ldap
[Services detected by Partizan] :HKLM LicenseService
[Services detected by Partizan] :HKLM LmHosts=%SystemRoot%\system32\svchost.exe -k LocalService
[Services detected by Partizan] :HKLM MEMSWEEP2=\??\C:\WINDOWS\system32\SophosMEMSWEEP.SYS
[Services detected by Partizan] :HKLM mnmdd
[Services detected by Partizan] :HKLM mnmsrvc=C:\WINDOWS\system32\mnmsrvc.exe
[Services detected by Partizan] :HKLM Modem
[Services detected by Partizan] :HKLM Mouclass=system32\DRIVERS\mouclass.sys
[Services detected by Partizan] :HKLM MountMgr
[Services detected by Partizan] :HKLM mraid35x
[Services detected by Partizan] :HKLM MRxDAV=system32\DRIVERS\mrxdav.sys
[Services detected by Partizan] :HKLM MRxSmb=system32\DRIVERS\mrxsmb.sys
[Services detected by Partizan] :HKLM MSDTC=C:\WINDOWS\system32\msdtc.exe
[Services detected by Partizan] :HKLM Msfs
[Services detected by Partizan] :HKLM MSIServer=C:\WINDOWS\system32\msiexec.exe /V
[Services detected by Partizan] :HKLM MSKSSRV=system32\drivers\MSKSSRV.sys
[Services detected by Partizan] :HKLM MSPCLOCK=system32\drivers\MSPCLOCK.sys
[Services detected by Partizan] :HKLM MSPQM=system32\drivers\MSPQM.sys
[Services detected by Partizan] :HKLM mssmbios=system32\DRIVERS\mssmbios.sys
[Services detected by Partizan] :HKLM Mup
[Services detected by Partizan] :HKLM napagent=%SystemRoot%\System32\svchost.exe -k netsvcs
[Services detected by Partizan] :HKLM NDIS
[Services detected by Partizan] :HKLM NdisTapi=system32\DRIVERS\ndistapi.sys
[Services detected by Partizan] :HKLM Ndisuio=system32\DRIVERS\ndisuio.sys
[Services detected by Partizan] :HKLM NdisWan=system32\DRIVERS\ndiswan.sys
[Services detected by Partizan] :HKLM NDProxy
[Services detected by Partizan] :HKLM NetBIOS=system32\DRIVERS\netbios.sys
[Services detected by Partizan] :HKLM NetBT=system32\DRIVERS\netbt.sys
[Services detected by Partizan] :HKLM NetDDE=%SystemRoot%\system32\netdde.exe
[Services detected by Partizan] :HKLM NetDDEdsdm=%SystemRoot%\system32\netdde.exe
[Services detected by Partizan] :HKLM Netlogon=%SystemRoot%\system32\lsass.exe
[Services detected by Partizan] :HKLM Netman=%SystemRoot%\System32\svchost.exe -k netsvcs
[Services detected by Partizan] :HKLM Nla=%SystemRoot%\system32\svchost.exe -k netsvcs
[Services detected by Partizan] :HKLM Npfs
[Services detected by Partizan] :HKLM Ntfs
[Services detected by Partizan] :HKLM NtLmSsp=%SystemRoot%\system32\lsass.exe
[Services detected by Partizan] :HKLM Null
[Services detected by Partizan] :HKLM NwlnkFlt=system32\DRIVERS\nwlnkflt.sys
[Services detected by Partizan] :HKLM NwlnkFwd=system32\DRIVERS\nwlnkfwd.sys
[Services detected by Partizan] :HKLM ose="C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE"
[Services detected by Partizan] :HKLM Outlook
[Services detected by Partizan] :HKLM Parport=system32\DRIVERS\parport.sys
[Services detected by Partizan] :HKLM Partizan=system32\drivers\Partizan.sys
[Services detected by Partizan] :HKLM PartMgr
[Services detected by Partizan] :HKLM ParVdm
[Services detected by Partizan] :HKLM PCI=system32\DRIVERS\pci.sys
[Services detected by Partizan] :HKLM PCIDump
[Services detected by Partizan] :HKLM PCIIde
[Services detected by Partizan] :HKLM Pcmcia
[Services detected by Partizan] :HKLM PDCOMP
[Services detected by Partizan] :HKLM PDFRAME
[Services detected by Partizan] :HKLM PDRELI
[Services detected by Partizan] :HKLM PDRFRAME
[Services detected by Partizan] :HKLM perc2
[Services detected by Partizan] :HKLM perc2hib
[Services detected by Partizan] :HKLM PerfDisk
[Services detected by Partizan] :HKLM PerfNet
[Services detected by Partizan] :HKLM PerfOS
[Services detected by Partizan] :HKLM PerfProc
[Services detected by Partizan] :HKLM PlugPlay=%SystemRoot%\system32\services.exe
[Services detected by Partizan] :HKLM PolicyAgent=%SystemRoot%\system32\lsass.exe
[Services detected by Partizan] :HKLM PptpMiniport=system32\DRIVERS\raspptp.sys
[Services detected by Partizan] :HKLM Processor=system32\DRIVERS\processr.sys
[Services detected by Partizan] :HKLM ProtectedStorage=%SystemRoot%\system32\lsass.exe
[Services detected by Partizan] :HKLM PSched=system32\DRIVERS\psched.sys
[Services detected by Partizan] :HKLM Ptilink=system32\DRIVERS\ptilink.sys
[Services detected by Partizan] :HKLM ql1080
[Services detected by Partizan] :HKLM Ql10wnt
[Services detected by Partizan] :HKLM ql12160
[Services detected by Partizan] :HKLM ql1240
[Services detected by Partizan] :HKLM ql1280
[Services detected by Partizan] :HKLM RasAcd=system32\DRIVERS\rasacd.sys
[Services detected by Partizan] :HKLM RasAuto=%SystemRoot%\system32\svchost.exe -k netsvcs
[Services detected by Partizan] :HKLM Rasl2tp=system32\DRIVERS\rasl2tp.sys
[Services detected by Partizan] :HKLM RasMan=%SystemRoot%\system32\svchost.exe -k netsvcs
[Services detected by Partizan] :HKLM RasPppoe=system32\DRIVERS\raspppoe.sys
[Services detected by Partizan] :HKLM Raspti=system32\DRIVERS\raspti.sys
[Services detected by Partizan] :HKLM Rdbss=system32\DRIVERS\rdbss.sys
[Services detected by Partizan] :HKLM RDPCDD=System32\DRIVERS\RDPCDD.sys
[Services detected by Partizan] :HKLM RDPDD
[Services detected by Partizan] :HKLM rdpdr=system32\DRIVERS\rdpdr.sys
[Services detected by Partizan] :HKLM RDPNP
[Services detected by Partizan] :HKLM RDPWD
[Services detected by Partizan] :HKLM RDSessMgr=C:\WINDOWS\system32\sessmgr.exe
[Services detected by Partizan] :HKLM redbook=system32\DRIVERS\redbook.sys
[Services detected by Partizan] :HKLM RemoteAccess=%SystemRoot%\system32\svchost.exe -k netsvcs
[Services detected by Partizan] :HKLM RpcLocator=%SystemRoot%\system32\locator.exe
[Services detected by Partizan] :HKLM RpcSs=%SystemRoot%\system32\svchost -k rpcss
[Services detected by Partizan] :HKLM RSVP=%SystemRoot%\system32\rsvp.exe
[Services detected by Partizan] :HKLM SamSs=%SystemRoot%\system32\lsass.exe
[Services detected by Partizan] :HKLM Schedule=%SystemRoot%\System32\svchost.exe -k netsvcs
[Services detected by Partizan] :HKLM Secdrv=system32\DRIVERS\secdrv.sys
[Services detected by Partizan] :HKLM seclogon=%SystemRoot%\System32\svchost.exe -k netsvcs
[Services detected by Partizan] :HKLM SENS=%SystemRoot%\system32\svchost.exe -k netsvcs
[Services detected by Partizan] :HKLM serenum=system32\DRIVERS\serenum.sys
[Services detected by Partizan] :HKLM Serial=system32\DRIVERS\serial.sys
[Services detected by Partizan] :HKLM Sfloppy
[Services detected by Partizan] :HKLM SharedAccess=%SystemRoot%\system32\svchost.exe -k netsvcs
[Services detected by Partizan] :HKLM ShellHWDetection=%SystemRoot%\System32\svchost.exe -k netsvcs
[Services detected by Partizan] :HKLM Simbad
[Services detected by Partizan] :HKLM Sparrow
[Services detected by Partizan] :HKLM splitter=system32\drivers\splitter.sys
[Services detected by Partizan] :HKLM Spooler=%SystemRoot%\system32\spoolsv.exe
[Services detected by Partizan] :HKLM sptd=System32\Drivers\sptd.sys
[Services detected by Partizan] :HKLM Sr=\SystemRoot\system32\DRIVERS\sr.sys
[Services detected by Partizan] :HKLM srservice=%SystemRoot%\System32\svchost.exe -k netsvcs
[Services detected by Partizan] :HKLM Srv=system32\DRIVERS\srv.sys
[Services detected by Partizan] :HKLM SSDPSRV=%SystemRoot%\system32\svchost.exe -k LocalService
[Services detected by Partizan] :HKLM stisvc=%SystemRoot%\system32\svchost.exe -k imgsvc
[Services detected by Partizan] :HKLM swenum=system32\DRIVERS\swenum.sys
[Services detected by Partizan] :HKLM swmidi=system32\drivers\swmidi.sys
[Services detected by Partizan] :HKLM SwPrv=C:\WINDOWS\system32\dllhost.exe /Processid:{31B4B242-453A-4305-9954-857490426208}
[Services detected by Partizan] :HKLM symc810
[Services detected by Partizan] :HKLM symc8xx
[Services detected by Partizan] :HKLM sym_hi
[Services detected by Partizan] :HKLM sym_u3
[Services detected by Partizan] :HKLM sysaudio=system32\drivers\sysaudio.sys
[Services detected by Partizan] :HKLM SysmonLog=%SystemRoot%\system32\smlogsvc.exe
[Services detected by Partizan] :HKLM TapiSrv=%SystemRoot%\System32\svchost.exe -k netsvcs
[Services detected by Partizan] :HKLM Tcpip=system32\DRIVERS\tcpip.sys
[Services detected by Partizan] :HKLM TDPIPE
[Services detected by Partizan] :HKLM TDTCP
[Services detected by Partizan] :HKLM TermDD=system32\DRIVERS\termdd.sys
[Services detected by Partizan] :HKLM TermService=%SystemRoot%\System32\svchost -k DComLaunch
[Services detected by Partizan] :HKLM Themes=%SystemRoot%\System32\svchost.exe -k netsvcs
[Services detected by Partizan] :HKLM TosIde
[Services detected by Partizan] :HKLM TrkWks=%SystemRoot%\system32\svchost.exe -k netsvcs
[Services detected by Partizan] :HKLM TSDDD
[Services detected by Partizan] :HKLM TuneUp.Defrag=%SystemRoot%\System32\TuneUpDefragService.exe
[Services detected by Partizan] :HKLM Udfs
[Services detected by Partizan] :HKLM ultra
[Services detected by Partizan] :HKLM UnlockerDriver5=\??\C:\Archivos de programa\Unlocker\UnlockerDriver5.sys
[Services detected by Partizan] :HKLM Update=system32\DRIVERS\update.sys
[Services detected by Partizan] :HKLM upnphost=%SystemRoot%\system32\svchost.exe -k LocalService
[Services detected by Partizan] :HKLM UPS=%SystemRoot%\System32\ups.exe
[Services detected by Partizan] :HKLM usbehci=system32\DRIVERS\usbehci.sys
[Services detected by Partizan] :HKLM usbhub=system32\DRIVERS\usbhub.sys
[Services detected by Partizan] :HKLM usbuhci=system32\DRIVERS\usbuhci.sys
[Services detected by Partizan] :HKLM usnjsvc="C:\Archivos de programa\Windows Live\Messenger\usnsvc.exe"
[Services detected by Partizan] :HKLM UxTuneUp=%SystemRoot%\System32\svchost.exe -k netsvcs
[Services detected by Partizan] :HKLM VgaSave=\SystemRoot\System32\drivers\vga.sys
[Services detected by Partizan] :HKLM VIAGfx=system32\DRIVERS\Vtmini.sys
[Services detected by Partizan] :HKLM ViaIde=system32\DRIVERS\viaide.sys
[Services detected by Partizan] :HKLM VIAMRAID=system32\DRIVERS\viamraid.sys
[Services detected by Partizan] :HKLM VIDEX32=system32\DRIVERS\videX32.sys
[Services detected by Partizan] :HKLM VolSnap
[Services detected by Partizan] :HKLM VSS=%SystemRoot%\System32\vssvc.exe
[Services detected by Partizan] :HKLM VXD
[Services detected by Partizan] :HKLM W32Time=%SystemRoot%\System32\svchost.exe -k netsvcs
[Services detected by Partizan] :HKLM W3SVC
[Services detected by Partizan] :HKLM Wanarp=system32\DRIVERS\wanarp.sys
[Services detected by Partizan] :HKLM WDICA
[Services detected by Partizan] :HKLM wdmaud=system32\drivers\wdmaud.sys
[Services detected by Partizan] :HKLM WebClient=%SystemRoot%\system32\svchost.exe -k LocalService
[Services detected by Partizan] :HKLM winmgmt=%systemroot%\system32\svchost.exe -k netsvcs
[Services detected by Partizan] :HKLM Winsock
[Services detected by Partizan] :HKLM WinSock2
[Services detected by Partizan] :HKLM WinTrust
[Services detected by Partizan] :HKLM WLSetupSvc="C:\Archivos de programa\Windows Live\installer\WLSetupSvc.exe"
[Services detected by Partizan] :HKLM WmdmPmSN=%SystemRoot%\System32\svchost.exe -k netsvcs
[Services detected by Partizan] :HKLM Wmi=%SystemRoot%\System32\svchost.exe -k netsvcs
[Services detected by Partizan] :HKLM WmiApRpl
[Services detected by Partizan] :HKLM WmiApSrv=C:\WINDOWS\system32\wbem\wmiapsrv.exe
[Services detected by Partizan] :HKLM WMPNetworkSvc="C:\Archivos de programa\Windows Media Player\WMPNetwk.exe"
[Services detected by Partizan] :HKLM WS2IFSL
[Services detected by Partizan] :HKLM wuauserv=%systemroot%\system32\svchost.exe -k netsvcs
[Services detected by Partizan] :HKLM WudfPf=system32\DRIVERS\WudfPf.sys
[Services detected by Partizan] :HKLM WudfRd=system32\DRIVERS\wudfrd.sys
[Services detected by Partizan] :HKLM WudfSvc=%SystemRoot%\system32\svchost.exe -k WudfServiceGroup
[Services detected by Partizan] :HKLM WZCSVC=%SystemRoot%\System32\svchost.exe -k netsvcs
[Services detected by Partizan] :HKLM xmlprov=%SystemRoot%\System32\svchost.exe -k netsvcs
[Services detected by Partizan] :HKLM {1A6598FC-2179-4A7B-89B9-BB30DE120E29}
[Auto Start Apps]
[Registry Run] :HKCU ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
[Registry Run] :HKCU UnHackMe Monitor=C:\Archivos de programa\UnHackMe\hackmon.exe
[Registry Run] :HKLM S3Trayp=S3Trayp.exe
[Registry Run] :HKLM Cmaudio=RunDll32 cmicnfg.cpl,CMICtrlWnd
[Registry Run] :HKLM AVP="C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
[Registry RunOnceEx] :HKLM @Regrun2
[Registry RunOnceEx] :HKLM @UnHackMe=C:\ARCHIV~1\UnHackMe\UnHackMe.exe /p Partizan
[Win.ini] load=""
[Win.ini] run=""
[Startup Folder] Stardock ObjectDock.lnk=C:\Archivos de programa\Stardock\ObjectDock\ObjectDock.exe
[Startup Folder] Webshots.lnk=C:\Archivos de programa\Webshots\Launcher.exe
[Scheduled Tasks] Mantenimiento con 1 clic=C:\Archivos de programa\TuneUp Utilities 2008\OneClickStarter.exe
[In memory]
[Running Processes] C:\WINDOWS\SYSTEM32\SMSS.EXE
[Running Processes] C:\WINDOWS\SYSTEM32\WINLOGON.EXE
[Running Processes] C:\WINDOWS\SYSTEM32\SERVICES.EXE
[Running Processes] C:\WINDOWS\SYSTEM32\LSASS.EXE
[Running Processes] C:\WINDOWS\SYSTEM32\SVCHOST.EXE
[Running Processes] C:\WINDOWS\SYSTEM32\SVCHOST.EXE
[Running Processes] C:\WINDOWS\SYSTEM32\LOGONUI.EXE
[Running Processes] C:\WINDOWS\SYSTEM32\USERINIT.EXE
[Running Processes] C:\WINDOWS\EXPLORER.EXE
[Running Processes] C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
[Running Processes] C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
[Running Processes] C:\ARCHIV~1\UNHACKME\REANIMATOR.EXE
[Running Processes] C:\ARCHIV~1\UNHACKME\UNHACKME.EXE
[Running Processes] C:\ARCHIVOS DE PROGRAMA\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 7.0\AVP.EXE
[Running Processes] C:\ARCHIVOS DE PROGRAMA\DISKEEPER CORPORATION\DISKEEPER\DKSERVICE.EXE
[Running Processes] C:\ARCHIVOS DE PROGRAMA\IOLO\COMMON\LIB\IOLOSERVICEMANAGER.EXE
[Loaded DLLs] C:\Archivos de programa\iolo\Common\Lib\fbembed.dll
[Loaded DLLs] C:\WINDOWS\system32\xpsp2res.dll
[Loaded DLLs] C:\WINDOWS\system32\DCIMAN32.dll
[Loaded DLLs] C:\WINDOWS\system32\DDraw.dll
[Loaded DLLs] C:\Archivos de programa\Diskeeper Corporation\Diskeeper\NsIfaastMeas.dll
[Loaded DLLs] C:\WINDOWS\system32\msi.dll
[Loaded DLLs] C:\WINDOWS\system32\msxml3.dll
[Loaded DLLs] C:\Archivos de programa\Diskeeper Corporation\Diskeeper\DkTabProvider.dll
[Loaded DLLs] C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
[Loaded DLLs] C:\Archivos de programa\Diskeeper Corporation\Diskeeper\1033\DkRes.dll
[Loaded DLLs] C:\Archivos de programa\Diskeeper Corporation\Diskeeper\Tab.dll
[Loaded DLLs] C:\Archivos de programa\Diskeeper Corporation\Diskeeper\PrFacade.dll
[Loaded DLLs] C:\Archivos de programa\Diskeeper Corporation\Diskeeper\DKLib.dll
[Loaded DLLs] C:\WINDOWS\system32\Normaliz.dll
[Loaded DLLs] C:\WINDOWS\system32\odbcbcp.dll
[Loaded DLLs] C:\WINDOWS\system32\pdh.dll
[Loaded DLLs] c:\archivos de programa\kaspersky lab\kaspersky internet security 7.0\hashmd5.ppl
[Loaded DLLs] c:\archivos de programa\kaspersky lab\kaspersky internet security 7.0\report.ppl
[Loaded DLLs] c:\archivos de programa\kaspersky lab\kaspersky internet security 7.0\lic.ppl
[Loaded DLLs] c:\archivos de programa\kaspersky lab\kaspersky internet security 7.0\thpimpl.ppl
[Loaded DLLs] c:\archivos de programa\kaspersky lab\kaspersky internet security 7.0\timer.ppl
[Loaded DLLs] c:\archivos de programa\kaspersky lab\kaspersky internet security 7.0\schedule.ppl
[Loaded DLLs] C:\WINDOWS\system32\xpsp2res.dll
[Loaded DLLs] c:\archivos de programa\kaspersky lab\kaspersky internet security 7.0\crpthlpr.ppl
[Loaded DLLs] C:\WINDOWS\system32\Normaliz.dll
[Loaded DLLs] c:\archivos de programa\kaspersky lab\kaspersky internet security 7.0\ndetect.ppl
[Loaded DLLs] c:\archivos de programa\kaspersky lab\kaspersky internet security 7.0\regmap.ppl
[Loaded DLLs] c:\archivos de programa\kaspersky lab\kaspersky internet security 7.0\wmihlpr.ppl
[Loaded DLLs] c:\archivos de programa\kaspersky lab\kaspersky internet security 7.0\bl.ppl
[Loaded DLLs] c:\archivos de programa\kaspersky lab\kaspersky internet security 7.0\fsdrvplg.ppl
[Loaded DLLs] c:\archivos de programa\kaspersky lab\kaspersky internet security 7.0\nfio.ppl
[Loaded DLLs] c:\archivos de programa\kaspersky lab\kaspersky internet security 7.0\tm.ppl
[Loaded DLLs] C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
[Loaded DLLs] c:\archivos de programa\kaspersky lab\kaspersky internet security 7.0\tempfile.ppl
[Loaded DLLs] c:\archivos de programa\kaspersky lab\kaspersky internet security 7.0\mkavio.ppl
[Loaded DLLs] c:\archivos de programa\kaspersky lab\kaspersky internet security 7.0\winreg.ppl
[Loaded DLLs] c:\archivos de programa\kaspersky lab\kaspersky internet security 7.0\params.ppl
[Loaded DLLs] c:\archivos de programa\kaspersky lab\kaspersky internet security 7.0\pxstub.ppl
[Loaded DLLs] C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\prkernel.ppl
[Loaded DLLs] C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\prloader.dll
[Loaded DLLs] C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\CLLDR.DLL
[Loaded DLLs] C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\AVPGS.PPL
[Loaded DLLs] C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\FSSync.dll
[Loaded DLLs] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll
[Loaded DLLs] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCP80.dll
[Loaded DLLs] C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\prremote.dll
[Loaded DLLs] C:\WINDOWS\system32\wsock32.dll
[Loaded DLLs] C:\WINDOWS\system32\mstask.dll
[Loaded DLLs] C:\WINDOWS\system32\ntshrui.dll
[Loaded DLLs] C:\WINDOWS\system32\LINKINFO.dll
[Loaded DLLs] C:\WINDOWS\system32\RICHED20.dll
[Loaded DLLs] C:\WINDOWS\system32\RICHED32.DLL
[Loaded DLLs] C:\WINDOWS\system32\OLEPRO32.DLL
[Loaded DLLs] C:\WINDOWS\system32\SHFOLDER.DLL
[Loaded DLLs] C:\WINDOWS\system32\urlmon.dll
[Loaded DLLs] C:\WINDOWS\system32\ADVPACK.dll
[Loaded DLLs] C:\WINDOWS\system32\iernonce.dll
[Loaded DLLs] C:\WINDOWS\system32\themeui.dll
[Loaded DLLs] C:\WINDOWS\system32\Normaliz.dll
[Loaded DLLs] C:\WINDOWS\system32\SHDOCVW.dll
[Loaded DLLs] C:\WINDOWS\system32\BROWSEUI.dll
[Loaded DLLs] C:\WINDOWS\system32\shgina.dll
[Loaded DLLs] C:\WINDOWS\system32\OLEACC.dll
[Loaded DLLs] C:\WINDOWS\system32\MSIMG32.dll
[Loaded DLLs] C:\WINDOWS\system32\DUSER.dll
[Loaded DLLs] C:\WINDOWS\System32\mspatcha.dll
[Loaded DLLs] C:\WINDOWS\System32\Cabinet.dll
[Loaded DLLs] C:\WINDOWS\System32\WINHTTP.dll
[Loaded DLLs] C:\WINDOWS\system32\wuaueng.dll
[Loaded DLLs] c:\windows\system32\wuauserv.dll
[Loaded DLLs] C:\WINDOWS\system32\VSSAPI.DLL
[Loaded DLLs] c:\windows\system32\wbem\wmisvc.dll
[Loaded DLLs] c:\windows\system32\seclogon.dll
[Loaded DLLs] c:\windows\system32\sens.dll
[Loaded DLLs] c:\windows\system32\POWRPROF.dll
[Loaded DLLs] c:\windows\system32\srsvc.dll
[Loaded DLLs] c:\windows\system32\trkwks.dll
[Loaded DLLs] c:\windows\system32\WZCSAPI.DLL
[Loaded DLLs] c:\windows\system32\eappprxy.dll
[Loaded DLLs] c:\windows\system32\eappcfg.dll
[Loaded DLLs] c:\windows\system32\OneX.DLL
[Loaded DLLs] c:\windows\system32\dot3dlg.dll
[Loaded DLLs] c:\windows\system32\credui.dll
[Loaded DLLs] c:\windows\system32\netshell.dll
[Loaded DLLs] c:\windows\system32\netman.dll
[Loaded DLLs] c:\windows\system32\srvsvc.dll
[Loaded DLLs] c:\windows\pchealth\helpctr\binaries\pchsvc.dll
[Loaded DLLs] c:\windows\system32\es.dll
[Loaded DLLs] c:\windows\system32\dmserver.dll
[Loaded DLLs] c:\windows\system32\certcli.dll
[Loaded DLLs] c:\windows\system32\cryptsvc.dll
[Loaded DLLs] c:\windows\system32\wkssvc.dll
[Loaded DLLs] c:\windows\system32\audiosrv.dll
[Loaded DLLs] C:\WINDOWS\System32\MSIDLE.DLL
[Loaded DLLs] c:\windows\system32\schedsvc.dll
[Loaded DLLs] C:\WINDOWS\System32\raschap.dll
[Loaded DLLs] C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll
[Loaded DLLs] C:\WINDOWS\System32\TAPI32.dll
[Loaded DLLs] C:\WINDOWS\System32\rasman.dll
[Loaded DLLs] C:\WINDOWS\System32\RASAPI32.dll
[Loaded DLLs] C:\WINDOWS\System32\adsldpc.dll
[Loaded DLLs] C:\WINDOWS\System32\ACTIVEDS.dll
[Loaded DLLs] C:\WINDOWS\System32\MPRAPI.dll
[Loaded DLLs] C:\WINDOWS\system32\iertutil.dll
[Loaded DLLs] C:\WINDOWS\system32\Normaliz.dll
[Loaded DLLs] C:\WINDOWS\system32\WININET.dll
[Loaded DLLs] C:\WINDOWS\system32\CRYPTUI.dll
[Loaded DLLs] C:\WINDOWS\System32\rastls.dll
[Loaded DLLs] C:\WINDOWS\System32\COMRes.dll
[Loaded DLLs] C:\WINDOWS\System32\CLBCATQ.DLL
[Loaded DLLs] c:\windows\system32\ESENT.dll
[Loaded DLLs] c:\windows\system32\dot3api.dll
[Loaded DLLs] c:\windows\system32\QUtil.dll
[Loaded DLLs] c:\windows\system32\ATL.DLL
[Loaded DLLs] c:\windows\system32\EapolQec.dll
[Loaded DLLs] c:\windows\system32\WMI.dll
[Loaded DLLs] c:\windows\system32\rtutils.dll
[Loaded DLLs] c:\windows\system32\wzcsvc.dll
[Loaded DLLs] c:\windows\system32\dhcpcsvc.dll
[Loaded DLLs] c:\windows\system32\dbghelp.dll
[Loaded DLLs] c:\windows\system32\uxtuneup.dll
[Loaded DLLs] C:\WINDOWS\System32\xpsp2res.dll
[Loaded DLLs] C:\WINDOWS\system32\xpsp2res.dll
[Loaded DLLs] c:\windows\system32\rpcss.dll
[Loaded DLLs] C:\WINDOWS\system32\dssenh.dll
[Loaded DLLs] C:\WINDOWS\System32\wshtcpip.dll
[Loaded DLLs] C:\WINDOWS\system32\hnetcfg.dll
[Loaded DLLs] C:\WINDOWS\system32\mswsock.dll
[Loaded DLLs] C:\WINDOWS\system32\psbase.dll
[Loaded DLLs] C:\WINDOWS\system32\pstorsvc.dll
[Loaded DLLs] C:\WINDOWS\system32\WINIPSEC.DLL
[Loaded DLLs] C:\WINDOWS\system32\oakley.DLL
[Loaded DLLs] C:\WINDOWS\system32\ipsecsvc.dll
[Loaded DLLs] C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
[Loaded DLLs] C:\WINDOWS\system32\scecli.dll
[Loaded DLLs] C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll
[Loaded DLLs] C:\WINDOWS\system32\wdigest.dll
[Loaded DLLs] C:\WINDOWS\system32\schannel.dll
[Loaded DLLs] C:\WINDOWS\system32\w32time.dll
[Loaded DLLs] C:\WINDOWS\system32\netlogon.dll
[Loaded DLLs] C:\WINDOWS\system32\kerberos.dll
[Loaded DLLs] C:\WINDOWS\system32\msprivs.dll
[Loaded DLLs] C:\WINDOWS\system32\OLEAUT32.dll
[Loaded DLLs] C:\WINDOWS\AppPatch\AcGenral.DLL
[Loaded DLLs] C:\WINDOWS\system32\cryptdll.dll
[Loaded DLLs] C:\WINDOWS\system32\SAMSRV.dll
[Loaded DLLs] C:\WINDOWS\system32\DNSAPI.dll
[Loaded DLLs] C:\WINDOWS\system32\NTDSAPI.dll
[Loaded DLLs] C:\WINDOWS\system32\LSASRV.dll
[Loaded DLLs] C:\WINDOWS\system32\eventlog.dll
[Loaded DLLs] C:\WINDOWS\AppPatch\AcAdProc.dll
[Loaded DLLs] C:\WINDOWS\system32\ShimEng.dll
[Loaded DLLs] C:\WINDOWS\system32\umpnpmgr.dll
[Loaded DLLs] C:\WINDOWS\system32\SCESRV.dll
[Loaded DLLs] C:\WINDOWS\system32\MSVCP60.dll
[Loaded DLLs] C:\WINDOWS\system32\NCObjAPI.DLL
[Loaded DLLs] C:\WINDOWS\system32\l3codeca.acm
[Loaded DLLs] C:\WINDOWS\system32\midimap.dll
[Loaded DLLs] C:\WINDOWS\system32\MSACM32.dll
[Loaded DLLs] C:\WINDOWS\system32\msacm32.drv
[Loaded DLLs] C:\WINDOWS\system32\wdmaud.drv
[Loaded DLLs] C:\WINDOWS\system32\WLDAP32.dll
[Loaded DLLs] C:\WINDOWS\system32\NTMARTA.DLL
[Loaded DLLs] C:\WINDOWS\system32\xpsp2res.dll
[Loaded DLLs] C:\WINDOWS\system32\cscui.dll
[Loaded DLLs] C:\WINDOWS\system32\iphlpapi.dll
[Loaded DLLs] C:\WINDOWS\system32\msv1_0.dll
[Loaded DLLs] C:\WINDOWS\system32\SAMLIB.dll
[Loaded DLLs] C:\WINDOWS\system32\WINSPOOL.DRV
[Loaded DLLs] C:\WINDOWS\system32\MPR.dll
[Loaded DLLs] C:\WINDOWS\system32\WlNotify.dll
[Loaded DLLs] C:\WINDOWS\system32\klogon.dll
[Loaded DLLs] C:\WINDOWS\System32\dimsntfy.dll
[Loaded DLLs] C:\WINDOWS\system32\rsaenh.dll
[Loaded DLLs] C:\WINDOWS\system32\cscdll.dll
[Loaded DLLs] C:\WINDOWS\system32\WINMM.dll
[Loaded DLLs] C:\WINDOWS\system32\uxtheme.dll
[Loaded DLLs] C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
[Loaded DLLs] C:\WINDOWS\system32\sxs.dll
[Loaded DLLs] C:\WINDOWS\system32\WTSAPI32.dll
[Loaded DLLs] C:\WINDOWS\system32\WINSCARD.DLL
[Loaded DLLs] C:\WINDOWS\system32\msctfime.ime
[Loaded DLLs] C:\WINDOWS\system32\Apphelp.dll
[Loaded DLLs] C:\WINDOWS\system32\ole32.dll
[Loaded DLLs] C:\WINDOWS\system32\sfc_os.dll
[Loaded DLLs] C:\WINDOWS\system32\sfc.dll
[Loaded DLLs] C:\WINDOWS\system32\SHSVCS.dll
[Loaded DLLs] C:\WINDOWS\system32\odbcint.dll
[Loaded DLLs] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[Loaded DLLs] C:\WINDOWS\system32\SHLWAPI.dll
[Loaded DLLs] C:\WINDOWS\system32\SHELL32.dll
[Loaded DLLs] C:\WINDOWS\system32\comdlg32.dll
[Loaded DLLs] C:\WINDOWS\system32\ODBC32.dll
[Loaded DLLs] C:\WINDOWS\system32\COMCTL32.dll
[Loaded DLLs] C:\WINDOWS\system32\MSGINA.dll
[Loaded DLLs] C:\WINDOWS\system32\IMM32.DLL
[Loaded DLLs] C:\WINDOWS\system32\WS2HELP.dll
[Loaded DLLs] C:\WINDOWS\system32\WS2_32.dll
[Loaded DLLs] C:\WINDOWS\system32\IMAGEHLP.dll
[Loaded DLLs] C:\WINDOWS\system32\WINTRUST.dll
[Loaded DLLs] C:\WINDOWS\system32\WINSTA.dll
[Loaded DLLs] C:\WINDOWS\system32\VERSION.dll
[Loaded DLLs] C:\WINDOWS\system32\SETUPAPI.dll
[Loaded DLLs] C:\WINDOWS\system32\REGAPI.dll
[Loaded DLLs] C:\WINDOWS\system32\PSAPI.DLL
[Loaded DLLs] C:\WINDOWS\system32\USERENV.dll
[Loaded DLLs] C:\WINDOWS\system32\NETAPI32.dll
[Loaded DLLs] C:\WINDOWS\system32\PROFMAP.dll
[Loaded DLLs] C:\WINDOWS\system32\NDdeApi.dll
[Loaded DLLs] C:\WINDOWS\system32\GDI32.dll
[Loaded DLLs] C:\WINDOWS\system32\USER32.dll
[Loaded DLLs] C:\WINDOWS\system32\MSASN1.dll
[Loaded DLLs] C:\WINDOWS\system32\CRYPT32.dll
[Loaded DLLs] C:\WINDOWS\system32\msvcrt.dll
[Loaded DLLs] C:\WINDOWS\system32\AUTHZ.dll
[Loaded DLLs] C:\WINDOWS\system32\Secur32.dll
[Loaded DLLs] C:\WINDOWS\system32\RPCRT4.dll
[Loaded DLLs] C:\WINDOWS\system32\ADVAPI32.dll
[Loaded DLLs] C:\WINDOWS\system32\kernel32.dll
[Loaded DLLs] C:\WINDOWS\system32\ntdll.dll
[Explorer's DLLs] C:\WINDOWS\system32\themeui.dll
[Explorer's DLLs] C:\WINDOWS\system32\Normaliz.dll
[Explorer's DLLs] C:\WINDOWS\system32\SHDOCVW.dll
[Explorer's DLLs] C:\WINDOWS\system32\BROWSEUI.dll
[Explorer's DLLs] C:\WINDOWS\system32\MSIMG32.dll
[Explorer's DLLs] C:\WINDOWS\system32\iertutil.dll
[Explorer's DLLs] C:\WINDOWS\system32\WININET.dll
[Explorer's DLLs] C:\WINDOWS\system32\CRYPTUI.dll
[Explorer's DLLs] C:\WINDOWS\System32\COMRes.dll
[Explorer's DLLs] C:\WINDOWS\System32\CLBCATQ.DLL
[Explorer's DLLs] C:\WINDOWS\system32\OLEAUT32.dll
[Explorer's DLLs] C:\WINDOWS\AppPatch\AcGenral.DLL
[Explorer's DLLs] C:\WINDOWS\system32\ShimEng.dll
[Explorer's DLLs] C:\WINDOWS\system32\MSACM32.dll
[Explorer's DLLs] C:\WINDOWS\system32\WLDAP32.dll
[Explorer's DLLs] C:\WINDOWS\system32\cscui.dll
[Explorer's DLLs] C:\WINDOWS\system32\cscdll.dll
[Explorer's DLLs] C:\WINDOWS\system32\WINMM.dll
[Explorer's DLLs] C:\WINDOWS\system32\uxtheme.dll
[Explorer's DLLs] C:\WINDOWS\system32\msctfime.ime
[Explorer's DLLs] C:\WINDOWS\system32\Apphelp.dll
[Explorer's DLLs] C:\WINDOWS\system32\ole32.dll
[Explorer's DLLs] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[Explorer's DLLs] C:\WINDOWS\system32\SHLWAPI.dll
[Explorer's DLLs] C:\WINDOWS\system32\SHELL32.dll
[Explorer's DLLs] C:\WINDOWS\system32\COMCTL32.dll
[Explorer's DLLs] C:\WINDOWS\system32\IMM32.DLL
[Explorer's DLLs] C:\WINDOWS\system32\IMAGEHLP.dll
[Explorer's DLLs] C:\WINDOWS\system32\WINTRUST.dll
[Explorer's DLLs] C:\WINDOWS\system32\VERSION.dll
[Explorer's DLLs] C:\WINDOWS\system32\USERENV.dll
[Explorer's DLLs] C:\WINDOWS\system32\NETAPI32.dll
[Explorer's DLLs] C:\WINDOWS\system32\GDI32.dll
[Explorer's DLLs] C:\WINDOWS\system32\USER32.dll
[Explorer's DLLs] C:\WINDOWS\system32\MSASN1.dll
[Explorer's DLLs] C:\WINDOWS\system32\CRYPT32.dll
[Explorer's DLLs] C:\WINDOWS\system32\msvcrt.dll
[Explorer's DLLs] C:\WINDOWS\system32\Secur32.dll
[Explorer's DLLs] C:\WINDOWS\system32\RPCRT4.dll
[Explorer's DLLs] C:\WINDOWS\system32\ADVAPI32.dll
[Explorer's DLLs] C:\WINDOWS\system32\kernel32.dll
[Explorer's DLLs] C:\WINDOWS\system32\ntdll.dll
[Running Services] ALG
[Running Services] AudioSrv
[Running Services] AVP
[Running Services] Browser
[Running Services] CryptSvc
[Running Services] DcomLaunch
[Running Services] Dhcp
[Running Services] Diskeeper
[Running Services] dmserver
[Running Services] Dnscache
[Running Services] Eventlog
[Running Services] EventSystem
[Running Services] FastUserSwitchingCompatibility
[Running Services] helpsvc
[Running Services] ioloFileInfoList
[Running Services] ioloSystemService
[Running Services] LanmanServer
[Running Services] lanmanworkstation
[Running Services] LmHosts
[Running Services] Netman
[Running Services] Nla
[Running Services] PlugPlay
[Running Services] PolicyAgent
[Running Services] ProtectedStorage
[Running Services] RpcSs
[Running Services] SamSs
[Running Services] Schedule
[Running Services] seclogon
[Running Services] SENS
[Running Services] SharedAccess
[Running Services] ShellHWDetection
[Running Services] Spooler
[Running Services] TermService
[Running Services] Themes
[Running Services] TrkWks
[Running Services] UxTuneUp
[Running Services] W32Time
[Running Services] WebClient
[Running Services] winmgmt
[Running Services] wuauserv
[Running Services] WZCSVC
[Uninstall]
[Applications] :HKLM Adobe Flash Player ActiveX=C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
[Applications] :HKLM Branding
[Applications] :HKLM C-Media WDM Audio Driver=C:\WINDOWS\system32\cmirmdrv.exe
[Applications] :HKLM CCleaner (remove only)="C:\Archivos de programa\CCleaner\uninst.exe"
[Applications] :HKLM Connection Manager
[Applications] :HKLM Effective File Search 5.4="C:\Archivos de programa\efs\UnRun.exe" "C:\Archivos de programa\efs\Uninst.exe"
[Applications] :HKLM ESET Online Scanner=C:\WINDOWS\system32\OnlineScannerUninstaller.exe
[Applications] :HKLM HashTab 1.14 for x32=C:\Archivos de programa\HashTab Shell Extension\uninst.exe
[Applications] :HKLM Kaspersky Internet Security 7.0=MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
[Applications] :HKLM Kaspersky Online Scanner=C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
[Applications] :HKLM KB884267
[Applications] :HKLM KB885353
[Applications] :HKLM KB886612
[Applications] :HKLM KB887078
[Applications] :HKLM KB887626
[Applications] :HKLM KB888656
[Applications] :HKLM KB891122
[Applications] :HKLM KB893240
[Applications] :HKLM KB893241
[Applications] :HKLM KB895181
[Applications] :HKLM KB895316
[Applications] :HKLM KB897586
[Applications] :HKLM Actualización para Windows XP (KB898461)="C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
[Applications] :HKLM KB898549
[Applications] :HKLM KB900399
[Applications] :HKLM KB902344
[Applications] :HKLM KB911854
[Applications] :HKLM Actualización para Windows XP (KB942763)="C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
[Applications] :HKLM Actualización de seguridad para Windows Internet Explorer 7 (KB950759)="C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
[Applications] :HKLM Actualización de seguridad para Windows XP (KB950760)="C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
[Applications] :HKLM Actualización de seguridad para Windows XP (KB950762)="C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
[Applications] :HKLM Actualización de seguridad para Windows XP (KB951376-v2)="C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
[Applications] :HKLM Actualización de seguridad para Windows XP (KB951698)="C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
[Applications] :HKLM K-Lite Codec Pack 3.9.0 Standard="C:\Archivos de programa\K-Lite Codec Pack\unins000.exe"
[Applications] :HKLM Microsoft .NET Framework 1.1=msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
[Applications] :HKLM Paquete de idioma de Microsoft .NET Framework 2.0 - ESN=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - ESN\install.exe
[Applications] :HKLM Èíòåðíåò ïîìîùíèê MyCentria=C:\Archivos de programa\MyCentria\MyCentriaUninstall.exe
[Applications] :HKLM Nero 8.3.2.1="C:\Archivos de programa\Nero\unins000.exe"
[Applications] :HKLM ObjectDock Plus=C:\ARCHIV~1\Stardock\OBJECT~1\objectdock.exe /uninstall
[Applications] :HKLM PCHealth=rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
[Applications] :HKLM Registry Mechanic 7.0="C:\Archivos de programa\Registry Mechanic\unins000.exe"
[Applications] :HKLM S3 ChroMetal 4.9=S3Uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3GDriver'
[Applications] :HKLM UnHackMe 4.70 release="C:\Archivos de programa\UnHackMe\unins000.exe"
[Applications] :HKLM Unlocker 1.8.7=C:\Archivos de programa\Unlocker\uninst.exe
[Applications] :HKLM VIA Rhine-Family Fast-Ethernet Adapter=Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
[Applications] :HKLM Webshots Desktop="C:\Archivos de programa\Webshots\unins000.exe"
[Applications] :HKLM Windows Media Format 11 runtime="C:\Archivos de programa\Windows Media Player\wmsetsdk.exe" /UninstallAll
[Applications] :HKLM Compresor WinRAR=C:\Archivos de programa\WinRAR\uninstall.exe
[Applications] :HKLM Windows Media Format 11 runtime="C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
[Applications] :HKLM Your Uninstaller! 2008 Version 6.0="C:\Archivos de programa\Your Uninstaller 2008\unins000.exe"
[Applications] :HKLM Cliente VIP A21=MsiExec.exe /I{0ABC7536-A82B-41D5-9196-68D71857321D}
[Applications] :HKLM Adobe Shockwave Player=MsiExec.exe /X{211E8730-5681-49ED-BC6A-78C9F88E95F5}
[Applications] :HKLM Microsoft .NET Framework 2.0 Language Pack - ESN
[Applications] :HKLM TuneUp Utilities 2008=MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
[Applications] :HKLM SnagIt 9=MsiExec.exe /I{59991D18-A988-45AB-B1BF-5ADE6E64CD3F}
[Applications] :HKLM Microsoft Visual C++ 2005 Redistributable=MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
[Applications] :HKLM Microsoft Office Professional Edition 2003=MsiExec.exe /I{90110C0A-6000-11D3-8CFE-0150048383C9}
[Applications] :HKLM Windows Live installer=MsiExec.exe /X{9E1DDBE7-BF44-4AC8-87CA-3D25FC63C6E1}
[Applications] :HKLM Adobe Reader 8.1.2 - Español=MsiExec.exe /I{AC76BA86-7AD7-1034-7B44-A81200000003}
[Applications] :HKLM Windows Live Asistente para el inicio de sesión=MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
[Applications] :HKLM Spybot - Search & Destroy="C:\Archivos de programa\Spybot - Search & Destroy\unins000.exe"
[Applications] :HKLM Microsoft .NET Framework 2.0 Service Pack 1=MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
[Applications] :HKLM Diskeeper 2008 Pro Premier=MsiExec.exe /X{B695F0BF-D610-4C5E-B7AC-C9FF6C172CC0}
[Applications] :HKLM iolo technologies' System Mechanic Professional="C:\Archivos de programa\iolo\System Mechanic Professional\unins000.exe"
[Applications] :HKLM Kaspersky Internet Security 7.0=MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
[Applications] :HKLM Microsoft .NET Framework 1.1=MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
[Applications] :HKLM DAMN NFO Viewer Setup=MsiExec.exe /I{D5DE2E28-2BA1-4CF8-A4C5-D3D2AE0A9E38}
[Applications] :HKLM Windows Live Messenger=MsiExec.exe /X{FC411B47-30BF-428C-9C1E-F6C54A94EA7E}-
msc hotline sat
- Mensajes: 93500
- Registrado: 09 Mar 2004, 20:39
- Ubicación: BARCELONA (ESPAÑA)
- Contactar:
Re: Resultados extraños en algunas busquedas con google
Pues no vemos donde relaciona estos que dice haber detectado:
"[b][i]1 Prohibited , 18 Suspicious y 1 Warnings[/i] [/b]
Hemos descargado la version de evaluacion y no nos detecta nada en nuestros ordenadors (no faltaría mas que eso ! ), asi que no es como los FAKE ALERT:lol: , pero deja mucho en manos del usuario el determinar la validez de un fichero, asi comode si se ha de eliminar o no, y eso no ofrece mucha garantía...
Pero bueno, la cuestion es que en su caso ha detectado algo desconocido, veremos lo que es y ya infromaremos
saludos
ms, 3 de Julio de 2008
"
Hemos descargado la version de evaluacion y no nos detecta nada en nuestros ordenadors (no faltaría mas que eso ! ), asi que no es como los FAKE ALERT
Pero bueno, la cuestion es que en su caso ha detectado algo desconocido, veremos lo que es y ya infromaremos
saludos
ms, 3 de Julio de 2008
msc hotline sat Virus Research Engineer Antes de preguntar - Normas Basicas - Mensajes Privados - Repetir Temas - Continuar Temas - Titulos del Tema - Antivirus Online
Re: Resultados extraños en algunas busquedas con google
Si te fijas en el margen superior izquierdo de la captura, ahí lo dice.
El archivo mchinjdrv.sys yo no lo pude ver pero si que estaba o esta todavia , despues de postear limpie el registro con el Registry Mechanic y me encontro 16 claves para borrar, la mayoria con el nombre de este fichero.
Puedo desinstalar el MyCentria desde agregar o quitar programas o mejor espero los resultados?
Gracias
El archivo mchinjdrv.sys yo no lo pude ver pero si que estaba o esta todavia , despues de postear limpie el registro con el Registry Mechanic y me encontro 16 claves para borrar, la mayoria con el nombre de este fichero.
Puedo desinstalar el MyCentria desde agregar o quitar programas o mejor espero los resultados?
Gracias
-
msc hotline sat
- Mensajes: 93500
- Registrado: 09 Mar 2004, 20:39
- Ubicación: BARCELONA (ESPAÑA)
- Contactar:
Re: Resultados extraños en algunas busquedas con google
Bien , los demas que nos envias no parecen tener rutinas viricas, y este parece ser no mas que un TOOLBAR, ya veremos, pero la cuestion es que mires si encuentras en alguna parte el MDL_1.3.0322.EXE , que parecen estar relacionados, y ser la madre del cordero, y si con un inicio -> buscar lo encuentras, envianoslo para analizar
Mejor arranca en modo segurop para buscarlo...
saludos
ms, 3 de julio de 2008
[quote="Prev"]
MDL_1.3.0322.EXE
Disagree with this determination?
This executable program has a file size of 1,495,603 bytes, it is most frequently called MDL_1.3.0322.EXE and is most frequently located in the %desktop%\ folder.
The file header contains the following information:
Vendor : Matt Holwood
Product: MessengerDiscovery Live Setup
This file has not shown any unsafe tendencies and is likely to be safe to use. It was first seen on Monday, Jun 25 2007. It has been seen frequently by 402 users in this section of the community. The file has only been seen in The EUROPEAN UNION.
MDL_1.3.0322.EXE has been seen to perform the following behaviors:
- Executes Processes stored in Temporary Folders
- Executes a Process
- Registers a Dynamic Link Library File
- The Process is polymorphic and can change its structure
- Writes to another Process's Virtual Memory (Process Hijacking)
- Creates system tray popups, messages, errors and security warnings
MDL_1.3.0322.EXE has been the subject of the following behaviors:
- Executed by Internet Explorer
- Created as a process on disk
- Executed as a Process
- Deleted as a process from disk
- Terminated as a Process
- Has code inserted into its Virtual Memory space by other programs
- Executed from Temporary Folders[/quote]
Mejor arranca en modo segurop para buscarlo...
saludos
ms, 3 de julio de 2008
msc hotline sat Virus Research Engineer Antes de preguntar - Normas Basicas - Mensajes Privados - Repetir Temas - Continuar Temas - Titulos del Tema - Antivirus Online
-
msc hotline sat
- Mensajes: 93500
- Registrado: 09 Mar 2004, 20:39
- Ubicación: BARCELONA (ESPAÑA)
- Contactar:
Re: Resultados extraños en algunas busquedas con google
A la espera de la muestra solicitada, si es que la encuentras, hemos implementado las cadenas de deteccion de la DLL en la version de hoy del ELISTARA 16.63 que subiremnos esta tarde a esta web
Descargala y pruebala, a ver lo que detecta y elimina...
Y nos posteas el contenido de c:\infosat.txt, gracias
saludos
ms, 3 de Julio de 2008
Descargala y pruebala, a ver lo que detecta y elimina...
Y nos posteas el contenido de c:\infosat.txt, gracias
saludos
ms, 3 de Julio de 2008
msc hotline sat Virus Research Engineer Antes de preguntar - Normas Basicas - Mensajes Privados - Repetir Temas - Continuar Temas - Titulos del Tema - Antivirus Online
Re: Resultados extraños en algunas busquedas con google
Pues, nada ni en modo normal ni en modo seguro.. pero se me ocurrio buscarla en el registro y Bingo! hay cuatro valores dentro de dos claves, una es HKCU\SOFTWARE\SOW\EFS\List\cdlist , debo exportarlas comprimirlas y enviarlas?
Gracias
Pd ahora bajo el nuevo elistara y lo pruebo.
Gracias
Pd ahora bajo el nuevo elistara y lo pruebo.
-
msc hotline sat
- Mensajes: 93500
- Registrado: 09 Mar 2004, 20:39
- Ubicación: BARCELONA (ESPAÑA)
- Contactar:
Re: Resultados extraños en algunas busquedas con google
Si has probado la 16.63 del ELISTARA , como te decia, posteanos el contenido del infosat.txt resultante, gracias
saludos
ms, 3 de Julio de 2008
saludos
ms, 3 de Julio de 2008
msc hotline sat Virus Research Engineer Antes de preguntar - Normas Basicas - Mensajes Privados - Repetir Temas - Continuar Temas - Titulos del Tema - Antivirus Online