Sospecha de infeccion (SOLUCIONADO)

[zetor]

Hola, el KIS me esta dando mensajes de alerta cada vez que abro un programa ,diciendo que fue modificado y ademas ya mando al WinAmp a la cuarentena .

Saque un log con el Sprocess a ver si muestra algo y sino, preguntarles que otra herramienta puedo usar ya que antivirus y antispywares no encuentran nada.



Sat Aug 30 19:07:06 2008

SProces v3.0 (c)2008 S.G.H. / Satinfo S.L.

-------------------------------------------

Sistema Operativo: Microsoft Windows XP (v5.1.2600) Service Pack 3

Internet Explorer: (v7.0.5730.13) 0



Procesos Activos:

C:\WINDOWS\SYSTEM32\SMSS.EXE

C:\WINDOWS\SYSTEM32\WINLOGON.EXE

C:\WINDOWS\SYSTEM32\SERVICES.EXE

C:\WINDOWS\SYSTEM32\LSASS.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM32\SPOOLSV.EXE

C:\WINDOWS\SYSTEM32\S3TRAYP.EXE

C:\WINDOWS\SYSTEM32\RUNDLL32.EXE

C:\ARCHIVOS DE PROGRAMA\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 7.0\AVP.EXE

C:\ARCHIVOS DE PROGRAMA\NORTON GHOST\AGENT\VPROTRAY.EXE

C:\WINDOWS\SYSTEM32\CTFMON.EXE

C:\ARCHIVOS DE PROGRAMA\STARDOCK\OBJECTDOCK\OBJECTDOCK.EXE

C:\ARCHIV~1\WEBSHOTS\WEBSHOTS.SCR

C:\ARCHIVOS DE PROGRAMA\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 7.0\AVP.EXE

C:\ARCHIVOS DE PROGRAMA\DISKEEPER CORPORATION\DISKEEPER\DKSERVICE.EXE

C:\ARCHIVOS DE PROGRAMA\NORTON GHOST\AGENT\VPROSVC.EXE

C:\WINDOWS\SYSTEM32\DLLHOST.EXE

C:\WINDOWS\SYSTEM32\DLLHOST.EXE

C:\ARCHIVOS DE PROGRAMA\NORTON GHOST\SHARED\DRIVERS\SYMSNAPSERVICE.EXE

C:\ARCHIVOS DE PROGRAMA\INTERNET EXPLORER\IEXPLORE.EXE

C:\ARCHIVOS DE PROGRAMA\ARCHIVOS COMUNES\MICROSOFT SHARED\WINDOWS LIVE\WLLOGINPROXY.EXE

C:\WINDOWS\SYSTEM32\WUAUCLT.EXE

C:\ARCHIVOS DE PROGRAMA\DAP\DAP.EXE

D:\PROG. VS\RAPIDUPLOAD\RAPIDUPLOADER.EXE

D:\PROGR S- INSTALACION\BABYLON V7.0.3.13\BABYLONPORTABLE\APP\BABYLON\BABYLON.EXE

C:\ARCHIVOS DE PROGRAMA\ADOBE\READER 8.0\READER\ACRORD32.EXE

D:\PROGR S- INSTALACION\SEGURIDAD & MANTENIMIENTO\MANUAL + HERRAMIENTAS\AD-AWARE 2008 7.1.0.10\ADAWAREPORTABLE\ADAWAREPORTABLE.EXE

D:\PROGR S- INSTALACION\SEGURIDAD & MANTENIMIENTO\MANUAL + HERRAMIENTAS\AD-AWARE 2008 7.1.0.10\ADAWAREPORTABLE\APP\ADAWARE\AAWSERVICE.EXE

D:\PROGR S- INSTALACION\SEGURIDAD & MANTENIMIENTO\MANUAL + HERRAMIENTAS\AD-AWARE 2008 7.1.0.10\ADAWAREPORTABLE\APP\ADAWARE\AD-AWARE.EXE

D:\PROGR S- INSTALACION\SEGURIDAD & MANTENIMIENTO\SPROCESS\SPROCES.EXE



R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/en/us/default.aspxisapi/redir.dll?prd=ie&ar=iesearch

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/en/us/default.aspxisapi/redir.dll?prd=ie&ar=iesearch

R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Archivos de programa\TechSmith\SnagIt 9\SnagItBHO.dll

O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Archivos de programa\TechSmith\SnagIt 9\SnagItIEAddin.dll

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DesktopMaestro] C:\Archivos de programa\Desktop Maestro\deskmech.exe /H

O4 - HKLM\..\Run: [S3Trayp] "C:\WINDOWS\system32\S3Trayp.exe"

O4 - HKLM\..\Run: [Cmaudio] "C:\WINDOWS\system32\rundll32.exe" cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [AVP] "C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"

O4 - HKLM\..\Run: [Norton Ghost 14.0] "C:\Archivos de programa\Norton Ghost\Agent\VProTray.exe"

O4 - Startup: desktop.ini

O4 - Startup: Stardock ObjectDock.lnk

O4 - Startup: Webshots.lnk

O4 - Global Startup: desktop.ini

O8 - Extra context menu item: &Clean Traces - C:\Archivos de programa\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Archivos de programa\DAP\dapextie.htm

O8 - Extra context menu item: Agregar al componente Anti-Banners - C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm

O8 - Extra context menu item: Download &all with DAP - C:\Archivos de programa\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Estadísticas del componente Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll

O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O11 - Options group: [TABS] Tabbed Browsing

O16 - DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

O16 - DPF: Yahoo! Chess - http://origin.games.yahoo.net/games/clients/y/ct5_x.cab

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Information Retrieval\MSITSS.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\ARCHIV~1\ARCHIV~1\MICROS~1\WEBCOM~1\10\OWC10.DLL

O20 - AppInit_DLLs: c:\archiv~1\kasper~1\kasper~1.0\adialhk.dll

O20 - Winlogon Notify: DIMSNTFY - %SYSTEMROOT%\SYSTEM32\DIMSNTFY.DLL

O20 - Winlogon Notify: KLOGON - C:\WINDOWS\SYSTEM32\KLOGON.DLL

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Precargador Browseui - %SystemRoot%\system32\browseui.dll

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Demonio de caché de las categorías de componente - %SystemRoot%\system32\browseui.dll



Información Adicional:

----------------------



Listado de Servicios (Carga Automatica):

----------------------------------------

O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

**O23 - Service: Iniciador de procesos de servidor DCOM (DcomLaunch) - Unknown owner - C:\WINDOWS\system32\svchost -k DcomLaunch (file missing)

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Archivos de programa\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: Norton Ghost - Symantec Corporation - C:\Archivos de programa\Norton Ghost\Agent\VProSvc.exe

**O23 - Service: Llamada a procedimiento remoto (RPC) (RpcSs) - Unknown owner - C:\WINDOWS\system32\svchost -k rpcss (file missing)

O23 - Service: Symantec V2i Mount Driver (v2imount) - Symantec Corporation - C:\WINDOWS\SYSTEM32\DRIVERS\v2imount.sys



Listado de Servicios (Carga Manual):

------------------------------------

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Progr s- instalacion\SEGURIDAD & MANTENIMIENTO\Manual + herramientas\Ad-Aware 2008 7.1.0.10\AdAwarePortable\App\AdAware\aawservice.exe

O23 - Service: C-Media WDM Audio Interface (cmuda) - C-Media Inc - C:\WINDOWS\SYSTEM32\drivers\cmuda.sys

**O23 - Service: Servicio del administrador de discos lógicos (dmadmin) - Microsoft Corp., VERITAS Software - C:\WINDOWS\System32\dmadmin.exe

O23 - Service: VIA Rhine-Family Fast-Ethernet Adapter Driver Service (FET5X86V) - VIA Technologies, Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\fetnd5bv.sys

O23 - Service: Controlador para NT del adaptador Fast Ethernet VIA PCI 10/100Mb (FETNDIS) - VIA Technologies, Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\fetnd5.sys

O23 - Service: GearAspiWDM (GEARAspiWDM) - GEAR Software Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys

O23 - Service: Kaspersky Anti-Virus NDIS Filter (klim5) - Kaspersky Lab - C:\WINDOWS\SYSTEM32\DRIVERS\klim5.sys

O23 - Service: Controlador de vínculo paralelo directo (Ptilink) - Parallel Technologies, Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\ptilink.sys

O23 - Service: Secdrv - Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. - C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys

O23 - Service: SymSnapService - Symantec - C:\Archivos de programa\Norton Ghost\Shared\Drivers\SymSnapService.exe

*O23 - Service: Servicios de Terminal Server (TermService) - Unknown owner - C:\WINDOWS\System32\svchost -k DComLaunch (file missing)

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: viagfx (VIAGfx) - Copyright (C) VIA/S3 Graphics Co, Ltd. - C:\WINDOWS\SYSTEM32\DRIVERS\Vtmini.sys

O23 - Service: Symantec Event Monitor Driver (VProEventMonitor) - Symantec Corporation - C:\WINDOWS\SYSTEM32\DRIVERS\vproeventmonitor.sys



Listado de Servicios (Deshabilitados):

--------------------------------------

**O23 - Service: dmboot - Microsoft Corp., Veritas Software - C:\WINDOWS\SYSTEM32\drivers\dmboot.sys



21 Servicios.

6 de Carga Automatica.

14 de Carga Manual.

1 Deshabilitados.



Gracias

[msc hotline sat]

El log está limpio, pero por lo que indicas lo que puede ser es que tengas un virus infeccioso, de los que modifican los ficheros al ejecutarlos, y estos no acostumbran a detectarse en los logs de claves modificadas por gusanos y demas.



Sube la VIRUSTOTAL un fichero de los que el Kaspersky de diga que ha sido modificado, aunque no conozca el virus que pueda contener, y asi veremos si alguno mas lo identifica y obraremos en cosnecuencia:



www.virustotal.com/es



Y en tal caso nos posteas dicho informe y nos envias el fichero en cuestion como muestra para analizar:



[b]¿Como enviar las muestras a zonavirus? - Para ello recordar[/b]:

https://foros.zonavirus.com/viewtopic.php?f=5&t=14253



saludos



ms, 31 de Agosto de 2008

[zetor]

Pues el primero que envie fue el del WinAmp y nada, esta limpio . El tema es que una vez que autorizo, el KIS ya no me muestra mas la advertencia para esa aplicacion, despues envie el del Ad-Aware y tambien dio negativo ; me acorde de uno que no abria hace un tiempo y efectivamente otra vez el aviso, lo mande a VirusTotal pero solo dos lo detectan , es el SUPERAntispyware . Pongo solo los que dieron positivo y ya me diras si debo enviar la muestra



Panda 9.0.0.4 2008.08.30 [color=#FF0000]Suspicious file [/color]



Webwasher-Gateway 6.6.2 2008.08.30 [color=#FF0000]Win32.Malware.gen (suspicious) [/color]



Otro que no lo abria y tambien salio la advertencia , es el ewido Antispyware microscan (online) , lo mande y nada, negativo.

El filefactory tambien, abrir y advertencia del KIS , lo mande y nada, tambien negativo.



Tengo un log que me creo el UnHacMe bastante largo, pero si me dices lo subo.



Pero creo tener la pista por donde puede venir, en el otro tema donde dije que baje una pre-release de nero, no deje aclarado que no era del sitio oficial y este setup Kaspersky online lo detecto con el Trojan.Win32.Inject.alo . El tema es que ya borre este setup y no veo por donde buscar lo que pudo haber dejado.



Saludos

[msc hotline sat]

El Unhacme no es una utilidad que utilicemos, pero si la conoces y ves que te detecta algo, comentalo.



Sobre algunas detecciones de Panda y Webwasher-Gateway, no son muy significativas si ningun otro detecta nada, y lo que dices de una pre-release e Nero bajada de una web no oficial en la que el Kaspersky detecto un Trojan.Win32.Inject.alo, sí que pudo modificar, crear o eliminar algo que ahora cause anomalías. Miro a ver si hay alguna informacion de lo que hace el Trojan.Win32.Inject.alo :



Pues no, muy aclaratorios no son, que digamos:


[quote]Name: Trojan.Win32.Inject.alo

Description:



A trojan, also known as a trojan horse, is simply a program that pretends to be something else.



Why are trojans or trojan horses so dangerous? The basic idea is that you download a program, for example one that you think is some sort a game demo. When you run the demo, to your surprise, nothing happens. Or so you thought.



What may have happened is that you've just unwittingly run some form of program that has planted itself on your hard drive. Perhaps it's going to be a very basic application, and simply delete some files on your system. Perhaps it's an even more sinister tool that will actually give other people full access to your hard drive and system. Sounds ridiculous? It happens literally every single day, to computer users all around the world. [/quote]

----


[quote]Trojan.Win32.Inject.alo

Name Trojan.Win32.Inject.alo

Type Malware

Type Description Malware ("malicious software") consists of software with clearly malicious, hostile, or harmful functionality or behavior and that is used to compromise and endanger individual PCs as well as entire networks.

Category Trojan

Category Description Trojan is a general term for malicious software that is installed under false or deceptive pretenses or is installed without the user's full knowledge and consent. Most Trojans exhibit some form of malicious, hostile, or harmful functionality or behavior.

Level High

Level Description High risks are typically installed without user interaction through security exploits, and can severely compromise system security. Such risks may open illicit network connections, use polymorphic tactics to self-mutate, disable security software, modify system files, and install additional malware. These risks may also collect and transmit personally identifiable information (PII) without your consent and severely degrade the performance and stability of your computer.

Advice Type Remove

Release Date

Last updated on Jul 14 2008 [/quote]



Pues por si hubiera eliminado algun fichero de sistema, cabe lanzar una REPARACION de windows:




[quote="para REPARAR WINDOWS, msc"]
Sugiero proceder a REPARAR windows, arrancando con el CD de instalacion y primero seleccionar instalar, y tras detectar la particion existente, escoger REPARAR, no reinstalar para no perder las aplicaciones instaladas, y finalizar con un windowsupdate [/quote]



aparte de volver a lanzar el AV ONLINE para ver si periste alguna deteccion:



[url=https://www.kaspersky.es/downloads/thank-you/free-antivirus-download][color=darknesred][b] SOLO TESTEO AV ONLINE[/b][/color][/url]



NOTA: Y de las opciones a escanear, escoger MIPC, para examinarlo todo. Dicho AV ONLINE no limpia, solo testea, asi que lo que pretendemos con ello es solo el informe, ya obraremos en consecuencia, pidiendo muestras para analizar, si hace falta, indicando la utilidad a probar para solucionarlo.





(Este análisis con el kaspersky es muy lento, vaya este aviso por delante, tras lanzarlo, cargar la actualización y escoger MIPC, dejarlo trabajar (puede tardar varias horas), y cuando haya acabado, con un copiar y pegar, pegarnos el informe indicado)



saludos



ms, 31 de Agosto de 2008

[zetor]

Antes de intentar una reparacion .. o directamente un formateo voy a volver a correr el Kaspersky online .

El UnHackMe lo conozco pero otra cosa es leer el log , me arriesgo a ponerlo y si no correspone por favor borralo.

El setup lo borre pero lo tengo subido a un host , te lo refresco por si sirviera de algo mandarles el enlace ya que no puedo mandarlo por correo (pesa 180 Mb) .

Y ahora que recuerdo, hace dos dias salio el aviso de "archivos del sistema cambiados" y que ponga el CD del XP, lo puse y me dijo que era el CD incorrecto :shock:

El log:



SpyHolesList Version:2.3

02/07/2008 15:36:54

WinDir=C:\WINDOWS

Startup=C:\Documents and Settings\Administrador\Menú Inicio\Programas\Inicio\

Common Startup=C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\

Microsoft Windows XP Service Pack 3 (5.1.2600)

Internet Explorer 7.0.5730.13

[Internet Explorer]

[Default Home Page] :HKLM Default_Page_URL=http://www.microsoft.com/en/us/default.aspxisapi/redir.dll?prd=ie&pver=6&ar=msnhome

[Current Home Page] :HKCU Start Page=about:blank

[Current Home Page] :HKCU HOMEOldSP=""

[Search URL Template] :HKLM 1=""

[Search URL Template] :HKLM 2=""

[Search URL Template] :HKLM 3=""

[Search URL Template] :HKLM 4=""

[All Users Search] :HKLM Default_Search_URL=http://www.microsoft.com/en/us/default.aspxisapi/redir.dll?prd=ie&ar=iesearch

[All Users Search] :HKLM Search Page=http://www.microsoft.com/en/us/default.aspxisapi/redir.dll?prd=ie&ar=iesearch

[Current Users Search] :HKCU Search Page=http://www.microsoft.com/en/us/default.aspxisapi/redir.dll?prd=ie&ar=iesearch

[Current Users Search] :HKCU Search Bar=""

[IE Local Blank Page] :HKCU Local Page=""

[IE Local Blank Page] :HKLM Local Page=""

[Browser Helper Objects] {00C6482D-C502-44C8-8409-FCE54AD9C208}=C:\Archivos de programa\TechSmith\SnagIt 9\SnagItBHO.dll

[Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

[Browser Helper Objects] {9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Browser Helper Objects] {FFFC57DB-1DE3-4303-B24D-CEE6DCDD3D86}=C:\ARCHIV~1\MYCENT~1\InfoBar\MYCENT~1.DLL

[Auto Search URL] :HKCU provider=""

[Auto Search URL] :HKCU "Default Value"=""

[Search Assistant] :HKCU SearchAssistant=""

[Search Assistant] :HKLM SearchAssistant=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[Search Assistant] :HKCU CustomizeSearch=""

[Search Assistant] :HKLM CustomizeSearch=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

[CustomizeSearch] :HKLM CustomizeSearch=""

[URLSearchHook] :HKCU {CFBFAE00-17A6-11D0-99CB-00C04FD64497}=C:\WINDOWS\system32\ieframe.dll

[Default Prefix] :HKLM "Default Value"=http://

[URL Default Prefixes] :HKLM ftp=ftp://

[URL Default Prefixes] :HKLM gopher=gopher://

[URL Default Prefixes] :HKLM www=http://

[URL Default Prefixes] :HKLM Home=http://

[URL Default Prefixes] :HKLM Mosaic=http://

[AboutURLs] :HKLM blank=res://mshtml.dll/blank.htm

[AboutURLs] :HKLM DesktopItemNavigationFailure=res://shdoclc.dll/navcancl.htm

[AboutURLs] :HKLM Home=270

[AboutURLs] :HKLM NavigationCanceled=res://ieframe.dll/navcancl.htm

[AboutURLs] :HKLM NavigationFailure=res://ieframe.dll/navcancl.htm

[AboutURLs] :HKLM NoAdd-ons=res://ieframe.dll/noaddon.htm

[AboutURLs] :HKLM NoAdd-onsInfo=res://ieframe.dll/noaddoninfo.htm

[AboutURLs] :HKLM OfflineInformation=res://ieframe.dll/offcancl.htm

[AboutURLs] :HKLM PostNotCached=res://ieframe.dll/repost.htm

[AboutURLs] :HKLM SecurityRisk=res://ieframe.dll/securityatrisk.htm

[AboutURLs] :HKLM Tabs=res://ieframe.dll/tabswelcome.htm

[User Style Sheet] :HKCU User Stylesheet=""

[User Style Sheet] :HKUS User Stylesheet=""

[User Style Sheet] :HKCU Use My Stylesheet=0

[User Style Sheet] :HKUS Use My Stylesheet=0

[Execute unsigned ActiveX in My Computer Zone] :HKCU 1201=1

[Execute unsigned ActiveX in My Computer Zone] :HKLM 1201=0

[Execute unsigned ActiveX in Local Intranet Zone] :HKCU 1201=3

[Execute unsigned ActiveX in Local Intranet Zone] :HKLM 1201=0

[Execute unsigned ActiveX in Internet Zone] :HKCU 1201=3

[Execute unsigned ActiveX in Internet Zone] :HKLM 1201=0

[Links Toolbar] :HKCU LinksFolderName=Vínculos

[Toolbars] :HKLM {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}=C:\Archivos de programa\TechSmith\SnagIt 9\SnagItIEAddin.dll

[Explorer Bars] :HKLM {4D5C8C25-D075-11d0-B416-00C04FB90376}=%SystemRoot%\system32\shdocvw.dll

[IE Extensions - All Users] :HKLM {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}=C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll

[IE Extensions - All Users] :HKLM {92780B25-18CC-41C8-B9BE-3C9C571A8263}=C:\ARCHIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

[IE Extensions - All Users] :HKLM {e2e2dd38-d088-4134-82b7-f2ba38496583}=%windir%\Network Diagnostic\xpnetdiag.exe

[Context menu items] :HKCU E&xportar a Microsoft Excel=res://C:\ARCHIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

[Proxy] :HKCU ProxyServer=""

[Proxy] :HKCU ProxyEnable=0

[Network Settings]

[Hosts File Path] :HKLM DataBasePath=%SystemRoot%\System32\drivers\etc

[Hosts File Contents] :HKLM 127.0.0.1 localhost

[Domain Name] :HKLM Domain=""

[Name Server] {1A6598FC-2179-4A7B-89B9-BB30DE120E29}=10.0.0.2

[WinSock2 Components] :HKLM mswsock.dll=%SystemRoot%\System32\mswsock.dll

[WinSock2 Components] :HKLM winrnr.dll=%SystemRoot%\System32\winrnr.dll

[WinSock2 Components] :HKLM rsvpsp.dll=%SystemRoot%\system32\rsvpsp.dll

[Software Components]

[Internet Components] :HKLM C:\WINDOWS\system32\mfc42.dll=C:\WINDOWS\system32\mfc42.dll

[Internet Components] :HKLM C:\WINDOWS\system32\msvcrt.dll=C:\WINDOWS\system32\msvcrt.dll

[Internet Components] :HKLM C:\WINDOWS\system32\olepro32.dll=C:\WINDOWS\system32\olepro32.dll

[Windows Shell]

[Display Scrap's Extensions] :HKLM NeverShowExt=""

[ScreenSaver] :HKCU SCRNSAVE.EXE=C:\ARCHIV~1\Webshots\webshots.scr

[System.ini] shell=Explorer.exe

[User Shell] :HKCU shell=""

[Main File Extensions] :HKLM .exe="%1" %*

[Main File Extensions] :HKLM .com="%1" %*

[Main File Extensions] :HKLM .pif="%1" %*

[Main File Extensions] :HKLM .cmd="%1" %*

[Main File Extensions] :HKLM .scr="%1" /S

[Main File Extensions] :HKLM .jpg=rundll32.exe C:\WINDOWS\system32\shimgvw.dll,ImageView_Fullscreen %1

[Main File Extensions] :HKLM .jpeg=rundll32.exe C:\WINDOWS\system32\shimgvw.dll,ImageView_Fullscreen %1

[UserInit Value] :HKLM UserInit=C:\WINDOWS\system32\userinit.exe,

[Winlogon Notification] :HKLM crypt32chain=crypt32.dll

[Winlogon Notification] :HKLM cryptnet=cryptnet.dll

[Winlogon Notification] :HKLM cscdll=cscdll.dll

[Winlogon Notification] :HKLM dimsntfy=%SystemRoot%\System32\dimsntfy.dll

[Winlogon Notification] :HKLM klogon=C:\WINDOWS\system32\klogon.dll

[Winlogon Notification] :HKLM ScCertProp=wlnotify.dll

[Winlogon Notification] :HKLM Schedule=wlnotify.dll

[Winlogon Notification] :HKLM sclgntfy=sclgntfy.dll

[Winlogon Notification] :HKLM SensLogn=WlNotify.dll

[Winlogon Notification] :HKLM termsrv=wlnotify.dll

[Winlogon Notification] :HKLM wlballoon=wlnotify.dll

[Shell Services DelayLoad] :HKLM WebCheck=C:\WINDOWS\system32\webcheck.dll

[Shell Services DelayLoad] :HKLM WPDShServiceObj=C:\WINDOWS\system32\WPDShServiceObj.dll

[Shell Services DelayLoad] :HKLM PostBootReminder=%SystemRoot%\system32\SHELL32.dll

[Shell Services DelayLoad] :HKLM CDBurn=%SystemRoot%\system32\SHELL32.dll

[Shell Services DelayLoad] :HKLM SysTray=C:\WINDOWS\system32\stobject.dll

[Prevents Display in Control Panel from running.] :HKCU NoDispCpl=0

[Disable Registry Tools] :HKCU DisableRegistryTools =0

[SharedTaskScheduler] :HKLM {438755C2-A8BA-11D1-B96B-00A0C90312E1}=%SystemRoot%\system32\browseui.dll

[SharedTaskScheduler] :HKLM {8C7461EF-2B13-11d2-BE35-3078302C2030}=%SystemRoot%\system32\browseui.dll

[Kernel Auto Boot]

[ActiveSetup] >{22d6f312-b0f6-11d0-94ab-0080c74c7e95}=C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[ActiveSetup] {4b218e3e-bc98-4770-93d3-2731b9329278}

[ActiveSetup] {881dd1c5-3dcf-431b-b061-f3f88e8be88a}

[Bootexecute] :HKLM BootExecute=autocheck autochk *

autocheck

Partizan

[KnownDLLs] :HKLM advapi32=advapi32.dll

[KnownDLLs] :HKLM comdlg32=comdlg32.dll

[KnownDLLs] :HKLM DllDirectory=%SystemRoot%\system32

[KnownDLLs] :HKLM gdi32=gdi32.dll

[KnownDLLs] :HKLM imagehlp=imagehlp.dll

[KnownDLLs] :HKLM kernel32=kernel32.dll

[KnownDLLs] :HKLM lz32=lz32.dll

[KnownDLLs] :HKLM ole32=ole32.dll

[KnownDLLs] :HKLM oleaut32=oleaut32.dll

[KnownDLLs] :HKLM olecli32=olecli32.dll

[KnownDLLs] :HKLM olecnv32=olecnv32.dll

[KnownDLLs] :HKLM olesvr32=olesvr32.dll

[KnownDLLs] :HKLM olethk32=olethk32.dll

[KnownDLLs] :HKLM rpcrt4=rpcrt4.dll

[KnownDLLs] :HKLM shell32=shell32.dll

[KnownDLLs] :HKLM url=url.dll

[KnownDLLs] :HKLM urlmon=urlmon.dll

[KnownDLLs] :HKLM user32=user32.dll

[KnownDLLs] :HKLM version=version.dll

[KnownDLLs] :HKLM wininet=wininet.dll

[KnownDLLs] :HKLM wldap32=wldap32.dll

[Environment - Path] :HKLM Path=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\ARCHIV~1\DISKEE~1\DISKEE~1\
[List of Injected DLLs]

:HKLM AppInit_DLLs=C:\ARCHIV~1\KASPER~1\KASPER~1.0\adialhk.dll

[Auto Services] AudioSrv

[Auto Services] AVP

[Auto Services] Browser

[Auto Services] CryptSvc

[Auto Services] DcomLaunch

[Auto Services] Dhcp

[Auto Services] Diskeeper

[Auto Services] dmserver

[Auto Services] Dnscache

[Auto Services] Eventlog

[Auto Services] helpsvc

[Auto Services] ioloFileInfoList

[Auto Services] ioloSystemService

[Auto Services] LanmanServer

[Auto Services] lanmanworkstation

[Auto Services] LmHosts

[Auto Services] PlugPlay

[Auto Services] PolicyAgent

[Auto Services] ProtectedStorage

[Auto Services] RpcSs

[Auto Services] SamSs

[Auto Services] Schedule

[Auto Services] seclogon

[Auto Services] SENS

[Auto Services] SharedAccess

[Auto Services] ShellHWDetection

[Auto Services] Spooler

[Auto Services] srservice

[Auto Services] Themes

[Auto Services] TrkWks

[Auto Services] UxTuneUp

[Auto Services] W32Time

[Auto Services] WebClient

[Auto Services] winmgmt

[Auto Services] wuauserv

[Auto Services] WZCSVC

[Drivers] ntkrnlpa.exe=C:\WINDOWS\SYSTEM32\NTKRNLPA.EXE

[Drivers] hal.dll=C:\WINDOWS\SYSTEM32\HAL.DLL

[Drivers] KDCOM.DLL=C:\WINDOWS\SYSTEM32\KDCOM.DLL

[Drivers] BOOTVID.dll=C:\WINDOWS\SYSTEM32\BOOTVID.DLL

[Drivers] spib.sys=spib.sys

[Drivers] WMILIB.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\WMILIB.SYS

[Drivers] SCSIPORT.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\SCSIPORT.SYS

[Drivers] ACPI.sys=C:\WINDOWS\system32\DRIVERS\ACPI.sys

[Drivers] Partizan.sys=C:\WINDOWS\system32\DRIVERS\Partizan.sys

[Drivers] pci.sys=C:\WINDOWS\system32\DRIVERS\pci.sys

[Drivers] isapnp.sys=C:\WINDOWS\system32\DRIVERS\isapnp.sys

[Drivers] viaide.sys=C:\WINDOWS\system32\DRIVERS\viaide.sys

[Drivers] PCIIDEX.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\PCIIDEX.SYS

[Drivers] MountMgr.sys=C:\WINDOWS\system32\DRIVERS\MountMgr.sys

[Drivers] ftdisk.sys=C:\WINDOWS\system32\DRIVERS\ftdisk.sys

[Drivers] dmload.sys=C:\WINDOWS\system32\DRIVERS\dmload.sys

[Drivers] dmio.sys=C:\WINDOWS\system32\DRIVERS\dmio.sys

[Drivers] PartMgr.sys=C:\WINDOWS\system32\DRIVERS\PartMgr.sys

[Drivers] videX32.sys=C:\WINDOWS\system32\DRIVERS\videX32.sys

[Drivers] VolSnap.sys=C:\WINDOWS\system32\DRIVERS\VolSnap.sys

[Drivers] atapi.sys=C:\WINDOWS\system32\DRIVERS\atapi.sys

[Drivers] viamraid.sys=C:\WINDOWS\system32\DRIVERS\viamraid.sys

[Drivers] disk.sys=C:\WINDOWS\system32\DRIVERS\disk.sys

[Drivers] CLASSPNP.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\CLASSPNP.SYS

[Drivers] fltMgr.sys=C:\WINDOWS\system32\DRIVERS\fltMgr.sys

[Drivers] KSecDD.sys=C:\WINDOWS\system32\DRIVERS\KSecDD.sys

[Drivers] Ntfs.sys=C:\WINDOWS\system32\DRIVERS\Ntfs.sys

[Drivers] NDIS.sys=C:\WINDOWS\system32\DRIVERS\NDIS.sys

[Drivers] Mup.sys=C:\WINDOWS\system32\DRIVERS\Mup.sys

[Drivers] kl1.sys=C:\WINDOWS\system32\DRIVERS\kl1.sys

[Drivers] TDI.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\TDI.SYS

[Drivers] gagp30kx.sys=C:\WINDOWS\system32\DRIVERS\gagp30kx.sys

[Drivers] AmdK8.sys=C:\WINDOWS\SYSTEM32\DRIVERS\AMDK8.SYS

[Drivers] Vtmini.sys=C:\WINDOWS\SYSTEM32\DRIVERS\VTMINI.SYS

[Drivers] VIDEOPRT.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\VIDEOPRT.SYS

[Drivers] imapi.sys=C:\WINDOWS\SYSTEM32\DRIVERS\IMAPI.SYS

[Drivers] cdrom.sys=C:\WINDOWS\SYSTEM32\DRIVERS\CDROM.SYS

[Drivers] redbook.sys=C:\WINDOWS\SYSTEM32\DRIVERS\REDBOOK.SYS

[Drivers] ks.sys=C:\WINDOWS\SYSTEM32\DRIVERS\KS.SYS

[Drivers] usbuhci.sys=C:\WINDOWS\SYSTEM32\DRIVERS\USBUHCI.SYS

[Drivers] USBPORT.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\USBPORT.SYS

[Drivers] usbehci.sys=C:\WINDOWS\SYSTEM32\DRIVERS\USBEHCI.SYS

[Drivers] fdc.sys=C:\WINDOWS\SYSTEM32\DRIVERS\FDC.SYS

[Drivers] parport.sys=C:\WINDOWS\SYSTEM32\DRIVERS\PARPORT.SYS

[Drivers] gameenum.sys=C:\WINDOWS\SYSTEM32\DRIVERS\GAMEENUM.SYS

[Drivers] i8042prt.sys=C:\WINDOWS\SYSTEM32\DRIVERS\I8042PRT.SYS

[Drivers] kbdclass.sys=C:\WINDOWS\SYSTEM32\DRIVERS\KBDCLASS.SYS

[Drivers] mouclass.sys=C:\WINDOWS\SYSTEM32\DRIVERS\MOUCLASS.SYS

[Drivers] serial.sys=C:\WINDOWS\SYSTEM32\DRIVERS\SERIAL.SYS

[Drivers] serenum.sys=C:\WINDOWS\SYSTEM32\DRIVERS\SERENUM.SYS

[Drivers] cmuda.sys=C:\WINDOWS\SYSTEM32\DRIVERS\CMUDA.SYS

[Drivers] portcls.sys=C:\WINDOWS\SYSTEM32\DRIVERS\PORTCLS.SYS

[Drivers] drmk.sys=C:\WINDOWS\SYSTEM32\DRIVERS\DRMK.SYS

[Drivers] fetnd5bv.sys=C:\WINDOWS\SYSTEM32\DRIVERS\FETND5BV.SYS

[Drivers] klim5.sys=C:\WINDOWS\SYSTEM32\DRIVERS\KLIM5.SYS

[Drivers] audstub.sys=C:\WINDOWS\SYSTEM32\DRIVERS\AUDSTUB.SYS

[Drivers] rasl2tp.sys=C:\WINDOWS\SYSTEM32\DRIVERS\RASL2TP.SYS

[Drivers] ndistapi.sys=C:\WINDOWS\SYSTEM32\DRIVERS\NDISTAPI.SYS

[Drivers] ndiswan.sys=C:\WINDOWS\SYSTEM32\DRIVERS\NDISWAN.SYS

[Drivers] raspppoe.sys=C:\WINDOWS\SYSTEM32\DRIVERS\RASPPPOE.SYS

[Drivers] raspptp.sys=C:\WINDOWS\SYSTEM32\DRIVERS\RASPPTP.SYS

[Drivers] psched.sys=C:\WINDOWS\SYSTEM32\DRIVERS\PSCHED.SYS

[Drivers] msgpc.sys=C:\WINDOWS\SYSTEM32\DRIVERS\MSGPC.SYS

[Drivers] ptilink.sys=C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS

[Drivers] raspti.sys=C:\WINDOWS\SYSTEM32\DRIVERS\RASPTI.SYS

[Drivers] rdpdr.sys=C:\WINDOWS\SYSTEM32\DRIVERS\RDPDR.SYS

[Drivers] termdd.sys=C:\WINDOWS\SYSTEM32\DRIVERS\TERMDD.SYS

[Drivers] swenum.sys=C:\WINDOWS\SYSTEM32\DRIVERS\SWENUM.SYS

[Drivers] update.sys=C:\WINDOWS\SYSTEM32\DRIVERS\UPDATE.SYS

[Drivers] mssmbios.sys=C:\WINDOWS\SYSTEM32\DRIVERS\MSSMBIOS.SYS

[Drivers] NDProxy.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\NDPROXY.SYS

[Drivers] usbhub.sys=C:\WINDOWS\SYSTEM32\DRIVERS\USBHUB.SYS

[Drivers] USBD.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\USBD.SYS

[Drivers] flpydisk.sys=C:\WINDOWS\SYSTEM32\DRIVERS\FLPYDISK.SYS

[Drivers] Fs_Rec.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\FS_REC.SYS

[Drivers] Null.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\NULL.SYS

[Drivers] Beep.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\BEEP.SYS

[Drivers] vga.sys=C:\WINDOWS\SYSTEM32\DRIVERS\VGA.SYS

[Drivers] mnmdd.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\MNMDD.SYS

[Drivers] RDPCDD.sys=C:\WINDOWS\SYSTEM32\DRIVERS\RDPCDD.SYS

[Drivers] Msfs.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\MSFS.SYS

[Drivers] Npfs.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\NPFS.SYS

[Drivers] rasacd.sys=C:\WINDOWS\SYSTEM32\DRIVERS\RASACD.SYS

[Drivers] ipsec.sys=C:\WINDOWS\SYSTEM32\DRIVERS\IPSEC.SYS

[Drivers] tcpip.sys=C:\WINDOWS\SYSTEM32\DRIVERS\TCPIP.SYS

[Drivers] netbt.sys=C:\WINDOWS\SYSTEM32\DRIVERS\NETBT.SYS

[Drivers] afd.sys=C:\WINDOWS\SYSTEM32\DRIVERS\AFD.SYS

[Drivers] netbios.sys=C:\WINDOWS\SYSTEM32\DRIVERS\NETBIOS.SYS

[Drivers] rdbss.sys=C:\WINDOWS\SYSTEM32\DRIVERS\RDBSS.SYS

[Drivers] mrxsmb.sys=C:\WINDOWS\SYSTEM32\DRIVERS\MRXSMB.SYS

[Drivers] klif.sys=C:\WINDOWS\SYSTEM32\DRIVERS\KLIF.SYS

[Drivers] Fips.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\FIPS.SYS

[Drivers] ipnat.sys=C:\WINDOWS\SYSTEM32\DRIVERS\IPNAT.SYS

[Drivers] wanarp.sys=C:\WINDOWS\SYSTEM32\DRIVERS\WANARP.SYS

[Drivers] FileDisk.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\FILEDISK.SYS

[Drivers] Fastfat.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\FASTFAT.SYS

[Drivers] diskdump.sys=C:\WINDOWS\SYSTEM32\DRIVERS\DUMP_DISKDUMP.SYS

[Drivers] VIAMRAID.sys=C:\WINDOWS\SYSTEM32\DRIVERS\DUMP_VIAMRAID.SYS

[Drivers] win32k.sys=C:\WINDOWS\SYSTEM32\WIN32K.SYS

[Drivers] Dxapi.sys=C:\WINDOWS\SYSTEM32\DRIVERS\DXAPI.SYS

[Drivers] watchdog.sys=C:\WINDOWS\SYSTEM32\WATCHDOG.SYS

[Drivers] dxg.sys=C:\WINDOWS\SYSTEM32\DRIVERS\DXG.SYS

[Drivers] dxgthk.sys=C:\WINDOWS\SYSTEM32\DRIVERS\DXGTHK.SYS

[Drivers] vtdisp.dll=C:\WINDOWS\SYSTEM32\VTDISP.DLL

[Drivers] ndisuio.sys=C:\WINDOWS\SYSTEM32\DRIVERS\NDISUIO.SYS

[Drivers] wdmaud.sys=C:\WINDOWS\SYSTEM32\DRIVERS\WDMAUD.SYS

[Drivers] sysaudio.sys=C:\WINDOWS\SYSTEM32\DRIVERS\SYSAUDIO.SYS

[Drivers] splitter.sys=C:\WINDOWS\SYSTEM32\DRIVERS\SPLITTER.SYS

[Drivers] aec.sys=C:\WINDOWS\SYSTEM32\DRIVERS\AEC.SYS

[Drivers] swmidi.sys=C:\WINDOWS\SYSTEM32\DRIVERS\SWMIDI.SYS

[Drivers] DMusic.sys=C:\WINDOWS\SYSTEM32\DRIVERS\DMUSIC.SYS

[Drivers] kmixer.sys=C:\WINDOWS\SYSTEM32\DRIVERS\KMIXER.SYS

[Drivers] drmkaud.sys=C:\WINDOWS\SYSTEM32\DRIVERS\DRMKAUD.SYS

[Drivers] ntdll.dll=C:\WINDOWS\SYSTEM32\NTDLL.DLL

[Services detected by Partizan] :HKLM .NET CLR Data

[Services detected by Partizan] :HKLM .NET CLR Networking

[Services detected by Partizan] :HKLM .NET Data Provider for Oracle

[Services detected by Partizan] :HKLM .NET Data Provider for SqlServer

[Services detected by Partizan] :HKLM .NETFramework

[Services detected by Partizan] :HKLM Abiosdsk

[Services detected by Partizan] :HKLM abp480n5

[Services detected by Partizan] :HKLM ACPI=system32\DRIVERS\ACPI.sys

[Services detected by Partizan] :HKLM ACPIEC

[Services detected by Partizan] :HKLM adpu160m

[Services detected by Partizan] :HKLM aec=system32\drivers\aec.sys

[Services detected by Partizan] :HKLM AFD=\SystemRoot\System32\drivers\afd.sys

[Services detected by Partizan] :HKLM Aha154x

[Services detected by Partizan] :HKLM aic78u2

[Services detected by Partizan] :HKLM aic78xx

[Services detected by Partizan] :HKLM Alerter

[Services detected by Partizan] :HKLM ALG=%SystemRoot%\System32\alg.exe

[Services detected by Partizan] :HKLM AliIde

[Services detected by Partizan] :HKLM AmdK8=system32\DRIVERS\AmdK8.sys

[Services detected by Partizan] :HKLM amsint

[Services detected by Partizan] :HKLM AppMgmt=%SystemRoot%\system32\svchost.exe -k netsvcs

[Services detected by Partizan] :HKLM asc

[Services detected by Partizan] :HKLM asc3350p

[Services detected by Partizan] :HKLM asc3550

[Services detected by Partizan] :HKLM ASP.NET

[Services detected by Partizan] :HKLM ASP.NET_1.1.4322

[Services detected by Partizan] :HKLM ASP.NET_2.0.50727

[Services detected by Partizan] :HKLM aspnet_state=%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

[Services detected by Partizan] :HKLM AsyncMac=system32\DRIVERS\asyncmac.sys

[Services detected by Partizan] :HKLM atapi=system32\DRIVERS\atapi.sys

[Services detected by Partizan] :HKLM Atdisk

[Services detected by Partizan] :HKLM Atmarpc=system32\DRIVERS\atmarpc.sys

[Services detected by Partizan] :HKLM AudioSrv=%SystemRoot%\System32\svchost.exe -k netsvcs

[Services detected by Partizan] :HKLM audstub=system32\DRIVERS\audstub.sys

[Services detected by Partizan] :HKLM AVP="C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r

[Services detected by Partizan] :HKLM BattC

[Services detected by Partizan] :HKLM Beep

[Services detected by Partizan] :HKLM BITS=%SystemRoot%\system32\svchost.exe -k netsvcs

[Services detected by Partizan] :HKLM Browser=%SystemRoot%\system32\svchost.exe -k netsvcs

[Services detected by Partizan] :HKLM cbidf2k

[Services detected by Partizan] :HKLM cd20xrnt

[Services detected by Partizan] :HKLM Cdaudio

[Services detected by Partizan] :HKLM Cdfs

[Services detected by Partizan] :HKLM CDRom=system32\DRIVERS\cdrom.sys

[Services detected by Partizan] :HKLM Changer

[Services detected by Partizan] :HKLM Cisvc=%SystemRoot%\system32\cisvc.exe

[Services detected by Partizan] :HKLM ClipSrv=%SystemRoot%\system32\clipsrv.exe

[Services detected by Partizan] :HKLM clr_optimization_v2.0.50727_32=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

[Services detected by Partizan] :HKLM CmdIde

[Services detected by Partizan] :HKLM cmuda=system32\drivers\cmuda.sys

[Services detected by Partizan] :HKLM COMSysApp=C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

[Services detected by Partizan] :HKLM ContentFilter

[Services detected by Partizan] :HKLM ContentIndex

[Services detected by Partizan] :HKLM Cpqarray

[Services detected by Partizan] :HKLM CryptSvc=%SystemRoot%\system32\svchost.exe -k netsvcs

[Services detected by Partizan] :HKLM dac2w2k

[Services detected by Partizan] :HKLM dac960nt

[Services detected by Partizan] :HKLM DcomLaunch=%SystemRoot%\system32\svchost -k DcomLaunch

[Services detected by Partizan] :HKLM Dhcp=%SystemRoot%\system32\svchost.exe -k netsvcs

[Services detected by Partizan] :HKLM Disk=system32\DRIVERS\disk.sys

[Services detected by Partizan] :HKLM Diskeeper="C:\Archivos de programa\Diskeeper Corporation\Diskeeper\DkService.exe"

[Services detected by Partizan] :HKLM dmadmin=%SystemRoot%\System32\dmadmin.exe /com

[Services detected by Partizan] :HKLM dmboot=System32\drivers\dmboot.sys

[Services detected by Partizan] :HKLM dmio=System32\drivers\dmio.sys

[Services detected by Partizan] :HKLM dmload=System32\drivers\dmload.sys

[Services detected by Partizan] :HKLM dmserver=%SystemRoot%\System32\svchost.exe -k netsvcs

[Services detected by Partizan] :HKLM DMusic=system32\drivers\DMusic.sys

[Services detected by Partizan] :HKLM Dnscache=%SystemRoot%\system32\svchost.exe -k NetworkService

[Services detected by Partizan] :HKLM Dot3svc=%SystemRoot%\System32\svchost.exe -k dot3svc

[Services detected by Partizan] :HKLM dpti2o

[Services detected by Partizan] :HKLM drmkaud=system32\drivers\drmkaud.sys

[Services detected by Partizan] :HKLM EapHost=%SystemRoot%\System32\svchost.exe -k eapsvcs

[Services detected by Partizan] :HKLM Eventlog=%SystemRoot%\system32\services.exe

[Services detected by Partizan] :HKLM EventSystem=C:\WINDOWS\system32\svchost.exe -k netsvcs

[Services detected by Partizan] :HKLM Fastfat

[Services detected by Partizan] :HKLM FastUserSwitchingCompatibility=%SystemRoot%\System32\svchost.exe -k netsvcs

[Services detected by Partizan] :HKLM Fdc=system32\DRIVERS\fdc.sys

[Services detected by Partizan] :HKLM FET5X86V=system32\DRIVERS\fetnd5bv.sys

[Services detected by Partizan] :HKLM FETNDIS=system32\DRIVERS\fetnd5.sys

[Services detected by Partizan] :HKLM FileDisk

[Services detected by Partizan] :HKLM Fips

[Services detected by Partizan] :HKLM Flpydisk=system32\DRIVERS\flpydisk.sys

[Services detected by Partizan] :HKLM FltMgr=system32\DRIVERS\fltMgr.sys

[Services detected by Partizan] :HKLM Fs_Rec

[Services detected by Partizan] :HKLM Ftdisk=system32\DRIVERS\ftdisk.sys

[Services detected by Partizan] :HKLM gagp30kx=system32\DRIVERS\gagp30kx.sys

[Services detected by Partizan] :HKLM gameenum=system32\DRIVERS\gameenum.sys

[Services detected by Partizan] :HKLM Gpc=system32\DRIVERS\msgpc.sys

[Services detected by Partizan] :HKLM helpsvc=%SystemRoot%\System32\svchost.exe -k netsvcs

[Services detected by Partizan] :HKLM HidServ=%SystemRoot%\System32\svchost.exe -k netsvcs

[Services detected by Partizan] :HKLM hkmsvc=%SystemRoot%\System32\svchost.exe -k netsvcs

[Services detected by Partizan] :HKLM hpn

[Services detected by Partizan] :HKLM HTTP=System32\Drivers\HTTP.sys

[Services detected by Partizan] :HKLM HTTPFilter=%SystemRoot%\System32\svchost.exe -k HTTPFilter

[Services detected by Partizan] :HKLM i2omgmt

[Services detected by Partizan] :HKLM i2omp

[Services detected by Partizan] :HKLM i8042prt=system32\DRIVERS\i8042prt.sys

[Services detected by Partizan] :HKLM Imapi=system32\DRIVERS\imapi.sys

[Services detected by Partizan] :HKLM ImapiService=C:\WINDOWS\system32\imapi.exe

[Services detected by Partizan] :HKLM inetaccs

[Services detected by Partizan] :HKLM ini910u

[Services detected by Partizan] :HKLM Inport

[Services detected by Partizan] :HKLM IntelIde

[Services detected by Partizan] :HKLM ioloFileInfoList=C:\Archivos de programa\iolo\common\lib\ioloServiceManager.exe

[Services detected by Partizan] :HKLM ioloSystemService=C:\Archivos de programa\iolo\common\lib\ioloServiceManager.exe

[Services detected by Partizan] :HKLM Ip6Fw=system32\DRIVERS\Ip6Fw.sys

[Services detected by Partizan] :HKLM IpFilterDriver=system32\DRIVERS\ipfltdrv.sys

[Services detected by Partizan] :HKLM IpInIp=system32\DRIVERS\ipinip.sys

[Services detected by Partizan] :HKLM IpNat=system32\DRIVERS\ipnat.sys

[Services detected by Partizan] :HKLM IPSec=system32\DRIVERS\ipsec.sys

[Services detected by Partizan] :HKLM IRENUM=system32\DRIVERS\irenum.sys

[Services detected by Partizan] :HKLM ISAPISearch

[Services detected by Partizan] :HKLM isapnp=system32\DRIVERS\isapnp.sys

[Services detected by Partizan] :HKLM Kbdclass=system32\DRIVERS\kbdclass.sys

[Services detected by Partizan] :HKLM kl1=system32\drivers\kl1.sys

[Services detected by Partizan] :HKLM klif=\??\C:\WINDOWS\system32\drivers\klif.sys

[Services detected by Partizan] :HKLM klim5=system32\DRIVERS\klim5.sys

[Services detected by Partizan] :HKLM kmixer=system32\drivers\kmixer.sys

[Services detected by Partizan] :HKLM KSecDD

[Services detected by Partizan] :HKLM LanmanServer=%SystemRoot%\system32\svchost.exe -k netsvcs

[Services detected by Partizan] :HKLM lanmanworkstation=%SystemRoot%\system32\svchost.exe -k netsvcs

[Services detected by Partizan] :HKLM lbrtfdc

[Services detected by Partizan] :HKLM ldap

[Services detected by Partizan] :HKLM LicenseService

[Services detected by Partizan] :HKLM LmHosts=%SystemRoot%\system32\svchost.exe -k LocalService

[Services detected by Partizan] :HKLM MEMSWEEP2=\??\C:\WINDOWS\system32\SophosMEMSWEEP.SYS

[Services detected by Partizan] :HKLM mnmdd

[Services detected by Partizan] :HKLM mnmsrvc=C:\WINDOWS\system32\mnmsrvc.exe

[Services detected by Partizan] :HKLM Modem

[Services detected by Partizan] :HKLM Mouclass=system32\DRIVERS\mouclass.sys

[Services detected by Partizan] :HKLM MountMgr

[Services detected by Partizan] :HKLM mraid35x

[Services detected by Partizan] :HKLM MRxDAV=system32\DRIVERS\mrxdav.sys

[Services detected by Partizan] :HKLM MRxSmb=system32\DRIVERS\mrxsmb.sys

[Services detected by Partizan] :HKLM MSDTC=C:\WINDOWS\system32\msdtc.exe

[Services detected by Partizan] :HKLM Msfs

[Services detected by Partizan] :HKLM MSIServer=C:\WINDOWS\system32\msiexec.exe /V

[Services detected by Partizan] :HKLM MSKSSRV=system32\drivers\MSKSSRV.sys

[Services detected by Partizan] :HKLM MSPCLOCK=system32\drivers\MSPCLOCK.sys

[Services detected by Partizan] :HKLM MSPQM=system32\drivers\MSPQM.sys

[Services detected by Partizan] :HKLM mssmbios=system32\DRIVERS\mssmbios.sys

[Services detected by Partizan] :HKLM Mup

[Services detected by Partizan] :HKLM napagent=%SystemRoot%\System32\svchost.exe -k netsvcs

[Services detected by Partizan] :HKLM NDIS

[Services detected by Partizan] :HKLM NdisTapi=system32\DRIVERS\ndistapi.sys

[Services detected by Partizan] :HKLM Ndisuio=system32\DRIVERS\ndisuio.sys

[Services detected by Partizan] :HKLM NdisWan=system32\DRIVERS\ndiswan.sys

[Services detected by Partizan] :HKLM NDProxy

[Services detected by Partizan] :HKLM NetBIOS=system32\DRIVERS\netbios.sys

[Services detected by Partizan] :HKLM NetBT=system32\DRIVERS\netbt.sys

[Services detected by Partizan] :HKLM NetDDE=%SystemRoot%\system32\netdde.exe

[Services detected by Partizan] :HKLM NetDDEdsdm=%SystemRoot%\system32\netdde.exe

[Services detected by Partizan] :HKLM Netlogon=%SystemRoot%\system32\lsass.exe

[Services detected by Partizan] :HKLM Netman=%SystemRoot%\System32\svchost.exe -k netsvcs

[Services detected by Partizan] :HKLM Nla=%SystemRoot%\system32\svchost.exe -k netsvcs

[Services detected by Partizan] :HKLM Npfs

[Services detected by Partizan] :HKLM Ntfs

[Services detected by Partizan] :HKLM NtLmSsp=%SystemRoot%\system32\lsass.exe

[Services detected by Partizan] :HKLM Null

[Services detected by Partizan] :HKLM NwlnkFlt=system32\DRIVERS\nwlnkflt.sys

[Services detected by Partizan] :HKLM NwlnkFwd=system32\DRIVERS\nwlnkfwd.sys

[Services detected by Partizan] :HKLM ose="C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE"

[Services detected by Partizan] :HKLM Outlook

[Services detected by Partizan] :HKLM Parport=system32\DRIVERS\parport.sys

[Services detected by Partizan] :HKLM Partizan=system32\drivers\Partizan.sys

[Services detected by Partizan] :HKLM PartMgr

[Services detected by Partizan] :HKLM ParVdm

[Services detected by Partizan] :HKLM PCI=system32\DRIVERS\pci.sys

[Services detected by Partizan] :HKLM PCIDump

[Services detected by Partizan] :HKLM PCIIde

[Services detected by Partizan] :HKLM Pcmcia

[Services detected by Partizan] :HKLM PDCOMP

[Services detected by Partizan] :HKLM PDFRAME

[Services detected by Partizan] :HKLM PDRELI

[Services detected by Partizan] :HKLM PDRFRAME

[Services detected by Partizan] :HKLM perc2

[Services detected by Partizan] :HKLM perc2hib

[Services detected by Partizan] :HKLM PerfDisk

[Services detected by Partizan] :HKLM PerfNet

[Services detected by Partizan] :HKLM PerfOS

[Services detected by Partizan] :HKLM PerfProc

[Services detected by Partizan] :HKLM PlugPlay=%SystemRoot%\system32\services.exe

[Services detected by Partizan] :HKLM PolicyAgent=%SystemRoot%\system32\lsass.exe

[Services detected by Partizan] :HKLM PptpMiniport=system32\DRIVERS\raspptp.sys

[Services detected by Partizan] :HKLM Processor=system32\DRIVERS\processr.sys

[Services detected by Partizan] :HKLM ProtectedStorage=%SystemRoot%\system32\lsass.exe

[Services detected by Partizan] :HKLM PSched=system32\DRIVERS\psched.sys

[Services detected by Partizan] :HKLM Ptilink=system32\DRIVERS\ptilink.sys

[Services detected by Partizan] :HKLM ql1080

[Services detected by Partizan] :HKLM Ql10wnt

[Services detected by Partizan] :HKLM ql12160

[Services detected by Partizan] :HKLM ql1240

[Services detected by Partizan] :HKLM ql1280

[Services detected by Partizan] :HKLM RasAcd=system32\DRIVERS\rasacd.sys

[Services detected by Partizan] :HKLM RasAuto=%SystemRoot%\system32\svchost.exe -k netsvcs

[Services detected by Partizan] :HKLM Rasl2tp=system32\DRIVERS\rasl2tp.sys

[Services detected by Partizan] :HKLM RasMan=%SystemRoot%\system32\svchost.exe -k netsvcs

[Services detected by Partizan] :HKLM RasPppoe=system32\DRIVERS\raspppoe.sys

[Services detected by Partizan] :HKLM Raspti=system32\DRIVERS\raspti.sys

[Services detected by Partizan] :HKLM Rdbss=system32\DRIVERS\rdbss.sys

[Services detected by Partizan] :HKLM RDPCDD=System32\DRIVERS\RDPCDD.sys

[Services detected by Partizan] :HKLM RDPDD

[Services detected by Partizan] :HKLM rdpdr=system32\DRIVERS\rdpdr.sys

[Services detected by Partizan] :HKLM RDPNP

[Services detected by Partizan] :HKLM RDPWD

[Services detected by Partizan] :HKLM RDSessMgr=C:\WINDOWS\system32\sessmgr.exe

[Services detected by Partizan] :HKLM redbook=system32\DRIVERS\redbook.sys

[Services detected by Partizan] :HKLM RemoteAccess=%SystemRoot%\system32\svchost.exe -k netsvcs

[Services detected by Partizan] :HKLM RpcLocator=%SystemRoot%\system32\locator.exe

[Services detected by Partizan] :HKLM RpcSs=%SystemRoot%\system32\svchost -k rpcss

[Services detected by Partizan] :HKLM RSVP=%SystemRoot%\system32\rsvp.exe

[Services detected by Partizan] :HKLM SamSs=%SystemRoot%\system32\lsass.exe

[Services detected by Partizan] :HKLM Schedule=%SystemRoot%\System32\svchost.exe -k netsvcs

[Services detected by Partizan] :HKLM Secdrv=system32\DRIVERS\secdrv.sys

[Services detected by Partizan] :HKLM seclogon=%SystemRoot%\System32\svchost.exe -k netsvcs

[Services detected by Partizan] :HKLM SENS=%SystemRoot%\system32\svchost.exe -k netsvcs

[Services detected by Partizan] :HKLM serenum=system32\DRIVERS\serenum.sys

[Services detected by Partizan] :HKLM Serial=system32\DRIVERS\serial.sys

[Services detected by Partizan] :HKLM Sfloppy

[Services detected by Partizan] :HKLM SharedAccess=%SystemRoot%\system32\svchost.exe -k netsvcs

[Services detected by Partizan] :HKLM ShellHWDetection=%SystemRoot%\System32\svchost.exe -k netsvcs

[Services detected by Partizan] :HKLM Simbad

[Services detected by Partizan] :HKLM Sparrow

[Services detected by Partizan] :HKLM splitter=system32\drivers\splitter.sys

[Services detected by Partizan] :HKLM Spooler=%SystemRoot%\system32\spoolsv.exe

[Services detected by Partizan] :HKLM sptd=System32\Drivers\sptd.sys

[Services detected by Partizan] :HKLM Sr=\SystemRoot\system32\DRIVERS\sr.sys

[Services detected by Partizan] :HKLM srservice=%SystemRoot%\System32\svchost.exe -k netsvcs

[Services detected by Partizan] :HKLM Srv=system32\DRIVERS\srv.sys

[Services detected by Partizan] :HKLM SSDPSRV=%SystemRoot%\system32\svchost.exe -k LocalService

[Services detected by Partizan] :HKLM stisvc=%SystemRoot%\system32\svchost.exe -k imgsvc

[Services detected by Partizan] :HKLM swenum=system32\DRIVERS\swenum.sys

[Services detected by Partizan] :HKLM swmidi=system32\drivers\swmidi.sys

[Services detected by Partizan] :HKLM SwPrv=C:\WINDOWS\system32\dllhost.exe /Processid:{31B4B242-453A-4305-9954-857490426208}

[Services detected by Partizan] :HKLM symc810

[Services detected by Partizan] :HKLM symc8xx

[Services detected by Partizan] :HKLM sym_hi

[Services detected by Partizan] :HKLM sym_u3

[Services detected by Partizan] :HKLM sysaudio=system32\drivers\sysaudio.sys

[Services detected by Partizan] :HKLM SysmonLog=%SystemRoot%\system32\smlogsvc.exe

[Services detected by Partizan] :HKLM TapiSrv=%SystemRoot%\System32\svchost.exe -k netsvcs

[Services detected by Partizan] :HKLM Tcpip=system32\DRIVERS\tcpip.sys

[Services detected by Partizan] :HKLM TDPIPE

[Services detected by Partizan] :HKLM TDTCP

[Services detected by Partizan] :HKLM TermDD=system32\DRIVERS\termdd.sys

[Services detected by Partizan] :HKLM TermService=%SystemRoot%\System32\svchost -k DComLaunch

[Services detected by Partizan] :HKLM Themes=%SystemRoot%\System32\svchost.exe -k netsvcs

[Services detected by Partizan] :HKLM TosIde

[Services detected by Partizan] :HKLM TrkWks=%SystemRoot%\system32\svchost.exe -k netsvcs

[Services detected by Partizan] :HKLM TSDDD

[Services detected by Partizan] :HKLM TuneUp.Defrag=%SystemRoot%\System32\TuneUpDefragService.exe

[Services detected by Partizan] :HKLM Udfs

[Services detected by Partizan] :HKLM ultra

[Services detected by Partizan] :HKLM UnlockerDriver5=\??\C:\Archivos de programa\Unlocker\UnlockerDriver5.sys

[Services detected by Partizan] :HKLM Update=system32\DRIVERS\update.sys

[Services detected by Partizan] :HKLM upnphost=%SystemRoot%\system32\svchost.exe -k LocalService

[Services detected by Partizan] :HKLM UPS=%SystemRoot%\System32\ups.exe

[Services detected by Partizan] :HKLM usbehci=system32\DRIVERS\usbehci.sys

[Services detected by Partizan] :HKLM usbhub=system32\DRIVERS\usbhub.sys

[Services detected by Partizan] :HKLM usbuhci=system32\DRIVERS\usbuhci.sys

[Services detected by Partizan] :HKLM usnjsvc="C:\Archivos de programa\Windows Live\Messenger\usnsvc.exe"

[Services detected by Partizan] :HKLM UxTuneUp=%SystemRoot%\System32\svchost.exe -k netsvcs

[Services detected by Partizan] :HKLM VgaSave=\SystemRoot\System32\drivers\vga.sys

[Services detected by Partizan] :HKLM VIAGfx=system32\DRIVERS\Vtmini.sys

[Services detected by Partizan] :HKLM ViaIde=system32\DRIVERS\viaide.sys

[Services detected by Partizan] :HKLM VIAMRAID=system32\DRIVERS\viamraid.sys

[Services detected by Partizan] :HKLM VIDEX32=system32\DRIVERS\videX32.sys

[Services detected by Partizan] :HKLM VolSnap

[Services detected by Partizan] :HKLM VSS=%SystemRoot%\System32\vssvc.exe

[Services detected by Partizan] :HKLM VXD

[Services detected by Partizan] :HKLM W32Time=%SystemRoot%\System32\svchost.exe -k netsvcs

[Services detected by Partizan] :HKLM W3SVC

[Services detected by Partizan] :HKLM Wanarp=system32\DRIVERS\wanarp.sys

[Services detected by Partizan] :HKLM WDICA

[Services detected by Partizan] :HKLM wdmaud=system32\drivers\wdmaud.sys

[Services detected by Partizan] :HKLM WebClient=%SystemRoot%\system32\svchost.exe -k LocalService

[Services detected by Partizan] :HKLM winmgmt=%systemroot%\system32\svchost.exe -k netsvcs

[Services detected by Partizan] :HKLM Winsock

[Services detected by Partizan] :HKLM WinSock2

[Services detected by Partizan] :HKLM WinTrust

[Services detected by Partizan] :HKLM WLSetupSvc="C:\Archivos de programa\Windows Live\installer\WLSetupSvc.exe"

[Services detected by Partizan] :HKLM WmdmPmSN=%SystemRoot%\System32\svchost.exe -k netsvcs

[Services detected by Partizan] :HKLM Wmi=%SystemRoot%\System32\svchost.exe -k netsvcs

[Services detected by Partizan] :HKLM WmiApRpl

[Services detected by Partizan] :HKLM WmiApSrv=C:\WINDOWS\system32\wbem\wmiapsrv.exe

[Services detected by Partizan] :HKLM WMPNetworkSvc="C:\Archivos de programa\Windows Media Player\WMPNetwk.exe"

[Services detected by Partizan] :HKLM WS2IFSL

[Services detected by Partizan] :HKLM wuauserv=%systemroot%\system32\svchost.exe -k netsvcs

[Services detected by Partizan] :HKLM WudfPf=system32\DRIVERS\WudfPf.sys

[Services detected by Partizan] :HKLM WudfRd=system32\DRIVERS\wudfrd.sys

[Services detected by Partizan] :HKLM WudfSvc=%SystemRoot%\system32\svchost.exe -k WudfServiceGroup

[Services detected by Partizan] :HKLM WZCSVC=%SystemRoot%\System32\svchost.exe -k netsvcs

[Services detected by Partizan] :HKLM xmlprov=%SystemRoot%\System32\svchost.exe -k netsvcs

[Services detected by Partizan] :HKLM {1A6598FC-2179-4A7B-89B9-BB30DE120E29}

[Auto Start Apps]

[Registry Run] :HKCU ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe

[Registry Run] :HKCU UnHackMe Monitor=C:\Archivos de programa\UnHackMe\hackmon.exe

[Registry Run] :HKLM S3Trayp=S3Trayp.exe

[Registry Run] :HKLM Cmaudio=RunDll32 cmicnfg.cpl,CMICtrlWnd

[Registry Run] :HKLM AVP="C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"

[Registry RunOnceEx] :HKLM @Regrun2

[Registry RunOnceEx] :HKLM @UnHackMe=C:\ARCHIV~1\UnHackMe\UnHackMe.exe /p Partizan

[Win.ini] load=""

[Win.ini] run=""

[Startup Folder] Stardock ObjectDock.lnk=C:\Archivos de programa\Stardock\ObjectDock\ObjectDock.exe

[Startup Folder] Webshots.lnk=C:\Archivos de programa\Webshots\Launcher.exe

[Scheduled Tasks] Mantenimiento con 1 clic=C:\Archivos de programa\TuneUp Utilities 2008\OneClickStarter.exe

[In memory]

[Running Processes] C:\WINDOWS\SYSTEM32\SMSS.EXE

[Running Processes] C:\WINDOWS\SYSTEM32\WINLOGON.EXE

[Running Processes] C:\WINDOWS\SYSTEM32\SERVICES.EXE

[Running Processes] C:\WINDOWS\SYSTEM32\LSASS.EXE

[Running Processes] C:\WINDOWS\SYSTEM32\SVCHOST.EXE

[Running Processes] C:\WINDOWS\SYSTEM32\SVCHOST.EXE

[Running Processes] C:\WINDOWS\SYSTEM32\LOGONUI.EXE

[Running Processes] C:\WINDOWS\SYSTEM32\USERINIT.EXE

[Running Processes] C:\WINDOWS\EXPLORER.EXE

[Running Processes] C:\WINDOWS\SYSTEM32\SPOOLSV.EXE

[Running Processes] C:\WINDOWS\SYSTEM32\RUNDLL32.EXE

[Running Processes] C:\ARCHIV~1\UNHACKME\REANIMATOR.EXE

[Running Processes] C:\ARCHIV~1\UNHACKME\UNHACKME.EXE

[Running Processes] C:\ARCHIVOS DE PROGRAMA\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 7.0\AVP.EXE

[Running Processes] C:\ARCHIVOS DE PROGRAMA\DISKEEPER CORPORATION\DISKEEPER\DKSERVICE.EXE

[Running Processes] C:\ARCHIVOS DE PROGRAMA\IOLO\COMMON\LIB\IOLOSERVICEMANAGER.EXE

[Loaded DLLs] C:\Archivos de programa\iolo\Common\Lib\fbembed.dll

[Loaded DLLs] C:\WINDOWS\system32\xpsp2res.dll

[Loaded DLLs] C:\WINDOWS\system32\DCIMAN32.dll

[Loaded DLLs] C:\WINDOWS\system32\DDraw.dll

[Loaded DLLs] C:\Archivos de programa\Diskeeper Corporation\Diskeeper\NsIfaastMeas.dll

[Loaded DLLs] C:\WINDOWS\system32\msi.dll

[Loaded DLLs] C:\WINDOWS\system32\msxml3.dll

[Loaded DLLs] C:\Archivos de programa\Diskeeper Corporation\Diskeeper\DkTabProvider.dll

[Loaded DLLs] C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll

[Loaded DLLs] C:\Archivos de programa\Diskeeper Corporation\Diskeeper\1033\DkRes.dll

[Loaded DLLs] C:\Archivos de programa\Diskeeper Corporation\Diskeeper\Tab.dll

[Loaded DLLs] C:\Archivos de programa\Diskeeper Corporation\Diskeeper\PrFacade.dll

[Loaded DLLs] C:\Archivos de programa\Diskeeper Corporation\Diskeeper\DKLib.dll

[Loaded DLLs] C:\WINDOWS\system32\Normaliz.dll

[Loaded DLLs] C:\WINDOWS\system32\odbcbcp.dll

[Loaded DLLs] C:\WINDOWS\system32\pdh.dll

[Loaded DLLs] c:\archivos de programa\kaspersky lab\kaspersky internet security 7.0\hashmd5.ppl

[Loaded DLLs] c:\archivos de programa\kaspersky lab\kaspersky internet security 7.0\report.ppl

[Loaded DLLs] c:\archivos de programa\kaspersky lab\kaspersky internet security 7.0\lic.ppl

[Loaded DLLs] c:\archivos de programa\kaspersky lab\kaspersky internet security 7.0\thpimpl.ppl

[Loaded DLLs] c:\archivos de programa\kaspersky lab\kaspersky internet security 7.0\timer.ppl

[Loaded DLLs] c:\archivos de programa\kaspersky lab\kaspersky internet security 7.0\schedule.ppl

[Loaded DLLs] C:\WINDOWS\system32\xpsp2res.dll

[Loaded DLLs] c:\archivos de programa\kaspersky lab\kaspersky internet security 7.0\crpthlpr.ppl

[Loaded DLLs] C:\WINDOWS\system32\Normaliz.dll

[Loaded DLLs] c:\archivos de programa\kaspersky lab\kaspersky internet security 7.0\ndetect.ppl

[Loaded DLLs] c:\archivos de programa\kaspersky lab\kaspersky internet security 7.0\regmap.ppl

[Loaded DLLs] c:\archivos de programa\kaspersky lab\kaspersky internet security 7.0\wmihlpr.ppl

[Loaded DLLs] c:\archivos de programa\kaspersky lab\kaspersky internet security 7.0\bl.ppl

[Loaded DLLs] c:\archivos de programa\kaspersky lab\kaspersky internet security 7.0\fsdrvplg.ppl

[Loaded DLLs] c:\archivos de programa\kaspersky lab\kaspersky internet security 7.0\nfio.ppl

[Loaded DLLs] c:\archivos de programa\kaspersky lab\kaspersky internet security 7.0\tm.ppl

[Loaded DLLs] C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll

[Loaded DLLs] c:\archivos de programa\kaspersky lab\kaspersky internet security 7.0\tempfile.ppl

[Loaded DLLs] c:\archivos de programa\kaspersky lab\kaspersky internet security 7.0\mkavio.ppl

[Loaded DLLs] c:\archivos de programa\kaspersky lab\kaspersky internet security 7.0\winreg.ppl

[Loaded DLLs] c:\archivos de programa\kaspersky lab\kaspersky internet security 7.0\params.ppl

[Loaded DLLs] c:\archivos de programa\kaspersky lab\kaspersky internet security 7.0\pxstub.ppl

[Loaded DLLs] C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\prkernel.ppl

[Loaded DLLs] C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\prloader.dll

[Loaded DLLs] C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\CLLDR.DLL

[Loaded DLLs] C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\AVPGS.PPL

[Loaded DLLs] C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\FSSync.dll

[Loaded DLLs] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll

[Loaded DLLs] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCP80.dll

[Loaded DLLs] C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\prremote.dll

[Loaded DLLs] C:\WINDOWS\system32\wsock32.dll

[Loaded DLLs] C:\WINDOWS\system32\mstask.dll

[Loaded DLLs] C:\WINDOWS\system32\ntshrui.dll

[Loaded DLLs] C:\WINDOWS\system32\LINKINFO.dll

[Loaded DLLs] C:\WINDOWS\system32\RICHED20.dll

[Loaded DLLs] C:\WINDOWS\system32\RICHED32.DLL

[Loaded DLLs] C:\WINDOWS\system32\OLEPRO32.DLL

[Loaded DLLs] C:\WINDOWS\system32\SHFOLDER.DLL

[Loaded DLLs] C:\WINDOWS\system32\urlmon.dll

[Loaded DLLs] C:\WINDOWS\system32\ADVPACK.dll

[Loaded DLLs] C:\WINDOWS\system32\iernonce.dll

[Loaded DLLs] C:\WINDOWS\system32\themeui.dll

[Loaded DLLs] C:\WINDOWS\system32\Normaliz.dll

[Loaded DLLs] C:\WINDOWS\system32\SHDOCVW.dll

[Loaded DLLs] C:\WINDOWS\system32\BROWSEUI.dll

[Loaded DLLs] C:\WINDOWS\system32\shgina.dll

[Loaded DLLs] C:\WINDOWS\system32\OLEACC.dll

[Loaded DLLs] C:\WINDOWS\system32\MSIMG32.dll

[Loaded DLLs] C:\WINDOWS\system32\DUSER.dll

[Loaded DLLs] C:\WINDOWS\System32\mspatcha.dll

[Loaded DLLs] C:\WINDOWS\System32\Cabinet.dll

[Loaded DLLs] C:\WINDOWS\System32\WINHTTP.dll

[Loaded DLLs] C:\WINDOWS\system32\wuaueng.dll

[Loaded DLLs] c:\windows\system32\wuauserv.dll

[Loaded DLLs] C:\WINDOWS\system32\VSSAPI.DLL

[Loaded DLLs] c:\windows\system32\wbem\wmisvc.dll

[Loaded DLLs] c:\windows\system32\seclogon.dll

[Loaded DLLs] c:\windows\system32\sens.dll

[Loaded DLLs] c:\windows\system32\POWRPROF.dll

[Loaded DLLs] c:\windows\system32\srsvc.dll

[Loaded DLLs] c:\windows\system32\trkwks.dll

[Loaded DLLs] c:\windows\system32\WZCSAPI.DLL

[Loaded DLLs] c:\windows\system32\eappprxy.dll

[Loaded DLLs] c:\windows\system32\eappcfg.dll

[Loaded DLLs] c:\windows\system32\OneX.DLL

[Loaded DLLs] c:\windows\system32\dot3dlg.dll

[Loaded DLLs] c:\windows\system32\credui.dll

[Loaded DLLs] c:\windows\system32\netshell.dll

[Loaded DLLs] c:\windows\system32\netman.dll

[Loaded DLLs] c:\windows\system32\srvsvc.dll

[Loaded DLLs] c:\windows\pchealth\helpctr\binaries\pchsvc.dll

[Loaded DLLs] c:\windows\system32\es.dll

[Loaded DLLs] c:\windows\system32\dmserver.dll

[Loaded DLLs] c:\windows\system32\certcli.dll

[Loaded DLLs] c:\windows\system32\cryptsvc.dll

[Loaded DLLs] c:\windows\system32\wkssvc.dll

[Loaded DLLs] c:\windows\system32\audiosrv.dll

[Loaded DLLs] C:\WINDOWS\System32\MSIDLE.DLL

[Loaded DLLs] c:\windows\system32\schedsvc.dll

[Loaded DLLs] C:\WINDOWS\System32\raschap.dll

[Loaded DLLs] C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll

[Loaded DLLs] C:\WINDOWS\System32\TAPI32.dll

[Loaded DLLs] C:\WINDOWS\System32\rasman.dll

[Loaded DLLs] C:\WINDOWS\System32\RASAPI32.dll

[Loaded DLLs] C:\WINDOWS\System32\adsldpc.dll

[Loaded DLLs] C:\WINDOWS\System32\ACTIVEDS.dll

[Loaded DLLs] C:\WINDOWS\System32\MPRAPI.dll

[Loaded DLLs] C:\WINDOWS\system32\iertutil.dll

[Loaded DLLs] C:\WINDOWS\system32\Normaliz.dll

[Loaded DLLs] C:\WINDOWS\system32\WININET.dll

[Loaded DLLs] C:\WINDOWS\system32\CRYPTUI.dll

[Loaded DLLs] C:\WINDOWS\System32\rastls.dll

[Loaded DLLs] C:\WINDOWS\System32\COMRes.dll

[Loaded DLLs] C:\WINDOWS\System32\CLBCATQ.DLL

[Loaded DLLs] c:\windows\system32\ESENT.dll

[Loaded DLLs] c:\windows\system32\dot3api.dll

[Loaded DLLs] c:\windows\system32\QUtil.dll

[Loaded DLLs] c:\windows\system32\ATL.DLL

[Loaded DLLs] c:\windows\system32\EapolQec.dll

[Loaded DLLs] c:\windows\system32\WMI.dll

[Loaded DLLs] c:\windows\system32\rtutils.dll

[Loaded DLLs] c:\windows\system32\wzcsvc.dll

[Loaded DLLs] c:\windows\system32\dhcpcsvc.dll

[Loaded DLLs] c:\windows\system32\dbghelp.dll

[Loaded DLLs] c:\windows\system32\uxtuneup.dll

[Loaded DLLs] C:\WINDOWS\System32\xpsp2res.dll

[Loaded DLLs] C:\WINDOWS\system32\xpsp2res.dll

[Loaded DLLs] c:\windows\system32\rpcss.dll

[Loaded DLLs] C:\WINDOWS\system32\dssenh.dll

[Loaded DLLs] C:\WINDOWS\System32\wshtcpip.dll

[Loaded DLLs] C:\WINDOWS\system32\hnetcfg.dll

[Loaded DLLs] C:\WINDOWS\system32\mswsock.dll

[Loaded DLLs] C:\WINDOWS\system32\psbase.dll

[Loaded DLLs] C:\WINDOWS\system32\pstorsvc.dll

[Loaded DLLs] C:\WINDOWS\system32\WINIPSEC.DLL

[Loaded DLLs] C:\WINDOWS\system32\oakley.DLL

[Loaded DLLs] C:\WINDOWS\system32\ipsecsvc.dll

[Loaded DLLs] C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll

[Loaded DLLs] C:\WINDOWS\system32\scecli.dll

[Loaded DLLs] C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll

[Loaded DLLs] C:\WINDOWS\system32\wdigest.dll

[Loaded DLLs] C:\WINDOWS\system32\schannel.dll

[Loaded DLLs] C:\WINDOWS\system32\w32time.dll

[Loaded DLLs] C:\WINDOWS\system32\netlogon.dll

[Loaded DLLs] C:\WINDOWS\system32\kerberos.dll

[Loaded DLLs] C:\WINDOWS\system32\msprivs.dll

[Loaded DLLs] C:\WINDOWS\system32\OLEAUT32.dll

[Loaded DLLs] C:\WINDOWS\AppPatch\AcGenral.DLL

[Loaded DLLs] C:\WINDOWS\system32\cryptdll.dll

[Loaded DLLs] C:\WINDOWS\system32\SAMSRV.dll

[Loaded DLLs] C:\WINDOWS\system32\DNSAPI.dll

[Loaded DLLs] C:\WINDOWS\system32\NTDSAPI.dll

[Loaded DLLs] C:\WINDOWS\system32\LSASRV.dll

[Loaded DLLs] C:\WINDOWS\system32\eventlog.dll

[Loaded DLLs] C:\WINDOWS\AppPatch\AcAdProc.dll

[Loaded DLLs] C:\WINDOWS\system32\ShimEng.dll

[Loaded DLLs] C:\WINDOWS\system32\umpnpmgr.dll

[Loaded DLLs] C:\WINDOWS\system32\SCESRV.dll

[Loaded DLLs] C:\WINDOWS\system32\MSVCP60.dll

[Loaded DLLs] C:\WINDOWS\system32\NCObjAPI.DLL

[Loaded DLLs] C:\WINDOWS\system32\l3codeca.acm

[Loaded DLLs] C:\WINDOWS\system32\midimap.dll

[Loaded DLLs] C:\WINDOWS\system32\MSACM32.dll

[Loaded DLLs] C:\WINDOWS\system32\msacm32.drv

[Loaded DLLs] C:\WINDOWS\system32\wdmaud.drv

[Loaded DLLs] C:\WINDOWS\system32\WLDAP32.dll

[Loaded DLLs] C:\WINDOWS\system32\NTMARTA.DLL

[Loaded DLLs] C:\WINDOWS\system32\xpsp2res.dll

[Loaded DLLs] C:\WINDOWS\system32\cscui.dll

[Loaded DLLs] C:\WINDOWS\system32\iphlpapi.dll

[Loaded DLLs] C:\WINDOWS\system32\msv1_0.dll

[Loaded DLLs] C:\WINDOWS\system32\SAMLIB.dll

[Loaded DLLs] C:\WINDOWS\system32\WINSPOOL.DRV

[Loaded DLLs] C:\WINDOWS\system32\MPR.dll

[Loaded DLLs] C:\WINDOWS\system32\WlNotify.dll

[Loaded DLLs] C:\WINDOWS\system32\klogon.dll

[Loaded DLLs] C:\WINDOWS\System32\dimsntfy.dll

[Loaded DLLs] C:\WINDOWS\system32\rsaenh.dll

[Loaded DLLs] C:\WINDOWS\system32\cscdll.dll

[Loaded DLLs] C:\WINDOWS\system32\WINMM.dll

[Loaded DLLs] C:\WINDOWS\system32\uxtheme.dll

[Loaded DLLs] C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll

[Loaded DLLs] C:\WINDOWS\system32\sxs.dll

[Loaded DLLs] C:\WINDOWS\system32\WTSAPI32.dll

[Loaded DLLs] C:\WINDOWS\system32\WINSCARD.DLL

[Loaded DLLs] C:\WINDOWS\system32\msctfime.ime

[Loaded DLLs] C:\WINDOWS\system32\Apphelp.dll

[Loaded DLLs] C:\WINDOWS\system32\ole32.dll

[Loaded DLLs] C:\WINDOWS\system32\sfc_os.dll

[Loaded DLLs] C:\WINDOWS\system32\sfc.dll

[Loaded DLLs] C:\WINDOWS\system32\SHSVCS.dll

[Loaded DLLs] C:\WINDOWS\system32\odbcint.dll

[Loaded DLLs] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[Loaded DLLs] C:\WINDOWS\system32\SHLWAPI.dll

[Loaded DLLs] C:\WINDOWS\system32\SHELL32.dll

[Loaded DLLs] C:\WINDOWS\system32\comdlg32.dll

[Loaded DLLs] C:\WINDOWS\system32\ODBC32.dll

[Loaded DLLs] C:\WINDOWS\system32\COMCTL32.dll

[Loaded DLLs] C:\WINDOWS\system32\MSGINA.dll

[Loaded DLLs] C:\WINDOWS\system32\IMM32.DLL

[Loaded DLLs] C:\WINDOWS\system32\WS2HELP.dll

[Loaded DLLs] C:\WINDOWS\system32\WS2_32.dll

[Loaded DLLs] C:\WINDOWS\system32\IMAGEHLP.dll

[Loaded DLLs] C:\WINDOWS\system32\WINTRUST.dll

[Loaded DLLs] C:\WINDOWS\system32\WINSTA.dll

[Loaded DLLs] C:\WINDOWS\system32\VERSION.dll

[Loaded DLLs] C:\WINDOWS\system32\SETUPAPI.dll

[Loaded DLLs] C:\WINDOWS\system32\REGAPI.dll

[Loaded DLLs] C:\WINDOWS\system32\PSAPI.DLL

[Loaded DLLs] C:\WINDOWS\system32\USERENV.dll

[Loaded DLLs] C:\WINDOWS\system32\NETAPI32.dll

[Loaded DLLs] C:\WINDOWS\system32\PROFMAP.dll

[Loaded DLLs] C:\WINDOWS\system32\NDdeApi.dll

[Loaded DLLs] C:\WINDOWS\system32\GDI32.dll

[Loaded DLLs] C:\WINDOWS\system32\USER32.dll

[Loaded DLLs] C:\WINDOWS\system32\MSASN1.dll

[Loaded DLLs] C:\WINDOWS\system32\CRYPT32.dll

[Loaded DLLs] C:\WINDOWS\system32\msvcrt.dll

[Loaded DLLs] C:\WINDOWS\system32\AUTHZ.dll

[Loaded DLLs] C:\WINDOWS\system32\Secur32.dll

[Loaded DLLs] C:\WINDOWS\system32\RPCRT4.dll

[Loaded DLLs] C:\WINDOWS\system32\ADVAPI32.dll

[Loaded DLLs] C:\WINDOWS\system32\kernel32.dll

[Loaded DLLs] C:\WINDOWS\system32\ntdll.dll

[Explorer's DLLs] C:\WINDOWS\system32\themeui.dll

[Explorer's DLLs] C:\WINDOWS\system32\Normaliz.dll

[Explorer's DLLs] C:\WINDOWS\system32\SHDOCVW.dll

[Explorer's DLLs] C:\WINDOWS\system32\BROWSEUI.dll

[Explorer's DLLs] C:\WINDOWS\system32\MSIMG32.dll

[Explorer's DLLs] C:\WINDOWS\system32\iertutil.dll

[Explorer's DLLs] C:\WINDOWS\system32\WININET.dll

[Explorer's DLLs] C:\WINDOWS\system32\CRYPTUI.dll

[Explorer's DLLs] C:\WINDOWS\System32\COMRes.dll

[Explorer's DLLs] C:\WINDOWS\System32\CLBCATQ.DLL

[Explorer's DLLs] C:\WINDOWS\system32\OLEAUT32.dll

[Explorer's DLLs] C:\WINDOWS\AppPatch\AcGenral.DLL

[Explorer's DLLs] C:\WINDOWS\system32\ShimEng.dll

[Explorer's DLLs] C:\WINDOWS\system32\MSACM32.dll

[Explorer's DLLs] C:\WINDOWS\system32\WLDAP32.dll

[Explorer's DLLs] C:\WINDOWS\system32\cscui.dll

[Explorer's DLLs] C:\WINDOWS\system32\cscdll.dll

[Explorer's DLLs] C:\WINDOWS\system32\WINMM.dll

[Explorer's DLLs] C:\WINDOWS\system32\uxtheme.dll

[Explorer's DLLs] C:\WINDOWS\system32\msctfime.ime

[Explorer's DLLs] C:\WINDOWS\system32\Apphelp.dll

[Explorer's DLLs] C:\WINDOWS\system32\ole32.dll

[Explorer's DLLs] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[Explorer's DLLs] C:\WINDOWS\system32\SHLWAPI.dll

[Explorer's DLLs] C:\WINDOWS\system32\SHELL32.dll

[Explorer's DLLs] C:\WINDOWS\system32\COMCTL32.dll

[Explorer's DLLs] C:\WINDOWS\system32\IMM32.DLL

[Explorer's DLLs] C:\WINDOWS\system32\IMAGEHLP.dll

[Explorer's DLLs] C:\WINDOWS\system32\WINTRUST.dll

[Explorer's DLLs] C:\WINDOWS\system32\VERSION.dll

[Explorer's DLLs] C:\WINDOWS\system32\USERENV.dll

[Explorer's DLLs] C:\WINDOWS\system32\NETAPI32.dll

[Explorer's DLLs] C:\WINDOWS\system32\GDI32.dll

[Explorer's DLLs] C:\WINDOWS\system32\USER32.dll

[Explorer's DLLs] C:\WINDOWS\system32\MSASN1.dll

[Explorer's DLLs] C:\WINDOWS\system32\CRYPT32.dll

[Explorer's DLLs] C:\WINDOWS\system32\msvcrt.dll

[Explorer's DLLs] C:\WINDOWS\system32\Secur32.dll

[Explorer's DLLs] C:\WINDOWS\system32\RPCRT4.dll

[Explorer's DLLs] C:\WINDOWS\system32\ADVAPI32.dll

[Explorer's DLLs] C:\WINDOWS\system32\kernel32.dll

[Explorer's DLLs] C:\WINDOWS\system32\ntdll.dll

[Running Services] ALG

[Running Services] AudioSrv

[Running Services] AVP

[Running Services] Browser

[Running Services] CryptSvc

[Running Services] DcomLaunch

[Running Services] Dhcp

[Running Services] Diskeeper

[Running Services] dmserver

[Running Services] Dnscache

[Running Services] Eventlog

[Running Services] EventSystem

[Running Services] FastUserSwitchingCompatibility

[Running Services] helpsvc

[Running Services] ioloFileInfoList

[Running Services] ioloSystemService

[Running Services] LanmanServer

[Running Services] lanmanworkstation

[Running Services] LmHosts

[Running Services] Netman

[Running Services] Nla

[Running Services] PlugPlay

[Running Services] PolicyAgent

[Running Services] ProtectedStorage

[Running Services] RpcSs

[Running Services] SamSs

[Running Services] Schedule

[Running Services] seclogon

[Running Services] SENS

[Running Services] SharedAccess

[Running Services] ShellHWDetection

[Running Services] Spooler

[Running Services] TermService

[Running Services] Themes

[Running Services] TrkWks

[Running Services] UxTuneUp

[Running Services] W32Time

[Running Services] WebClient

[Running Services] winmgmt

[Running Services] wuauserv

[Running Services] WZCSVC

[Uninstall]

[Applications] :HKLM Adobe Flash Player ActiveX=C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

[Applications] :HKLM Branding

[Applications] :HKLM C-Media WDM Audio Driver=C:\WINDOWS\system32\cmirmdrv.exe

[Applications] :HKLM CCleaner (remove only)="C:\Archivos de programa\CCleaner\uninst.exe"

[Applications] :HKLM Connection Manager

[Applications] :HKLM Effective File Search 5.4="C:\Archivos de programa\efs\UnRun.exe" "C:\Archivos de programa\efs\Uninst.exe"

[Applications] :HKLM ESET Online Scanner=C:\WINDOWS\system32\OnlineScannerUninstaller.exe

[Applications] :HKLM HashTab 1.14 for x32=C:\Archivos de programa\HashTab Shell Extension\uninst.exe

[Applications] :HKLM Kaspersky Internet Security 7.0=MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}

[Applications] :HKLM Kaspersky Online Scanner=C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe

[Applications] :HKLM KB884267

[Applications] :HKLM KB885353

[Applications] :HKLM KB886612

[Applications] :HKLM KB887078

[Applications] :HKLM KB887626

[Applications] :HKLM KB888656

[Applications] :HKLM KB891122

[Applications] :HKLM KB893240

[Applications] :HKLM KB893241

[Applications] :HKLM KB895181

[Applications] :HKLM KB895316

[Applications] :HKLM KB897586

[Applications] :HKLM Actualización para Windows XP (KB898461)="C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"

[Applications] :HKLM KB898549

[Applications] :HKLM KB900399

[Applications] :HKLM KB902344

[Applications] :HKLM KB911854

[Applications] :HKLM Actualización para Windows XP (KB942763)="C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"

[Applications] :HKLM Actualización de seguridad para Windows Internet Explorer 7 (KB950759)="C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"

[Applications] :HKLM Actualización de seguridad para Windows XP (KB950760)="C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"

[Applications] :HKLM Actualización de seguridad para Windows XP (KB950762)="C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

[Applications] :HKLM Actualización de seguridad para Windows XP (KB951376-v2)="C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

[Applications] :HKLM Actualización de seguridad para Windows XP (KB951698)="C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"

[Applications] :HKLM K-Lite Codec Pack 3.9.0 Standard="C:\Archivos de programa\K-Lite Codec Pack\unins000.exe"

[Applications] :HKLM Microsoft .NET Framework 1.1=msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

[Applications] :HKLM Paquete de idioma de Microsoft .NET Framework 2.0 - ESN=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - ESN\install.exe

[Applications] :HKLM Èíòåðíåò ïîìîùíèê MyCentria=C:\Archivos de programa\MyCentria\MyCentriaUninstall.exe

[Applications] :HKLM Nero 8.3.2.1="C:\Archivos de programa\Nero\unins000.exe"

[Applications] :HKLM ObjectDock Plus=C:\ARCHIV~1\Stardock\OBJECT~1\objectdock.exe /uninstall

[Applications] :HKLM PCHealth=rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

[Applications] :HKLM Registry Mechanic 7.0="C:\Archivos de programa\Registry Mechanic\unins000.exe"

[Applications] :HKLM S3 ChroMetal 4.9=S3Uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3GDriver'

[Applications] :HKLM UnHackMe 4.70 release="C:\Archivos de programa\UnHackMe\unins000.exe"

[Applications] :HKLM Unlocker 1.8.7=C:\Archivos de programa\Unlocker\uninst.exe

[Applications] :HKLM VIA Rhine-Family Fast-Ethernet Adapter=Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA

[Applications] :HKLM Webshots Desktop="C:\Archivos de programa\Webshots\unins000.exe"

[Applications] :HKLM Windows Media Format 11 runtime="C:\Archivos de programa\Windows Media Player\wmsetsdk.exe" /UninstallAll

[Applications] :HKLM Compresor WinRAR=C:\Archivos de programa\WinRAR\uninstall.exe

[Applications] :HKLM Windows Media Format 11 runtime="C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

[Applications] :HKLM Your Uninstaller! 2008 Version 6.0="C:\Archivos de programa\Your Uninstaller 2008\unins000.exe"

[Applications] :HKLM Cliente VIP A21=MsiExec.exe /I{0ABC7536-A82B-41D5-9196-68D71857321D}

[Applications] :HKLM Adobe Shockwave Player=MsiExec.exe /X{211E8730-5681-49ED-BC6A-78C9F88E95F5}

[Applications] :HKLM Microsoft .NET Framework 2.0 Language Pack - ESN

[Applications] :HKLM TuneUp Utilities 2008=MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}

[Applications] :HKLM SnagIt 9=MsiExec.exe /I{59991D18-A988-45AB-B1BF-5ADE6E64CD3F}

[Applications] :HKLM Microsoft Visual C++ 2005 Redistributable=MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

[Applications] :HKLM Microsoft Office Professional Edition 2003=MsiExec.exe /I{90110C0A-6000-11D3-8CFE-0150048383C9}

[Applications] :HKLM Windows Live installer=MsiExec.exe /X{9E1DDBE7-BF44-4AC8-87CA-3D25FC63C6E1}

[Applications] :HKLM Adobe Reader 8.1.2 - Español=MsiExec.exe /I{AC76BA86-7AD7-1034-7B44-A81200000003}

[Applications] :HKLM Windows Live Asistente para el inicio de sesión=MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}

[Applications] :HKLM Spybot - Search & Destroy="C:\Archivos de programa\Spybot - Search & Destroy\unins000.exe"

[Applications] :HKLM Microsoft .NET Framework 2.0 Service Pack 1=MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}

[Applications] :HKLM Diskeeper 2008 Pro Premier=MsiExec.exe /X{B695F0BF-D610-4C5E-B7AC-C9FF6C172CC0}

[Applications] :HKLM iolo technologies' System Mechanic Professional="C:\Archivos de programa\iolo\System Mechanic Professional\unins000.exe"

[Applications] :HKLM Kaspersky Internet Security 7.0=MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}

[Applications] :HKLM Microsoft .NET Framework 1.1=MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

[Applications] :HKLM DAMN NFO Viewer Setup=MsiExec.exe /I{D5DE2E28-2BA1-4CF8-A4C5-D3D2AE0A9E38}

[Applications] :HKLM Windows Live Messenger=MsiExec.exe /X{FC411B47-30BF-428C-9C1E-F6C54A94EA7E}



Muchas gracias

[msc hotline sat]

Como te indiqué el unhackme no lo usamos ni lo conocemos, por lo que lo dejo a titulo de si alguien quiere indicar algo al respecto .



Y si no puedes REPARAR por no tener el CD de tu sistema, buscalo, que lo debe tener todo usuario !



Y lo del SETUP olvidalo si es de 180 MB...



Tras lo que hagas, lanza el AV ONLINE que ya te indicamos y nos posteas su informe de resultados, gracias



saludos



ms, 31 de Agosto de 2008

[zetor]

Termino el scan con Kas online, pongo solo lo que dio positivo y pregunto porque sale en el resultado la carpeta restore, si cuando empezo el scan desactive restaurar sistema



KASPERSKY ONLINE SCANNER INFORME

domingo, 31 de agosto de 2008 Hector Zevi 18:23:47

Sistema operativo: Microsoft Windows XP Professional, Service Pack 3 (Build 2600)

Kaspersky Online Scanner versión: 5.0.84.1

Ultima actualización: 31/08/2008

Registros en la base antivirus: 1172181

-------------------------------------------------------------------------------



Configuración del análisis:

Analizar usando las siguientes bases: estendidas

Analizar archivos: verdadero

Analizar bases de correo: verdadero



Objetivo a analizar - Mi PC:

A:\

C:\

D:\

E:\



Estadísticas:

Número de objeros analizados: 37334

Virus encontrados: 2

Objetos infectados: 2 / 0

Objetos sospechosos: 0

Duración del análisis: 01:36:15



D:\Progr s- instalacion\SEGURIDAD & MANTENIMIENTO\Elistara\ELISTARA.%D8B%D8IB%D8%D8H.EXE Infectados: Trojan-Downloader.Win32.IstBar.vv saltado

D:\System Volume Information\_restore{DD295AF9-C0C3-4C48-8600-82683C29B68F}\RP23\A0026545.exe Infectados: Trojan-GameThief.Win32.OnLineGames.skwo saltado



Respecto al CD de windows sí que lo tengo pero cuando salio el aviso de "los archivos del sistema fueron reemplazados por versiones desconocidas.." cuando puse el CD me dijo que no era el correcto ! :?:

Otra cosa que encontre y que no la tenia es lo que muestro en la captura



[img]http://i38.tinypic.com/35hlls2.jpg[/img]



A pesar o no de todo lo visto, puedo sospechar que hay una infeccion? y si es que debo reparar windows, prefiero como dije formatear, la pregunta es si debo hacerlo con el C y tambien con el D (espero que no porque tengo mucha informacion en el D).



Saludos

[msc hotline sat]

Lo que vemos es que has tenido un ONLINE GAMES:



D:\System Volume Information\_restore{DD295AF9-C0C3-4C48-8600-82683C29B68F}\RP23\A0026545.exe Infectados: Trojan-GameThief.Win32.OnLineGames.skwo saltado



Aunque este ya no esté activo, deberías eliminarlo con el mismo antivirus que usaste, pero arrancando en modo seguro y desactivando la restauracion de sistema para lanzarlo.



y lo del ELISTARA ni caso, es un falso positivo al detectar alguna de las miules de cadenas viricas que contiene para la deteccion de troyanos, pero nuestras utilidades tienen comprobacion de checksum y si se infectaran lo dirían al ejecutarlas, deteniendo su proceso, impidiendo propagar la infeccion a los ficheros que se escaneara.



Y lo de formatear, el peligro es que desde el arranque de C: llames a un fichero o aplicacion de D: que estuviera infectada, cargarías igualmente el virus.



saludos



ms, 1-09-2008

[zetor]

Ya habia desactivado restaurar sistema cuando empezo a scanear el online, no entiendo porque salio en el informe.

El KIS no carga en modo seguro pero igualmente lo llame desde su ejecutable en archivos de programa , lo puse a max deteccion y como no encontro nada en D tambien escanie el C y tampoco encontro algo.


[quote]Y lo de formatear, el peligro es que desde el arranque de C: llames a un fichero o aplicacion de D: que estuviera infectada, cargarías igualmente el virus.[/quote]

Estas son malas noticias, si supones que puede haber una infeccion con que otra herramienta podria intentar?



Gracias

[msc hotline sat]

Con el AV ONLINE, al seleccionar MIPC, ya examinaste todas las unidades, incluida la D:, que es lo maximo que puedes hacer, pero siempre cabe la posibilidad de nuevos virus no controlados todavía, y lo indicado era para que no te confiaras excesivamente y tuvieras en cuenta que a pesar de que se formateara C:, cabe lo indicado.



Saludos



ms, 2-09-2008

[zetor]

Me pregunto una cosa, si estaba el Trojan-GameThief.Win32.OnLineGames.skwo , porque no salio en el primer informe para salir recien en la carpeta restore y ademas porque salio si ya habia desactivado restaurar sistema..

Pero bueno, se hizo lo que se pudo no?



Muchas gracias

[msc hotline sat]

Quizas este ONLINE GAMES era de una infeccion de tiempo atras, y hasta que no se ha buscado detenidamente, no se ha visto este resto en el RESTORE



Y arrancando en modo seguro con la restauracion de sistema desactivada, el antivirus será capaz de detectarlo y elikminarlo.



Pero si no se restaura el sistema a un punto anterior , está fuera de circulacion...



Y dando por solucionado el Tema, procedemos a cerrarlio



Si nos necesitas de nuevo, ya sabes donmde estamoa



saludos, 2-09-2008