-
kaliro
- Mensajes: 29
- Registrado: 02 Jul 2007, 12:39
Mensaje
por kaliro » 10 Dic 2007, 18:03
:( hola q tal espero que esten bien todos estoy aqui para ver si me pudisen dar su ayuda
todo empeso cuando intale el msn live 8.5 y como me puso el inicio de la maquina lenta lo desintale y intale la varsion antigua la 8.1 la cual no me dejaba intalarse y buscando en intenet en una pagina reconosida por microsoft no la mensiono por que despues la consideran spam
me dijo q desbloquiara la carpeta de windows d solo lectura lo ise y se intalo y como considere que era algo peligroso teniendola sin restinciones la puse d nuevo como solo lectura despues de apagar el ordenador
me tiro el error que desia no se han podido reparar componentes del messenger (esto ocurre cada ves q ensiendo la pc) y de hay el intenet anda letisimo solo el IE y ares me baja peor que emule digo a 0.25kbs @ 0.75kbs en verdad no se que hacer le pase el nod32 original y nada
bueno aqui esta mi long
Logfile of HijackThis v1.99.1
Scan saved at 11:50:44 a.m., on 12/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Archivos de programa\Eset\nod32kui.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Archivos de programa\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\ARCHIV~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\crypserv.exe
C:\Archivos de programa\Eset\nod32krn.exe
c:\Archivos de programa\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\Archivos de programa\MSN Messenger\usnsvc.exe
C:\ARCHIV~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrador\Escritorio\ELISTARA.16122007.EXE
C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Administrador\Mis documentos\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Archivos de programa\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Archivos de programa\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKCU\..\Run: [ares] "C:\Archivos de programa\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [swg] C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Archivos de programa\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: No-IP DUC.lnk = C:\Archivos de programa\No-IP\DUC20.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ARCHIV~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1194029476390
O17 - HKLM\System\CCS\Services\Tcpip\..\{3180E1A2-3C22-4E0C-93F1-6232E0C2B75B}: NameServer = 201.225.225.225 201.224.73.162
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Archivos de programa\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Archivos de programa\Ares\chatServer.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Archivos de programa\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Archivos de programa\Eset\nod32krn.exe
espero que me ayuden :lol:
-
msc hotline sat
- Mensajes: 93500
- Registrado: 09 Mar 2004, 20:39
- Ubicación: BARCELONA (ESPAÑA)
-
Contactar:
Mensaje
por msc hotline sat » 10 Dic 2007, 18:50
El log está limpio.
Pruebe nuestras utilidades ELITRIIP y ELISTARA yh posteenos el resultado, grcias:
[b] ELITRIIP: [/b]
http://www.zonavirus.com/descargas/elitriip.asp
[b] ELISTARA: [/b]
http://www.zonavirus.com/descargas/elistara.asp
Tras probarlo, reiniciar y postearnos el contenido de C:\infosat.txt para ver el resultado del proceso
saludos
ms, 10-12-2007
-
kaliro
- Mensajes: 29
- Registrado: 02 Jul 2007, 12:39
Mensaje
por kaliro » 11 Dic 2007, 01:52
Ahí está amigos, pero el archivo que eliminó no soluciono el problema me urge lo del internet ya que para postear esto estoy en un ciber cafe espero que me puedan ayudar de antemano grasias
Mon Dec 10 18:45:09 2007
EliStartPage v15.22 (c)2007 S.G.H. / Satinfo S.L.
--------------------------------------------------
Lista de Acciones (por Acción Directa):
Eliminadas las Paginas de Inicio y de Busqueda del IE
Eliminados Ficheros Temporales del IE
Mon Dec 10 18:45:18 2007
EliTriIP v4.17 (c)2007 S.G.H. / Satinfo S.L.
---------------------------------------------
Lista de Acciones (por Acción Directa):
Mon Dec 10 18:45:19 2007
EliTriIP v4.17 (c)2007 S.G.H. / Satinfo S.L.
---------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Mon Dec 10 18:45:21 2007
EliStartPage v15.22 (c)2007 S.G.H. / Satinfo S.L.
--------------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Archivos de programa\Macromedia\Dreamweaver 8\Configuration\JSExtensions\SSITranslator.dll --> Eliminado, BackDoor.CMQ (dropper)
Nº Total de Directorios: 6868
Nº Total de Ficheros: 94701
Nº de Ficheros Analizados: 19020
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1
Mon Dec 10 18:58:09 2007
EliStartPage v15.22 (c)2007 S.G.H. / Satinfo S.L.
--------------------------------------------------
Lista de Acciones (por Acción Directa):
Eliminadas las Paginas de Inicio y de Busqueda del IE
Eliminados Ficheros Temporales del IE
Mon Dec 10 18:58:11 2007
EliStartPage v15.22 (c)2007 S.G.H. / Satinfo S.L.
--------------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Nº Total de Directorios: 6869
Nº Total de Ficheros: 94701
Nº de Ficheros Analizados: 21153
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
-
msc hotline sat
- Mensajes: 93500
- Registrado: 09 Mar 2004, 20:39
- Ubicación: BARCELONA (ESPAÑA)
-
Contactar:
Mensaje
por msc hotline sat » 11 Dic 2007, 05:07
Pues tras detectar y eliminar este backdoor CMQ, reinicie y diganos si persiste alguna anomalia o ya se han solucionado.
saludos
ms, 11-12-2007
-
kaliro
- Mensajes: 29
- Registrado: 02 Jul 2007, 12:39
Mensaje
por kaliro » 11 Dic 2007, 17:00
lamentablemente todavia pesiste el problema con el ares y el IE ya no se ni que hacer en verdad agradesco toda su ayuda pero en verdad quisiera que me ayudaran d verdad :cry:
saludos
-
msc hotline sat
- Mensajes: 93500
- Registrado: 09 Mar 2004, 20:39
- Ubicación: BARCELONA (ESPAÑA)
-
Contactar:
Mensaje
por msc hotline sat » 11 Dic 2007, 18:00
Pues pruebe estos AV ONLINE:
[url=https://www.eset.es/analisis-online/][b][color=Darknesred]AV ONLINE aconsejado[/color][/b][/url]
y una manera facil y rapida de saber si se tiene virus en memoria es lanzar este escaneo ONLINE que tarda menos de 1 minuto:
[url=https://www.pandasecurity.com/spain/homeusers/solutions/online-antivirus/][b][color=Darknesred]testeo ONLINE de virus en memoria[/color][/b][/url]
Pero el uso de programas tipo P2P, conlleva además descarga de troyanos que luego le van a incordiar, eso debe saberlo !
Cuentenos el resultado, gracias
saludos
ms, 11-12-2007
-
kaliro
- Mensajes: 29
- Registrado: 02 Jul 2007, 12:39
Mensaje
por kaliro » 12 Dic 2007, 22:56
:( no me detecto nada ninguno de los dos en verdad quisiera saber la causa xq esto de ir a ciber me esta acabando mi dinero creen que haya solucion?
-
msc hotline sat
- Mensajes: 93500
- Registrado: 09 Mar 2004, 20:39
- Ubicación: BARCELONA (ESPAÑA)
-
Contactar:
Mensaje
por msc hotline sat » 13 Dic 2007, 05:57
Sí, pero empieza por desinstalar el Ares y demas P2P, que sino de nada va a servir !
Tras ello prueba esta herramienta antiRootKit de McAfee y posteanos el log resultante:
ROOTKITDETECTIVE (ACCESO AL LINK DE DESCARGA)
http://download.nai.com/products/mcafee-avert/McafeeRootkitDetective.zip
Pensamos que pueda haber un RootKit que oculte claves, procesos y ficheros de este mañware que le incordia. A ver si lo identificamos con lo indicado
saludos
ms, 13-12-2007
-
kaliro
- Mensajes: 29
- Registrado: 02 Jul 2007, 12:39
Mensaje
por kaliro » 13 Dic 2007, 20:39
no se usar este programa muy bn pero aqui esta el long que dejo
McAfee(R) Rootkit Detective 1.1 scan report
On 13-12-2007 at 14:27:24
OS-Version 5.1.2600
Service Pack 2.0
====================================
Object-Type: SSDT-hook
Object-Name: ZwAcceptConnectPort
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwAccessCheck
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwAccessCheckAndAuditAlarm
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwAccessCheckByType
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwAccessCheckByTypeAndAuditAlarm
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwAccessCheckByTypeResultList
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwAccessCheckByTypeResultListAndAuditAlarm
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwAccessCheckByTypeResultListAndAuditAlarmByHandle
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwAddAtom
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwAddBootEntry
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwAdjustGroupsToken
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwAdjustPrivilegesToken
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwAlertResumeThread
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwAlertThread
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwAllocateLocallyUniqueId
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwAllocateUserPhysicalPages
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwAllocateUuids
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwAllocateVirtualMemory
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwAreMappedFilesTheSame
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwAssignProcessToJobObject
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwCallbackReturn
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwCancelDeviceWakeupRequest
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwCancelIoFile
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwCancelTimer
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwClearEvent
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwClose
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwCloseObjectAuditAlarm
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwCompactKeys
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwCompareTokens
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwCompleteConnectPort
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwCompressKey
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwConnectPort
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwContinue
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwCreateDebugObject
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwCreateDirectoryObject
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwCreateEvent
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwCreateEventPair
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwCreateFile
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwCreateIoCompletion
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwCreateJobObject
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwCreateJobSet
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwCreateKey
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwCreateMailslotFile
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwCreateMutant
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwCreateNamedPipeFile
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwCreatePagingFile
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwCreatePort
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwCreateProcess
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwCreateProcessEx
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwCreateProfile
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwCreateSection
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwCreateSemaphore
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwCreateSymbolicLinkObject
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwCreateThread
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwCreateTimer
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwCreateToken
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwCreateWaitablePort
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwDebugActiveProcess
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwDebugContinue
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwDelayExecution
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwDeleteAtom
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwDeleteBootEntry
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwDeleteFile
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwDeleteKey
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwDeleteObjectAuditAlarm
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwDeleteValueKey
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwDeviceIoControlFile
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwDisplayString
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwDuplicateObject
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwDuplicateToken
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwEnumerateBootEntries
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwEnumerateKey
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwEnumerateSystemEnvironmentValuesEx
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwEnumerateValueKey
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwExtendSection
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwFilterToken
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwFindAtom
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwFlushBuffersFile
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwFlushInstructionCache
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwFlushKey
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwFlushVirtualMemory
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwFlushWriteBuffer
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwFreeUserPhysicalPages
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwFreeVirtualMemory
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwFsControlFile
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwGetContextThread
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwGetDevicePowerState
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwGetPlugPlayEvent
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwGetWriteWatch
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwImpersonateAnonymousToken
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwImpersonateClientOfPort
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwImpersonateThread
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwInitializeRegistry
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwInitiatePowerAction
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwIsProcessInJob
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwIsSystemResumeAutomatic
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwListenPort
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwLoadDriver
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwLoadKey2
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwLoadKey
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwLockFile
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwLockProductActivationKeys
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwLockRegistryKey
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwLockVirtualMemory
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwMakePermanentObject
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwMakeTemporaryObject
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwMapUserPhysicalPages
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwMapUserPhysicalPagesScatter
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwMapViewOfSection
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwModifyBootEntry
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwNotifyChangeDirectoryFile
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwNotifyChangeKey
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwNotifyChangeMultipleKeys
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwOpenDirectoryObject
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwOpenEvent
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwOpenEventPair
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwOpenFile
Object-Path: C:\WINDOWS\system32\drivers\kl1.sys
Object-Type: SSDT-hook
Object-Name: ZwOpenIoCompletion
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwOpenJobObject
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwOpenKey
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwOpenMutant
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwOpenObjectAuditAlarm
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwOpenProcess
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwOpenProcessToken
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwOpenProcessTokenEx
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwOpenSection
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwOpenSemaphore
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwOpenSymbolicLinkObject
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwOpenThread
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwOpenThreadToken
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwOpenThreadTokenEx
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwOpenTimer
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwPlugPlayControl
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwPowerInformation
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwPrivilegeCheck
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwPrivilegeObjectAuditAlarm
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwPrivilegedServiceAuditAlarm
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwProtectVirtualMemory
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwPulseEvent
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwQueryAttributesFile
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwQueryBootEntryOrder
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwQueryBootOptions
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwQueryDebugFilterState
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwQueryDefaultLocale
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwQueryDefaultUILanguage
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwQueryDirectoryFile
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwQueryDirectoryObject
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwQueryEaFile
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwQueryEvent
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwQueryFullAttributesFile
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwQueryInformationAtom
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwQueryInformationFile
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwQueryInformationJobObject
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwQueryInformationPort
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwQueryInformationProcess
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwQueryInformationThread
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwQueryInformationToken
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwQueryInstallUILanguage
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwQueryIntervalProfile
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwQueryIoCompletion
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwQueryKey
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwQueryMultipleValueKey
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwQueryMutant
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwQueryObject
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwQueryOpenSubKeys
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwQueryPerformanceCounter
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwQueryQuotaInformationFile
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwQuerySection
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwQuerySecurityObject
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwQuerySemaphore
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwQuerySymbolicLinkObject
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwQuerySystemEnvironmentValue
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwQuerySystemEnvironmentValueEx
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwQuerySystemInformation
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwQuerySystemTime
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwQueryTimer
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwQueryTimerResolution
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwQueryValueKey
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwQueryVirtualMemory
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwQueryVolumeInformationFile
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwQueueApcThread
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwRaiseException
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwRaiseHardError
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwReadFile
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwReadFileScatter
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwReadRequestData
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwReadVirtualMemory
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwRegisterThreadTerminatePort
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwReleaseMutant
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwReleaseSemaphore
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwRemoveIoCompletion
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwRemoveProcessDebug
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwRenameKey
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwReplaceKey
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwReplyPort
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwReplyWaitReceivePort
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwReplyWaitReceivePortEx
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwReplyWaitReplyPort
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwRequestDeviceWakeup
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwRequestPort
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwRequestWaitReplyPort
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwRequestWakeupLatency
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwResetEvent
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwResetWriteWatch
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwRestoreKey
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwResumeProcess
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwResumeThread
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwSaveKey
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwSaveKeyEx
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwSaveMergedKeys
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwSecureConnectPort
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwSetBootEntryOrder
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwSetBootOptions
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwSetContextThread
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwSetDebugFilterState
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwSetDefaultHardErrorPort
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwSetDefaultLocale
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwSetDefaultUILanguage
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwSetEaFile
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwSetEvent
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwSetEventBoostPriority
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwSetHighEventPair
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwSetHighWaitLowEventPair
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwSetInformationDebugObject
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwSetInformationFile
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwSetInformationJobObject
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwSetInformationKey
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwSetInformationObject
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwSetInformationProcess
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwSetInformationThread
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwSetInformationToken
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwSetIntervalProfile
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwSetIoCompletion
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwSetLdtEntries
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwSetLowEventPair
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwSetLowWaitHighEventPair
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwSetQuotaInformationFile
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwSetSecurityObject
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwSetSystemEnvironmentValue
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwSetSystemEnvironmentValueEx
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwSetSystemInformation
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwSetSystemPowerState
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwSetSystemTime
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwSetThreadExecutionState
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwSetTimer
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwSetTimerResolution
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwSetUuidSeed
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwSetValueKey
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwSetVolumeInformationFile
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwShutdownSystem
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwSignalAndWaitForSingleObject
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwStartProfile
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwStopProfile
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwSuspendProcess
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwSuspendThread
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwSystemDebugControl
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwTerminateJobObject
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwTerminateProcess
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwTerminateThread
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwTestAlert
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwTraceEvent
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwTranslateFilePath
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwUnloadDriver
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwUnloadKey
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwUnloadKeyEx
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwUnlockFile
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwUnlockVirtualMemory
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwUnmapViewOfSection
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwVdmControl
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwWaitForDebugEvent
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwWaitForMultipleObjects
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwWaitForSingleObject
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwWaitHighEventPair
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwWaitLowEventPair
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwWriteFile
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwWriteFileGather
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwWriteRequestData
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwWriteVirtualMemory
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwYieldExecution
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwCreateKeyedEvent
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwOpenKeyedEvent
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwReleaseKeyedEvent
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwWaitForKeyedEvent
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwQueryPortInformationProcess
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: (NULL)
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: (NULL)
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: (NULL)
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: (NULL)
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: (NULL)
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: (NULL)
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: (NULL)
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: (NULL)
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: (NULL)
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: (NULL)
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: (NULL)
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: (NULL)
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: (NULL)
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_SYSTEM_CONTROL
Object-Path:
Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_POWER
Object-Path:
Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_CLEANUP
Object-Path:
Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_SHUTDOWN
Object-Path:
Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_INTERNAL_DEVICE_CONTROL
Object-Path:
Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_DEVICE_CONTROL
Object-Path:
Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_FLUSH_BUFFERS
Object-Path:
Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_WRITE
Object-Path:
Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_READ
Object-Path:
Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_CREATE
Object-Path:
Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg
Status: Unable to access registry key
Object-Type: Registry-key
Object-Name: 19659239224E364682FA4BAF72C53EA4td\Cfg
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Status: Hidden
Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Status: Unable to access registry key
Object-Type: Registry-key
Object-Name: 00000001ontrolSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Status: Hidden
Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Status: Unable to access registry key
Object-Type: Registry-key
Object-Name: 0Jf40M\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Status: Hidden
Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Status: Unable to access registry key
Object-Type: Registry-value
Object-Name: khjeh
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Status: Hidden
Object-Type: Registry-value
Object-Name: a0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Status: Hidden
Object-Type: Registry-value
Object-Name: khjeh
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Status: Hidden
Object-Type: Registry-value
Object-Name: p0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Status: Hidden
Object-Type: Registry-value
Object-Name: h0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Status: Hidden
Object-Type: Registry-value
Object-Name: khjeh
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Status: Hidden
Object-Type: Registry-value
Object-Name: s1
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg
Status: Hidden
Object-Type: Registry-value
Object-Name: s2
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg
Status: Hidden
Object-Type: Registry-value
Object-Name: g0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg
Status: Hidden
Object-Type: Registry-value
Object-Name: h0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg
Status: Hidden
Object-Type: Registry-key
Object-Name: 19659239224E364682FA4BAF72C53EA4td\Cfg
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Status: Hidden
Object-Type: Registry-key
Object-Name: 00000001ontrolSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Status: Hidden
Object-Type: Registry-key
Object-Name: 0Jf40M\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Status: Hidden
Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg
Status: Unable to access registry key
Object-Type: Registry-key
Object-Name: 19659239224E364682FA4BAF72C53EA4td\Cfg
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Status: Hidden
Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Status: Unable to access registry key
Object-Type: Registry-key
Object-Name: 00000001ontrolSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Status: Hidden
Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Status: Unable to access registry key
Object-Type: Registry-key
Object-Name: 0Jf40M\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Status: Hidden
Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Status: Unable to access registry key
Object-Type: Registry-value
Object-Name: khjeh
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Status: Hidden
Object-Type: Registry-value
Object-Name: a0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Status: Hidden
Object-Type: Registry-value
Object-Name: khjeh
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Status: Hidden
Object-Type: Registry-value
Object-Name: p0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Status: Hidden
Object-Type: Registry-value
Object-Name: h0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Status: Hidden
Object-Type: Registry-value
Object-Name: khjeh
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Status: Hidden
Object-Type: Registry-value
Object-Name: s1
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg
Status: Hidden
Object-Type: Registry-value
Object-Name: s2
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg
Status: Hidden
Object-Type: Registry-value
Object-Name: g0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg
Status: Hidden
Object-Type: Registry-value
Object-Name: h0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg
Status: Hidden
Object-Type: Registry-key
Object-Name: DataEM\ControlSet001\Services\sptd\Cfg
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data
Status: Hidden
Object-Type: Registry-key
Object-Name: a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771 System Provider\*Local Machine*\Data
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771
Status: Hidden
Object-Type: Registry-key
Object-Name: 00000000-0000-0000-0000-000000000000 System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000
Status: Hidden
Object-Type: Registry-key
Object-Name: {6340E680-FF06-435f-8767-B79D88AEBD4D}ystem Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000\{6340E680-FF06-435f-8767-B79D88AEBD4D}
Status: Hidden
Object-Type: Registry-value
Object-Name: Item Data
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000\{6340E680-FF06-435f-8767-B79D88AEBD4D}
Status: Hidden
Object-Type: Registry-value
Object-Name: Display String
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000
Status: Hidden
Object-Type: Registry-value
Object-Name: Display String
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771
Status: Hidden
Object-Type: Registry-key
Object-Name: edec4b50-3a44-4ded-86dd-85a4e65c20ea System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\edec4b50-3a44-4ded-86dd-85a4e65c20ea
Status: Hidden
Object-Type: Registry-key
Object-Name: 0f88886d-d7b0-4839-9f39-5c335ef07898 System Provider\*Local Machine*\Data\edec4b50-3a44-4ded-86dd-85a4e65c20ea
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\edec4b50-3a44-4ded-86dd-85a4e65c20ea\0f88886d-d7b0-4839-9f39-5c335ef07898
Status: Hidden
Object-Type: Registry-key
Object-Name: MachineKeyicrosoft\Protected Storage System Provider\*Local Machine*\Data\edec4b50-3a44-4ded-86dd-85a4e65c20ea\0f88886d-d7b0-4839-9f39-5c335ef07898
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\edec4b50-3a44-4ded-86dd-85a4e65c20ea\0f88886d-d7b0-4839-9f39-5c335ef07898\MachineKey
Status: Hidden
Object-Type: Registry-value
Object-Name: Item Data
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\edec4b50-3a44-4ded-86dd-85a4e65c20ea\0f88886d-d7b0-4839-9f39-5c335ef07898\MachineKey
Status: Hidden
Object-Type: Registry-value
Object-Name: Display String
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\edec4b50-3a44-4ded-86dd-85a4e65c20ea\0f88886d-d7b0-4839-9f39-5c335ef07898
Status: Hidden
Object-Type: Registry-value
Object-Name: Display String
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\edec4b50-3a44-4ded-86dd-85a4e65c20ea
Status: Hidden
Object-Type: Registry-key
Object-Name: Data 2RE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\edec4b50-3a44-4ded-86dd-85a4e65c20ea
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data 2
Status: Hidden
Object-Type: Registry-key
Object-Name: WindowsE\Microsoft\Protected Storage System Provider\*Local Machine*\Data 2
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data 2\Windows
Status: Hidden
Object-Type: Registry-value
Object-Name: Value
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data 2\Windows
Status: Hidden
Object-Type: Process
Object-Name: smss.exe
Pid: 836
Object-Path: C:\WINDOWS\System32\smss.exe
Status: Visible
Object-Type: Process
Object-Name: System Idle Process
Pid: 0
Object-Path:
Status: Visible
Object-Type: Process
Object-Name: Ares.exe
Pid: 744
Object-Path: C:\Archivos de programa\Ares\Ares.exe
Status: Visible
Object-Type: Process
Object-Name: ctfmon.exe
Pid: 868
Object-Path: C:\WINDOWS\system32\ctfmon.exe
Status: Visible
Object-Type: Process
Object-Name: svchost.exe
Pid: 1272
Object-Path: C:\WINDOWS\System32\svchost.exe
Status: Visible
Object-Type: Process
Object-Name: svchost.exe
Pid: 1396
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible
Object-Type: Process
Object-Name: DUC20.exe
Pid: 1180
Object-Path: C:\Archivos de programa\No-IP\DUC20.exe
Status: Visible
Object-Type: Process
Object-Name: services.exe
Pid: 964
Object-Path: C:\WINDOWS\system32\services.exe
Status: Visible
Object-Type: Process
Object-Name: hkcmd.exe
Pid: 716
Object-Path: C:\WINDOWS\system32\hkcmd.exe
Status: Visible
Object-Type: Process
Object-Name: System
Pid: 4
Object-Path:
Status: Visible
Object-Type: Process
Object-Name: explorer.exe
Pid: 1740
Object-Path: C:\WINDOWS\Explorer.EXE
Status: Visible
Object-Type: Process
Object-Name: svchost.exe
Pid: 1152
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible
Object-Type: Process
Object-Name: spoolsv.exe
Pid: 1896
Object-Path: C:\WINDOWS\system32\spoolsv.exe
Status: Visible
Object-Type: Process
Object-Name: Crypserv.exe
Pid: 2020
Object-Path: C:\WINDOWS\system32\crypserv.exe
Status: Visible
Object-Type: Process
Object-Name: RTHDCPL.exe
Pid: 688
Object-Path: C:\WINDOWS\RTHDCPL.EXE
Status: Visible
Object-Type: Process
Object-Name: svchost.exe
Pid: 1372
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible
Object-Type: Process
Object-Name: sqlwriter.exe
Pid: 412
Object-Path: c:\Archivos de programa\Microsoft SQL Server\90\Shared\sqlwriter.exe
Status: Visible
Object-Type: Process
Object-Name: avp.exe
Pid: 724
Object-Path: C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
Status: Visible
Object-Type: Process
Object-Name: alg.exe
Pid: 3204
Object-Path: C:\WINDOWS\System32\alg.exe
Status: Visible
Object-Type: Process
Object-Name: igfxpers.exe
Pid: 696
Object-Path: C:\WINDOWS\system32\igfxpers.exe
Status: Visible
Object-Type: Process
Object-Name: msnmsgr.exe
Pid: 3424
Object-Path: C:\Archivos de programa\MSN Messenger\msnmsgr.exe
Status: Visible
Object-Type: Process
Object-Name: lsass.exe
Pid: 976
Object-Path: C:\WINDOWS\system32\lsass.exe
Status: Visible
Object-Type: Process
Object-Name: GoogleToolbarNo
Pid: 824
Object-Path: C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Status: Visible
Object-Type: Process
Object-Name: usnsvc.exe
Pid: 1444
Object-Path: C:\Archivos de programa\MSN Messenger\usnsvc.exe
Status: Visible
Object-Type: Process
Object-Name: svchost.exe
Pid: 1228
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible
Object-Type: Process
Object-Name: avp.exe
Pid: 2004
Object-Path: C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
Status: Visible
Object-Type: Process
Object-Name: winlogon.exe
Pid: 920
Object-Path: C:\WINDOWS\system32\winlogon.exe
Status: Visible
Object-Type: Process
Object-Name: wcescomm.exe
Pid: 860
Object-Path: C:\Archivos de programa\Microsoft ActiveSync\wcescomm.exe
Status: Visible
Object-Type: Process
Object-Name: sqlservr.exe
Pid: 272
Object-Path: c:\Archivos de programa\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
Status: Visible
Object-Type: Process
Object-Name: sqlbrowser.exe
Pid: 396
Object-Path: c:\Archivos de programa\Microsoft SQL Server\90\Shared\sqlbrowser.exe
Status: Visible
Object-Type: Process
Object-Name: igfxsrvc.exe
Pid: 768
Object-Path: C:\WINDOWS\system32\igfxsrvc.exe
Status: Visible
Object-Type: Process
Object-Name: rapimgr.exe
Pid: 1328
Object-Path: C:\ARCHIV~1\MI3AA1~1\rapimgr.exe
Status: Visible
Object-Type: Process
Object-Name: csrss.exe
Pid: 896
Object-Path: C:\WINDOWS\system32\csrss.exe
Status: Visible
Object-Type: Process
Object-Name: aawservice.exe
Pid: 1516
Object-Path: C:\Archivos de programa\Lavasoft\Ad-Aware 2007\aawservice.exe
Status: Visible
Object-Type: Process
Object-Name: Rootkit_Detecti
Pid: 4616
Object-Path: C:\Documents and Settings\Administrador\Escritorio\McafeeRootkitDetective\Rootkit_Detective.exe
Status: Visible
Object-Type: Process
Object-Name: dragdiag.exe
Pid: 680
Object-Path: C:\Archivos de programa\Thomson\SpeedTouch USB\Dragdiag.exe
Status: Visible
Scan complete. Hidden registry keys/values: 45
McAfee(R) Rootkit Detective 1.1 scan report
On 13-12-2007 at 14:37:22
OS-Version 5.1.2600
Service Pack 2.0
====================================
Object-Type: SSDT-hook
Object-Name: ZwAcceptConnectPort
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwAccessCheck
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwAccessCheckAndAuditAlarm
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwAccessCheckByType
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwAccessCheckByTypeAndAuditAlarm
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwAccessCheckByTypeResultList
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwAccessCheckByTypeResultListAndAuditAlarm
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwAccessCheckByTypeResultListAndAuditAlarmByHandle
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwAddAtom
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwAddBootEntry
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwAdjustGroupsToken
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwAdjustPrivilegesToken
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwAlertResumeThread
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwAlertThread
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwAllocateLocallyUniqueId
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwAllocateUserPhysicalPages
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwAllocateUuids
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwAllocateVirtualMemory
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwAreMappedFilesTheSame
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwAssignProcessToJobObject
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwCallbackReturn
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwCancelDeviceWakeupRequest
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwCancelIoFile
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwCancelTimer
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwClearEvent
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwClose
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwCloseObjectAuditAlarm
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwCompactKeys
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwCompareTokens
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwCompleteConnectPort
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwCompressKey
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwConnectPort
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwContinue
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwCreateDebugObject
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwCreateDirectoryObject
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwCreateEvent
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwCreateEventPair
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwCreateFile
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwCreateIoCompletion
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwCreateJobObject
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwCreateJobSet
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwCreateKey
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwCreateMailslotFile
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwCreateMutant
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwCreateNamedPipeFile
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwCreatePagingFile
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwCreatePort
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwCreateProcess
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwCreateProcessEx
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwCreateProfile
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwCreateSection
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwCreateSemaphore
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwCreateSymbolicLinkObject
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwCreateThread
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwCreateTimer
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwCreateToken
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwCreateWaitablePort
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwDebugActiveProcess
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwDebugContinue
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwDelayExecution
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwDeleteAtom
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwDeleteBootEntry
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwDeleteFile
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwDeleteKey
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwDeleteObjectAuditAlarm
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwDeleteValueKey
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwDeviceIoControlFile
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwDisplayString
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwDuplicateObject
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwDuplicateToken
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwEnumerateBootEntries
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwEnumerateKey
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwEnumerateSystemEnvironmentValuesEx
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwEnumerateValueKey
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwExtendSection
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwFilterToken
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwFindAtom
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwFlushBuffersFile
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwFlushInstructionCache
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwFlushKey
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwFlushVirtualMemory
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwFlushWriteBuffer
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwFreeUserPhysicalPages
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwFreeVirtualMemory
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwFsControlFile
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwGetContextThread
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwGetDevicePowerState
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwGetPlugPlayEvent
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwGetWriteWatch
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwImpersonateAnonymousToken
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwImpersonateClientOfPort
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwImpersonateThread
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwInitializeRegistry
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwInitiatePowerAction
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwIsProcessInJob
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwIsSystemResumeAutomatic
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwListenPort
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwLoadDriver
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwLoadKey2
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwLoadKey
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwLockFile
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwLockProductActivationKeys
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwLockRegistryKey
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwLockVirtualMemory
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwMakePermanentObject
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwMakeTemporaryObject
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwMapUserPhysicalPages
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwMapUserPhysicalPagesScatter
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwMapViewOfSection
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwModifyBootEntry
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwNotifyChangeDirectoryFile
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwNotifyChangeKey
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwNotifyChangeMultipleKeys
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwOpenDirectoryObject
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwOpenEvent
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwOpenEventPair
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwOpenFile
Object-Path: C:\WINDOWS\system32\drivers\kl1.sys
Object-Type: SSDT-hook
Object-Name: ZwOpenIoCompletion
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwOpenJobObject
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwOpenKey
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwOpenMutant
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwOpenObjectAuditAlarm
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwOpenProcess
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwOpenProcessToken
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwOpenProcessTokenEx
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwOpenSection
Object-Path: C:\WINDOWS\system32\drivers\klif.sys
Object-Type: SSDT-hook
Object-Name: ZwOpenSemaphore
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwOpenSymbolicLinkObject
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwOpenThread
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwOpenThreadToken
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwOpenThreadTokenEx
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwOpenTimer
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwPlugPlayControl
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwPowerInformation
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwPrivilegeCheck
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwPrivilegeObjectAuditAlarm
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwPrivilegedServiceAuditAlarm
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwProtectVirtualMemory
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwPulseEvent
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwQueryAttributesFile
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwQueryBootEntryOrder
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwQueryBootOptions
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwQueryDebugFilterState
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwQueryDefaultLocale
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwQueryDefaultUILanguage
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwQueryDirectoryFile
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwQueryDirectoryObject
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwQueryEaFile
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwQueryEvent
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwQueryFullAttributesFile
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwQueryInformationAtom
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-hook
Object-Name: ZwQueryInformationFile
Object-Path: C:\WINDOWS\system32\TUKernel.exe
Object-Type: SSDT-
-
msc hotline sat
- Mensajes: 93500
- Registrado: 09 Mar 2004, 20:39
- Ubicación: BARCELONA (ESPAÑA)
-
Contactar:
Mensaje
por msc hotline sat » 14 Dic 2007, 07:22
Pues empezaremos con estos:
C:\WINDOWS\system32\TUKernel.exe
C:\WINDOWS\system32\drivers\klif.sys
C:\WINDOWS\system32\drivers\kl1.sys
C:\Archivos de programa\No-IP\DUC20.exe
envianoslos para analizar, gracias
->[b] Para ello recordar[/b]: https://foros.zonavirus.com/viewtopic.php?f=2&t=45334
Por cierto, parece que no has desinstalado el ARES...
saludos
ms, 14-12-2007
-
kaliro
- Mensajes: 29
- Registrado: 02 Jul 2007, 12:39
Mensaje
por kaliro » 14 Dic 2007, 17:50
hay dos archivos que no se encuentran es el de los drivers y reinicie en modo seguro y nada el ares lo desintale despues de pasar el mcafee antirootktit los otros comentarion son que la aplicacion DUC20.exe es de no-ip ya que esta misma la intale por un proyecto del colegio el cual trataba de un FTP remoto el cual fue el bimestre antepasado y se me olvido desintalarlo pero los hostin que habia registrado ya se vencieron hace ya bastante tiempo casi apenas termino el proyecto el TuKernel.exe en verdad no se que es lo busque en google unos dicen que es un rootktit otras que es un archivo del sistema en fin no se que es bueno y y el ares no lo uso para descargar lo uso para hacer canales de envio ya q por msn es una eternidad enviando y bueno de vez en cuando descargo musica d hay no mas
bueno por ultimo agregue otro log para ver que dice usted que es el experto
bueno muchas gracias y espero que me ayuden :P
-
msc hotline sat
- Mensajes: 93500
- Registrado: 09 Mar 2004, 20:39
- Ubicación: BARCELONA (ESPAÑA)
-
Contactar:
Mensaje
por msc hotline sat » 14 Dic 2007, 20:01
Pues envianos los ficheros que puedas de los indicados, y veremos lo que son.
Especialmente este Tukernel.exe es muy sospechoso, y no ha de tener nada que ver con el Kernel que si que es del sistema.
Mira si lo encuentras con un Inicio -> Buscar y cuando lo tengamos obraremos en consecuencia
Arranca en modo seguro, para encontrarlo, que si no igual se esconde y no lo encuentras
saludos
ms, 14-12-2007
-
kaliro
- Mensajes: 29
- Registrado: 02 Jul 2007, 12:39
Mensaje
por kaliro » 14 Dic 2007, 21:30
si ya les envie ese tukernel.exe y los otros archivos pero el que no encontre fue el de los drivers entre por Dos a buscar el archivo de los driver y nada lo primero que ise fue irne a inico/ejecutar y nada despues en buscar nada despues irme manualmente nada y por ultimo por Dos y nada pero el Tukernel.exe si lo encontre a la primera ya se los envie :lol:
-
msc hotline sat
- Mensajes: 93500
- Registrado: 09 Mar 2004, 20:39
- Ubicación: BARCELONA (ESPAÑA)
-
Contactar:
Mensaje
por msc hotline sat » 14 Dic 2007, 21:32
Pues subelo al VirusTotal a ver si alguno de los 32 lo identifica, como espero...
https://www.virustotal.com/es/
y nos posteas el resultado, gracias
saludos
ms, 14-12-2007
-
kaliro
- Mensajes: 29
- Registrado: 02 Jul 2007, 12:39
Mensaje
por kaliro » 15 Dic 2007, 01:10
no detecto nadaaa waaahaaa a lo mejor estoy estrenando un nuevo virus y no sabes ni que diablo ess ya estoy medio tarumadoo x el tema del IE q ni entraa y el msn como a los 10 minutos de intentos es q inicia secion bueno ojala me ayuden a resolverlo grasiasss por su atencioo a sido exelente :lol:
bueno ojala si es lo que digo encuentre la cura rapido ya que es algo bn frustante
Motor antivirus Versión Última actualización Resultado
AhnLab-V3 2007.12.15.10 2007.12.14 -
AntiVir 7.6.0.45 2007.12.14 -
Authentium 4.93.8 2007.12.14 -
Avast 4.7.1098.0 2007.12.14 -
AVG 7.5.0.503 2007.12.14 -
BitDefender 7.2 2007.12.15 -
CAT-QuickHeal 9.00 2007.12.14 -
ClamAV 0.91.2 2007.12.14 -
DrWeb 4.44.0.09170 2007.12.14 -
eSafe 7.0.15.0 2007.12.13 -
eTrust-Vet 31.3.5375 2007.12.14 -
Ewido 4.0 2007.12.14 -
FileAdvisor 1 2007.12.15 -
Fortinet 3.14.0.0 2007.12.14 -
F-Prot 4.4.2.54 2007.12.14 -
F-Secure 6.70.13030.0 2007.12.14 -
Ikarus T3.1.1.15 2007.12.14 -
Kaspersky 7.0.0.125 2007.12.14 -
McAfee 5186 2007.12.14 -
Microsoft 1.3109 2007.12.14 -
NOD32v2 2723 2007.12.14 -
Norman 5.80.02 2007.12.13 -
Panda 9.0.0.4 2007.12.14 -
Prevx1 V2 2007.12.15 -
Rising 20.22.41.00 2007.12.14 -
Sophos 4.24.0 2007.12.14 -
Sunbelt 2.2.907.0 2007.12.15 -
Symantec 10 2007.12.14 -
TheHacker 6.2.9.160 2007.12.14 -
VBA32 3.12.2.5 2007.12.14 -
VirusBuster 4.3.26:9 2007.12.14 -
Webwasher-Gateway 6.0.1 2007.12.14 -
Información adicional
Tamano archivo: 2279936 bytes
MD5: 7a01420a66dd2a9a846353db567ac7ad
SHA1: 9fb11a08ec834cbceff4c96cc86db43eb0958f31
PEiD: -
:cry: :cry:
-
msc hotline sat
- Mensajes: 93500
- Registrado: 09 Mar 2004, 20:39
- Ubicación: BARCELONA (ESPAÑA)
-
Contactar:
Mensaje
por msc hotline sat » 15 Dic 2007, 12:06
Pues prueba de aceder al msn y a internet arrancando en modo segur0 pero con funciones de Red, y asi evitar cargar el virus en memoria.
En tal modo prueba este AVOLINE y cuentanos el resultado, pues no es probable que sea este que nadie detecta (aunque no imporsible)
[url=https://www.eset.es/analisis-online/][b][color=Darknesred]AV ONLINE aconsejado[/color][/b][/url]
y nos comentas el resultado, gracias
-
kaliro
- Mensajes: 29
- Registrado: 02 Jul 2007, 12:39
Mensaje
por kaliro » 19 Dic 2007, 01:09
:( pos no no encontro nada pero ni siquiera cookies malintencioanda
ps:el internet paresia internet cuando aranque con funcionalidad de red bueno espero q se pueda solucionar probe eliminando el fichero pero al reiniciar de nuevo estaba :cry:
-
msc hotline sat
- Mensajes: 93500
- Registrado: 09 Mar 2004, 20:39
- Ubicación: BARCELONA (ESPAÑA)
-
Contactar:
Mensaje
por msc hotline sat » 19 Dic 2007, 04:07
Las cookies es lo de menos, las puedes eliminar desde el I.E.->Herramientas->opciones de Internet o con el ELITEMPO:
ELITEMPO
http://www.zonavirus.com/datos/descargas/70/EliTempo.asp
o incluso con el ELISTARA si se acepta ELIMINAR TEMPORALES , pero lo importante es que el antivirus ya no detecte nada. Confirmanos este punto, para dar por solucionado el Tema en tal caso.
saludos
ms, 19-12-2007
-
kaliro
- Mensajes: 29
- Registrado: 02 Jul 2007, 12:39
Mensaje
por kaliro » 20 Dic 2007, 21:48
:cry: no me explique bn es que cuando aranque en modo seguro con funcionalidades de red si ando bn pero cuando encendi la pc de nuevo estaba el archivo y el mismo problema
la utilidad que me dio elimino las cookies pero siguio igual
PD: disculpen la demora es que no tenia dinero para ir al ciber :lol:
-
msc hotline sat
- Mensajes: 93500
- Registrado: 09 Mar 2004, 20:39
- Ubicación: BARCELONA (ESPAÑA)
-
Contactar:
Mensaje
por msc hotline sat » 21 Dic 2007, 05:41
Pues no te gastes dinero en el cyber, arrancando en modo seguro con funciones de red puedes navegar ...
Y respecto a este fichero que dices persiste, ahora no sé si es el TUKERNEL o uno de los otros que te pedía.
Lanza de nuevo el HJT y posteanos el log actual, para saber donde estamos.
saludos
ms, 21-12-2007
-
kaliro
- Mensajes: 29
- Registrado: 02 Jul 2007, 12:39
Mensaje
por kaliro » 21 Dic 2007, 16:14
eh intalado el Eset Smart Security con una oferta de mi pais de esetme ah resultado bueno pero no ah solucionado los problemas del internet lento el firefox sirve pero esta tambien lento pero un poco menos que el IE ejecute una herramienta que usted da en una solucion de tema sobre un archivo Host solo desia 127.0.0.0 local host me imagino q debe estar bien cre o yo :) bueno aqui esta mi long
Logfile of HijackThis v1.99.1
Scan saved at 10:09:09 a.m., on 12/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Archivos de programa\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Microsoft ActiveSync\wcescomm.exe
C:\Archivos de programa\Messenger\MSMSGS.EXE
C:\ARCHIV~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\crypserv.exe
C:\Archivos de programa\ESET\ESET Smart Security\ekrn.exe
c:\Archivos de programa\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\Archivos de programa\MSN Messenger\usnsvc.exe
C:\ARCHIV~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrador\Escritorio\SProces.exe
C:\Documents and Settings\Administrador\Mis documentos\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Archivos de programa\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [egui] "C:\Archivos de programa\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NodLogin] C:\Archivos de programa\ESET\ESET Smart Security\nodlogin.exe
O4 - HKCU\..\Run: [ares] "C:\Archivos de programa\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [swg] C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Archivos de programa\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\MSMSGS.EXE" /background
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ARCHIV~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1194029476390
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/ve/securityadvisor/virusinfo/webscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3180E1A2-3C22-4E0C-93F1-6232E0C2B75B}: NameServer = 201.225.225.225 201.224.73.162
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Archivos de programa\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Archivos de programa\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Archivos de programa\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Archivos de programa\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Archivos de programa\PC Connectivity Solution\ServiceLayer.exe
bueno si no se puede creo q voy a formatiar la maquina pero sera despues porque voy a celebrar navidad bueno chao y buena suerte si no los veo Feliz Navidad
-
msc hotline sat
- Mensajes: 93500
- Registrado: 09 Mar 2004, 20:39
- Ubicación: BARCELONA (ESPAÑA)
-
Contactar:
Mensaje
por msc hotline sat » 21 Dic 2007, 19:11
el log del HJT está limpio...
Prueba el SPROCES y veamos si tienes algo mas oculto.
(posteanos luego el SPROCLOG.TXT, claro)
saludps
ms, 21-12-2007
msc hotline sat Virus Research Engineer