Regshot 1.8.3-beta1V5
Comments:
Datetime:2013/1/24 20:51:29  ,  2013/1/24 21:01:33
Computer:UHA-68F2DDBE516 , UHA-68F2DDBE516
Username:Administrador , Administrador

----------------------------------
Keys added:18
----------------------------------
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_RASMAN\0000\Control
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_TAPISRV\0000\Control
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_VKXDGRIQW
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_VKXDGRIQW\0000
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_VKXDGRIQW\0000\Control
HKLM\SYSTEM\ControlSet001\Services\vKxdGriQw
HKLM\SYSTEM\ControlSet001\Services\vKxdGriQw\Parameters
HKLM\SYSTEM\ControlSet001\Services\vKxdGriQw\Security
HKLM\SYSTEM\ControlSet001\Services\vKxdGriQw\Enum
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RASMAN\0000\Control
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TAPISRV\0000\Control
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VKXDGRIQW
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VKXDGRIQW\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VKXDGRIQW\0000\Control
HKLM\SYSTEM\CurrentControlSet\Services\vKxdGriQw
HKLM\SYSTEM\CurrentControlSet\Services\vKxdGriQw\Parameters
HKLM\SYSTEM\CurrentControlSet\Services\vKxdGriQw\Security
HKLM\SYSTEM\CurrentControlSet\Services\vKxdGriQw\Enum

----------------------------------
Values deleted:2
----------------------------------
HKLM\SYSTEM\ControlSet001\Services\kmixer\Enum\0: "SW\{b7eafdc0-a680-11d0-96d8-00aa0051e51d}\{9B365890-165F-11D0-A195-0020AFD156E4}"
HKLM\SYSTEM\CurrentControlSet\Services\kmixer\Enum\0: "SW\{b7eafdc0-a680-11d0-96d8-00aa0051e51d}\{9B365890-165F-11D0-A195-0020AFD156E4}"

----------------------------------
Values added:50
----------------------------------
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_RASMAN\0000\Control\ActiveService: "RasMan"
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_TAPISRV\0000\Control\ActiveService: "TapiSrv"
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_VKXDGRIQW\0000\Control\*NewlyCreated*: 0x00000000
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_VKXDGRIQW\0000\Control\ActiveService: "vKxdGriQw"
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_VKXDGRIQW\0000\Service: "vKxdGriQw"
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_VKXDGRIQW\0000\Legacy: 0x00000001
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_VKXDGRIQW\0000\ConfigFlags: 0x00000000
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_VKXDGRIQW\0000\Class: "LegacyDriver"
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_VKXDGRIQW\0000\ClassGUID: "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_VKXDGRIQW\0000\DeviceDesc: "vKxdGriQw Service"
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_VKXDGRIQW\NextInstance: 0x00000001
HKLM\SYSTEM\ControlSet001\Services\vKxdGriQw\Enum\0: "Root\LEGACY_VKXDGRIQW\0000"
HKLM\SYSTEM\ControlSet001\Services\vKxdGriQw\Enum\Count: 0x00000001
HKLM\SYSTEM\ControlSet001\Services\vKxdGriQw\Enum\NextInstance: 0x00000001
HKLM\SYSTEM\ControlSet001\Services\vKxdGriQw\Security\Security: 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
HKLM\SYSTEM\ControlSet001\Services\vKxdGriQw\Parameters\ServiceDll: "C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\cewmdmx.dll"
HKLM\SYSTEM\ControlSet001\Services\vKxdGriQw\Type: 0x00000110
HKLM\SYSTEM\ControlSet001\Services\vKxdGriQw\Start: 0x00000002
HKLM\SYSTEM\ControlSet001\Services\vKxdGriQw\ErrorControl: 0x00000001
HKLM\SYSTEM\ControlSet001\Services\vKxdGriQw\ImagePath: "%SystemRoot%\system32\svchost.exe -k netsvcs"
HKLM\SYSTEM\ControlSet001\Services\vKxdGriQw\DisplayName: "vKxdGriQw Service"
HKLM\SYSTEM\ControlSet001\Services\vKxdGriQw\ObjectName: "LocalSystem"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RASMAN\0000\Control\ActiveService: "RasMan"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TAPISRV\0000\Control\ActiveService: "TapiSrv"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VKXDGRIQW\0000\Control\*NewlyCreated*: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VKXDGRIQW\0000\Control\ActiveService: "vKxdGriQw"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VKXDGRIQW\0000\Service: "vKxdGriQw"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VKXDGRIQW\0000\Legacy: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VKXDGRIQW\0000\ConfigFlags: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VKXDGRIQW\0000\Class: "LegacyDriver"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VKXDGRIQW\0000\ClassGUID: "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VKXDGRIQW\0000\DeviceDesc: "vKxdGriQw Service"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VKXDGRIQW\NextInstance: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\vKxdGriQw\Enum\0: "Root\LEGACY_VKXDGRIQW\0000"
HKLM\SYSTEM\CurrentControlSet\Services\vKxdGriQw\Enum\Count: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\vKxdGriQw\Enum\NextInstance: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\vKxdGriQw\Security\Security: 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
HKLM\SYSTEM\CurrentControlSet\Services\vKxdGriQw\Parameters\ServiceDll: "C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\cewmdmx.dll"
HKLM\SYSTEM\CurrentControlSet\Services\vKxdGriQw\Type: 0x00000110
HKLM\SYSTEM\CurrentControlSet\Services\vKxdGriQw\Start: 0x00000002
HKLM\SYSTEM\CurrentControlSet\Services\vKxdGriQw\ErrorControl: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\vKxdGriQw\ImagePath: "%SystemRoot%\system32\svchost.exe -k netsvcs"
HKLM\SYSTEM\CurrentControlSet\Services\vKxdGriQw\DisplayName: "vKxdGriQw Service"
HKLM\SYSTEM\CurrentControlSet\Services\vKxdGriQw\ObjectName: "LocalSystem"
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable: 0x00000000
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings: 46 00 00 00 01 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\qbphzragbf\Fnaal-Qnjf_338Q0O855421867732R05399N2Q56670\znyjner_338Q0O855421867732R05399N2Q56670\svyrf_338Q0O855421867732R05399N2Q56670\R.rkr: 01 00 00 00 06 00 00 00 10 E4 ED 98 74 FA CD 01
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\documentos\Sanny-Daws_338D0B855421867732E05399A2D56670\malware_338D0B855421867732E05399A2D56670\files_338D0B855421867732E05399A2D56670\E.exe: "E"
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable: 0x00000000
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings: 46 00 00 00 01 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

----------------------------------
Values modified:41
----------------------------------
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed: 89 02 06 67 68 E3 62 40 4B 5E C5 F0 4D 7C 2F 44 ED 73 00 10 F2 27 3B 2B 04 10 0A F4 D1 CB 50 29 7C 23 B4 F6 39 58 45 BC A2 C8 8E BE 4F 2C 2D E1 54 EE D3 2D 2B C2 83 0F DB 37 FE B1 5F B2 58 81 D2 3B 16 D8 C5 C9 E3 8A 4E 22 E7 0C 9F 51 B0 C3
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed: FA 07 1C 2D F1 C8 09 EC 92 55 5E 2A A8 DA 01 E8 C8 78 24 D4 6F 0B 5D 2F 65 9B 30 C1 AE 9B 39 15 FB 5B 27 00 69 93 15 1D DA 80 9E 11 3D 9A BD AC D6 F7 73 AA 88 AE 7E D0 28 22 F1 84 69 B5 E0 AA F8 33 9C 43 AB 80 BD F1 20 3B 14 BC 89 56 A8 1E
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\UnableToDetectTime: "2012-12-18 01:06:27"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\UnableToDetectTime: "2013-01-24 20:55:23"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\SequenceNumber: 0x00000003
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\SequenceNumber: 0x00000004
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\TracesProcessed: 0x00000007
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\TracesProcessed: 0x0000000A
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\TracesSuccessful: 0x00000005
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\TracesSuccessful: 0x00000006
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs: '6to4 AppMgmt AudioSrv Browser CryptSvc DMServer DHCP ERSvc EventSystem FastUserSwitchingCompatibility HidServ Ias Iprip Irmon LanmanServer LanmanWorkstation Messenger Netman Nla Ntmssvc NWCWorkstation Nwsapagent Rasauto Rasman Remoteaccess Schedule Seclogon SENS Sharedaccess SRService Tapisrv Themes TrkWks W32Time WZCSVC Wmi WmdmPmSp winmgmt wscsvc xmlprov napagent hkmsvc BITS wuauserv ShellHWDetection helpsvc WmdmPmSN'
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs: 36 74 6F 34 00 41 70 70 4D 67 6D 74 00 41 75 64 69 6F 53 72 76 00 42 72 6F 77 73 65 72 00 43 72 79 70 74 53 76 63 00 44 4D 53 65 72 76 65 72 00 44 48 43 50 00 45 52 53 76 63 00 45 76 65 6E 74 53 79 73 74 65 6D 00 46 61 73 74 55 73 65 72 53 77 69 74 63 68 69 6E 67 43 6F 6D 70 61 74 69 62 69 6C 69 74 79 00 48 69 64 53 65 72 76 00 49 61 73 00 49 70 72 69 70 00 49 72 6D 6F 6E 00 4C 61 6E 6D 61 6E 53 65 72 76 65 72 00 4C 61 6E 6D 61 6E 57 6F 72 6B 73 74 61 74 69 6F 6E 00 4D 65 73 73 65 6E 67 65 72 00 4E 65 74 6D 61 6E 00 4E 6C 61 00 4E 74 6D 73 73 76 63 00 4E 57 43 57 6F 72 6B 73 74 61 74 69 6F 6E 00 4E 77 73 61 70 61 67 65 6E 74 00 52 61 73 61 75 74 6F 00 52 61 73 6D 61 6E 00 52 65 6D 6F 74 65 61 63 63 65 73 73 00 53 63 68 65 64 75 6C 65 00 53 65 63 6C 6F 67 6F 6E 00 53 45 4E 53 00 53 68 61 72 65 64 61 63 63 65 73 73 00 53 52 53 65 72 76 69 63 65 00 54 61 70 69 73 72 76 00 54 68 65 6D 65 73 00 54 72 6B 57 6B 73 00 57 33 32 54 69 6D 65 00 57 5A 43 53 56 43 00 57 6D 69 00 57 6D 64 6D 50 6D 53 70 00 77 69 6E 6D 67 6D 74 00 77 73 63 73 76 63 00 78 6D 6C 70 72 6F 76 00 6E 61 70 61 67 65 6E 74 00 68 6B 6D 73 76 63 00 42 49 54 53 00 77 75 61 75 73 65 72 76 00 53 68 65 6C 6C 48 57 44 65 74 65 63 74 69 6F 6E 00 68 65 6C 70 73 76 63 00 57 6D 64 6D 50 6D 53 4E 00 76 4B 78 64 47 72 69 51 77 00
HKLM\SYSTEM\ControlSet001\Control\ServiceCurrent\: 0x0000000B
HKLM\SYSTEM\ControlSet001\Control\ServiceCurrent\: 0x0000000C
HKLM\SYSTEM\ControlSet001\Services\Dhcp\Parameters\{592EF604-1449-41AA-9D00-3A1F262B0400}: 06 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 1F DE CF 50 C0 A8 E0 01 0F 00 00 00 00 00 00 00 0B 00 00 00 00 00 00 00 1F DE CF 50 6C 6F 63 61 6C 64 6F 6D 61 69 6E 00 01 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 1F DE CF 50 FF FF FF 00 33 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 1F DE CF 50 00 00 07 08 36 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 1F DE CF 50 C0 A8 E0 FE 35 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 1F DE CF 50 05 00 00 00
HKLM\SYSTEM\ControlSet001\Services\Dhcp\Parameters\{592EF604-1449-41AA-9D00-3A1F262B0400}: 06 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 C3 A6 01 51 C0 A8 E0 01 0F 00 00 00 00 00 00 00 0B 00 00 00 00 00 00 00 C3 A6 01 51 6C 6F 63 61 6C 64 6F 6D 61 69 6E 00 01 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 C3 A6 01 51 FF FF FF 00 36 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 C3 A6 01 51 C0 A8 E0 FE 35 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 C3 A6 01 51 05 00 00 00 FC 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 45 A0 01 51 33 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 C3 A6 01 51 00 00 07 08
HKLM\SYSTEM\ControlSet001\Services\kmixer\Enum\Count: 0x00000001
HKLM\SYSTEM\ControlSet001\Services\kmixer\Enum\Count: 0x00000000
HKLM\SYSTEM\ControlSet001\Services\kmixer\Enum\NextInstance: 0x00000001
HKLM\SYSTEM\ControlSet001\Services\kmixer\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Epoch\Epoch: 0x00000040
HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Epoch\Epoch: 0x00000044
HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{592EF604-1449-41AA-9D00-3A1F262B0400}\LeaseObtainedTime: 0x50CFD717
HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{592EF604-1449-41AA-9D00-3A1F262B0400}\LeaseObtainedTime: 0x51019FBB
HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{592EF604-1449-41AA-9D00-3A1F262B0400}\T1: 0x50CFDA9B
HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{592EF604-1449-41AA-9D00-3A1F262B0400}\T1: 0x5101A33F
HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{592EF604-1449-41AA-9D00-3A1F262B0400}\T2: 0x50CFDD3E
HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{592EF604-1449-41AA-9D00-3A1F262B0400}\T2: 0x5101A5E2
HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{592EF604-1449-41AA-9D00-3A1F262B0400}\LeaseTerminatesTime: 0x50CFDE1F
HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{592EF604-1449-41AA-9D00-3A1F262B0400}\LeaseTerminatesTime: 0x5101A6C3
HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{592EF604-1449-41AA-9D00-3A1F262B0400}\DhcpRetryTime: 0x00000381
HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{592EF604-1449-41AA-9D00-3A1F262B0400}\DhcpRetryTime: 0x00000382
HKLM\SYSTEM\ControlSet001\Services\{592EF604-1449-41AA-9D00-3A1F262B0400}\Parameters\Tcpip\LeaseObtainedTime: 0x50CFD717
HKLM\SYSTEM\ControlSet001\Services\{592EF604-1449-41AA-9D00-3A1F262B0400}\Parameters\Tcpip\LeaseObtainedTime: 0x51019FBB
HKLM\SYSTEM\ControlSet001\Services\{592EF604-1449-41AA-9D00-3A1F262B0400}\Parameters\Tcpip\T1: 0x50CFDA9B
HKLM\SYSTEM\ControlSet001\Services\{592EF604-1449-41AA-9D00-3A1F262B0400}\Parameters\Tcpip\T1: 0x5101A33F
HKLM\SYSTEM\ControlSet001\Services\{592EF604-1449-41AA-9D00-3A1F262B0400}\Parameters\Tcpip\T2: 0x50CFDD3E
HKLM\SYSTEM\ControlSet001\Services\{592EF604-1449-41AA-9D00-3A1F262B0400}\Parameters\Tcpip\T2: 0x5101A5E2
HKLM\SYSTEM\ControlSet001\Services\{592EF604-1449-41AA-9D00-3A1F262B0400}\Parameters\Tcpip\LeaseTerminatesTime: 0x50CFDE1F
HKLM\SYSTEM\ControlSet001\Services\{592EF604-1449-41AA-9D00-3A1F262B0400}\Parameters\Tcpip\LeaseTerminatesTime: 0x5101A6C3
HKLM\SYSTEM\CurrentControlSet\Control\ServiceCurrent\: 0x0000000B
HKLM\SYSTEM\CurrentControlSet\Control\ServiceCurrent\: 0x0000000C
HKLM\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\{592EF604-1449-41AA-9D00-3A1F262B0400}: 06 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 1F DE CF 50 C0 A8 E0 01 0F 00 00 00 00 00 00 00 0B 00 00 00 00 00 00 00 1F DE CF 50 6C 6F 63 61 6C 64 6F 6D 61 69 6E 00 01 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 1F DE CF 50 FF FF FF 00 33 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 1F DE CF 50 00 00 07 08 36 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 1F DE CF 50 C0 A8 E0 FE 35 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 1F DE CF 50 05 00 00 00
HKLM\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\{592EF604-1449-41AA-9D00-3A1F262B0400}: 06 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 C3 A6 01 51 C0 A8 E0 01 0F 00 00 00 00 00 00 00 0B 00 00 00 00 00 00 00 C3 A6 01 51 6C 6F 63 61 6C 64 6F 6D 61 69 6E 00 01 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 C3 A6 01 51 FF FF FF 00 36 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 C3 A6 01 51 C0 A8 E0 FE 35 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 C3 A6 01 51 05 00 00 00 FC 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 45 A0 01 51 33 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 C3 A6 01 51 00 00 07 08
HKLM\SYSTEM\CurrentControlSet\Services\kmixer\Enum\Count: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\kmixer\Enum\Count: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\kmixer\Enum\NextInstance: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\kmixer\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\Epoch: 0x00000040
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\Epoch: 0x00000044
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{592EF604-1449-41AA-9D00-3A1F262B0400}\LeaseObtainedTime: 0x50CFD717
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{592EF604-1449-41AA-9D00-3A1F262B0400}\LeaseObtainedTime: 0x51019FBB
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{592EF604-1449-41AA-9D00-3A1F262B0400}\T1: 0x50CFDA9B
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{592EF604-1449-41AA-9D00-3A1F262B0400}\T1: 0x5101A33F
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{592EF604-1449-41AA-9D00-3A1F262B0400}\T2: 0x50CFDD3E
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{592EF604-1449-41AA-9D00-3A1F262B0400}\T2: 0x5101A5E2
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{592EF604-1449-41AA-9D00-3A1F262B0400}\LeaseTerminatesTime: 0x50CFDE1F
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{592EF604-1449-41AA-9D00-3A1F262B0400}\LeaseTerminatesTime: 0x5101A6C3
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{592EF604-1449-41AA-9D00-3A1F262B0400}\DhcpRetryTime: 0x00000381
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{592EF604-1449-41AA-9D00-3A1F262B0400}\DhcpRetryTime: 0x00000382
HKLM\SYSTEM\CurrentControlSet\Services\{592EF604-1449-41AA-9D00-3A1F262B0400}\Parameters\Tcpip\LeaseObtainedTime: 0x50CFD717
HKLM\SYSTEM\CurrentControlSet\Services\{592EF604-1449-41AA-9D00-3A1F262B0400}\Parameters\Tcpip\LeaseObtainedTime: 0x51019FBB
HKLM\SYSTEM\CurrentControlSet\Services\{592EF604-1449-41AA-9D00-3A1F262B0400}\Parameters\Tcpip\T1: 0x50CFDA9B
HKLM\SYSTEM\CurrentControlSet\Services\{592EF604-1449-41AA-9D00-3A1F262B0400}\Parameters\Tcpip\T1: 0x5101A33F
HKLM\SYSTEM\CurrentControlSet\Services\{592EF604-1449-41AA-9D00-3A1F262B0400}\Parameters\Tcpip\T2: 0x50CFDD3E
HKLM\SYSTEM\CurrentControlSet\Services\{592EF604-1449-41AA-9D00-3A1F262B0400}\Parameters\Tcpip\T2: 0x5101A5E2
HKLM\SYSTEM\CurrentControlSet\Services\{592EF604-1449-41AA-9D00-3A1F262B0400}\Parameters\Tcpip\LeaseTerminatesTime: 0x50CFDE1F
HKLM\SYSTEM\CurrentControlSet\Services\{592EF604-1449-41AA-9D00-3A1F262B0400}\Parameters\Tcpip\LeaseTerminatesTime: 0x5101A6C3
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cookies: "C:\Documents and Settings\NetworkService\Cookies"
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cookies: "C:\Documents and Settings\LocalService\Cookies"
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache: "C:\Documents and Settings\NetworkService\Configuraci�n local\Archivos temporales de Internet"
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache: "C:\Documents and Settings\LocalService\Configuraci�n local\Archivos temporales de Internet"
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\History: "C:\Documents and Settings\NetworkService\Configuraci�n local\Historial"
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\History: "C:\Documents and Settings\LocalService\Configuraci�n local\Historial"
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU: 01 00 00 00 62 00 00 00 A0 E1 5E 90 74 FA CD 01
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU: 01 00 00 00 63 00 00 00 10 E4 ED 98 74 FA CD 01
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cookies: "C:\Documents and Settings\NetworkService\Cookies"
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cookies: "C:\Documents and Settings\LocalService\Cookies"
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache: "C:\Documents and Settings\NetworkService\Configuraci�n local\Archivos temporales de Internet"
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache: "C:\Documents and Settings\LocalService\Configuraci�n local\Archivos temporales de Internet"
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\History: "C:\Documents and Settings\NetworkService\Configuraci�n local\Historial"
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\History: "C:\Documents and Settings\LocalService\Configuraci�n local\Historial"

----------------------------------
Total changes:111
----------------------------------