I have the same problem, i've already did the scan with HijackThis and Malware latest versions. Please help me! LOGS:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:58:22, on 17-10-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\SPLASH.SYS\config\DVMExportService.exe
C:\Archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\windows\system32\wuaucldt.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\SRS Labs\WOWHD and TSHD Driver\SRS_PostInstaller.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Archivos de programa\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:50370
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [wuaucldt] c:\windows\system32\wuaucldt.exe
O4 - HKLM\..\Run: [Microsoft Driver Setup] C:\WINDOWS\cfdrive32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [wuaucldt] c:\documents and settings\maria soledad\wuaucldt.exe
O4 - HKLM\..\Policies\Explorer\Run: [Microsoft Driver Setup] C:\WINDOWS\cfdrive32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: sysogp32.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\SPLASH.SYS\config\DVMExportService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Archivos de programa\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Archivos de programa\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Archivos de programa\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Archivos de programa\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SRS PostInstaller Service (SRS_PostInstaller) - SRS Labs, Inc. - C:\Archivos de programa\SRS Labs\WOWHD and TSHD Driver\SRS_PostInstaller.exe
--
End of file - 4972 bytes
MALWARE:
Logfile created: 17-10-2010 03:20:29
Ad-Aware version: 8.3.4
Extended engine: 3
Extended engine version: 3.1.2770
User performing scan: MARIA SOLEDAD
*********************** Definitions database information ***********************
Lavasoft definition file: 150.126
Genotype definition file version: 2010/10/15 09:03:50
Extended engine definition file: 7071.0
******************************** Scan results: *********************************
Scan profile name: Inteligente (ID: smart)
Objects scanned: 10654
Objects detected: 4
Type Detected
==========================
Processes.......: 1
Registry entries: 0
Hostfile entries: 0
Files...........: 3
Folders.........: 0
LSPs............: 0
Cookies.........: 0
Browser hijacks.: 0
MRU objects.....: 0
Quarantined items:
Description: c:\windows\cfdrive32.exe Family Name: Win32.Backdoor.IRCBot/AV Engine: 1 Clean status: Success Item ID: 0 Family ID: 0
Description: c:\documents and settings\maria soledad\configuración local\archivos temporales de internet\content.ie5\dfecjnrw\adv2[1].exe Family Name: Trojan.Win32.Generic.pak!cobra Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: c8953544af193b338ae28700e0460bfc
Description: c:\documents and settings\maria soledad\configuración local\temp\004884.exe Family Name: Trojan.Win32.Generic.pak!cobra Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 53ff9cb29604a0a174fa7cc8231bd8b5
Description: c:\documents and settings\maria soledad\configuración local\temp\600387.exe Family Name: Trojan.Win32.Generic.pak!cobra Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: c8953544af193b338ae28700e0460bfc
Scan and cleaning complete: Finished correctly after 420 seconds
*********************************** Settings ***********************************
Scan profile:
ID: smart, enabled:1, value: Inteligente
ID: folderstoscan, enabled:1, value:
ID: useantivirus, enabled:1, value: true
ID: sections, enabled:1
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: false
ID: scanhostsfile, enabled:1, value: false
ID: scanmru, enabled:1, value: false
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: filescanningoptions, enabled:1
ID: archives, enabled:1, value: false
ID: onlyexecutables, enabled:1, value: true
ID: skiplargerthan, enabled:1, value: 20480
ID: scanrootkits, enabled:1, value: true
ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict
ID: usespywareheuristics, enabled:1, value: true
Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: N/A
Scheduled scan settings:
<Empty>
Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: silently, domain: normal,off,silently
ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily1, enabled:1, value: Daily 1
ID: time, enabled:1, value: Sat Oct 16 23:01:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily2, enabled:1, value: Daily 2
ID: time, enabled:1, value: Sat Oct 16 05:01:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily3, enabled:1, value: Daily 3
ID: time, enabled:1, value: Sat Oct 16 11:01:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily4, enabled:1, value: Daily 4
ID: time, enabled:1, value: Sat Oct 16 17:01:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updateweekly1, enabled:1, value: Weekly
ID: time, enabled:1, value: Sat Oct 16 23:01:00 2010
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: true
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: true
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: autoentertainmentmode, enabled:1, value: true
ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple
ID: language, enabled:1, value: es, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language
Realtime protection settings:
ID: realtime, enabled:1
ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant
ID: layers, enabled:1
ID: useantivirus, enabled:1, value: true
ID: usespywareheuristics, enabled:1, value: true
ID: modules, enabled:1
ID: processprotection, enabled:1, value: true
ID: onaccessprotection, enabled:1, value: false
ID: registryprotection, enabled:1, value: true
ID: networkprotection, enabled:1, value: true
****************************** System information ******************************
Computer name: MARIASOLEDAD
Processor name: Intel(R) Atom(TM) CPU N450 @ 1.66GHz
Processor identifier: x86 Family 6 Model 28 Stepping 10
Processor speed: ~1662MHZ
Raw info: processorarchitecture 0, processortype 586, processorlevel 6, processor revision 7178, number of processors 2, processor features: [MMX,SSE,SSE2]
Physical memory available: 463323136 bytes
Physical memory total: 1042104320 bytes
Virtual memory available: 1881169920 bytes
Virtual memory total: 2147352576 bytes
Memory load: 55%
Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Windows startup mode:
Running processes:
PID: 560 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 632 name: \??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 660 name: \??\C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 704 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY
PID: 716 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY
PID: 888 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 932 name: C:\WINDOWS\system32\svchost.exe owner: Servicio de red domain: NT AUTHORITY
PID: 1004 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1084 name: C:\WINDOWS\system32\svchost.exe owner: Servicio de red domain: NT AUTHORITY
PID: 1176 name: C:\WINDOWS\system32\svchost.exe owner: SERVICIO LOCAL domain: NT AUTHORITY
PID: 1308 name: C:\Archivos de programa\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1584 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1616 name: C:\WINDOWS\Explorer.EXE owner: MARIA SOLEDAD domain: MARIASOLEDAD
PID: 2044 name: C:\SPLASH.SYS\config\DVMExportService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 180 name: C:\Archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe owner: SYSTEM domain: NT AUTHORITY
PID: 340 name: C:\windows\system32\wuaucldt.exe owner: MARIA SOLEDAD domain: MARIASOLEDAD
PID: 368 name: C:\WINDOWS\system32\svchost.exe owner: MARIA SOLEDAD domain: MARIASOLEDAD
PID: 524 name: C:\Archivos de programa\SRS Labs\WOWHD and TSHD Driver\SRS_PostInstaller.exe owner: SYSTEM domain: NT AUTHORITY
PID: 108 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 616 name: C:\WINDOWS\system32\ctfmon.exe owner: MARIA SOLEDAD domain: MARIASOLEDAD
PID: 1368 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1376 name: C:\Archivos de programa\Intel\Intel Matrix Storage Manager\IAANTMon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1400 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3004 name: C:\WINDOWS\system32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3096 name: C:\WINDOWS\System32\alg.exe owner: SERVICIO LOCAL domain: NT AUTHORITY
PID: 3248 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3400 name: C:\Archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe owner: MARIA SOLEDAD domain: MARIASOLEDAD
PID: 3756 name: C:\WINDOWS\cfdrive32.exe owner: MARIA SOLEDAD domain: MARIASOLEDAD
PID: 3792 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1540 name: C:\WINDOWS\system32\wuauclt.exe owner: SYSTEM domain: NT AUTHORITY
PID: 4344 name: C:\WINDOWS\system32\wuauclt.exe owner: MARIA SOLEDAD domain: MARIASOLEDAD
PID: 5916 name: C:\Archivos de programa\Lavasoft\Ad-Aware\Ad-Aware.exe owner: MARIA SOLEDAD domain: MARIASOLEDAD
PID: 2856 name: C:\Archivos de programa\Lavasoft\Ad-Aware\AAWTray.exe owner: MARIA SOLEDAD domain: MARIASOLEDAD
Startup items:
Name: PostBootReminder
imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9}
Name: CDBurn
imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9}
Name: WebCheck
imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name: SysTray
imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Name: WPDShServiceObj
imagepath: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
Name: wuaucldt
imagepath: c:\windows\system32\wuaucldt.exe
Name: Microsoft Driver Setup
imagepath: C:\WINDOWS\cfdrive32.exe
Name: Microsoft Driver Setup
imagepath: C:\WINDOWS\cfdrive32.exe
Name: CTFMON.EXE
imagepath: C:\WINDOWS\system32\CTFMON.EXE
Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1}
imagepath: Precargador Browseui
Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
imagepath: Demonio de caché de las categorías de componente
Name:
imagepath: C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\desktop.ini
Name:
imagepath: C:\WINDOWS\system32\config\systemprofile\Menú Inicio\Programas\Inicio\desktop.ini
Bootexecute items:
Name:
imagepath: autocheck autochk *
Name:
imagepath: lsdelete
Running services:
Name: ALG
displayname: Servicio de puerta de enlace de capa de aplicación
Name: AudioSrv
displayname: Audio de Windows
Name: Browser
displayname: Examinador de equipos
Name: CryptSvc
displayname: Servicios de cifrado
Name: DcomLaunch
displayname: Iniciador de procesos de servidor DCOM
Name: Dhcp
displayname: Cliente DHCP
Name: Dnscache
displayname: Cliente DNS
Name: DvmMDES
displayname: DeviceVM Meta Data Export Service
Name: ekrn
displayname: ESET Service
Name: ERSvc
displayname: Servicio de informe de errores
Name: Eventlog
displayname: Registro de sucesos
Name: EventSystem
displayname: Sistema de sucesos COM+
Name: FastUserSwitchingCompatibility
displayname: Compatibilidad de cambio rápido de usuario
Name: helpsvc
displayname: Ayuda y soporte técnico
Name: HTTPFilter
displayname: HTTP SSL
Name: IAANTMON
displayname: Intel(R) Matrix Storage Event Monitor
Name: LanmanServer
displayname: Servidor
Name: lanmanworkstation
displayname: Estación de trabajo
Name: Lavasoft Ad-Aware Service
displayname: Lavasoft Ad-Aware Service
Name: LmHosts
displayname: Ayuda de NetBIOS sobre TCP/IP
Name: Netman
displayname: Conexiones de red
Name: Nla
displayname: NLA (Network Location Awareness)
Name: PlugPlay
displayname: Plug and Play
Name: PolicyAgent
displayname: Servicios IPSEC
Name: ProtectedStorage
displayname: Almacenamiento protegido
Name: RasMan
displayname: Administrador de conexión de acceso remoto
Name: RpcSs
displayname: Llamada a procedimiento remoto (RPC)
Name: SamSs
displayname: Administrador de cuentas de seguridad
Name: Schedule
displayname: Programador de tareas
Name: seclogon
displayname: Inicio de sesión secundario
Name: SENS
displayname: Notificación de sucesos del sistema
Name: SharedAccess
displayname: Firewall de Windows/Conexión compartida a Internet (ICS)
Name: ShellHWDetection
displayname: Detección de hardware shell
Name: Spooler
displayname: Cola de impresión
Name: SRS_PostInstaller
displayname: SRS PostInstaller Service
Name: SSDPSRV
displayname: Servicio de descubrimientos SSDP
Name: stisvc
displayname: Adquisición de imágenes de Windows (WIA)
Name: TapiSrv
displayname: Telefonía
Name: TermService
displayname: Servicios de Terminal Server
Name: Themes
displayname: Temas
Name: TrkWks
displayname: Cliente de seguimiento de vinculos distribuidos
Name: W32Time
displayname: Horario de Windows
Name: WebClient
displayname: Cliente Web
Name: winmgmt
displayname: Instrumental de administración de Windows
Name: wscsvc
displayname: Centro de seguridad
Name: wuauserv
displayname: Actualizaciones automáticas
Name: WZCSVC
displayname: Configuración inalámbrica rápida
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:58:22, on 17-10-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\SPLASH.SYS\config\DVMExportService.exe
C:\Archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\windows\system32\wuaucldt.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\SRS Labs\WOWHD and TSHD Driver\SRS_PostInstaller.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Archivos de programa\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:50370
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [wuaucldt] c:\windows\system32\wuaucldt.exe
O4 - HKLM\..\Run: [Microsoft Driver Setup] C:\WINDOWS\cfdrive32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [wuaucldt] c:\documents and settings\maria soledad\wuaucldt.exe
O4 - HKLM\..\Policies\Explorer\Run: [Microsoft Driver Setup] C:\WINDOWS\cfdrive32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: sysogp32.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\SPLASH.SYS\config\DVMExportService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Archivos de programa\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Archivos de programa\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Archivos de programa\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Archivos de programa\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SRS PostInstaller Service (SRS_PostInstaller) - SRS Labs, Inc. - C:\Archivos de programa\SRS Labs\WOWHD and TSHD Driver\SRS_PostInstaller.exe
--
End of file - 4972 bytes
MALWARE:
Logfile created: 17-10-2010 03:20:29
Ad-Aware version: 8.3.4
Extended engine: 3
Extended engine version: 3.1.2770
User performing scan: MARIA SOLEDAD
*********************** Definitions database information ***********************
Lavasoft definition file: 150.126
Genotype definition file version: 2010/10/15 09:03:50
Extended engine definition file: 7071.0
******************************** Scan results: *********************************
Scan profile name: Inteligente (ID: smart)
Objects scanned: 10654
Objects detected: 4
Type Detected
==========================
Processes.......: 1
Registry entries: 0
Hostfile entries: 0
Files...........: 3
Folders.........: 0
LSPs............: 0
Cookies.........: 0
Browser hijacks.: 0
MRU objects.....: 0
Quarantined items:
Description: c:\windows\cfdrive32.exe Family Name: Win32.Backdoor.IRCBot/AV Engine: 1 Clean status: Success Item ID: 0 Family ID: 0
Description: c:\documents and settings\maria soledad\configuración local\archivos temporales de internet\content.ie5\dfecjnrw\adv2[1].exe Family Name: Trojan.Win32.Generic.pak!cobra Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: c8953544af193b338ae28700e0460bfc
Description: c:\documents and settings\maria soledad\configuración local\temp\004884.exe Family Name: Trojan.Win32.Generic.pak!cobra Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 53ff9cb29604a0a174fa7cc8231bd8b5
Description: c:\documents and settings\maria soledad\configuración local\temp\600387.exe Family Name: Trojan.Win32.Generic.pak!cobra Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: c8953544af193b338ae28700e0460bfc
Scan and cleaning complete: Finished correctly after 420 seconds
*********************************** Settings ***********************************
Scan profile:
ID: smart, enabled:1, value: Inteligente
ID: folderstoscan, enabled:1, value:
ID: useantivirus, enabled:1, value: true
ID: sections, enabled:1
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: false
ID: scanhostsfile, enabled:1, value: false
ID: scanmru, enabled:1, value: false
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: filescanningoptions, enabled:1
ID: archives, enabled:1, value: false
ID: onlyexecutables, enabled:1, value: true
ID: skiplargerthan, enabled:1, value: 20480
ID: scanrootkits, enabled:1, value: true
ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict
ID: usespywareheuristics, enabled:1, value: true
Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: N/A
Scheduled scan settings:
<Empty>
Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: silently, domain: normal,off,silently
ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily1, enabled:1, value: Daily 1
ID: time, enabled:1, value: Sat Oct 16 23:01:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily2, enabled:1, value: Daily 2
ID: time, enabled:1, value: Sat Oct 16 05:01:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily3, enabled:1, value: Daily 3
ID: time, enabled:1, value: Sat Oct 16 11:01:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily4, enabled:1, value: Daily 4
ID: time, enabled:1, value: Sat Oct 16 17:01:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updateweekly1, enabled:1, value: Weekly
ID: time, enabled:1, value: Sat Oct 16 23:01:00 2010
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: true
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: true
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: autoentertainmentmode, enabled:1, value: true
ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple
ID: language, enabled:1, value: es, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language
Realtime protection settings:
ID: realtime, enabled:1
ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant
ID: layers, enabled:1
ID: useantivirus, enabled:1, value: true
ID: usespywareheuristics, enabled:1, value: true
ID: modules, enabled:1
ID: processprotection, enabled:1, value: true
ID: onaccessprotection, enabled:1, value: false
ID: registryprotection, enabled:1, value: true
ID: networkprotection, enabled:1, value: true
****************************** System information ******************************
Computer name: MARIASOLEDAD
Processor name: Intel(R) Atom(TM) CPU N450 @ 1.66GHz
Processor identifier: x86 Family 6 Model 28 Stepping 10
Processor speed: ~1662MHZ
Raw info: processorarchitecture 0, processortype 586, processorlevel 6, processor revision 7178, number of processors 2, processor features: [MMX,SSE,SSE2]
Physical memory available: 463323136 bytes
Physical memory total: 1042104320 bytes
Virtual memory available: 1881169920 bytes
Virtual memory total: 2147352576 bytes
Memory load: 55%
Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Windows startup mode:
Running processes:
PID: 560 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 632 name: \??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 660 name: \??\C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 704 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY
PID: 716 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY
PID: 888 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 932 name: C:\WINDOWS\system32\svchost.exe owner: Servicio de red domain: NT AUTHORITY
PID: 1004 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1084 name: C:\WINDOWS\system32\svchost.exe owner: Servicio de red domain: NT AUTHORITY
PID: 1176 name: C:\WINDOWS\system32\svchost.exe owner: SERVICIO LOCAL domain: NT AUTHORITY
PID: 1308 name: C:\Archivos de programa\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1584 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1616 name: C:\WINDOWS\Explorer.EXE owner: MARIA SOLEDAD domain: MARIASOLEDAD
PID: 2044 name: C:\SPLASH.SYS\config\DVMExportService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 180 name: C:\Archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe owner: SYSTEM domain: NT AUTHORITY
PID: 340 name: C:\windows\system32\wuaucldt.exe owner: MARIA SOLEDAD domain: MARIASOLEDAD
PID: 368 name: C:\WINDOWS\system32\svchost.exe owner: MARIA SOLEDAD domain: MARIASOLEDAD
PID: 524 name: C:\Archivos de programa\SRS Labs\WOWHD and TSHD Driver\SRS_PostInstaller.exe owner: SYSTEM domain: NT AUTHORITY
PID: 108 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 616 name: C:\WINDOWS\system32\ctfmon.exe owner: MARIA SOLEDAD domain: MARIASOLEDAD
PID: 1368 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1376 name: C:\Archivos de programa\Intel\Intel Matrix Storage Manager\IAANTMon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1400 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3004 name: C:\WINDOWS\system32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3096 name: C:\WINDOWS\System32\alg.exe owner: SERVICIO LOCAL domain: NT AUTHORITY
PID: 3248 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3400 name: C:\Archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe owner: MARIA SOLEDAD domain: MARIASOLEDAD
PID: 3756 name: C:\WINDOWS\cfdrive32.exe owner: MARIA SOLEDAD domain: MARIASOLEDAD
PID: 3792 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1540 name: C:\WINDOWS\system32\wuauclt.exe owner: SYSTEM domain: NT AUTHORITY
PID: 4344 name: C:\WINDOWS\system32\wuauclt.exe owner: MARIA SOLEDAD domain: MARIASOLEDAD
PID: 5916 name: C:\Archivos de programa\Lavasoft\Ad-Aware\Ad-Aware.exe owner: MARIA SOLEDAD domain: MARIASOLEDAD
PID: 2856 name: C:\Archivos de programa\Lavasoft\Ad-Aware\AAWTray.exe owner: MARIA SOLEDAD domain: MARIASOLEDAD
Startup items:
Name: PostBootReminder
imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9}
Name: CDBurn
imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9}
Name: WebCheck
imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name: SysTray
imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Name: WPDShServiceObj
imagepath: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
Name: wuaucldt
imagepath: c:\windows\system32\wuaucldt.exe
Name: Microsoft Driver Setup
imagepath: C:\WINDOWS\cfdrive32.exe
Name: Microsoft Driver Setup
imagepath: C:\WINDOWS\cfdrive32.exe
Name: CTFMON.EXE
imagepath: C:\WINDOWS\system32\CTFMON.EXE
Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1}
imagepath: Precargador Browseui
Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
imagepath: Demonio de caché de las categorías de componente
Name:
imagepath: C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\desktop.ini
Name:
imagepath: C:\WINDOWS\system32\config\systemprofile\Menú Inicio\Programas\Inicio\desktop.ini
Bootexecute items:
Name:
imagepath: autocheck autochk *
Name:
imagepath: lsdelete
Running services:
Name: ALG
displayname: Servicio de puerta de enlace de capa de aplicación
Name: AudioSrv
displayname: Audio de Windows
Name: Browser
displayname: Examinador de equipos
Name: CryptSvc
displayname: Servicios de cifrado
Name: DcomLaunch
displayname: Iniciador de procesos de servidor DCOM
Name: Dhcp
displayname: Cliente DHCP
Name: Dnscache
displayname: Cliente DNS
Name: DvmMDES
displayname: DeviceVM Meta Data Export Service
Name: ekrn
displayname: ESET Service
Name: ERSvc
displayname: Servicio de informe de errores
Name: Eventlog
displayname: Registro de sucesos
Name: EventSystem
displayname: Sistema de sucesos COM+
Name: FastUserSwitchingCompatibility
displayname: Compatibilidad de cambio rápido de usuario
Name: helpsvc
displayname: Ayuda y soporte técnico
Name: HTTPFilter
displayname: HTTP SSL
Name: IAANTMON
displayname: Intel(R) Matrix Storage Event Monitor
Name: LanmanServer
displayname: Servidor
Name: lanmanworkstation
displayname: Estación de trabajo
Name: Lavasoft Ad-Aware Service
displayname: Lavasoft Ad-Aware Service
Name: LmHosts
displayname: Ayuda de NetBIOS sobre TCP/IP
Name: Netman
displayname: Conexiones de red
Name: Nla
displayname: NLA (Network Location Awareness)
Name: PlugPlay
displayname: Plug and Play
Name: PolicyAgent
displayname: Servicios IPSEC
Name: ProtectedStorage
displayname: Almacenamiento protegido
Name: RasMan
displayname: Administrador de conexión de acceso remoto
Name: RpcSs
displayname: Llamada a procedimiento remoto (RPC)
Name: SamSs
displayname: Administrador de cuentas de seguridad
Name: Schedule
displayname: Programador de tareas
Name: seclogon
displayname: Inicio de sesión secundario
Name: SENS
displayname: Notificación de sucesos del sistema
Name: SharedAccess
displayname: Firewall de Windows/Conexión compartida a Internet (ICS)
Name: ShellHWDetection
displayname: Detección de hardware shell
Name: Spooler
displayname: Cola de impresión
Name: SRS_PostInstaller
displayname: SRS PostInstaller Service
Name: SSDPSRV
displayname: Servicio de descubrimientos SSDP
Name: stisvc
displayname: Adquisición de imágenes de Windows (WIA)
Name: TapiSrv
displayname: Telefonía
Name: TermService
displayname: Servicios de Terminal Server
Name: Themes
displayname: Temas
Name: TrkWks
displayname: Cliente de seguimiento de vinculos distribuidos
Name: W32Time
displayname: Horario de Windows
Name: WebClient
displayname: Cliente Web
Name: winmgmt
displayname: Instrumental de administración de Windows
Name: wscsvc
displayname: Centro de seguridad
Name: wuauserv
displayname: Actualizaciones automáticas
Name: WZCSVC
displayname: Configuración inalámbrica rápida
