Generic Host Process for win32 Services

Adobe Products


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX
DisplayName REG_SZ Adobe Flash Player 10 ActiveX
Publisher REG_SZ Adobe Systems Incorporated
DisplayVersion REG_SZ 10.1.53.64
HelpLink REG_SZ http://www.adobe.com/go/flashplayer_support/
NoModify REG_DWORD 0x1
NoRepair REG_DWORD 0x1
RequiresIESysFile REG_SZ 4.70.0.1155
URLInfoAbout REG_SZ http://www.adobe.com
URLUpdateInfo REG_SZ http://www.adobe.com/go/getflashplayer/
VersionMajor REG_DWORD 0xa
VersionMinor REG_DWORD 0x1
UninstallString REG_SZ C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe -maintain activex
DisplayIcon REG_SZ C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe
EstimatedSize REG_DWORD 0x1800

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin
DisplayName REG_SZ Adobe Flash Player 10 Plugin
DisplayVersion REG_SZ 10.0.45.2
Publisher REG_SZ Adobe Systems Incorporated
URLInfoAbout REG_SZ http://www.adobe.com/go/getflashplayer
DisplayIcon REG_SZ C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
UninstallString REG_SZ C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
NoModify REG_DWORD 0x1
NoRepair REG_DWORD 0x1


Autorun


! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
swg REG_SZ "C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
msnmsgr REG_SZ "C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe" /background
Google Update REG_SZ "C:\Documents and Settings\Usuario\Configuración local\Datos de programa\Google\Update\GoogleUpdate.exe" /c
MSMSGS REG_SZ "C:\Archivos de programa\Messenger\msmsgs.exe" /background
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
Skype REG_SZ "C:\Archivos de programa\Skype\Phone\Skype.exe" /nosplash /minimized
gcrspkrf REG_SZ C:\Documents and Settings\Usuario\Configuración local\Datos de programa\gsndoqbdw\wapwisftssd.exe

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
LManager REG_SZ C:\Archivos de programa\Launch Manager\LManager.exe
GrooveMonitor REG_SZ "C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe"
avast5 REG_SZ C:\ARCHIV~1\ALWILS~1\Avast5\avastUI.exe /nogui
Adobe Reader Speed Launcher REG_SZ "C:\Archivos de programa\Adobe\Reader 9.0\Reader\Reader_sl.exe"
PersistenceThread REG_SZ C:\WINDOWS\system32\PersistenceThread.exe
PHIME2002ASync REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
MSPY2002 REG_SZ C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
QuickTime Task REG_SZ "C:\Archivos de programa\QuickTime\QTTask.exe" -atboottime
AzMixerSel REG_SZ C:\Archivos de programa\Realtek\Audio\Drivers\AzMixerSel.exe
iTunesHelper REG_SZ "C:\Archivos de programa\iTunes\iTunesHelper.exe"
UserFaultCheck REG_EXPAND_SZ %systemroot%\system32\dumprep 0 -u
RTHDCPL REG_SZ RTHDCPL.EXE
Alcmtr REG_SZ ALCMTR.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents


Restrictions - Internet Explorer



Restrictions - REGEDIT


! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System


Restrictions - Explorer


! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoDriveTypeAutoRun REG_DWORD 0x91


DNS Settings


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0C9EB60C-736F-4E44-9192-7AB9EC3BB6D4}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0DE7DB37-0046-47A6-96DD-A7B96EADD827}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2E73C750-E37A-44A1-B3EF-019420302F47}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{42333E6E-8999-4C01-99FF-E12CAF259E61}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4508D48F-39F9-4EA4-B83C-C24C06915B1E}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{499E4B36-A9F8-4225-A32A-28887C33AB96}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{63BEBA95-7EDA-45A7-9453-1DC2CE9F8AEF}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C30970F2-8F9A-4DFC-9CFA-A49BC2D31C15}


Configuración IP de Windows



Nombre del host . . . . . . . . . : Joan

Sufijo DNS principal . . . . . . :

Tipo de nodo. . . . . . . . . . . : híbrido

Enrutamiento habilitado. . . . . .: No

Proxy WINS habilitado. . . . . : No



Adaptador Ethernet Conexión de área local :



Estado de los medios. . . .: medios desconectados

Descripción. . . . . . . . . . . : Realtek RTL8102/8103/8136 Family PCI-E FE NIC

Dirección física. . . . . . . . . : 00-23-8B-D7-68-42



Adaptador Ethernet Conexiones de red inalámbricas :



Sufijo de conexión específica DNS :

Descripción. . . . . . . . . . . : Atheros AR5007EG Wireless Network Adapter

Dirección física. . . . . . . . . : 00-25-56-06-28-6A

DHCP habilitado. . . . . . . . . : No

Autoconfiguración habilitada. . . : Sí

Dirección IP. . . . . . . . . . . : 192.168.0.11

Máscara de subred . . . . . . . . : 255.255.255.0

Puerta de enlace predeterminada : 192.168.0.254

Servidor DHCP . . . . . . . . . . : 192.168.0.254

Servidores DNS . . . . . . . . . .: 212.27.40.240

212.27.40.241

Concesión obtenida . . . . . . . : martes, 03 de agosto de 2010 14:55:26

Concesión expira . . . . . . . . .: viernes, 13 de agosto de 2010 14:55:26

AppInit DLLs


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs REG_SZ



Shell Service Object Delay Load


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
PostBootReminder REG_SZ {7849596a-48ea-486e-8937-a2a3009f31a9}
CDBurn REG_SZ {fbeb8a05-beee-4442-804e-409d6c4515e9}
WebCheck REG_SZ {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
SysTray REG_SZ {35CEC8A3-2BE6-11D2-8773-92E220524153}



Shell Execute Hooks


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} REG_SZ Groove GFS Stub Execution Hook


Image File Execution Options


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apitrap.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ASSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cleanup.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cqw32.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divxdec.ax

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DJSMAR00.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRMINST.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\enc98.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncodeDivXExt.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncryptPatchVer.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\front.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fullsoft.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GBROWSER.DLL

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmarq.ocx

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmm.ocx

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ishscan.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ISSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\javai.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm_g.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\main123w.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mngreg32.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msci_uno.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscoree.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorsvr.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorwks.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msjava.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mso.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVOPTRF.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NeVideoFX.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPMLIC.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NSWSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photohse.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PMSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppw32hlp.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\printhse.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prwin8.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ps80.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psdmt.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qfinder.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qpw.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\salwrap.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup32.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sevinst.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcnet.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcore_ebook.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TFDTCTT8.DLL

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ua80.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\udtapi.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ums.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vb40032.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbe6.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wpwin8.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xlmlEN.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xwsetup.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_INSTPGM.EXE


Security Providers



Local Security Authority


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Bounds REG_BINARY 0030000000200000
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
ImpersonatePrivilegeUpgradeToolHasRun REG_DWORD 0x1
LsaPid REG_DWORD 0x318
SecureBoot REG_DWORD 0x1
auditbaseobjects REG_DWORD 0x0
crashonauditfail REG_DWORD 0x0
disabledomaincreds REG_DWORD 0x0
everyoneincludesanonymous REG_DWORD 0x0
fipsalgorithmpolicy REG_DWORD 0x0
forceguest REG_DWORD 0x1
fullprivilegeauditing REG_BINARY 00
limitblankpassworduse REG_DWORD 0x1
lmcompatibilitylevel REG_DWORD 0x0
nodefaultadminowner REG_DWORD 0x1
nolmhash REG_DWORD 0x0
restrictanonymous REG_DWORD 0x0
restrictanonymoussam REG_DWORD 0x1
Notification Packages REG_MULTI_SZ scecli\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\AccessProviders

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Data

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\GBG

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\JD

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\msv1_0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Skew1

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SSO

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache

AppCert DLLs



App Paths


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\7zFM.exe
REG_SZ C:\Archivos de programa\7-Zip\7zFM.exe
Path REG_SZ C:\Archivos de programa\7-Zip

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\AcroRd32.exe
Path REG_SZ C:\Archivos de programa\Adobe\Reader 9.0\Reader\
REG_SZ C:\Archivos de programa\Adobe\Reader 9.0\Reader\AcroRd32.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\AvastUI.exe
Path REG_SZ C:\Archivos de programa\Alwil Software\Avast5
REG_SZ C:\Archivos de programa\Alwil Software\Avast5\AvastUI.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\bckgzm.exe
REG_SZ C:\Archivos de programa\MSN Gaming Zone\Windows\bckgzm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ccleaner.exe
REG_SZ C:\Archivos de programa\CCleaner\ccleaner.exe
Path REG_SZ C:\Archivos de programa\CCleaner

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\chkrzm.exe
REG_SZ C:\Archivos de programa\MSN Gaming Zone\Windows\chkrzm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\chrome.exe
Path REG_SZ C:\Documents and Settings\Usuario\Configuración local\Datos de programa\Google\Chrome\Application
REG_SZ C:\Documents and Settings\Usuario\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\CONF.EXE
REG_SZ C:\Archivos de programa\NetMeeting\conf.exe
Path REG_SZ C:\Archivos de programa\NetMeeting;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\dialer.exe
REG_SZ C:\Archivos de programa\Windows NT\dialer.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\excel.exe
REG_SZ C:\ARCHIV~1\MICROS~2\Office12\EXCEL.EXE
Path REG_SZ C:\Archivos de programa\Microsoft Office\Office12\
SaveURL REG_SZ 1
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\GROOVE.EXE
REG_SZ C:\ARCHIV~1\MICROS~2\Office12\GROOVE.EXE
Path REG_SZ C:\Archivos de programa\Microsoft Office\Office12\
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\HELPCTR.EXE
REG_SZ C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\hrtzzm.exe
REG_SZ C:\Archivos de programa\MSN Gaming Zone\Windows\hrtzzm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\hypertrm.exe
REG_SZ "C:\Archivos de programa\Windows NT\hypertrm.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ICWCONN1.EXE
REG_SZ "C:\Archivos de programa\Internet Explorer\Connection Wizard\ICWCONN1.EXE"
Path REG_SZ C:\Archivos de programa\Internet Explorer\Connection Wizard;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ICWCONN2.EXE
REG_SZ "C:\Archivos de programa\Internet Explorer\Connection Wizard\ICWCONN2.EXE"
Path REG_SZ C:\Archivos de programa\Internet Explorer\Connection Wizard;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\IEXPLORE.EXE
REG_SZ C:\Archivos de programa\Internet Explorer\iexplore.exe
Path REG_SZ C:\Archivos de programa\Internet Explorer;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\INETWIZ.EXE
REG_SZ "C:\Archivos de programa\Internet Explorer\Connection Wizard\INETWIZ.EXE"
Path REG_SZ C:\Archivos de programa\Internet Explorer\Connection Wizard;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\infopath.exe
REG_SZ C:\ARCHIV~1\MICROS~2\Office12\INFOPATH.EXE
Path REG_SZ C:\Archivos de programa\Microsoft Office\Office12\
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\install.exe
RunAsOnNonAdminInstall REG_DWORD 0x1
BlockOnTSNonInstallMode REG_DWORD 0x1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ISIGNUP.EXE
REG_SZ "C:\Archivos de programa\Internet Explorer\Connection Wizard\ISIGNUP.EXE"
Path REG_SZ C:\Archivos de programa\Internet Explorer\Connection Wizard;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\iTunes.exe
REG_SZ C:\Archivos de programa\iTunes\iTunes.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\javaws.exe
REG_SZ C:\Archivos de programa\Java\jre6\bin\javaws.exe
Path REG_SZ C:\Archivos de programa\Java\jre6\bin

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\LManager.EXE
Path REG_SZ C:\Archivos de programa\Launch Manager
REG_SZ C:\Archivos de programa\Launch Manager\LManager.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\mbam.exe
REG_SZ C:\Archivos de programa\Malwarebytes' Anti-Malware\mbam.exe
Path REG_SZ C:\Archivos de programa\Malwarebytes' Anti-Malware

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\migwiz.exe
REG_EXPAND_SZ %SystemRoot%\system32\usmt\migwiz.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\moviemk.exe
REG_SZ C:\Archivos de programa\Movie Maker\moviemk.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\mplayer2.exe
REG_SZ "C:\Archivos de programa\Windows Media Player\mplayer2.exe"
Path REG_SZ "C:\Archivos de programa\Windows Media Player"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MSACCESS.EXE
REG_SZ C:\ARCHIV~1\MICROS~2\Office12\MSACCESS.EXE
Path REG_SZ C:\Archivos de programa\Microsoft Office\Office12\
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MSCONFIG.EXE
REG_SZ C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\msimn.exe
REG_EXPAND_SZ %ProgramFiles%\Outlook Express\msimn.exe
Path REG_EXPAND_SZ %ProgramFiles%\Outlook Express

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\msinfo32.exe
REG_SZ C:\Archivos de programa\Archivos comunes\Microsoft Shared\MSInfo\MSInfo32.exe
Path REG_SZ C:\Archivos de programa\Archivos comunes\Microsoft Shared\MSInfo

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MSMSGS.EXE
REG_SZ C:\Archivos de programa\Messenger\msmsgs.exe
Path REG_SZ C:\Archivos de programa\Messenger;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MSNMSGR.EXE
REG_SZ C:\Archivos de programa\Windows Live\Messenger\MsnMsgr.Exe
Path REG_SZ C:\Archivos de programa\Windows Live\Messenger\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MsoHtmEd.exe
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\msoxmled.exe
REG_SZ C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\MSOXMLED.EXE
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MSPUB.EXE
REG_SZ C:\ARCHIV~1\MICROS~2\Office12\MSPUB.EXE
Path REG_SZ C:\Archivos de programa\Microsoft Office\Office12\
useURL REG_DWORD 0x1
SaveURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\msworks.exe
REG_SZ C:\Archivos de programa\Microsoft Works\msworks.exe
Path REG_SZ C:\Archivos de programa\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ois.exe
REG_SZ C:\ARCHIV~1\MICROS~2\Office12\OIS.EXE
Path REG_SZ C:\Archivos de programa\Microsoft Office\Office12\
SaveURL REG_SZ 0
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\OneNote.exe
REG_SZ C:\ARCHIV~1\MICROS~2\Office12\ONENOTE.EXE
Path REG_SZ C:\Archivos de programa\Microsoft Office\Office12\
SaveURL REG_SZ 1
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\OUTLOOK.EXE
Path REG_SZ C:\Archivos de programa\Microsoft Office\Office12\
REG_SZ C:\ARCHIV~1\MICROS~2\Office12\OUTLOOK.EXE

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\pbrush.exe
REG_EXPAND_SZ %SystemRoot%\system32\mspaint.exe
Path REG_EXPAND_SZ %SystemRoot%\system32

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\PictureViewer.exe
Path REG_SZ C:\Archivos de programa\QuickTime\
REG_SZ C:\Archivos de programa\QuickTime\PictureViewer.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\pinball.exe
REG_SZ C:\Archivos de programa\Windows NT\Pinball\pinball.exe
Path REG_SZ C:\Archivos de programa\Windows NT\Pinball

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\PowerDVD8
Path REG_SZ C:\Archivos de programa\CyberLink\PowerDVD8
REG_SZ C:\Archivos de programa\CyberLink\PowerDVD8\PowerDVD8.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\powerpnt.exe
REG_SZ C:\ARCHIV~1\MICROS~2\Office12\POWERPNT.EXE
Path REG_SZ C:\Archivos de programa\Microsoft Office\Office12\
useURL REG_SZ 1
SaveURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\QuickTimePlayer.exe
REG_SZ C:\Archivos de programa\QuickTime\QuickTimePlayer.exe
Path REG_SZ C:\Archivos de programa\QuickTime\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\rvsezm.exe
REG_SZ C:\Archivos de programa\MSN Gaming Zone\Windows\rvsezm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\setup.exe
RunAsOnNonAdminInstall REG_DWORD 0x1
BlockOnTSNonInstallMode REG_DWORD 0x1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\shvlzm.exe
REG_SZ C:\Archivos de programa\MSN Gaming Zone\Windows\shvlzm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\soffice.exe
REG_SZ C:\Archivos de programa\OpenOffice.org 2.0\program\soffice.exe
Path REG_SZ C:\Archivos de programa\OpenOffice.org 2.0\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\table30.exe
UseShortName REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wab.exe
REG_EXPAND_SZ %ProgramFiles%\Outlook Express\wab.exe
Path REG_EXPAND_SZ %ProgramFiles%\Outlook Express

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wabmig.exe
REG_EXPAND_SZ %ProgramFiles%\Outlook Express\wabmig.exe
Path REG_EXPAND_SZ %ProgramFiles%\Outlook Express

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\winnt32.exe
RunAsOnNonAdminInstall REG_DWORD 0x1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WinRAR.exe
REG_SZ C:\Archivos de programa\WinRAR\WinRAR.exe
Path REG_SZ C:\Archivos de programa\WinRAR

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Winword.exe
REG_SZ C:\ARCHIV~1\MICROS~2\Office12\WINWORD.EXE
Path REG_SZ C:\Archivos de programa\Microsoft Office\Office12\
useURL REG_SZ 1
SaveURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WKSAB.EXE
REG_SZ C:\Archivos de programa\Microsoft Works\WKSAB.exe
Path REG_SZ C:\Archivos de programa\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wkscal.exe
REG_SZ C:\ARCHIV~1\MICROS~3\WksCal.exe
Path REG_SZ C:\Archivos de programa\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wksdb.exe
REG_SZ C:\Archivos de programa\Microsoft Works\wksdb.exe
Path REG_SZ C:\Archivos de programa\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WKSSB.EXE
REG_SZ C:\Archivos de programa\Microsoft Works\WKSSB.exe
Path REG_SZ C:\Archivos de programa\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wksss.exe
REG_SZ C:\Archivos de programa\Microsoft Works\wksss.exe
Path REG_SZ C:\Archivos de programa\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wkswp.exe
REG_SZ C:\Archivos de programa\Microsoft Works\wkswp.exe
Path REG_SZ C:\Archivos de programa\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wlmail.exe
REG_EXPAND_SZ C:\Archivos de programa\Windows Live\Mail\wlmail.exe
Path REG_EXPAND_SZ C:\Archivos de programa\Windows Live\Mail\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wmplayer.exe
REG_SZ C:\Archivos de programa\Windows Media Player\wmplayer.exe
Path REG_SZ C:\Archivos de programa\Windows Media Player

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WORDPAD.EXE
REG_EXPAND_SZ "%ProgramFiles%\Windows NT\Accesorios\WORDPAD.EXE"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WRITE.EXE
REG_EXPAND_SZ "%ProgramFiles%\Windows NT\Accesorios\WORDPAD.EXE"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\XPSViewer.exe
REG_SZ "c:\WINDOWS\system32\XPSViewer\XPSViewer.exe"


Mozilla


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions
{20a82645-c095-46ed-80e3-08825760534b} REG_SZ c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
jqs@sun.com REG_EXPAND_SZ C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ff


Shared Task Scheduler


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
{438755C2-A8BA-11D1-B96B-00A0C90312E1} REG_SZ Precargador Browseui
{8C7461EF-2B13-11d2-BE35-3078302C2030} REG_SZ Demonio de caché de las categorías de componente


SafeBoot



SafeBootMinimal


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmserver

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SRService

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}

i can't put my last report

SafeBootNetwork


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmadmin

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmboot.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmio.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmload.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmserver

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ip6fw.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NtLmSsp

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpcdd.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpdd.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpwd.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sr.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SRService

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdpipe.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdtcp.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\termservice

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WZCSVC

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}

File Rename Operations - Session


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\FileRenameOperations


Known DLLs - Session


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDlls
advapi32 REG_SZ advapi32.dll
comdlg32 REG_SZ comdlg32.dll
DllDirectory REG_EXPAND_SZ %SystemRoot%\system32
gdi32 REG_SZ gdi32.dll
imagehlp REG_SZ imagehlp.dll
kernel32 REG_SZ kernel32.dll
lz32 REG_SZ lz32.dll
ole32 REG_SZ ole32.dll
oleaut32 REG_SZ oleaut32.dll
olecli32 REG_SZ olecli32.dll
olecnv32 REG_SZ olecnv32.dll
olesvr32 REG_SZ olesvr32.dll
olethk32 REG_SZ olethk32.dll
rpcrt4 REG_SZ rpcrt4.dll
shell32 REG_SZ shell32.dll
url REG_SZ url.dll
urlmon REG_SZ urlmon.dll
user32 REG_SZ user32.dll
version REG_SZ version.dll
wininet REG_SZ wininet.dll
wldap32 REG_SZ wldap32.dll

Downloaded program files (ActiveX)


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

PATH: C:\windows\Downloaded Program Files



Mountpoints


! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0622f4b4-c94d-11de-93b4-00255606286a}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d047957-785b-11df-9599-00255606286a}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d047958-785b-11df-9599-00238bd76842}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d047959-785b-11df-9599-00238bd76842}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d0802c1-1f3b-11df-94a3-00255606286a}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1edd5daa-b1dd-11de-9349-00255606286a}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3142e6dd-38ea-11df-94e9-00255606286a}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{314c0eac-b1ae-11de-9347-00255606286a}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3df233f2-534e-11de-b0f8-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5b09378e-2842-11df-94bf-00255606286a}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5b09378f-2842-11df-94bf-00255606286a}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e4ea335-682a-11df-956d-00255606286a}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74b4ed70-bcf4-11de-937c-00255606286a}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74b4ed71-bcf4-11de-937c-00255606286a}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79efa734-b1bf-11de-9343-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85d41366-878c-11df-95b1-00255606286a}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8d7f4ed6-68ab-11df-956e-00255606286a}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92ccdecd-3a3e-11df-94ec-00255606286a}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a19d8331-5c39-11df-954a-00255606286a}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a54f7f66-da6b-11de-93ec-00255606286a}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b684d7e0-2a16-11de-919c-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b684d7e1-2a16-11de-919c-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b6d1bcf9-038d-11df-9467-00255606286a}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b88b9dc6-f642-11de-943c-00255606286a}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b975a4ac-9658-11df-95d6-84f651b22388}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c30e124a-2562-11df-94b4-00255606286a}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cbd7ed78-f624-11de-943b-00255606286a}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee7cf703-b31f-11de-9353-00255606286a}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f293afd2-958f-11df-95cb-00255606286a}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f458ce60-d9f1-11de-93e9-00255606286a}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f5d06ad0-c788-11de-93a7-00255606286a}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fa0ac5b6-de5b-11de-93fa-00255606286a}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fceab3a8-2db9-11df-94d3-00255606286a}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC

Winlogon
! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
AutoRestartShell REG_DWORD 0x1
DefaultDomainName REG_SZ JOAN
DefaultUserName REG_SZ Usuario
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD 0xffffffff
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0x0
passwordexpirywarning REG_DWORD 0xe
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 0x1
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 0x1
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0x0
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 0x1
ShowLogonOptions REG_DWORD 0x0
AltDefaultUserName REG_SZ Usuario
AltDefaultDomainName REG_SZ JOAN

i'm just trying now

SafeBootNetwork


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmadmin

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmboot.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmio.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmload.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmserver

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ip6fw.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NtLmSsp

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpcdd.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpdd.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpwd.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sr.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SRService

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdpipe.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdtcp.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\termservice

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WZCSVC

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}

File Rename Operations - Session


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\FileRenameOperations


Known DLLs - Session


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDlls
advapi32 REG_SZ advapi32.dll
comdlg32 REG_SZ comdlg32.dll
DllDirectory REG_EXPAND_SZ %SystemRoot%\system32
gdi32 REG_SZ gdi32.dll
imagehlp REG_SZ imagehlp.dll
kernel32 REG_SZ kernel32.dll
lz32 REG_SZ lz32.dll
ole32 REG_SZ ole32.dll
oleaut32 REG_SZ oleaut32.dll
olecli32 REG_SZ olecli32.dll
olecnv32 REG_SZ olecnv32.dll
olesvr32 REG_SZ olesvr32.dll
olethk32 REG_SZ olethk32.dll
rpcrt4 REG_SZ rpcrt4.dll
shell32 REG_SZ shell32.dll
url REG_SZ url.dll
urlmon REG_SZ urlmon.dll
user32 REG_SZ user32.dll
version REG_SZ version.dll
wininet REG_SZ wininet.dll
wldap32 REG_SZ wldap32.dll


Downloaded program files (ActiveX)


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

PATH: C:\windows\Downloaded Program Files



Mountpoints


! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0622f4b4-c94d-11de-93b4-00255606286a}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d047957-785b-11df-9599-00255606286a}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d047958-785b-11df-9599-00238bd76842}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d047959-785b-11df-9599-00238bd76842}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d0802c1-1f3b-11df-94a3-00255606286a}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1edd5daa-b1dd-11de-9349-00255606286a}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3142e6dd-38ea-11df-94e9-00255606286a}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{314c0eac-b1ae-11de-9347-00255606286a}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3df233f2-534e-11de-b0f8-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5b09378e-2842-11df-94bf-00255606286a}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5b09378f-2842-11df-94bf-00255606286a}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e4ea335-682a-11df-956d-00255606286a}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74b4ed70-bcf4-11de-937c-00255606286a}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74b4ed71-bcf4-11de-937c-00255606286a}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79efa734-b1bf-11de-9343-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85d41366-878c-11df-95b1-00255606286a}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8d7f4ed6-68ab-11df-956e-00255606286a}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92ccdecd-3a3e-11df-94ec-00255606286a}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a19d8331-5c39-11df-954a-00255606286a}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a54f7f66-da6b-11de-93ec-00255606286a}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b684d7e0-2a16-11de-919c-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b684d7e1-2a16-11de-919c-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b6d1bcf9-038d-11df-9467-00255606286a}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b88b9dc6-f642-11de-943c-00255606286a}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b975a4ac-9658-11df-95d6-84f651b22388}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c30e124a-2562-11df-94b4-00255606286a}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cbd7ed78-f624-11de-943b-00255606286a}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee7cf703-b31f-11de-9353-00255606286a}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f293afd2-958f-11df-95cb-00255606286a}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f458ce60-d9f1-11de-93e9-00255606286a}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f5d06ad0-c788-11de-93a7-00255606286a}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fa0ac5b6-de5b-11de-93fa-00255606286a}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fceab3a8-2db9-11df-94d3-00255606286a}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC

Winlogon
! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
AutoRestartShell REG_DWORD 0x1
DefaultDomainName REG_SZ JOAN
DefaultUserName REG_SZ Usuario
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD 0xffffffff
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0x0
passwordexpirywarning REG_DWORD 0xe
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 0x1
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 0x1
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0x0
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 0x1
ShowLogonOptions REG_DWORD 0x0
AltDefaultUserName REG_SZ Usuario
AltDefaultDomainName REG_SZ JOAN

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Credentials

test

test2