Ayuda..infección

[artaud78]

hola. Quisiera exponer unos problemas que he tenido desde hace unos dias. Todo comenzo con el aumente de cpu al maximo por culpara de PING.EXE, esto despues de hacer algunos escaner parece solucionado. Ahora el problema son varios me detecta virus de sistema que no puede hacer nada y tengo el fireware inutilizado tanto el de win como el de avg(falta controlador). pego resultados a ver que se puede hacer. gracias.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 21:14:20, on 10/12/2011

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal



Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Toshiba\SmoothView\SmoothView.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Toshiba\ConfigFree\NDSTray.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe

C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Taskmgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\DllHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\xavigomez\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\xavigomez\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\xavigomez\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\xavigomez\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe



R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://es.msn.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.infospyware.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll

O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll

O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe

O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe

O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe

O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"

O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red')

O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (User 'Default user')

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe

O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe

O23 - Service: Servicio auxiliar de host para aplicaciones (AppHostSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Cortafuegos de AVG (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgfws.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

O23 - Service: WatchDog de AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe

O23 - Service: BackupService - ArcSoft, Inc. - C:\Users\xavigomez\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe

O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\dhcpcsvc.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe

O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe

O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\emdmgmt.dll,-1000 (EMDMgmt) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (Eventlog) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe

O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Aplicación auxiliar de NetBIOS sobre TCP/IP (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe

O23 - Service: Servicio del iniciador iSCSI de Microsoft (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe

O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe

O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\netprof.dll,-246 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe

O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe

O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe

O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: ServiceLayer - Unknown owner - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe (file missing)

O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe

O23 - Service: @%SystemRoot%\system32\SLUINotify.dll,-103 (SLUINotify) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe

O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)

O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

O23 - Service: Cliente de seguimiento de vínculos distribuidos (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe

O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\uxtuneup.dll,-4096 (UxTuneUp) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe

O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe

O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30001 (WAS) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Servicio de detección automática de proxy web WinHTTP (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe

O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100 (WPFFontCache_v0400) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe



--

End of file - 20563 bytes



Y este el logo de AVG"Análisis de ""Analizar todo el equipo"" completado."

"Infecciones";"4";"2";"2"

"Advertencias";"79";"79";"0"

"Carpetas seleccionadas para analizar:";"Analizar todo el equipo"

"Análisis iniciado:";"sábado, 10 de diciembre de 2011, 2:32:56"

"Análisis finalizado:";"sábado, 10 de diciembre de 2011, 4:17:19 (1 hora(s) 44 minuto(s) 22 segundo(s))"

"Total de objetos analizados:";"2257490"

"Usuario que inició el análisis:";"xavigomez"



"Infecciones"

"";"Archivo";"Infección";"Resultado"

"";"C:\Users\xavigomez\Desktop\Escritorio\tuneup2011-keygen.exe";"Troyano Generic24.AVDD";"Movido al Almacén de virus"

"";"C:\Windows\system32\DRIVERS\tdx.sys";"Troyano BackDoor.Generic14.CBHE";"El objeto se encuentra en la lista blanca (archivo del sistema o crítico que no debe eliminarse)"

"";"C:\Windows\System32\drivers\tdx.sys";"Troyano BackDoor.Generic14.CBHE";"El objeto se encuentra en la lista blanca (archivo del sistema o crítico que no debe eliminarse)"

"";"C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6002.18005_none_ec294157d9377403\tdx.sys";"Troyano BackDoor.Generic14.CBHE";"Movido al Almacén de virus"



"Advertencias"

"";"Archivo";"Infección";"Resultado"

"";"C:\Toshiba\Preinst\CancelTopi.exe";"Archivo ejecutable dañado";"Movido al Almacén de virus"

"";"C:\Windows\$NtUninstallKB45236$\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\ZQR49BQ7.txt:\serving-sys.com.db46cecc";"Se encontró Tracking cookie.Serving-sys";"Movido al Almacén de virus"

"";"C:\Users\xavigomez\AppData\Roaming\Microsoft\Windows\Cookies\037DFBSX.txt:\ad.yieldmanager.com.539b0606";"Se encontró Tracking cookie.Yieldmanager";"Movido al Almacén de virus"

"";"C:\Users\xavigomez\AppData\Roaming\Microsoft\Windows\Cookies\037DFBSX.txt:\ad.yieldmanager.com.8a47878";"Se encontró Tracking cookie.Yieldmanager";"Movido al Almacén de virus"

"";"C:\Users\xavigomez\AppData\Roaming\Microsoft\Windows\Cookies\037DFBSX.txt:\ad.yieldmanager.com.b68f2b7b";"Se encontró Tracking cookie.Yieldmanager";"Movido al Almacén de virus"

"";"C:\Users\xavigomez\AppData\Roaming\Microsoft\Windows\Cookies\037DFBSX.txt:\ad.yieldmanager.com.e626e6be";"Se encontró Tracking cookie.Yieldmanager";"Movido al Almacén de virus"

"";"C:\Users\xavigomez\AppData\Roaming\Microsoft\Windows\Cookies\037DFBSX.txt:\ad.yieldmanager.com.ff92306";"Se encontró Tracking cookie.Yieldmanager";"Movido al Almacén de virus"

"";"C:\Windows\$NtUninstallKB45236$\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\ZQR49BQ7.txt:\serving-sys.com.bb39fa8c";"Se encontró Tracking cookie.Serving-sys";"Movido al Almacén de virus"

"";"C:\Users\xavigomez\AppData\Roaming\Microsoft\Windows\Cookies\CPFO3J2E.txt:\atdmt.com.7247c262";"Se encontró Tracking cookie.Atdmt";"Movido al Almacén de virus"

"";"C:\Users\xavigomez\AppData\Roaming\Microsoft\Windows\Cookies\CPFO3J2E.txt:\atdmt.com.b3e33b5f";"Se encontró Tracking cookie.Atdmt";"Movido al Almacén de virus"

"";"C:\Windows\$NtUninstallKB45236$\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\ZQR49BQ7.txt:\serving-sys.com.3c465e6e";"Se encontró Tracking cookie.Serving-sys";"Movido al Almacén de virus"

"";"C:\Users\xavigomez\AppData\Roaming\Microsoft\Windows\Cookies\IREHTX88.txt:\overture.com.52ca467a";"Se encontró Tracking cookie.Overture";"Movido al Almacén de virus"

"";"C:\Users\xavigomez\AppData\Roaming\Microsoft\Windows\Cookies\IREHTX88.txt:\overture.com.e626e6be";"Se encontró Tracking cookie.Overture";"Movido al Almacén de virus"

"";"C:\Windows\$NtUninstallKB45236$\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\ZQR49BQ7.txt:\serving-sys.com.176b0dad";"Se encontró Tracking cookie.Serving-sys";"Movido al Almacén de virus"

"";"C:\Users\xavigomez\AppData\Roaming\Microsoft\Windows\Cookies\KC4NN7UF.txt:\atdmt.com.7247c262";"Se encontró Tracking cookie.Atdmt";"Movido al Almacén de virus"

"";"C:\Users\xavigomez\AppData\Roaming\Microsoft\Windows\Cookies\KC4NN7UF.txt:\atdmt.com.b3e33b5f";"Se encontró Tracking cookie.Atdmt";"Movido al Almacén de virus"

"";"C:\Windows\$NtUninstallKB45236$\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\XV2BCKXF.txt:\bs.serving-sys.com.5bf1f00f";"Se encontró Tracking cookie.Serving-sys";"Movido al Almacén de virus"

"";"C:\Users\xavigomez\AppData\Roaming\Microsoft\Windows\Cookies\KFU2FX5S.txt:\ad.yieldmanager.com.539b0606";"Se encontró Tracking cookie.Yieldmanager";"Movido al Almacén de virus"

"";"C:\Users\xavigomez\AppData\Roaming\Microsoft\Windows\Cookies\KFU2FX5S.txt:\ad.yieldmanager.com.8a47878";"Se encontró Tracking cookie.Yieldmanager";"Movido al Almacén de virus"

"";"C:\Users\xavigomez\AppData\Roaming\Microsoft\Windows\Cookies\KFU2FX5S.txt:\ad.yieldmanager.com.b68f2b7b";"Se encontró Tracking cookie.Yieldmanager";"Movido al Almacén de virus"

"";"C:\Users\xavigomez\AppData\Roaming\Microsoft\Windows\Cookies\KFU2FX5S.txt:\ad.yieldmanager.com.e626e6be";"Se encontró Tracking cookie.Yieldmanager";"Movido al Almacén de virus"

"";"C:\Users\xavigomez\AppData\Roaming\Microsoft\Windows\Cookies\KFU2FX5S.txt:\ad.yieldmanager.com.ff92306";"Se encontró Tracking cookie.Yieldmanager";"Movido al Almacén de virus"

"";"C:\Windows\$NtUninstallKB45236$\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\L7D321KV.txt:\atdmt.com.b3e33b5f";"Se encontró Tracking cookie.Atdmt";"Movido al Almacén de virus"

"";"C:\Users\xavigomez\AppData\Roaming\Microsoft\Windows\Cookies\KLBEJW05.txt:\serving-sys.com.176b0dad";"Se encontró Tracking cookie.Serving-sys";"Movido al Almacén de virus"

"";"C:\Users\xavigomez\AppData\Roaming\Microsoft\Windows\Cookies\KLBEJW05.txt:\serving-sys.com.3c465e6e";"Se encontró Tracking cookie.Serving-sys";"Movido al Almacén de virus"

"";"C:\Users\xavigomez\AppData\Roaming\Microsoft\Windows\Cookies\KLBEJW05.txt:\serving-sys.com.bb39fa8c";"Se encontró Tracking cookie.Serving-sys";"Movido al Almacén de virus"

"";"C:\Users\xavigomez\AppData\Roaming\Microsoft\Windows\Cookies\KLBEJW05.txt:\serving-sys.com.db46cecc";"Se encontró Tracking cookie.Serving-sys";"Movido al Almacén de virus"

"";"C:\Windows\$NtUninstallKB45236$\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\L7D321KV.txt:\atdmt.com.7247c262";"Se encontró Tracking cookie.Atdmt";"Movido al Almacén de virus"

"";"C:\Users\xavigomez\AppData\Roaming\Microsoft\Windows\Cookies\QWT1IIM9.txt:\bs.serving-sys.com.5bf1f00f";"Se encontró Tracking cookie.Serving-sys";"Movido al Almacén de virus"

"";"C:\Windows\$NtUninstallKB45236$\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\J1AI6UTS.txt:\adbrite.com.d5e309c2";"Se encontró Tracking cookie.Adbrite";"Movido al Almacén de virus"

"";"C:\Users\xavigomez\AppData\Roaming\Microsoft\Windows\Cookies\UPO8QV08.txt:\weborama.fr.30104bcb";"Se encontró Tracking cookie.Weborama";"Movido al Almacén de virus"

"";"C:\Users\xavigomez\AppData\Roaming\Microsoft\Windows\Cookies\UPO8QV08.txt:\weborama.fr.9fbfedb3";"Se encontró Tracking cookie.Weborama";"Movido al Almacén de virus"

"";"C:\Windows\$NtUninstallKB45236$\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\J1AI6UTS.txt:\adbrite.com.37283d89";"Se encontró Tracking cookie.Adbrite";"Movido al Almacén de virus"

"";"C:\Users\xavigomez\AppData\Roaming\Microsoft\Windows\Cookies\W0I7KTAG.txt:\weborama.fr.30104bcb";"Se encontró Tracking cookie.Weborama";"Movido al Almacén de virus"

"";"C:\Windows\$NtUninstallKB45236$\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\IFFGXWKA.txt:\casalemedia.com.987e6b46";"Se encontró Tracking cookie.Casalemedia";"Movido al Almacén de virus"

"";"C:\Users\xavigomez\AppData\Roaming\Microsoft\Windows\Cookies\XPA18LWE.txt:\overture.com.52ca467a";"Se encontró Tracking cookie.Overture";"Movido al Almacén de virus"

"";"C:\Users\xavigomez\AppData\Roaming\Microsoft\Windows\Cookies\XPA18LWE.txt:\overture.com.e626e6be";"Se encontró Tracking cookie.Overture";"Movido al Almacén de virus"

"";"C:\Windows\$NtUninstallKB45236$\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\IFFGXWKA.txt:\casalemedia.com.80ad4799";"Se encontró Tracking cookie.Casalemedia";"Movido al Almacén de virus"

"";"C:\Windows\$NtUninstallKB45236$\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\3Z2ADY4L.txt:\revsci.net.1ecc4d24";"Se encontró Tracking cookie.Revsci";"Movido al Almacén de virus"

"";"HKLM\SYSTEM\CurrentControlSet\services\tdx";"Se encontró una clave del Registro con referencia al archivo infectado C:\Windows\system32\DRIVERS\tdx.sys";"Movido al Almacén de virus"

"";"C:\Windows\$NtUninstallKB45236$\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\77BGZCA2.txt:\ru4.com.5a5e0633";"Se encontró Tracking cookie.Ru4";"Movido al Almacén de virus"

"";"C:\Windows\$NtUninstallKB45236$\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\77BGZCA2.txt:\ru4.com.82a499d7";"Se encontró Tracking cookie.Ru4";"Movido al Almacén de virus"

"";"C:\Windows\$NtUninstallKB45236$\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\IFFGXWKA.txt:\casalemedia.com.350339d4";"Se encontró Tracking cookie.Casalemedia";"Movido al Almacén de virus"

"";"C:\Windows\$NtUninstallKB45236$\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\9VERTF93.txt:\weborama.fr.30104bcb";"Se encontró Tracking cookie.Weborama";"Movido al Almacén de virus"

"";"C:\Windows\$NtUninstallKB45236$\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\IFFGXWKA.txt:\casalemedia.com.2d37ad26";"Se encontró Tracking cookie.Casalemedia";"Movido al Almacén de virus"

"";"C:\Windows\$NtUninstallKB45236$\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\AOF9RCXA.txt:\ad.yieldmanager.com.539b0606";"Se encontró Tracking cookie.Yieldmanager";"Movido al Almacén de virus"

"";"C:\Windows\$NtUninstallKB45236$\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\AOF9RCXA.txt:\ad.yieldmanager.com.557bf2b0";"Se encontró Tracking cookie.Yieldmanager";"Movido al Almacén de virus"

"";"C:\Windows\$NtUninstallKB45236$\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\AOF9RCXA.txt:\ad.yieldmanager.com.712ec9fe";"Se encontró Tracking cookie.Yieldmanager";"Movido al Almacén de virus"

"";"C:\Windows\$NtUninstallKB45236$\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\AOF9RCXA.txt:\ad.yieldmanager.com.830b6f08";"Se encontró Tracking cookie.Yieldmanager";"Movido al Almacén de virus"

"";"C:\Windows\$NtUninstallKB45236$\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\AOF9RCXA.txt:\ad.yieldmanager.com.87a9ab5d";"Se encontró Tracking cookie.Yieldmanager";"Movido al Almacén de virus"

"";"C:\Windows\$NtUninstallKB45236$\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\AOF9RCXA.txt:\ad.yieldmanager.com.8a47878";"Se encontró Tracking cookie.Yieldmanager";"Movido al Almacén de virus"

"";"C:\Windows\$NtUninstallKB45236$\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\AOF9RCXA.txt:\ad.yieldmanager.com.b68f2b7b";"Se encontró Tracking cookie.Yieldmanager";"Movido al Almacén de virus"

"";"C:\Windows\$NtUninstallKB45236$\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\AOF9RCXA.txt:\ad.yieldmanager.com.e626e6be";"Se encontró Tracking cookie.Yieldmanager";"Movido al Almacén de virus"

"";"C:\Windows\$NtUninstallKB45236$\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\AOF9RCXA.txt:\ad.yieldmanager.com.ff92306";"Se encontró Tracking cookie.Yieldmanager";"Movido al Almacén de virus"

"";"C:\Windows\$NtUninstallKB45236$\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\IFFGXWKA.txt:\casalemedia.com.1e1e0e23";"Se encontró Tracking cookie.Casalemedia";"Movido al Almacén de virus"

"";"C:\Windows\$NtUninstallKB45236$\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\E1W1MSAU.txt:\tradedoubler.com.ba12c0e9";"Se encontró Tracking cookie.Tradedoubler";"Movido al Almacén de virus"

"";"C:\Windows\$NtUninstallKB45236$\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\E1W1MSAU.txt:\tradedoubler.com.eab0972e";"Se encontró Tracking cookie.Tradedoubler";"Movido al Almacén de virus"

"";"C:\Windows\$NtUninstallKB45236$\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\E1W1MSAU.txt:\tradedoubler.com.ef90aa95";"Se encontró Tracking cookie.Tradedoubler";"Movido al Almacén de virus"

"";"C:\Windows\$NtUninstallKB45236$\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\IFFGXWKA.txt:\casalemedia.com.1773afc";"Se encontró Tracking cookie.Casalemedia";"Movido al Almacén de virus"

"";"C:\Windows\$NtUninstallKB45236$\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\IFFGXWKA.txt";"Se encontró Tracking cookie.Casalemedia";"Reparado"

"";"C:\Windows\$NtUninstallKB45236$\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\E1W1MSAU.txt";"Se encontró Tracking cookie.Tradedoubler";"Reparado"

"";"C:\Windows\$NtUninstallKB45236$\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\AOF9RCXA.txt";"Se encontró Tracking cookie.Yieldmanager";"Reparado"

"";"C:\Windows\$NtUninstallKB45236$\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\9VERTF93.txt";"Se encontró Tracking cookie.Weborama";"Reparado"

"";"C:\Windows\$NtUninstallKB45236$\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\3Z2ADY4L.txt";"Se encontró Tracking cookie.Revsci";"Reparado"

"";"C:\Users\xavigomez\AppData\Roaming\Microsoft\Windows\Cookies\XPA18LWE.txt";"Se encontró Tracking cookie.Overture";"Reparado"

"";"C:\Windows\$NtUninstallKB45236$\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\J1AI6UTS.txt";"Se encontró Tracking cookie.Adbrite";"Reparado"

"";"C:\Users\xavigomez\AppData\Roaming\Microsoft\Windows\Cookies\W0I7KTAG.txt";"Se encontró Tracking cookie.Weborama";"Reparado"

"";"C:\Users\xavigomez\AppData\Roaming\Microsoft\Windows\Cookies\UPO8QV08.txt";"Se encontró Tracking cookie.Weborama";"Reparado"

"";"C:\Windows\$NtUninstallKB45236$\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\L7D321KV.txt";"Se encontró Tracking cookie.Atdmt";"Reparado"

"";"C:\Users\xavigomez\AppData\Roaming\Microsoft\Windows\Cookies\QWT1IIM9.txt";"Se encontró Tracking cookie.Serving-sys";"Reparado"

"";"C:\Users\xavigomez\AppData\Roaming\Microsoft\Windows\Cookies\KLBEJW05.txt";"Se encontró Tracking cookie.Serving-sys";"Reparado"

"";"C:\Windows\$NtUninstallKB45236$\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\XV2BCKXF.txt";"Se encontró Tracking cookie.Serving-sys";"Reparado"

"";"C:\Users\xavigomez\AppData\Roaming\Microsoft\Windows\Cookies\KFU2FX5S.txt";"Se encontró Tracking cookie.Yieldmanager";"Reparado"

"";"C:\Windows\$NtUninstallKB45236$\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\ZQR49BQ7.txt";"Se encontró Tracking cookie.Serving-sys";"Reparado"

"";"C:\Users\xavigomez\AppData\Roaming\Microsoft\Windows\Cookies\KC4NN7UF.txt";"Se encontró Tracking cookie.Atdmt";"Reparado"

"";"C:\Users\xavigomez\AppData\Roaming\Microsoft\Windows\Cookies\IREHTX88.txt";"Se encontró Tracking cookie.Overture";"Reparado"

"";"C:\Users\xavigomez\AppData\Roaming\Microsoft\Windows\Cookies\CPFO3J2E.txt";"Se encontró Tracking cookie.Atdmt";"Reparado"

"";"C:\Users\xavigomez\AppData\Roaming\Microsoft\Windows\Cookies\037DFBSX.txt";"Se encontró Tracking cookie.Yieldmanager";"Reparado"

"";"C:\Windows\$NtUninstallKB45236$\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\77BGZCA2.txt";"Se encontró Tracking cookie.Ru4";"Reparado"



y este el logo panda online

;***********************************************************************************************************************************************************************************

ANALYSIS: 2011-12-10 21:20:09

PROTECTIONS: 1

MALWARE: 1

SUSPECTS: 0

;***********************************************************************************************************************************************************************************

PROTECTIONS

Description Version Active Updated

;===================================================================================================================================================================================

Windows Defender Yes No

;===================================================================================================================================================================================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===================================================================================================================================================================================

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\oc6eiqub.txt

;===================================================================================================================================================================================

SUSPECTS

Sent Location

;===================================================================================================================================================================================

;===================================================================================================================================================================================

VULNERABILITIES

Id Severity Description

;===================================================================================================================================================================================

;===================================================================================================================================================================================



espero que puedo hacer. gracias

[msc hotline sat]

Pues vemos que el AVG indica:



"";"C:\Users\xavigomez\Desktop\Escritorio\tuneup2011-keygen.exe";"Troyano Generic24.AVDD";"Movido al Almacén de virus"

"";"C:\Windows\system32\DRIVERS\tdx.sys";"Troyano BackDoor.Generic14.CBHE";"El objeto se encuentra en la lista blanca (archivo del sistema o crítico que no debe eliminarse)"

"";"C:\Windows\System32\drivers\tdx.sys";"Troyano BackDoor.Generic14.CBHE";"El objeto se encuentra en la lista blanca (archivo del sistema o crítico que no debe eliminarse)"

"";"C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6002.18005_none_ec294157d9377403\tdx.sys";"Troyano BackDoor.Generic14.CBHE";"Movido al Almacén de virus"









Al respecto puede que este C:\Windows\System32\drivers\tdx.sys sea malware, añade .VIR a su extension, y envianoslo para analizar



"C:\Windows\System32\drivers\tdx.sys"





y por otra parte reinstala este de Toshiba, que al parecer está dañado, por si hiciera falta:





C:\Toshiba\Preinst\CancelTopi.exe";"Archivo ejecutable dañado";"Movido al Almacén de virus"







Para enviarnos el fichero solicitado, recordar:



>[b]ENVIO DE MUESTRAS Y ELIMINACIÓN DE CLAVES - Para ello recordar[/b]:

https://foros.zonavirus.com/viewtopic.php?f=5&t=14253



Tras recibirlo/s, lo/s analizaremos e implementaremos su control y eliminación, si procede, en nuestras utilidades, de lo cual informaremos



saludos



ms, 11-12-2011

[artaud78]

Hola, gracias por responder con tanta rapidez. Acabo de enviar el archivo. Ahor que devo hacer? elimino el archivo o espero a que me digais algo?. Otra cuestion como reinstalo reinstala este de Toshiba C:\Toshiba\Preinst\CancelTopi.exe";"Archivo ejecutable dañado";"Movido al Almacén de virus. y De donde lo descargo? gracias.



Tambien he pasad el aswMBR.exe con este logo por si es util.



aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software

Run date: 2011-12-11 06:38:03

-----------------------------

06:38:03.596 OS Version: Windows 6.0.6002 Service Pack 2

06:38:03.596 Number of processors: 2 586 0xF0D

06:38:03.598 ComputerName: JIMBO UserName:

06:38:09.235 Initialize success

06:39:08.896 AVAST engine defs: 11121001

06:39:42.065 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

06:39:42.065 Disk 0 Vendor: Hitachi_ FB4O Size: 305245MB BusType: 3

06:39:44.108 Disk 0 MBR read successfully

06:39:44.108 Disk 0 MBR scan

06:39:44.108 Disk 0 Windows VISTA default MBR code

06:39:44.108 Disk 0 scanning sectors +625140392

06:39:44.171 Disk 0 scanning C:\Windows\system32\drivers

06:39:54.139 File: C:\Windows\system32\drivers\tdx.sys **INFECTED** Win32:Rootkit-gen [Rtk]

06:39:55.933 Service scanning

06:39:56.526 Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5

06:39:56.526 Service kl2 C:\Windows\system32\DRIVERS\kl2.sys **LOCKED** 5

06:39:56.542 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5

06:39:56.542 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5

06:39:56.666 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32

06:39:57.259 Modules scanning

06:40:03.094 Disk 0 trace - called modules:

06:40:03.125 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys sppl.sys hal.dll

06:40:03.125 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x877a3ac8]

06:40:03.125 3 CLASSPNP.SYS[8a7188b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85379028]

06:40:04.123 AVAST engine scan C:\Windows

06:40:06.432 AVAST engine scan C:\Windows\system32

06:42:13.138 AVAST engine scan C:\Windows\system32\drivers

06:42:22.529 File: C:\Windows\system32\drivers\tdx.sys **INFECTED** Win32:Rootkit-gen [Rtk]

06:42:24.542 AVAST engine scan C:\Users\xavigomez

07:44:51.326 AVAST engine scan C:\ProgramData

07:48:24.294 Scan finished successfully

13:21:04.279 Disk 0 MBR has been saved successfully to "C:\Users\xavigomez\Desktop\MBR.dat"

13:21:04.279 The log file has been saved successfully to "C:\Users\xavigomez\Desktop\aswMBR.txt



Ahora tenia pensado pasar el TDSSkiller pero bueno, espero noticias vuestras.

Gracias.

[artaud78]

Y aqui en reporte de TDSSkiller



20:31:12.0046 3612 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06

20:31:12.0342 3612 ============================================================

20:31:12.0342 3612 Current date / time: 2011/12/11 20:31:12.0342

20:31:12.0342 3612 SystemInfo:

20:31:12.0342 3612

20:31:12.0342 3612 OS Version: 6.0.6002 ServicePack: 2.0

20:31:12.0342 3612 Product type: Workstation

20:31:12.0342 3612 ComputerName: JIMBO

20:31:12.0342 3612 UserName: xavigomez

20:31:12.0342 3612 Windows directory: C:\Windows

20:31:12.0342 3612 System windows directory: C:\Windows

20:31:12.0342 3612 Processor architecture: Intel x86

20:31:12.0342 3612 Number of processors: 2

20:31:12.0342 3612 Page size: 0x1000

20:31:12.0342 3612 Boot type: Normal boot

20:31:12.0342 3612 ============================================================

20:31:12.0872 3612 Initialize success

20:31:15.0384 3696 ============================================================

20:31:15.0384 3696 Scan started

20:31:15.0384 3696 Mode: Manual;

20:31:15.0384 3696 ============================================================

20:31:17.0256 3696 a8djavs (db4f5aa1e78efc4a945165a643312c4b) C:\Windows\system32\Drivers\a8djavs.sys

20:31:17.0272 3696 a8djavs - ok

20:31:17.0365 3696 a8djusb (611bb178a56aba033a430a3333f25a39) C:\Windows\system32\Drivers\a8djusb.sys

20:31:17.0381 3696 a8djusb - ok

20:31:17.0381 3696 a8djusb_svc (611bb178a56aba033a430a3333f25a39) C:\Windows\system32\Drivers\a8djusb.sys

20:31:17.0381 3696 a8djusb_svc - ok

20:31:17.0459 3696 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

20:31:17.0459 3696 ACPI - ok

20:31:17.0521 3696 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

20:31:17.0537 3696 adp94xx - ok

20:31:17.0615 3696 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

20:31:17.0630 3696 adpahci - ok

20:31:17.0708 3696 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

20:31:17.0708 3696 adpu160m - ok

20:31:17.0786 3696 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

20:31:17.0786 3696 adpu320 - ok

20:31:17.0833 3696 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

20:31:17.0833 3696 AFD - ok

20:31:17.0974 3696 AgereSoftModem (5d97943c128ed756d1b0a08302c1b1f8) C:\Windows\system32\DRIVERS\AGRSM.sys

20:31:17.0989 3696 AgereSoftModem - ok

20:31:18.0083 3696 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

20:31:18.0083 3696 agp440 - ok

20:31:18.0130 3696 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

20:31:18.0130 3696 aic78xx - ok

20:31:18.0176 3696 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

20:31:18.0176 3696 aliide - ok

20:31:18.0239 3696 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

20:31:18.0239 3696 amdagp - ok

20:31:18.0286 3696 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

20:31:18.0286 3696 amdide - ok

20:31:18.0317 3696 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

20:31:18.0317 3696 AmdK7 - ok

20:31:18.0379 3696 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys

20:31:18.0379 3696 AmdK8 - ok

20:31:18.0676 3696 amdkmdag (03ac6735672f15ceaab502e4349286e0) C:\Windows\system32\DRIVERS\atikmdag.sys

20:31:18.0972 3696 amdkmdag - ok

20:31:19.0050 3696 amdkmdap (f566c90e4bbe387e905130b6e490dccd) C:\Windows\system32\DRIVERS\atikmpag.sys

20:31:19.0066 3696 amdkmdap - ok

20:31:19.0128 3696 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

20:31:19.0128 3696 arc - ok

20:31:19.0206 3696 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

20:31:19.0222 3696 arcsas - ok

20:31:19.0268 3696 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

20:31:19.0268 3696 AsyncMac - ok

20:31:19.0300 3696 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

20:31:19.0300 3696 atapi - ok

20:31:19.0596 3696 atikmdag (03ac6735672f15ceaab502e4349286e0) C:\Windows\system32\DRIVERS\atikmdag.sys

20:31:19.0643 3696 atikmdag - ok

20:31:19.0768 3696 automap (a9f9f92d1b55dab73348760d983377f2) C:\Windows\system32\DRIVERS\automap.sys

20:31:19.0768 3696 automap - ok

20:31:19.0783 3696 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

20:31:19.0799 3696 Beep - ok

20:31:19.0814 3696 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

20:31:19.0830 3696 blbdrive - ok

20:31:19.0861 3696 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

20:31:19.0861 3696 bowser - ok

20:31:19.0970 3696 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

20:31:19.0970 3696 BrFiltLo - ok

20:31:20.0017 3696 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

20:31:20.0017 3696 BrFiltUp - ok

20:31:20.0064 3696 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

20:31:20.0064 3696 Brserid - ok

20:31:20.0173 3696 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

20:31:20.0189 3696 BrSerWdm - ok

20:31:20.0220 3696 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

20:31:20.0220 3696 BrUsbMdm - ok

20:31:20.0282 3696 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

20:31:20.0282 3696 BrUsbSer - ok

20:31:20.0345 3696 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

20:31:20.0345 3696 BTHMODEM - ok

20:31:20.0392 3696 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

20:31:20.0392 3696 cdfs - ok

20:31:20.0485 3696 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

20:31:20.0485 3696 cdrom - ok

20:31:20.0563 3696 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys

20:31:20.0563 3696 circlass - ok

20:31:20.0657 3696 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

20:31:20.0672 3696 CLFS - ok

20:31:20.0735 3696 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

20:31:20.0735 3696 CmBatt - ok

20:31:20.0782 3696 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

20:31:20.0782 3696 cmdide - ok

20:31:20.0860 3696 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

20:31:20.0860 3696 Compbatt - ok

20:31:20.0875 3696 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

20:31:20.0875 3696 crcdisk - ok

20:31:20.0906 3696 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

20:31:20.0906 3696 Crusoe - ok

20:31:20.0953 3696 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

20:31:20.0953 3696 DfsC - ok

20:31:21.0031 3696 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

20:31:21.0047 3696 disk - ok

20:31:21.0109 3696 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

20:31:21.0109 3696 drmkaud - ok

20:31:21.0172 3696 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

20:31:21.0172 3696 DXGKrnl - ok

20:31:21.0203 3696 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

20:31:21.0203 3696 E1G60 - ok

20:31:21.0234 3696 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

20:31:21.0250 3696 Ecache - ok

20:31:21.0374 3696 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

20:31:21.0390 3696 elxstor - ok

20:31:21.0421 3696 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

20:31:21.0421 3696 ErrDev - ok

20:31:21.0468 3696 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

20:31:21.0468 3696 exfat - ok

20:31:21.0530 3696 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

20:31:21.0546 3696 fastfat - ok

20:31:21.0608 3696 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

20:31:21.0624 3696 fdc - ok

20:31:21.0655 3696 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

20:31:21.0655 3696 FileInfo - ok

20:31:21.0702 3696 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

20:31:21.0718 3696 Filetrace - ok

20:31:21.0749 3696 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

20:31:21.0749 3696 flpydisk - ok

20:31:21.0796 3696 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

20:31:21.0796 3696 FltMgr - ok

20:31:21.0874 3696 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

20:31:21.0874 3696 Fs_Rec - ok

20:31:21.0920 3696 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys

20:31:21.0920 3696 FwLnk - ok

20:31:21.0983 3696 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

20:31:21.0998 3696 gagp30kx - ok

20:31:22.0061 3696 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

20:31:22.0076 3696 GEARAspiWDM - ok

20:31:22.0170 3696 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys

20:31:22.0186 3696 HdAudAddService - ok

20:31:22.0248 3696 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

20:31:22.0264 3696 HDAudBus - ok

20:31:22.0326 3696 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

20:31:22.0342 3696 HidBth - ok

20:31:22.0388 3696 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

20:31:22.0388 3696 HidIr - ok

20:31:22.0435 3696 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

20:31:22.0451 3696 HidUsb - ok

20:31:22.0544 3696 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

20:31:22.0544 3696 HpCISSs - ok

20:31:22.0622 3696 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

20:31:22.0638 3696 HTTP - ok

20:31:22.0700 3696 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

20:31:22.0700 3696 i2omp - ok

20:31:22.0747 3696 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

20:31:22.0747 3696 i8042prt - ok

20:31:22.0810 3696 iaStor (cdf6179ec9129e9abc5b0f0525b159eb) C:\Windows\system32\DRIVERS\iaStor.sys

20:31:22.0825 3696 iaStor - ok

20:31:22.0903 3696 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

20:31:22.0903 3696 iaStorV - ok

20:31:22.0950 3696 igfx - ok

20:31:22.0981 3696 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

20:31:23.0012 3696 iirsp - ok

20:31:23.0168 3696 IntcAzAudAddService (345ac48d17f5c2f2aa1ee50d34c3978b) C:\Windows\system32\drivers\RTKVHDA.sys

20:31:23.0371 3696 IntcAzAudAddService - ok

20:31:23.0512 3696 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

20:31:23.0512 3696 intelide - ok

20:31:23.0543 3696 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

20:31:23.0558 3696 intelppm - ok

20:31:23.0605 3696 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

20:31:23.0605 3696 IpFilterDriver - ok

20:31:23.0652 3696 IpInIp - ok

20:31:23.0714 3696 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

20:31:23.0730 3696 IPMIDRV - ok

20:31:23.0777 3696 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

20:31:23.0792 3696 IPNAT - ok

20:31:23.0839 3696 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

20:31:23.0855 3696 IRENUM - ok

20:31:23.0902 3696 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

20:31:23.0902 3696 isapnp - ok

20:31:23.0948 3696 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

20:31:23.0948 3696 iScsiPrt - ok

20:31:24.0026 3696 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

20:31:24.0042 3696 iteatapi - ok

20:31:24.0073 3696 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

20:31:24.0089 3696 iteraid - ok

20:31:24.0136 3696 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

20:31:24.0151 3696 kbdclass - ok

20:31:24.0167 3696 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys

20:31:24.0167 3696 kbdhid - ok

20:31:24.0292 3696 KL1 (186b54479d98e48aee0e9ada4b3c4d31) C:\Windows\system32\DRIVERS\kl1.sys

20:31:24.0307 3696 KL1 - ok

20:31:24.0338 3696 kl2 (bf485bfba13c0ab116701fd9c55324d0) C:\Windows\system32\DRIVERS\kl2.sys

20:31:24.0354 3696 kl2 - ok

20:31:24.0494 3696 KLIF (af04d0ce7939324e9a605b159295706c) C:\Windows\system32\DRIVERS\klif.sys

20:31:24.0510 3696 KLIF - ok

20:31:24.0619 3696 KLIM6 (6295a19003f935ecc6ccbe9e2376427b) C:\Windows\system32\DRIVERS\klim6.sys

20:31:24.0635 3696 KLIM6 - ok

20:31:24.0666 3696 klmouflt (3de1771c135328420315e21dde229bba) C:\Windows\system32\DRIVERS\klmouflt.sys

20:31:24.0682 3696 klmouflt - ok

20:31:24.0713 3696 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys

20:31:24.0728 3696 KSecDD - ok

20:31:24.0822 3696 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

20:31:24.0838 3696 lltdio - ok

20:31:24.0869 3696 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

20:31:24.0869 3696 LSI_FC - ok

20:31:24.0884 3696 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

20:31:24.0900 3696 LSI_SAS - ok

20:31:24.0947 3696 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

20:31:24.0947 3696 LSI_SCSI - ok

20:31:25.0040 3696 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

20:31:25.0056 3696 luafv - ok

20:31:25.0118 3696 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys

20:31:25.0118 3696 MBAMProtector - ok

20:31:25.0181 3696 mcdbus - ok

20:31:25.0228 3696 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

20:31:25.0228 3696 megasas - ok

20:31:25.0259 3696 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

20:31:25.0274 3696 MegaSR - ok

20:31:25.0306 3696 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

20:31:25.0306 3696 Modem - ok

20:31:25.0368 3696 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

20:31:25.0368 3696 monitor - ok

20:31:25.0399 3696 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

20:31:25.0399 3696 mouclass - ok

20:31:25.0462 3696 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

20:31:25.0462 3696 mouhid - ok

20:31:25.0477 3696 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

20:31:25.0493 3696 MountMgr - ok

20:31:25.0508 3696 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

20:31:25.0524 3696 mpio - ok

20:31:25.0633 3696 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

20:31:25.0633 3696 mpsdrv - ok

20:31:25.0680 3696 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

20:31:25.0711 3696 Mraid35x - ok

20:31:25.0758 3696 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

20:31:25.0789 3696 MRxDAV - ok

20:31:25.0867 3696 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

20:31:25.0867 3696 mrxsmb - ok

20:31:25.0914 3696 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

20:31:25.0914 3696 mrxsmb10 - ok

20:31:25.0930 3696 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

20:31:25.0945 3696 mrxsmb20 - ok

20:31:25.0976 3696 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys

20:31:25.0976 3696 msahci - ok

20:31:26.0054 3696 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

20:31:26.0054 3696 msdsm - ok

20:31:26.0101 3696 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

20:31:26.0101 3696 Msfs - ok

20:31:26.0132 3696 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

20:31:26.0148 3696 msisadrv - ok

20:31:26.0210 3696 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

20:31:26.0226 3696 MSKSSRV - ok

20:31:26.0257 3696 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

20:31:26.0257 3696 MSPCLOCK - ok

20:31:26.0288 3696 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

20:31:26.0288 3696 MSPQM - ok

20:31:26.0320 3696 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

20:31:26.0335 3696 MsRPC - ok

20:31:26.0476 3696 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

20:31:26.0476 3696 mssmbios - ok

20:31:26.0538 3696 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

20:31:26.0569 3696 MSTEE - ok

20:31:26.0663 3696 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

20:31:26.0663 3696 Mup - ok

20:31:26.0710 3696 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

20:31:26.0710 3696 NativeWifiP - ok

20:31:27.0053 3696 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

20:31:27.0053 3696 NDIS - ok

20:31:27.0193 3696 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

20:31:27.0209 3696 NdisTapi - ok

20:31:27.0240 3696 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

20:31:27.0256 3696 Ndisuio - ok

20:31:27.0318 3696 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

20:31:27.0334 3696 NdisWan - ok

20:31:27.0365 3696 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

20:31:27.0380 3696 NDProxy - ok

20:31:27.0396 3696 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

20:31:27.0412 3696 NetBIOS - ok

20:31:27.0443 3696 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

20:31:27.0458 3696 netbt - ok

20:31:27.0692 3696 NETw5v32 (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\NETw5v32.sys

20:31:27.0802 3696 NETw5v32 - ok

20:31:28.0145 3696 NETwNv32 (2605b7e88f4d2303896045d553c90d7a) C:\Windows\system32\DRIVERS\NETwNv32.sys

20:31:28.0410 3696 NETwNv32 - ok

20:31:28.0519 3696 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

20:31:28.0519 3696 nfrd960 - ok

20:31:28.0535 3696 NMRKUSBA - ok

20:31:28.0550 3696 NMRKUSBU - ok

20:31:28.0613 3696 NPF (b48dc6abcd3aeff8618350ccbdc6b09a) C:\Windows\system32\drivers\npf.sys

20:31:28.0613 3696 NPF - ok

20:31:28.0660 3696 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

20:31:28.0660 3696 Npfs - ok

20:31:28.0753 3696 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

20:31:28.0753 3696 nsiproxy - ok

20:31:28.0862 3696 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

20:31:28.0925 3696 Ntfs - ok

20:31:29.0018 3696 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

20:31:29.0018 3696 ntrigdigi - ok

20:31:29.0034 3696 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

20:31:29.0034 3696 Null - ok

20:31:29.0081 3696 NvnUsbAudio (73d4112d75e188bc161b3695c401db86) C:\Windows\system32\DRIVERS\nvnusbaudio.sys

20:31:29.0081 3696 NvnUsbAudio - ok

20:31:29.0159 3696 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

20:31:29.0174 3696 nvraid - ok

20:31:29.0190 3696 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

20:31:29.0190 3696 nvstor - ok

20:31:29.0221 3696 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

20:31:29.0237 3696 nv_agp - ok

20:31:29.0252 3696 NwlnkFlt - ok

20:31:29.0268 3696 NwlnkFwd - ok

20:31:29.0299 3696 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys

20:31:29.0299 3696 ohci1394 - ok

20:31:29.0424 3696 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

20:31:29.0424 3696 Parport - ok

20:31:29.0455 3696 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

20:31:29.0455 3696 partmgr - ok

20:31:29.0549 3696 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

20:31:29.0564 3696 Parvdm - ok

20:31:29.0611 3696 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\Windows\system32\drivers\pavboot.sys

20:31:29.0658 3696 pavboot - ok

20:31:29.0705 3696 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

20:31:29.0705 3696 pci - ok

20:31:29.0767 3696 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys

20:31:29.0783 3696 pciide - ok

20:31:29.0798 3696 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

20:31:29.0814 3696 pcmcia - ok

20:31:29.0892 3696 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

20:31:29.0908 3696 PEAUTH - ok

20:31:30.0017 3696 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

20:31:30.0032 3696 PptpMiniport - ok

20:31:30.0064 3696 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys

20:31:30.0064 3696 Processor - ok

20:31:30.0110 3696 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

20:31:30.0110 3696 PSched - ok

20:31:30.0235 3696 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

20:31:30.0266 3696 ql2300 - ok

20:31:30.0376 3696 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

20:31:30.0391 3696 ql40xx - ok

20:31:30.0438 3696 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

20:31:30.0438 3696 QWAVEdrv - ok

20:31:30.0469 3696 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

20:31:30.0469 3696 RasAcd - ok

20:31:30.0547 3696 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

20:31:30.0563 3696 Rasl2tp - ok

20:31:30.0610 3696 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

20:31:30.0610 3696 RasPppoe - ok

20:31:30.0672 3696 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

20:31:30.0672 3696 RasSstp - ok

20:31:30.0750 3696 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

20:31:30.0766 3696 rdbss - ok

20:31:30.0812 3696 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

20:31:30.0812 3696 RDPCDD - ok

20:31:30.0875 3696 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys

20:31:30.0890 3696 rdpdr - ok

20:31:30.0922 3696 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

20:31:30.0937 3696 RDPENCDD - ok

20:31:30.0968 3696 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

20:31:30.0984 3696 RDPWD - ok

20:31:31.0078 3696 rimmptsk (df672613fbbcd58c38bb0bc2694bcfb0) C:\Windows\system32\DRIVERS\rimmptsk.sys

20:31:31.0078 3696 rimmptsk - ok

20:31:31.0109 3696 rimsptsk (9bfb54d3559f2ff7301271d29d383564) C:\Windows\system32\DRIVERS\rimsptsk.sys

20:31:31.0109 3696 rimsptsk - ok

20:31:31.0124 3696 rismxdp (dcb87da83cc1010cbc9fc4dc9e395bbc) C:\Windows\system32\DRIVERS\rixdptsk.sys

20:31:31.0140 3696 rismxdp - ok

20:31:31.0171 3696 rspAux (b7061003d30a049c6b4b3ad8228b808d) C:\Windows\system32\DRIVERS\rspAux32.sys

20:31:31.0171 3696 rspAux - ok

20:31:31.0249 3696 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

20:31:31.0249 3696 rspndr - ok

20:31:31.0296 3696 RTHDMIAzAudService (2c358271f0a50167ba3dfb6a2c35607a) C:\Windows\system32\drivers\RtHDMIV.sys

20:31:31.0312 3696 RTHDMIAzAudService - ok

20:31:31.0436 3696 RTL8169 (811c4a6ea5c3b8c07352d4503409ef26) C:\Windows\system32\DRIVERS\Rtlh86.sys

20:31:31.0452 3696 RTL8169 - ok

20:31:31.0499 3696 RTL8187B (e0ea9f5f94814f8a31f4b40175e1456e) C:\Windows\system32\DRIVERS\RTL8187B.sys

20:31:31.0499 3696 RTL8187B - ok

20:31:31.0577 3696 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

20:31:31.0577 3696 sbp2port - ok

20:31:31.0655 3696 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys

20:31:31.0655 3696 sdbus - ok

20:31:31.0733 3696 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

20:31:31.0811 3696 secdrv - ok

20:31:31.0858 3696 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

20:31:31.0873 3696 Serenum - ok

20:31:31.0904 3696 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

20:31:31.0904 3696 Serial - ok

20:31:31.0920 3696 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

20:31:31.0936 3696 sermouse - ok

20:31:32.0029 3696 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys

20:31:32.0029 3696 sffdisk - ok

20:31:32.0076 3696 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

20:31:32.0092 3696 sffp_mmc - ok

20:31:32.0138 3696 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys

20:31:32.0138 3696 sffp_sd - ok

20:31:32.0248 3696 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

20:31:32.0248 3696 sfloppy - ok

20:31:32.0279 3696 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

20:31:32.0294 3696 sisagp - ok

20:31:32.0310 3696 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

20:31:32.0326 3696 SiSRaid2 - ok

20:31:32.0388 3696 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

20:31:32.0404 3696 SiSRaid4 - ok

20:31:32.0466 3696 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

20:31:32.0482 3696 Smb - ok

20:31:32.0560 3696 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

20:31:32.0560 3696 spldr - ok

20:31:32.0669 3696 sptd (c4bb8a12843d9cbb65f5ff617f389bbd) C:\Windows\system32\Drivers\sptd.sys

20:31:32.0669 3696 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: c4bb8a12843d9cbb65f5ff617f389bbd

20:31:32.0669 3696 sptd ( LockedFile.Multi.Generic ) - warning

20:31:32.0669 3696 sptd - detected LockedFile.Multi.Generic (1)

20:31:32.0794 3696 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

20:31:32.0809 3696 srv - ok

20:31:32.0840 3696 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

20:31:32.0840 3696 srv2 - ok

20:31:32.0996 3696 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

20:31:33.0012 3696 srvnet - ok

20:31:33.0090 3696 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

20:31:33.0106 3696 swenum - ok

20:31:33.0184 3696 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

20:31:33.0215 3696 Symc8xx - ok

20:31:33.0246 3696 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

20:31:33.0262 3696 Sym_hi - ok

20:31:33.0324 3696 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

20:31:33.0340 3696 Sym_u3 - ok

20:31:33.0433 3696 SynTP (d302eb76f9df62191c9c32c30fbd1b0a) C:\Windows\system32\DRIVERS\SynTP.sys

20:31:33.0480 3696 SynTP - ok

20:31:33.0605 3696 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys

20:31:33.0636 3696 Tcpip - ok

20:31:33.0776 3696 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys

20:31:33.0776 3696 Tcpip6 - ok

20:31:33.0870 3696 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

20:31:33.0886 3696 tcpipreg - ok

20:31:33.0948 3696 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys

20:31:33.0964 3696 tdcmdpst - ok

20:31:34.0026 3696 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

20:31:34.0057 3696 TDPIPE - ok

20:31:34.0104 3696 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

20:31:34.0104 3696 TDTCP - ok

20:31:34.0151 3696 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

20:31:34.0151 3696 TermDD - ok

20:31:34.0166 3696 TfFsMon - ok

20:31:34.0182 3696 TFSysMon - ok

20:31:34.0229 3696 Tosrfcom - ok

20:31:34.0244 3696 tosrfec (5c4103544612e5011ef46301b93d1aa6) C:\Windows\system32\DRIVERS\tosrfec.sys

20:31:34.0260 3696 tosrfec - ok

20:31:34.0369 3696 tos_sps32 (4399a9bf7d8f49991a07fd86590a1619) C:\Windows\system32\DRIVERS\tos_sps32.sys

20:31:34.0369 3696 tos_sps32 - ok

20:31:34.0416 3696 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

20:31:34.0416 3696 tssecsrv - ok

20:31:34.0494 3696 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys

20:31:34.0494 3696 TuneUpUtilitiesDrv - ok

20:31:34.0556 3696 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

20:31:34.0556 3696 tunmp - ok

20:31:34.0572 3696 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys

20:31:34.0572 3696 tunnel - ok

20:31:34.0666 3696 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS

20:31:34.0666 3696 TVALZ - ok

20:31:34.0728 3696 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

20:31:34.0744 3696 uagp35 - ok

20:31:34.0806 3696 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

20:31:34.0806 3696 udfs - ok

20:31:34.0915 3696 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

20:31:34.0915 3696 uliagpkx - ok

20:31:34.0962 3696 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

20:31:34.0978 3696 uliahci - ok

20:31:35.0009 3696 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

20:31:35.0009 3696 UlSata - ok

20:31:35.0071 3696 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

20:31:35.0102 3696 ulsata2 - ok

20:31:35.0134 3696 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

20:31:35.0149 3696 umbus - ok

20:31:35.0180 3696 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys

20:31:35.0196 3696 USBAAPL - ok

20:31:35.0290 3696 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys

20:31:35.0290 3696 usbaudio - ok

20:31:35.0321 3696 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

20:31:35.0321 3696 usbccgp - ok

20:31:35.0352 3696 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

20:31:35.0352 3696 usbcir - ok

20:31:35.0399 3696 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

20:31:35.0414 3696 usbehci - ok

20:31:35.0508 3696 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

20:31:35.0508 3696 usbhub - ok

20:31:35.0555 3696 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

20:31:35.0555 3696 usbohci - ok

20:31:35.0633 3696 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys

20:31:35.0664 3696 usbprint - ok

20:31:35.0726 3696 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

20:31:35.0726 3696 USBSTOR - ok

20:31:35.0758 3696 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

20:31:35.0758 3696 usbuhci - ok

20:31:35.0851 3696 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys

20:31:35.0851 3696 usbvideo - ok

20:31:35.0914 3696 UVCFTR (8c5094a8ab24de7496c7c19942f2df04) C:\Windows\system32\Drivers\UVCFTR_S.SYS

20:31:35.0914 3696 UVCFTR - ok

20:31:36.0054 3696 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

20:31:36.0054 3696 vga - ok

20:31:36.0101 3696 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

20:31:36.0101 3696 VgaSave - ok

20:31:36.0194 3696 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

20:31:36.0194 3696 viaagp - ok

20:31:36.0226 3696 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

20:31:36.0241 3696 ViaC7 - ok

20:31:36.0272 3696 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

20:31:36.0272 3696 viaide - ok

20:31:36.0319 3696 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

20:31:36.0319 3696 volmgr - ok

20:31:36.0397 3696 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

20:31:36.0397 3696 volmgrx - ok

20:31:36.0428 3696 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

20:31:36.0428 3696 volsnap - ok

20:31:36.0444 3696 Suspicious service (NoAccess): vqlnlp

20:31:36.0506 3696 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

20:31:36.0522 3696 vsmraid - ok

20:31:36.0584 3696 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

20:31:36.0584 3696 WacomPen - ok

20:31:36.0631 3696 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

20:31:36.0631 3696 Wanarp - ok

20:31:36.0647 3696 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

20:31:36.0647 3696 Wanarpv6 - ok

20:31:36.0756 3696 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

20:31:36.0772 3696 Wd - ok

20:31:36.0818 3696 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

20:31:36.0850 3696 Wdf01000 - ok

20:31:36.0990 3696 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys

20:31:36.0990 3696 WmiAcpi - ok

20:31:37.0052 3696 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

20:31:37.0068 3696 WpdUsb - ok

20:31:37.0162 3696 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

20:31:37.0162 3696 ws2ifsl - ok

20:31:37.0224 3696 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

20:31:37.0240 3696 WUDFRd - ok

20:31:37.0240 3696 Suspicious service (NoAccess): xaugk

20:31:37.0286 3696 MBR (0x1B8) (239841e1ae8e4843c0676f3681a7d6be) \Device\Harddisk0\DR0

20:31:37.0286 3696 \Device\Harddisk0\DR0 - ok

20:31:37.0302 3696 Boot (0x1200) (824aea230cba5bc08b7c71b7fde7c7f7) \Device\Harddisk0\DR0\Partition0

20:31:37.0302 3696 \Device\Harddisk0\DR0\Partition0 - ok

20:31:37.0318 3696 Boot (0x1200) (935f7e64e046aa00898cd4c268d1fb6d) \Device\Harddisk0\DR0\Partition1

20:31:37.0318 3696 \Device\Harddisk0\DR0\Partition1 - ok

20:31:37.0333 3696 ============================================================

20:31:37.0333 3696 Scan finished

20:31:37.0333 3696 ============================================================

20:31:37.0333 0316 Detected object count: 1

20:31:37.0333 0316 Actual detected object count: 1

20:31:53.0635 0316 sptd ( LockedFile.Multi.Generic ) - skipped by user

20:31:53.0635 0316 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

[msc hotline sat]

Pues vemos:



06:39:54.139 File: C:\Windows\system32\drivers\tdx.sys **INFECTED** Win32:Rootkit-gen [Rtk]

06:39:55.933 Service scanning





y por otra parte:





20:31:32.0669 3696 sptd (c4bb8a12843d9cbb65f5ff617f389bbd) C:\Windows\system32\Drivers\sptd.sys

20:31:32.0669 3696 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: c4bb8a12843d9cbb65f5ff617f389bbd

20:31:32.0669 3696 sptd ( LockedFile.Multi.Generic ) - warning

20:31:32.0669 3696 sptd - detected LockedFile.Multi.Generic (1)





Además del primero que te pedimos muestra, este otro C:\Windows\system32\Drivers\sptd.sys tambien puede afectar, vamos a analizar el primero y ver si por su MD5 del segundo hay informacion del mismo.



en proceso...



Efectivamente, el fichero que nos has enviado es un malware:



File name: tdx.VIR

Submission date: 2011-12-12 08:09:05 (UTC)



Result: 11/ 43 (25.6%)

VT Community



not reviewed

Safety score: -

Compact Print results Antivirus Version Last Update Result

AhnLab-V3 2011.12.10.02 2011.12.11 Dropper/Win32.Tdss

AntiVir 7.11.19.61 2011.12.12 TR/Rootkit.Gen2

Antiy-AVL 2.0.3.7 2011.12.12 -

Avast 6.0.1289.0 2011.12.11 Win32:Alureon-AOV [Rtk]

AVG 10.0.0.1190 2011.12.11 BackDoor.Generic14.CBHE

BitDefender 7.2 2011.12.12 -

ByteHero 1.0.0.1 2011.12.07 -

CAT-QuickHeal 12.00 2011.12.12 -

ClamAV 0.97.3.0 2011.12.12 -

Commtouch 5.3.2.6 2011.12.11 W32/FakeAlert.RL2.gen!Eldorado

Comodo 10929 2011.12.12 -

DrWeb 5.0.2.03300 2011.12.12 -

Emsisoft 5.1.0.11 2011.12.12 Win32.SuspectCrc!IK

eSafe 7.0.17.0 2011.12.11 -

eTrust-Vet 37.0.9616 2011.12.09 -

F-Prot 4.6.5.141 2011.11.29 W32/FakeAlert.RL2.gen!Eldorado

F-Secure 9.0.16440.0 2011.12.12 -

Fortinet 4.3.388.0 2011.12.12 -

GData 22 2011.12.12 Win32:Alureon-AOV

Ikarus T3.1.1.109.0 2011.12.12 Win32.SuspectCrc

Jiangmin 13.0.900 2011.12.11 -

K7AntiVirus 9.119.5640 2011.12.09 Riskware

Kaspersky 9.0.0.837 2011.12.12 -

McAfee 5.400.0.1158 2011.12.12 -

McAfee-GW-Edition 2010.1E 2011.12.11 -

Microsoft 1.7903 2011.12.12 -

NOD32 6702 2011.12.12 a variant of Win32/Rootkit.Kryptik.GG

Norman 6.07.13 2011.12.11 -

nProtect 2011-12-11.01 2011.12.12 -

Panda 10.0.3.5 2011.12.11 -

PCTools 8.0.0.5 2011.12.12 -

Prevx 3.0 2011.12.12 -

Rising 23.88.00.01 2011.12.12 -

Sophos 4.72.0 2011.12.12 -

SUPERAntiSpyware 4.40.0.1006 2011.12.10 -

Symantec 20111.2.0.82 2011.12.12 -

TheHacker 6.7.0.1.356 2011.12.11 -

TrendMicro 9.500.0.1008 2011.12.12 -

TrendMicro-HouseCall 9.500.0.1008 2011.12.12 -

VBA32 3.12.16.4 2011.12.09 -

VIPRE 11239 2011.12.12 -

ViRobot 2011.12.12.4820 2011.12.12 -

VirusBuster 14.1.110.0 2011.12.11 -

Additional informationShow all

MD5 : 597e080592f0128623d21c0ad071f280

SHA1 : d07b6f21a4d83e51544ce4ed24c845ab061067a4





File size : 72192 bytes





Vamos a monitorizarlo y ver lo que hace, para corregirlo en la proxima version de nuestras utilidades de hoy, de lo cual informaremos



Porque además de aparcar el fichero (con la extension .VIR), es posible que haya afectado al MBR por ejemplo, como hacen los demás ALUREON, y se haya de corregir, ya veremos ...



saludos



ms, 12-12-2011

[msc hotline sat]

Y del otro fichero, este SPTD.SYS, al estar utilizando un sistema VISTA, que no soportamos, no sabemos si es el propio para este sistema o un malware.



Envianoslo tambien para analizar y haremos lo mismo que con el otro.



saludos



ms, 12-12-2011





NOTA: De todas formas de este fichero con el mismo MD5 ya hay esta analisis sin detección vírica alguna:



Nombre Archivo : sptd.sys

Tamaño Archivo : 697328 byte

Tipo Archivo : PE32 executable for MS Windows (native) Intel 80386 32-bit

MD5 : c4bb8a12843d9cbb65f5ff617f389bbd

SHA1 : b7ec5d7119f9c58c16dbbfe5116ee48966f28c3d



aunque es de Mayo ppdo, por lo que si lo envia, lo revisaremos.



ms.

[msc hotline sat]

MOnitorizado el fichero enviado TDX.VIR resulta que es un .SYS cargado como servicio en:



HKLM\SYSTEM\CurrentControlSet\services\tdx



Se procede a incluir su control y eliminacion a partir del ELISTARA 24.43 de hoy



saludos



ms, 12-12-2011

[artaud78]

Hola. He enviado el archivo sptd.sys como decis en el post. Creo que es igual que el tdx.sys, ninguno tine firma.

No me queda claro que tengo que hacer una vez confirmado que el tds.sys es una infección..soy un poco nuevo en esto.

También ¿que hacer una vez me confirmes que el nuevo fichero que hos he enviado sptd.sys resulta estar infectado?, que seguro lo esta.



espero porder solucionar con vuestra ayuda.

gracias

[artaud78]

Otra cosa, me dado cuenta. Al cambiar la extension de archivo.sys por .vir no puedo sacar el audio por la targete de sonido externa. como elimino esta infeccion sin tener problemas.

Gracias

[msc hotline sat]

Pues descarga el ELISTARA 24.43, que ya controla este malware y tras ello posteanos el contenido del C:\infosat.txt


[quote="para DESCARGAR el ELISTARA, msc"]
http://www.zonavirus.com/descargas/descargar-elistara.asp



Tras probarlo, reiniciar y postearnos el contenido de C:\infosat.txt para ver el

resultado del proceso [/quote]

Sobre el SPTD.SYS no se había recibido a la hora de compilar dicha utilidad, si la recibimos mañana, la analizaremos e informaremos



saludos



ms, 12-12-2011



Sobre lo que indicas del audio, una vez eliminado el malware si persiste el problema, vuelve a instalar los drivers, puede que hayan quedado afectados por el bicho y sin él no funcionen, eso pasa con muchos malwares y aplicaciones afectadas.



MS.