Tema: Virus Bat/ DelFile.B (imposible eliminar)
Ver Mensaje Individual
  post #3 (permalink)  
Antiguo 07/04/08, 06:05:47
David_23 David_23 está offline
Usuario
  
Registrado: sep 2007
Ubicación: Barcelona
Mensajes: 24
Re: Virus Bat/ DelFile.B (imposible eliminar)
Buenos días GullermoTell

Antetodo, muchas gracias por responder

He realizado todos los pasos y ahora, te pego todos los reports

SDFix


SDFix: Version 1.117

Run by DIRECCION on 07/04/2008 at 11:46

Microsoft Windows XP [Versi¢n 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found





Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-07 11:51:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Suk44]
"Type"=dword:00000001
"Tag"=dword:00000001
"Group"="System Reserved\0Boot Bus Extender\0System Bus Extender\0SCSI miniport\0Port\0Primary Disk\0SCSI Class\0SCSI CDROM Class\0FSFilter Infrastructure\0FSFilter System\0FSFilter Bottom\0FSFilter Copy Protection\0FSFilter Security Enhancer\0FSFilter Open File\0FSFilter Physical Quota Management\0FSFilter Encryption\0FSFilter Compression\0FSFilter HSM\0FSFilter Cluster File System\0FSFilter System Recovery\0FSFilter Quota Management\0FSFilter Content Screener\0FSFilter Continuous Backup\0FSFilter Replication\0FSFilter Anti-Virus\0FSFilter Undelete\0FSFilter Activity Monitor\0FSFilter Top\0Filter\0Boot File System\0Base\0Pointer Port\0Keyboard Port\0Pointer Class\0Keyboard Class\0Video Init\0Video\0Video Save\0File System\0Event Log\0Streams Drivers\0NDIS Wrapper\0COM Infrastructure\0UIGroup\0LocalValidation\0PlugPlay \0PNP_TDI\0NDIS\0TDI\0NetBIOSGroup\0ShellSvcGroup\ 0SchedulerGroup\0SpoolerGroup\0AudioGroup\0SmartCa rdGroup\0NetworkProvider\0RemoteValidation\0NetDDE Group\0Parallel arbitrator\0Extended Base\0PCI Configuration\0"
"ErrorControl"=dword:00000001
"Start"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\ztx86]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000000
"ImagePath"=str(2):"\??\C:\WINDOWS\System32\ztx86. sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\ztx86\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00 ,14,00,00,00,30,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\S uk44]
"Type"=dword:00000001
"Tag"=dword:00000001
"Group"="System Reserved\0Boot Bus Extender\0System Bus Extender\0SCSI miniport\0Port\0Primary Disk\0SCSI Class\0SCSI CDROM Class\0FSFilter Infrastructure\0FSFilter System\0FSFilter Bottom\0FSFilter Copy Protection\0FSFilter Security Enhancer\0FSFilter Open File\0FSFilter Physical Quota Management\0FSFilter Encryption\0FSFilter Compression\0FSFilter HSM\0FSFilter Cluster File System\0FSFilter System Recovery\0FSFilter Quota Management\0FSFilter Content Screener\0FSFilter Continuous Backup\0FSFilter Replication\0FSFilter Anti-Virus\0FSFilter Undelete\0FSFilter Activity Monitor\0FSFilter Top\0Filter\0Boot File System\0Base\0Pointer Port\0Keyboard Port\0Pointer Class\0Keyboard Class\0Video Init\0Video\0Video Save\0File System\0Event Log\0Streams Drivers\0NDIS Wrapper\0COM Infrastructure\0UIGroup\0LocalValidation\0PlugPlay \0PNP_TDI\0NDIS\0TDI\0NetBIOSGroup\0ShellSvcGroup\ 0SchedulerGroup\0SpoolerGroup\0AudioGroup\0SmartCa rdGroup\0NetworkProvider\0RemoteValidation\0NetDDE Group\0Parallel arbitrator\0Extended Base\0PCI Configuration\0"
"ErrorControl"=dword:00000001
"Start"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\z tx86]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000000
"ImagePath"=str(2):"\??\C:\WINDOWS\System32\ztx86. sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\z tx86\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00 ,14,00,00,00,30,00,00,00,02,..

scanning hidden registry entries ...

scanning hidden files ...

C:\WINDOWS\system32\drivers\Suk44.sys 167936 bytes executable

scan completed successfully
hidden processes: 0
hidden services: 1
hidden files: 1


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Archivos de programa\\Panda Software\\Panda Administrator 3\\Pav_Agent\\Pagent.exe"="C:\\Archivos de programa\\Panda Software\\Panda Administrator 3\\Pav_Agent\\Pagent.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Archivos de programa\\Panda Software\\Panda Administrator 3\\Pav_Agent\\Pagent.exe"="C:\\Archivos de programa\\Panda Software\\Panda Administrator 3\\Pav_Agent\\Pagent.exe"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS \\system32\\rundll32.exe:*:Disabled:Ejecutar un archivo DLL como una aplicaci¢n"

Remaining Files:
---------------


Files with Hidden Attributes:

Fri 29 Feb 2008 38,400 ..SHR --- "C:\WINDOWS\system32\1028u.exe"
Fri 29 Feb 2008 22,016 A.SH. --- "C:\WINDOWS\system32\2052q.dll"
Fri 29 Feb 2008 22,016 A.SH. --- "C:\WINDOWS\system32\accwizv.dll"
Fri 29 Feb 2008 16,384 A.SH. --- "C:\WINDOWS\system32\ahuil.dll"
Tue 22 Jan 2008 38,400 ..SHR --- "C:\WINDOWS\system32\ALSndMgrb.exe"

Finished!

Malwarebytes'

Malwarebytes' Anti-Malware 1.10
Versión de la Base de Datos: 598

Tipo de examen : Examen Completo (C:\|E:\|F:\|G:\|)
Objetos examinados: 47120
Tiempo transcurrido: 47 minute(s), 25 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 1
Claves del Registro Infectadas: 1
Valores del Registro Infectados: 5
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 4
Ficheros Infectados: 27

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
C:\WINDOWS\system32\WLCtrl32.dll (Trojan.Agent) -> Unloaded module successfully.

Claves del Registro Infectadas:
HKEY_CLASSES_ROOT\CLSID\E404.e404mgr (Trojan.BHO) -> Quarantined and deleted successfully.

Valores del Registro Infectados:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\htldpldp (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Policies\Explorer\Run\lptllp (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\Run\con (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor\AutoRun (Trojan.Agent) -> Quarantined and deleted successfully.

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
C:\Documents and Settings\ADMINISTRADOR\Datos de programa\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMINISTRADOR\Datos de programa\AdwareAlert\Log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMINISTRADOR\Datos de programa\AdwareAlert\Settings (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Archivos de programa\Helper (Adware.BHO) -> Quarantined and deleted successfully.

Ficheros Infectados:
C:\WINDOWS\Temp\llpllppdtht.drv (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\htlhtpdtld.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllgh8jkd1q2.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\CDE3SB01\sscounts[1].exe (Spyware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\IHSVUDOR\win480[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllgh8jkd1q1.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllgh8jkd1q5.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllgh8jkd1q6.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pgbmlsrqp.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tobqtsfah.nls (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tsrmhcr.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\Temp\7CF28762C38CA0D4.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\AE8AB41F91F72503.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\dtdhtldhlpp.drv (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\plpldp.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMINISTRADOR\Datos de programa\AdwareAlert\Log\2008 Feb 19 - 09_55_14 AM_253.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMINISTRADOR\Datos de programa\AdwareAlert\Log\2008 Feb 19 - 09_55_18 AM_915.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMINISTRADOR\Datos de programa\AdwareAlert\Log\2008 Feb 19 - 09_56_21 AM_345.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMINISTRADOR\Datos de programa\AdwareAlert\Log\2008 Feb 19 - 09_56_25 AM_852.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Archivos de programa\Archivos comunes\System\aux (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\WLCtrl32.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\mrdt.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\m1ax1d121322116143v.exe (Dialer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllgh8jkd1q7.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllgh8jkd1q8.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Datos de programa\Install.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\DIRECCION\Configuración local\Temp\ma11x1ddq121111v.game (Heuristics.Malware) -> Quarantined and deleted successfully.

Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:00:46, on 07/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Archivos de programa\lotus\notes\ntmulti.exe
C:\Archivos de programa\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe
C:\Archivos de programa\Panda Software\Panda Administrator 3\Scheduler\pavsched.exe
C:\Archivos de programa\Panda Software\Panda Administrator 3\Pav_Agent\pagentwd.exe
C:\Archivos de programa\Archivos comunes\Panda Software\PavShld\pavprsrv.exe
C:\Archivos de programa\Panda Software\AVTC\PavSrv51.exe
C:\Archivos de programa\Panda Software\AVTC\PSKMsSvc.exe
C:\Archivos de programa\Panda Software\AVTC\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Panda Software\AVTC\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Panda Software\AVTC\ClShield.exe
C:\Archivos de programa\Panda Software\AVTC\WebProxy.exe
C:\Archivos de programa\Telefónica Móviles\Escritorio movistar\EMMSN.exe
C:\Archivos de programa\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\WINDOWS\System32\igfxpers.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxsrvc.exe
C:\Archivos de programa\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Archivos de programa\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Archivos de programa\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = server-isa:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Gamburg provider - {0CA10898-7F98-4709-A479-B8134AB3D9F3} - bnsock.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Archivos de programa\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\2.0.301.7164 \swg.dll
O3 - Toolbar: PDF de Adobe - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Archivos de programa\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AzMixerSel] C:\Archivos de programa\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Archivos de programa\Panda Software\AVTC\ClShield.exe"
O4 - HKLM\..\Run: [Escritorio movistar] "C:\Archivos de programa\Telefónica Móviles\Escritorio movistar\EMMSN.exe" -systray
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [hdphtl] rundll32.exe "C:\WINDOWS\TEMP\tlddhltd.dll" WLEntryPoint
O4 - HKCU\..\Run: [swg] C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolba rNotifier.exe
O4 - HKLM\..\Policies\Explorer\Run: [pttpppdp] rundll32.exe "C:\WINDOWS\system32\ldpltphtpdt.sys" WLEntryPoint
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tcbcn.com
O17 - HKLM\Software\..\Telephony: DomainName = tcbcn.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{951EE16A-0529-4905-883B-1A7C27FBF6E9}: NameServer = 10.1.1.225,10.1.1.226
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = tcbcn.com
O20 - Winlogon Notify: tsrmhcr - C:\WINDOWS\SYSTEM32\tsrmhcr.dll
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Archivos de programa\lotus\notes\ntmulti.exe
O23 - Service: Panda AdminSecure Communications Agent (PAVAGENTE) - Panda Software - C:\Archivos de programa\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe
O23 - Service: Panda AdminSecure Scheduler (PavAtScheduler) - Panda Software - C:\Archivos de programa\Panda Software\Panda Administrator 3\Scheduler\pavsched.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Archivos de programa\Archivos comunes\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda Antivirus Report Service (PavReport) - Panda Software - C:\Archivos de programa\Panda Software\Panda Administrator 3\PavReport\PavReport.exe
O23 - Service: Panda Antivirus Service (PavSrv) - Panda Software International - C:\Archivos de programa\Panda Software\AVTC\PavSrv51.exe
O23 - Service: Panda AntiSpam Engine (PMShellSrv) - Panda Software International - C:\Archivos de programa\Panda Software\AVTC\PSKMsSvc.exe
O23 - Service: Servicios IPSEC PolicyAgentRemoteRegistry (PolicyAgentRemoteRegistry) - Unknown owner - C:\WINDOWS\System32\ALSndMgrb.exe
O23 - Service: Panda IManager Service (PsImSvc) - Panda Software International - C:\Archivos de programa\Panda Software\AVTC\PsImSvc.exe
O23 - Service: Administrador de conexión automática de acceso remoto RasAutoRpcLocator (RasAutoRpcLocator) - Unknown owner - C:\WINDOWS\system32\1028u.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Archivos de programa\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 7616 bytes


Por ahora, el virus no ha vuelto a salir pero te agradecería si el log y todo lo demás está correcto y así quedarme tranquilo y seguro jaja

Saludos!