ROOTKIT NO SE ELIMINA (ayuda)

Hola a todos espero me puedan ayudar ya que tengo un molesto ROOTKIT que no puedo eliminar, he analizado la computadora en modo seguro con el MALWARE BITES,SPY BOT SEARCH AND DESTROY,KASPERSKY REMOVAL VIRUS,AVG 8.5 INTERNET SECURITY EN MODO SEGURO, Y EL AVG ME DETECTO LO SIGUIENTE:



Despues de terminar el analisis le doy eliminar infecciones no reparadas y me pide que reinicie el sistema para eliminar totalmente dichos archivos lo hago y al reiniciar el sistema realizo de nuevo el analisis me salen de nuevo 2 objetos de la misma carpeta pero con diferente nombre, en resumidas palabras cada ves que hago el proceso de eliminarlos me vuelven a aparecer esos 2 objetos siempre con la terminacion.SYS pero con otro nombre siempre en la misma carpeta, ya los intente eliminar manualmente y no aparecen ni usando la opcioN de mostrar archivos y carpetas ocultos, les agradeceria que por favor me pudieran ayudar con este problema,vi que en la pagina oficial tienen anti ROOTKITS pero no se por cual empezar...

Agradecere mucho su apoyo y su pronta respuesta


Malwarebytes Anti-Malware (Versión de Prueba) 1.60.0.1800
www.malwarebytes.org

Versión de la Base de Datos: v2012.01.13.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19048
WinXP :: WINXP1 [administrador]

Protección: Habilitado

14/01/2012 01:58:35 a.m.
mbam-log-2012-01-14 (01-58-35).txt

Tipos de Análisis: Análisis Rápido
Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opciones de análisis desactivados: P2P
Objetos examinados: 171915
Tiempo transcurrido: 13 minuto(s), 44 segundo(s)

Procesos en Memoria Detectados: 0
(No se han detectado elementos maliciosos)

Módulos de Memoria Detectados: 0
(No se han detectado elementos maliciosos)

Claves del Registro Detectados: 0
(No se han detectado elementos maliciosos)

Valores del Registro Detectados: 0
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Detectados: 0
(No se han detectado elementos maliciosos)

Carpetas Detectadas: 0
(No se han detectado elementos maliciosos)

Archivos Detectados: 0
(No se han detectado elementos maliciosos)

fin)

Buenas


Realiza lo siguiente.


1.-Descargá TDSSKiller a Tu escritorio.


Desconectá Tu ordenador de Internet (Desenchufá el cable).


Ejecutá TDSSKiller tal cual lo indica Su manual.


Cuando la Herramienta termine Su trabajo, Reiniciá el ordenador y conectate nuevamente a Internet.


2.-Descarga la herramienta ComboFix.exe y guárdala en el escritorio.

• Desactiva temporalmente el Antivirus y/o Antispyware.
• Cierra todas las ventanas abiertas.
• Hacele doble clic al archivo ComboFix.exe y seguí las instrucciones.Importante instalar Recovery Console.
• Cuando termine, generara un registro en C:\ComboFix.txt.
  • *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
  • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.

• Reinicia y pega el reporte de C:\ComboFix.txt en este mismo mensaje.Comentando como esta funcionado tu sistema.

Volves con su reporte y Nos comentas como sigue el ordenador ahora.


Saludos

Referente el Recovery console lo debo instalar antes o despues de usar el combofix? ya que no sirve mi lector de CD/DVD tendria algun problema ? te agradeceria si me podrias enseñar un minitutorial un poco mas especifico si te lo pido es por que no quiero cagarla.


Muchas Gracias

Buenas.


Se instala sola con Combofix!


Salu2.

Buenos dias y disculpa la demora pues por el trabajo no habia podido realizar lo que me pediste,pero aca tienes el informe del TDS KILLER.






00:02:52.0762 4088 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
00:02:52.0809 4088 ================================================== ==========
00:02:52.0809 4088 Current date / time: 2012/02/04 00:02:52.0809
00:02:52.0809 4088 SystemInfo:
00:02:52.0809 4088
00:02:52.0809 4088 OS Version: 6.0.6002 ServicePack: 2.0
00:02:52.0809 4088 Product type: Workstation
00:02:52.0809 4088 ComputerName: WINXP1
00:02:52.0809 4088 UserName: WinXP
00:02:52.0809 4088 Windows directory: C:\Windows
00:02:52.0809 4088 System windows directory: C:\Windows
00:02:52.0809 4088 Processor architecture: Intel x86
00:02:52.0809 4088 Number of processors: 2
00:02:52.0809 4088 Page size: 0x1000
00:02:52.0809 4088 Boot type: Normal boot
00:02:52.0809 4088 ================================================== ==========
00:02:56.0132 4088 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
00:02:56.0132 4088 \Device\Harddisk0\DR0:
00:02:56.0132 4088 MBR used
00:02:56.0132 4088 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x133E2A9
00:02:56.0132 4088 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x133E2E8, BlocksNum 0x116DB3C8
00:02:56.0616 4088 Initialize success
00:02:56.0616 4088 ================================================== ==========
00:03:00.0547 1584 ================================================== ==========
00:03:00.0547 1584 Scan started
00:03:00.0547 1584 Mode: Manual;
00:03:00.0547 1584 ================================================== ==========
00:03:01.0249 1584 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
00:03:01.0249 1584 ACPI - ok
00:03:01.0389 1584 adfs (73685e15ef8b0bd9c30f1af413f13d49) C:\Windows\system32\drivers\adfs.sys
00:03:01.0389 1584 adfs - ok
00:03:01.0998 1584 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
00:03:02.0076 1584 adp94xx - ok
00:03:02.0232 1584 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
00:03:02.0263 1584 adpahci - ok
00:03:02.0746 1584 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
00:03:02.0778 1584 adpu160m - ok
00:03:02.0949 1584 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
00:03:02.0965 1584 adpu320 - ok
00:03:03.0168 1584 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
00:03:03.0339 1584 AFD - ok
00:03:03.0885 1584 AgereSoftModem (a19871ae65a769c65034b4dc44c29023) C:\Windows\system32\DRIVERS\AGRSM.sys
00:03:03.0994 1584 AgereSoftModem - ok
00:03:04.0260 1584 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
00:03:04.0260 1584 agp440 - ok
00:03:04.0462 1584 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
00:03:04.0478 1584 aic78xx - ok
00:03:04.0618 1584 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
00:03:04.0618 1584 aliide - ok
00:03:04.0837 1584 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
00:03:04.0852 1584 amdagp - ok
00:03:05.0008 1584 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
00:03:05.0024 1584 amdide - ok
00:03:05.0133 1584 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
00:03:05.0149 1584 AmdK7 - ok
00:03:05.0180 1584 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
00:03:05.0196 1584 AmdK8 - ok
00:03:05.0242 1584 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
00:03:05.0258 1584 arc - ok
00:03:05.0289 1584 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
00:03:05.0305 1584 arcsas - ok
00:03:05.0336 1584 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
00:03:05.0352 1584 AsyncMac - ok
00:03:05.0398 1584 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
00:03:05.0398 1584 atapi - ok
00:03:05.0508 1584 AVG Anti-Rootkit (e8054a423e5d2bdae6062bab6da159c4) C:\Windows\system32\DRIVERS\avgarkt.sys
00:03:05.0508 1584 AVG Anti-Rootkit - ok
00:03:05.0679 1584 AvgArCln (ec08d1625f5c6cf2a57b79eb35186f8c) C:\Windows\system32\DRIVERS\AvgArCln.sys
00:03:05.0679 1584 AvgArCln - ok
00:03:05.0944 1584 Avgfwfd (f2457d67439bdfb326c1d09a5c389d8b) C:\Windows\system32\DRIVERS\avgfwd6x.sys
00:03:05.0960 1584 Avgfwfd - ok
00:03:06.0116 1584 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\Windows\System32\Drivers\avgldx86.sys
00:03:06.0132 1584 AvgLdx86 - ok
00:03:06.0397 1584 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\Windows\System32\Drivers\avgmfx86.sys
00:03:06.0412 1584 AvgMfx86 - ok
00:03:06.0553 1584 AvgRkx86 (94a16f829b1456237b7f929198ce2807) C:\Windows\system32\Drivers\avgrkx86.sys
00:03:06.0568 1584 AvgRkx86 - ok
00:03:06.0678 1584 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\Windows\System32\Drivers\avgtdix.sys
00:03:06.0693 1584 AvgTdiX - ok
00:03:06.0756 1584 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
00:03:06.0771 1584 Beep - ok
00:03:06.0787 1584 blbdrive - ok
00:03:07.0052 1584 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
00:03:07.0052 1584 bowser - ok
00:03:07.0146 1584 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
00:03:07.0161 1584 BrFiltLo - ok
00:03:07.0177 1584 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
00:03:07.0192 1584 BrFiltUp - ok
00:03:07.0286 1584 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
00:03:07.0302 1584 Brserid - ok
00:03:07.0364 1584 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
00:03:07.0380 1584 BrSerWdm - ok
00:03:07.0395 1584 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
00:03:07.0411 1584 BrUsbMdm - ok
00:03:07.0458 1584 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
00:03:07.0473 1584 BrUsbSer - ok
00:03:07.0504 1584 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
00:03:07.0504 1584 BTHMODEM - ok
00:03:07.0551 1584 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
00:03:07.0551 1584 cdfs - ok
00:03:07.0629 1584 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
00:03:07.0645 1584 cdrom - ok
00:03:07.0816 1584 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
00:03:07.0832 1584 circlass - ok
00:03:07.0988 1584 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
00:03:07.0988 1584 CLFS - ok
00:03:08.0113 1584 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
00:03:08.0128 1584 CmBatt - ok
00:03:08.0191 1584 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
00:03:08.0191 1584 cmdide - ok
00:03:08.0253 1584 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
00:03:08.0253 1584 Compbatt - ok
00:03:08.0269 1584 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
00:03:08.0269 1584 crcdisk - ok
00:03:08.0300 1584 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
00:03:08.0316 1584 Crusoe - ok
00:03:08.0378 1584 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
00:03:08.0394 1584 DfsC - ok
00:03:08.0487 1584 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
00:03:08.0503 1584 disk - ok
00:03:08.0581 1584 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
00:03:08.0581 1584 drmkaud - ok
00:03:08.0690 1584 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
00:03:08.0690 1584 DXGKrnl - ok
00:03:08.0908 1584 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
00:03:08.0924 1584 E1G60 - ok
00:03:09.0049 1584 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
00:03:09.0064 1584 Ecache - ok
00:03:09.0189 1584 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
00:03:09.0220 1584 elxstor - ok
00:03:09.0345 1584 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
00:03:09.0361 1584 exfat - ok
00:03:09.0423 1584 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
00:03:09.0439 1584 fastfat - ok
00:03:09.0517 1584 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
00:03:09.0532 1584 fdc - ok
00:03:09.0579 1584 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
00:03:09.0595 1584 FileInfo - ok
00:03:09.0626 1584 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
00:03:09.0626 1584 Filetrace - ok
00:03:09.0657 1584 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
00:03:09.0673 1584 flpydisk - ok
00:03:09.0720 1584 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
00:03:09.0720 1584 FltMgr - ok
00:03:09.0813 1584 fssfltr (491e9d9a26a745f6ae7d570849f4bd87) C:\Windows\system32\DRIVERS\fssfltr.sys
00:03:09.0829 1584 fssfltr - ok
00:03:09.0907 1584 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
00:03:09.0922 1584 Fs_Rec - ok
00:03:10.0016 1584 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
00:03:10.0047 1584 gagp30kx - ok
00:03:10.0125 1584 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
00:03:10.0141 1584 HdAudAddService - ok
00:03:10.0312 1584 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
00:03:10.0312 1584 HDAudBus - ok
00:03:10.0359 1584 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
00:03:10.0375 1584 HidBth - ok
00:03:10.0406 1584 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
00:03:10.0406 1584 HidIr - ok
00:03:10.0484 1584 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
00:03:10.0500 1584 HidUsb - ok
00:03:10.0546 1584 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
00:03:10.0562 1584 HpCISSs - ok
00:03:10.0609 1584 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
00:03:10.0609 1584 HTTP - ok
00:03:10.0656 1584 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
00:03:10.0656 1584 i2omp - ok
00:03:10.0702 1584 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
00:03:10.0718 1584 i8042prt - ok
00:03:10.0796 1584 ialm (8318e04a6455ced1020bcc5039b62cfa) C:\Windows\system32\DRIVERS\ialmnt5.sys
00:03:10.0890 1584 ialm - ok
00:03:10.0968 1584 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\DRIVERS\iaStor.sys
00:03:10.0968 1584 iaStor - ok
00:03:10.0999 1584 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
00:03:11.0061 1584 iaStorV - ok
00:03:11.0186 1584 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
00:03:11.0404 1584 igfx - ok
00:03:11.0451 1584 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
00:03:11.0467 1584 iirsp - ok
00:03:11.0638 1584 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
00:03:11.0638 1584 intelide - ok
00:03:11.0701 1584 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
00:03:11.0701 1584 intelppm - ok
00:03:11.0748 1584 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:03:11.0763 1584 IpFilterDriver - ok
00:03:11.0779 1584 IpInIp - ok
00:03:11.0857 1584 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
00:03:11.0872 1584 IPMIDRV - ok
00:03:11.0919 1584 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
00:03:11.0935 1584 IPNAT - ok
00:03:12.0013 1584 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
00:03:12.0028 1584 IRENUM - ok
00:03:12.0044 1584 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
00:03:12.0060 1584 isapnp - ok
00:03:12.0216 1584 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
00:03:12.0216 1584 iScsiPrt - ok
00:03:12.0278 1584 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
00:03:12.0294 1584 iteatapi - ok
00:03:12.0309 1584 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
00:03:12.0325 1584 iteraid - ok
00:03:12.0543 1584 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
00:03:12.0543 1584 kbdclass - ok
00:03:12.0590 1584 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
00:03:12.0606 1584 kbdhid - ok
00:03:12.0684 1584 kl1 (514e8fcc961241c6cf002f3a1e05de94) C:\Windows\system32\DRIVERS\kl1.sys
00:03:12.0699 1584 kl1 - ok
00:03:12.0762 1584 KMWDFILTER (566c5fd480fdbce3ba5cf9fbcffaea9a) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
00:03:12.0777 1584 KMWDFILTER - ok
00:03:12.0840 1584 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
00:03:12.0902 1584 KSecDD - ok
00:03:12.0964 1584 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
00:03:12.0964 1584 lltdio - ok
00:03:13.0027 1584 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
00:03:13.0042 1584 LSI_FC - ok
00:03:13.0105 1584 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
00:03:13.0120 1584 LSI_SAS - ok
00:03:13.0167 1584 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
00:03:13.0167 1584 LSI_SCSI - ok
00:03:13.0230 1584 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
00:03:13.0230 1584 luafv - ok
00:03:13.0276 1584 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
00:03:13.0292 1584 MBAMProtector - ok
00:03:13.0354 1584 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
00:03:13.0370 1584 megasas - ok
00:03:13.0401 1584 MEMSWEEP2 - ok
00:03:13.0464 1584 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
00:03:13.0464 1584 Modem - ok
00:03:13.0510 1584 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
00:03:13.0510 1584 monitor - ok
00:03:13.0588 1584 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
00:03:13.0604 1584 mouclass - ok
00:03:13.0651 1584 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
00:03:13.0651 1584 mouhid - ok
00:03:13.0744 1584 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
00:03:13.0744 1584 MountMgr - ok
00:03:13.0807 1584 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
00:03:13.0822 1584 mpio - ok
00:03:13.0994 1584 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
00:03:13.0994 1584 mpsdrv - ok
00:03:14.0041 1584 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
00:03:14.0056 1584 Mraid35x - ok
00:03:14.0134 1584 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
00:03:14.0150 1584 MRxDAV - ok
00:03:14.0212 1584 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:03:14.0212 1584 mrxsmb - ok
00:03:15.0086 1584 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:03:15.0086 1584 mrxsmb10 - ok
00:03:15.0211 1584 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:03:15.0211 1584 mrxsmb20 - ok
00:03:16.0147 1584 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
00:03:16.0162 1584 msahci - ok
00:03:16.0209 1584 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
00:03:16.0209 1584 msdsm - ok
00:03:16.0428 1584 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
00:03:16.0428 1584 Msfs - ok
00:03:16.0708 1584 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
00:03:16.0708 1584 msisadrv - ok
00:03:17.0067 1584 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
00:03:17.0083 1584 MSKSSRV - ok
00:03:17.0192 1584 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
00:03:17.0208 1584 MSPCLOCK - ok
00:03:17.0270 1584 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
00:03:17.0286 1584 MSPQM - ok
00:03:17.0473 1584 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
00:03:17.0504 1584 MsRPC - ok
00:03:17.0894 1584 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
00:03:17.0894 1584 mssmbios - ok
00:03:18.0175 1584 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
00:03:18.0175 1584 MSTEE - ok
00:03:18.0284 1584 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
00:03:18.0300 1584 Mup - ok
00:03:18.0362 1584 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
00:03:18.0362 1584 NativeWifiP - ok
00:03:18.0440 1584 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
00:03:18.0456 1584 NDIS - ok
00:03:18.0502 1584 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
00:03:18.0502 1584 NdisTapi - ok
00:03:18.0565 1584 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
00:03:18.0565 1584 Ndisuio - ok
00:03:18.0674 1584 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
00:03:18.0690 1584 NdisWan - ok
00:03:18.0721 1584 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
00:03:18.0736 1584 NDProxy - ok
00:03:18.0783 1584 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
00:03:18.0783 1584 NetBIOS - ok
00:03:18.0830 1584 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
00:03:18.0846 1584 netbt - ok
00:03:19.0111 1584 NETw2v32 (6e9edc1020b319e7676387b8cdf2398c) C:\Windows\system32\DRIVERS\NETw2v32.sys
00:03:19.0407 1584 NETw2v32 - ok
00:03:19.0548 1584 NETw3v32 (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys
00:03:19.0657 1584 NETw3v32 - ok
00:03:19.0782 1584 NETw4v32 (38d720e0c8b0ecb9a019980265679798) C:\Windows\system32\DRIVERS\NETw4v32.sys
00:03:19.0922 1584 NETw4v32 - ok
00:03:20.0203 1584 NETw5v32 (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\NETw5v32.sys
00:03:20.0406 1584 NETw5v32 - ok
00:03:20.0515 1584 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
00:03:20.0530 1584 nfrd960 - ok
00:03:20.0624 1584 Nokia USB Generic - ok
00:03:20.0640 1584 Nokia USB Modem - ok
00:03:20.0655 1584 Nokia USB Phone Parent - ok
00:03:20.0671 1584 Nokia USB Port - ok
00:03:20.0764 1584 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
00:03:20.0780 1584 Npfs - ok
00:03:20.0811 1584 NPPTNT2 (9131fe60adfab595c8da53ad6a06aa31) C:\Windows\system32\npptNT2.sys
00:03:20.0827 1584 NPPTNT2 - ok
00:03:20.0874 1584 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
00:03:20.0889 1584 nsiproxy - ok
00:03:20.0967 1584 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
00:03:21.0045 1584 Ntfs - ok
00:03:21.0076 1584 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
00:03:21.0092 1584 ntrigdigi - ok
00:03:21.0123 1584 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
00:03:21.0123 1584 Null - ok
00:03:21.0154 1584 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
00:03:21.0170 1584 nvraid - ok
00:03:21.0217 1584 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
00:03:21.0232 1584 nvstor - ok
00:03:21.0342 1584 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
00:03:21.0357 1584 nv_agp - ok
00:03:21.0373 1584 NwlnkFlt - ok
00:03:21.0388 1584 NwlnkFwd - ok
00:03:21.0420 1584 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
00:03:21.0451 1584 ohci1394 - ok
00:03:21.0498 1584 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
00:03:21.0498 1584 Parport - ok
00:03:21.0622 1584 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
00:03:21.0638 1584 partmgr - ok
00:03:21.0747 1584 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
00:03:21.0747 1584 Parvdm - ok
00:03:21.0841 1584 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\Windows\system32\drivers\pavboot.sys
00:03:21.0856 1584 pavboot - ok
00:03:21.0966 1584 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
00:03:21.0981 1584 pci - ok
00:03:22.0137 1584 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
00:03:22.0153 1584 pciide - ok
00:03:22.0200 1584 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys
00:03:22.0215 1584 pcmcia - ok
00:03:22.0309 1584 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
00:03:22.0309 1584 PEAUTH - ok
00:03:22.0418 1584 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
00:03:22.0418 1584 PptpMiniport - ok
00:03:22.0512 1584 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
00:03:22.0527 1584 Processor - ok
00:03:22.0605 1584 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
00:03:22.0605 1584 PSched - ok
00:03:22.0668 1584 PxHelp20 (f7bb4e7a7c02ab4a2672937e124e306e) C:\Windows\system32\Drivers\PxHelp20.sys
00:03:22.0683 1584 PxHelp20 - ok
00:03:22.0995 1584 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
00:03:23.0011 1584 ql2300 - ok
00:03:23.0104 1584 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
00:03:23.0120 1584 ql40xx - ok
00:03:23.0245 1584 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
00:03:23.0260 1584 QWAVEdrv - ok
00:03:23.0323 1584 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
00:03:23.0323 1584 RasAcd - ok
00:03:23.0401 1584 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:03:23.0401 1584 Rasl2tp - ok
00:03:23.0479 1584 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
00:03:23.0541 1584 RasPppoe - ok
00:03:23.0619 1584 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
00:03:23.0635 1584 RasSstp - ok
00:03:23.0682 1584 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
00:03:23.0697 1584 rdbss - ok
00:03:23.0775 1584 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:03:23.0791 1584 RDPCDD - ok
00:03:23.0869 1584 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
00:03:23.0900 1584 rdpdr - ok
00:03:23.0931 1584 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
00:03:23.0931 1584 RDPENCDD - ok
00:03:24.0087 1584 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
00:03:24.0103 1584 RDPWD - ok
00:03:24.0212 1584 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
00:03:24.0212 1584 rspndr - ok
00:03:24.0259 1584 RTL8169 (904fd29ec1ff2709099ae2cd1c09a913) C:\Windows\system32\DRIVERS\Rtlh86.sys
00:03:24.0274 1584 RTL8169 - ok
00:03:24.0415 1584 RTSTOR (d1fb9a678bd6c2b1129fcb09d5feb6dd) C:\Windows\system32\drivers\RTSTOR.SYS
00:03:24.0430 1584 RTSTOR - ok
00:03:24.0649 1584 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
00:03:24.0664 1584 sbp2port - ok
00:03:24.0914 1584 sdbus (4339a2585708c7d9b0c0ce5aad3dd6ff) C:\Windows\system32\DRIVERS\sdbus.sys
00:03:24.0930 1584 sdbus - ok
00:03:25.0039 1584 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
00:03:25.0039 1584 secdrv - ok
00:03:25.0226 1584 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
00:03:25.0242 1584 Serenum - ok
00:03:25.0507 1584 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
00:03:25.0522 1584 Serial - ok
00:03:25.0616 1584 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
00:03:25.0632 1584 sermouse - ok
00:03:25.0756 1584 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
00:03:25.0772 1584 sffdisk - ok
00:03:25.0819 1584 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
00:03:25.0834 1584 sffp_mmc - ok
00:03:25.0897 1584 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
00:03:25.0912 1584 sffp_sd - ok
00:03:25.0928 1584 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
00:03:25.0944 1584 sfloppy - ok
00:03:25.0990 1584 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
00:03:26.0006 1584 sisagp - ok
00:03:26.0084 1584 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
00:03:26.0084 1584 SiSRaid2 - ok
00:03:26.0131 1584 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
00:03:26.0146 1584 SiSRaid4 - ok
00:03:26.0209 1584 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
00:03:26.0224 1584 Smb - ok
00:03:26.0302 1584 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
00:03:26.0302 1584 spldr - ok
00:03:26.0443 1584 sptd (f42efefb765235f24b24e1d2b6f99f46) C:\Windows\System32\Drivers\sptd.sys
00:03:26.0443 1584 Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: f42efefb765235f24b24e1d2b6f99f46
00:03:26.0458 1584 sptd ( LockedFile.Multi.Generic ) - warning
00:03:26.0458 1584 sptd - detected LockedFile.Multi.Generic (1)
00:03:26.0521 1584 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
00:03:26.0521 1584 srv - ok
00:03:26.0552 1584 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
00:03:26.0552 1584 srv2 - ok
00:03:26.0583 1584 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
00:03:26.0583 1584 srvnet - ok
00:03:26.0661 1584 StarOpen (306521935042fc0a6988d528643619b3) C:\Windows\system32\drivers\StarOpen.sys
00:03:26.0677 1584 StarOpen - ok
00:03:26.0739 1584 STHDA (513f70b6a184fe3765f679c5c64ea9e5) C:\Windows\system32\drivers\stwrt.sys
00:03:26.0755 1584 STHDA - ok
00:03:26.0973 1584 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
00:03:26.0989 1584 StillCam - ok
00:03:27.0020 1584 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
00:03:27.0036 1584 swenum - ok
00:03:27.0082 1584 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
00:03:27.0082 1584 Symc8xx - ok
00:03:27.0129 1584 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
00:03:27.0145 1584 Sym_hi - ok
00:03:27.0254 1584 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
00:03:27.0270 1584 Sym_u3 - ok
00:03:27.0316 1584 SynTP (21470bf105b96ded47e99e1ee7495e8f) C:\Windows\system32\DRIVERS\SynTP.sys
00:03:27.0332 1584 SynTP - ok
00:03:27.0457 1584 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
00:03:27.0472 1584 Tcpip - ok
00:03:27.0644 1584 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
00:03:27.0660 1584 Tcpip6 - ok
00:03:28.0315 1584 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
00:03:28.0315 1584 tcpipreg - ok
00:03:29.0329 1584 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
00:03:29.0344 1584 TDPIPE - ok
00:03:29.0391 1584 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
00:03:29.0407 1584 TDTCP - ok
00:03:29.0703 1584 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
00:03:29.0719 1584 tdx - ok
00:03:30.0156 1584 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
00:03:30.0171 1584 TermDD - ok
00:03:30.0374 1584 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:03:30.0374 1584 tssecsrv - ok
00:03:30.0483 1584 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys
00:03:30.0483 1584 TuneUpUtilitiesDrv - ok
00:03:30.0655 1584 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
00:03:30.0655 1584 tunmp - ok
00:03:30.0717 1584 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
00:03:30.0733 1584 tunnel - ok
00:03:30.0780 1584 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
00:03:30.0795 1584 uagp35 - ok
00:03:31.0357 1584 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
00:03:31.0372 1584 udfs - ok
00:03:31.0466 1584 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
00:03:31.0482 1584 uliagpkx - ok
00:03:31.0700 1584 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
00:03:31.0716 1584 uliahci - ok
00:03:31.0887 1584 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
00:03:31.0903 1584 UlSata - ok
00:03:32.0152 1584 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
00:03:32.0168 1584 ulsata2 - ok
00:03:32.0308 1584 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
00:03:32.0324 1584 umbus - ok
00:03:32.0386 1584 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
00:03:32.0402 1584 usbaudio - ok
00:03:32.0449 1584 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
00:03:32.0464 1584 usbccgp - ok
00:03:33.0010 1584 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
00:03:33.0026 1584 usbcir - ok
00:03:33.0369 1584 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
00:03:33.0385 1584 usbehci - ok
00:03:33.0619 1584 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
00:03:33.0634 1584 usbhub - ok
00:03:33.0728 1584 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
00:03:33.0728 1584 usbohci - ok
00:03:33.0775 1584 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
00:03:33.0775 1584 usbprint - ok
00:03:33.0837 1584 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:03:33.0853 1584 USBSTOR - ok
00:03:33.0884 1584 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
00:03:33.0900 1584 usbuhci - ok
00:03:34.0056 1584 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
00:03:34.0071 1584 usbvideo - ok
00:03:34.0321 1584 UVCFTR (7b8424bbaafbc127c8f55ad6007d6d6b) C:\Windows\system32\Drivers\UVCFTR_S.SYS
00:03:34.0336 1584 UVCFTR - ok
00:03:34.0446 1584 vcdrom - ok
00:03:34.0820 1584 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
00:03:34.0836 1584 vga - ok
00:03:34.0960 1584 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
00:03:34.0976 1584 VgaSave - ok
00:03:35.0085 1584 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
00:03:35.0101 1584 viaagp - ok
00:03:35.0132 1584 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
00:03:35.0148 1584 ViaC7 - ok
00:03:35.0179 1584 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
00:03:35.0194 1584 viaide - ok
00:03:35.0241 1584 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
00:03:35.0241 1584 volmgr - ok
00:03:35.0319 1584 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
00:03:35.0382 1584 volmgrx - ok
00:03:35.0428 1584 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
00:03:35.0460 1584 volsnap - ok
00:03:35.0491 1584 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
00:03:35.0506 1584 vsmraid - ok
00:03:35.0600 1584 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
00:03:35.0600 1584 WacomPen - ok
00:03:35.0678 1584 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
00:03:35.0694 1584 Wanarp - ok
00:03:35.0694 1584 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
00:03:35.0694 1584 Wanarpv6 - ok
00:03:35.0818 1584 WCMVCAM (ee8a9734b448836b0127c76066119e9c) C:\Windows\system32\DRIVERS\wcmvcam.sys
00:03:35.0850 1584 WCMVCAM - ok
00:03:35.0912 1584 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
00:03:35.0912 1584 Wd - ok
00:03:35.0974 1584 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
00:03:35.0990 1584 Wdf01000 - ok
00:03:36.0162 1584 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
00:03:36.0162 1584 WmiAcpi - ok
00:03:36.0427 1584 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
00:03:36.0442 1584 WpdUsb - ok
00:03:36.0614 1584 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
00:03:36.0630 1584 ws2ifsl - ok
00:03:36.0832 1584 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:03:36.0848 1584 WUDFRd - ok
00:03:36.0895 1584 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
00:03:36.0910 1584 yukonwlh - ok
00:03:36.0942 1584 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
00:03:37.0082 1584 \Device\Harddisk0\DR0 - ok
00:03:37.0082 1584 Boot (0x1200) (2338f23fcb74e1d8cc5ebb9502f50823) \Device\Harddisk0\DR0\Partition0
00:03:37.0082 1584 \Device\Harddisk0\DR0\Partition0 - ok
00:03:37.0082 1584 Boot (0x1200) (6ac59d70161f5349500c48b4d5e5fcf1) \Device\Harddisk0\DR0\Partition1
00:03:37.0082 1584 \Device\Harddisk0\DR0\Partition1 - ok
00:03:37.0098 1584 ================================================== ==========
00:03:37.0098 1584 Scan finished
00:03:37.0098 1584 ================================================== ==========
00:03:37.0098 1532 Detected object count: 1
00:03:37.0098 1532 Actual detected object count: 1
00:05:02.0788 1532 sptd ( LockedFile.Multi.Generic ) - skipped by user
00:05:02.0788 1532 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
00:06:19.0634 4072 Deinitialize success



Este es el del combo fix hice lo que me dijiste al pie de la letra
ComboFix 12-02-02.02 - WinXP 04/02/2012 0:24.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.52.3082.18.2038.1031 [GMT -6:00]
Running from: c:\users\WinXP\Desktop\ComboFix.exe
AV: AVG Internet Security *Enabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
FW: AVG Firewall *Enabled* {34A811A1-D438-CA83-C13E-A23981B1E8F9}
SP: AVG Internet Security *Enabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\WinXP\AppData\Roaming\Microsoft\Windows\R ecent\Comfy Cakes.pif
c:\windows\iun6002.exe
c:\windows\system32\shsvcs.dll.vgorg
c:\windows\system32\themeui.dll.vgorg
c:\windows\system32\uxtB221.tmp
c:\windows\system32\uxtheme.dll.vgorg
.
.
((((((((((((((((((((((((( Files Created from 2012-01-04 to 2012-02-04 )))))))))))))))))))))))))))))))
.
.
2012-02-04 06:34 . 2012-02-04 06:34 -------- d-----w- c:\users\WinXP\AppData\Local\temp
2012-02-04 06:34 . 2012-02-04 06:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-30 19:44 . 2012-01-30 19:44 -------- d-----w- C:\found.000
2012-01-14 09:21 . 2007-01-18 12:00 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
2012-01-14 06:52 . 2012-01-14 06:52 -------- d-----w- c:\program files\Sophos
2012-01-14 06:46 . 2012-01-14 06:46 93056 ----a-w- C:\uwldqpog.sys
2012-01-14 04:41 . 2009-06-30 16:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2012-01-13 10:06 . 2012-01-13 10:06 -------- d-----w- c:\programdata\Kaspersky Lab
2012-01-13 09:19 . 2012-01-13 09:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-13 09:19 . 2011-12-10 21:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-13 06:57 . 2012-01-13 21:24 -------- d-----w- c:\program files\Spybot - Search & Destroy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2012-01-31 19:57 . 2011-06-21 02:24 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-08 19:59 . 2008-07-09 21:15 5642 --sha-w- c:\programdata\KGyGaAvL.sys
2011-12-02 07:09 . 2011-03-21 19:49 428088 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-11-10 11:54 . 2011-09-05 22:04 472808 ----a-w- c:\windows\system32\deployJava1.dll
2008-06-18 21:23 . 2008-06-18 21:24 774144 ----a-w- c:\program files\RngInterstitial.dll
2012-01-29 16:15 . 2012-01-14 04:25 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-01-26 19:05 1811296 ----a-w- c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-01-26 1811296]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-26 865840]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2008-02-12 133656]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2011-10-18 2042208]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-01-26 939872]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-26 928096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-07-13 40072]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dl l
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\G:\0autocheck autochk *
.
[HKLM\~\startupfolder\C:^Users^WinXP^AppData^Roamin g^Microsoft^Windows^Start Menu^Programs^Startup^Recorte de pantalla e Inicio rápido de OneNote 2007.lnk]
path=c:\users\WinXP\AppData\Roaming\Microsoft\Wind ows\Start Menu\Programs\Startup\Recorte de pantalla e Inicio rápido de OneNote 2007.lnk
backup=c:\windows\pss\Recorte de pantalla e Inicio rápido de OneNote 2007.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
2008-12-13 04:23 882176 ----a-w- c:\program files\Ares\Ares.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
2009-01-21 22:34 16712 ----a-r- c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2009-01-21 22:34 532808 ----a-r- c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-11-10 09:17 3514176 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 16:44 31072 ------w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2011-12-24 23:50 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 03:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
"ares"="c:\program files\Ares\Ares.exe" -h
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-167389899-1121224886-3129069121-1000]
"EnableNotificationsRef"=dword:00000002
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 83855027
*Deregistered* - 83855027
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-07 02:03]
.
2010-12-16 c:\windows\Tasks\User_Feed_Synchronization-{93086C1A-0F61-4272-9516-AE8EAC4F9C13}.job
- c:\windows\system32\msfeedssync.exe [2011-04-14 04:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc= SPN_MX&Sys=PTB&M=MX6901M
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc= SPN_MX&Sys=PTB&M=MX6901M
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
FF - ProfilePath - c:\users\WinXP\AppData\Roaming\Mozilla\Firefox\Pro files\zs9f96j7.default\
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
URLSearchHooks-{b760d5a4-8d24-4cb6-942e-d6bb540ad88c} - (no file)
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-Locked - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{B760D5A4-8D24-4CB6-942E-D6BB540AD88C} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-Chatango - c:\program files\Chatango\Chatango.exe
MSConfigStartUp-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodssr v.exe
MSConfigStartUp-Google Update - c:\users\WinXP\AppData\Local\Google\Update\GoogleU pdate.exe
MSConfigStartUp-PlusService - c:\program files\Yuna Software\Messenger Plus!\PlusService.exe
MSConfigStartUp-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe
.
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-04 00:34
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
************************************************** ************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\M EMSWEEP2]
"ImagePath"="\??\c:\windows\system32\C226.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-02-04 00:39:04
ComboFix-quarantined-files.txt 2012-02-04 06:39
.
Pre-Run: 44,446,572,544 bytes libres
Post-Run: 44,038,176,768 bytes libres
.
- - End Of File - - EB3E8A2E8764ECCA8FE9C6A1FC570BF4


Por cierto al reiniciar todo inicio bien, solo que al querer abrir una imagen dejo de funcionar el escritorio de windows por un momento,ya puedo activar de nuevo mi antivirus ? no he probado ningun programa para ver que tal va el equipo, espero que todo ande bien y tambien quisiera saber si puedo realizar de nuevo el analisis anti rootkit del antivirus, como comentario extra uso WINDOWS VISTA HOME PREMIUM Y EL ANTIVIRUS AVG INTERNET SECURITY 8.5

Sin mas por el momento me despido agradeciendote tu pronta respuesta y el apoyo brindado

Buenas.

Activa tu antivirus.


Nos cuentas como funciona la pc


Salu2.

Que tal Tynys analice la laptop despues de todo este proceso y me sigue detectando el antirootkit lo mismo...que podria ser? ya me fastidio ese maldito rootkit...y ha presentado un poco de inestabilidad desde que use combo fix...

Buenas

Descargar Gmer ARK (AntiRootKit) desde InfoSpyware.

• Descomprímelo en una carpeta especial o en tu Escritorio.
• Desconéctate de Internet y cierra todos los programas.
• Ahora, hace doble clic en Gmer.exe (o clic derecho y selecciona "Ejecutar como administrador").

• Ahora vamos a desmarcar en el panel derecho, las opciones que no nos interesa que este escanee, las cuales son:
  • IAT/EAT
  • Drives/Partition - Marcar solo la unidad donde esta Windows (ej: C:\)
  • Show All
• Hacerle clic en el botón de 'Scan' y esperar que este termine.
• Cuando termine, darle clic en el botón [Save..], y guarda el archivo como "gmer.txt" en el escritorio.
• Para terminar, responde a este mismo tema dejándonos el contenido del reporte que guardaste en gmer.txt y déjanos analizarlo para continuar con el procedimiento.

Buenas noches aca tienes el resultado del scan del GMER espero y ahora si ya se pueda resolver


MER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2012-02-08 22:24:55
Windows 6.0.6002 Service Pack 2
Running: InfoSpy_ARK.exe; Driver: C:\Users\WinXP\AppData\Local\Temp\uwldqpog.sys


---- System - GMER 1.0.15 ----

INT 0x52 ? 86AD0F00
INT 0x72 ? 86AD0F00
INT 0x82 ? 84451CB8
INT 0x92 ? 8444BCB8
INT 0xA2 ? 86AD0F00
INT 0xB1 ? 86BF4CB8
INT 0xB1 ? 86BF4CB8
INT 0xB2 ? 86AD0F00

---- Kernel code sections - GMER 1.0.15 ----

.text sptd.sys 80695000 32 Bytes [C0, 6E, E0, 81, 06, 01, E1, ...]
.text sptd.sys 80695024 26 Bytes JMP 4181E743
.text sptd.sys 8069503F 31 Bytes [82, A0, CE, E7, 81, 06, 7F, ...]
.text sptd.sys 8069505F 45 Bytes [82, 93, F1, E4, 81, B6, 1C, ...]
.text sptd.sys 8069508D 103 Bytes [F1, E7, 81, 81, 3B, EE, 81, ...]
.text ...
.sptd2 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd2" section [0x807411AA]
? C:\Windows\System32\Drivers\sptd.sys El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso.
.text USBPORT.SYS!DllUnload 8CBAB41B 5 Bytes JMP 86AD0410
? C:\Users\WinXP\AppData\Local\Temp\uwldqpog.sys El sistema no puede encontrar el archivo especificado. !

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 844541E8

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF dinámico/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF dinámico/Microsoft Corporation)

Device \Driver\usbuhci \Device\USBPDO-0 86BC11E8
Device \Driver\usbuhci \Device\USBPDO-1 86BC11E8
Device \Driver\usbehci \Device\USBPDO-2 86BC01E8
Device \Driver\usbuhci \Device\USBPDO-3 86BC11E8
Device \Driver\PCI_PNP5035 \Device\00000054 sptd.sys
Device \Driver\PCI_PNP5035 \Device\00000054 sptd.sys
Device \Driver\usbuhci \Device\USBPDO-4 86BC11E8
Device \Driver\PCI_PNP5035 \Device\00000055 sptd.sys
Device \Driver\PCI_PNP5035 \Device\00000055 sptd.sys

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBPDO-5 86BC11E8
Device \Driver\usbehci \Device\USBPDO-6 86BC01E8
Device \Driver\cdrom \Device\CdRom0 8DF551E8
Device \Driver\netbt \Device\NetBT_Tcpip_{93E12708-36D5-4CF7-AFA1-DD4BFB45A77B} 8DF621E8
Device \Driver\iaStor \Device\Ide\iaStor0 [87EB8D30] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 844521E8
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [87EB8D30] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\cdrom \Device\CdRom1 8DF551E8
Device \Driver\netbt \Device\NetBT_Tcpip_{3B4B01E1-30C5-41A1-8BC2-FD1A4BB659E3} 8DF621E8
Device \Driver\netbt \Device\NetBt_Wins_Export 8DF621E8
Device \Driver\Smb \Device\NetbiosSmb 8DF981E8
Device \Driver\iScsiPrt \Device\RaidPort0 86BC71E8

AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBFDO-0 86BC11E8
Device \Driver\usbuhci \Device\USBFDO-1 86BC11E8
Device \Driver\usbehci \Device\USBFDO-2 86BC01E8
Device \Driver\usbuhci \Device\USBFDO-3 86BC11E8
Device \Driver\usbuhci \Device\USBFDO-4 86BC11E8
Device \Driver\usbuhci \Device\USBFDO-5 86BC11E8
Device \Driver\usbehci \Device\USBFDO-6 86BC01E8
Device \Driver\ayosmypu \Device\Scsi\ayosmypu1Port3Path0Target0Lun0 86BF21E8
Device \Driver\ayosmypu \Device\Scsi\ayosmypu1 86BF21E8
Device \Driver\apb328zx \Device\Scsi\apb328zx1 86BFC1E8
Device \Driver\apb328zx \Device\Scsi\apb328zx1Port4Path0Target0Lun0 86BFC1E8
Device \FileSystem\cdfs \Cdfs AA1E21E8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x31 0xF8 0xC9 0xE8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC2 0x0F 0xE1 0x1B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xDB 0x66 0xA2 0xD2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4@khjeh 0x98 0x69 0x6F 0xE8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x7C 0x0B 0x34 0x46 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khje h 0x3E 0x18 0x9E 0xB8 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC@hdf12 0x31 0xF8 0xC9 0xE8 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC2 0x0F 0xE1 0x1B ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xDB 0x66 0xA2 0xD2 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4@khjeh 0x98 0x69 0x6F 0xE8 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001@khjeh 0x7C 0x0B 0x34 0x46 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x3E 0x18 0x9E 0xB8 ...
Reg HKCU\Software\Microsoft\Windows Live\Communications Clients\Shared\2633498303\Groups@M3r\x00a1d@ 1

---- EOF - GMER 1.0.15 ----


Saludos

Buenas.

Copia exacto o pega la ruta de la alerta de AVG.


Salu2