• Registrarse
  • Iniciar sesión


  • Resultados 1 al 7 de 7

    virus Sirefef.gen!C.

    Estimados, Luego de leer varios post anteriores acerca de lo jodido que pueden ser sirefef, aun no he podido limpiar mi pc. Luego de algunos minutos en google usé el ESET Sirefef removal y el ...

    1. #1
      Usuario Avatar de jedignier
      Registrado
      mar 2013
      Ubicación
      chile
      Mensajes
      4

      Malware virus Sirefef.gen!C.

      Estimados,

      Luego de leer varios post anteriores acerca de lo jodido que pueden ser sirefef, aun no he podido limpiar mi pc.


      Luego de algunos minutos en google usé el ESET Sirefef removal y el Tdsskiller, sin lograr remover el rootkit.

      He usado.

      1) NOD 32 (detecta troyano sirefef en service.exe)
      2) Según recomendaciones de algunos corrí full analisis de Spybot
      3) Usé el módulo de rookits de Spybot (muuy lento 1:20)

      Sin funcionar nada de lo anterior seguí algunas instrucciones usando cccleaner (no encuentro en el registro nada de lo que se recomienda, ni random.exe ni nada) y con mbar y combofix.

      Corrí todos los procesos, se reinició varias veces y estoy en las mismas.

      Acá el log de mbar:
      Malwarebytes Anti-Rootkit BETA 1.01.0.1022
      www.malwarebytes.org

      Database version: v2013.03.30.06

      Windows XP Service Pack 3 x86 NTFS
      Internet Explorer 8.0.6001.18702
      pc :: RORA [administrator]

      30-03-2013 17:43:14
      mbar-log-2013-03-30 (17-43-14).txt

      Scan type: Quick scan
      Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
      Scan options disabled:
      Objects scanned: 27610
      Time elapsed: 10 minute(s), 42 second(s)

      Memory Processes Detected: 0
      (No malicious items detected)

      Memory Modules Detected: 0
      (No malicious items detected)

      Registry Keys Detected: 0
      (No malicious items detected)

      Registry Values Detected: 0
      (No malicious items detected)

      Registry Data Items Detected: 1
      HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Delete on reboot.

      Folders Detected: 4
      c:\windows\$ntuninstallkb64330$\2559337414\l (Backdoor.0Access) -> Delete on reboot.
      c:\windows\$ntuninstallkb64330$\2559337414\u (Backdoor.0Access) -> Delete on reboot.
      c:\windows\$ntuninstallkb64330$\1194885537 (Backdoor.0Access) -> Delete on reboot.
      c:\windows\$ntuninstallkb64330$\2559337414 (Backdoor.0Access) -> Delete on reboot.

      Files Detected: 13
      C:\WINDOWS\system32\drivers\ipsec.sys (Rootkit.0Access) -> Delete on reboot.
      c:\windows\$ntuninstallkb64330$\2559337414\l\00000004.@ (Backdoor.0Access) -> Delete on reboot.
      c:\windows\$ntuninstallkb64330$\2559337414\l\201d3dde (Backdoor.0Access) -> Delete on reboot.
      c:\windows\$ntuninstallkb64330$\2559337414\l\6715e287 (Backdoor.0Access) -> Delete on reboot.
      c:\windows\$ntuninstallkb64330$\2559337414\l\76603ac3 (Backdoor.0Access) -> Delete on reboot.
      c:\windows\$ntuninstallkb64330$\2559337414\l\azvaibcd (Backdoor.0Access) -> Delete on reboot.
      c:\windows\$ntuninstallkb64330$\2559337414\u\00000004.@ (Backdoor.0Access) -> Delete on reboot.
      c:\windows\$ntuninstallkb64330$\2559337414\u\00000008.@ (Backdoor.0Access) -> Delete on reboot.
      c:\windows\$ntuninstallkb64330$\2559337414\u\000000cb.@ (Backdoor.0Access) -> Delete on reboot.
      c:\windows\$ntuninstallkb64330$\2559337414\u\80000000.@ (Backdoor.0Access) -> Delete on reboot.
      c:\windows\$ntuninstallkb64330$\2559337414\u\80000032.@ (Backdoor.0Access) -> Delete on reboot.
      c:\windows\$ntuninstallkb64330$\2559337414\@ (Backdoor.0Access) -> Delete on reboot.
      c:\windows\$ntuninstallkb64330$\2559337414\desktop.ini (Backdoor.0Access) -> Delete on reboot.

      (end)

      El de sistema de mbar:
      ---------------------------------------
      Malwarebytes Anti-Rootkit BETA 1.01.0.1022

      (c) Malwarebytes Corporation 2011-2012

      OS version: 5.1.2600 Windows XP Service Pack 3 x86

      Account is Administrative

      Internet Explorer version: 8.0.6001.18702

      Java version: 1.6.0_35

      File system is: NTFS
      Disk drives: C:\ DRIVE_FIXED
      CPU speed: 2.333000 GHz
      Memory total: 3483680768, free: 1539084288

      ------------ Kernel report ------------
      03/30/2013 17:26:38
      ------------ Loaded modules -----------
      \WINDOWS\system32\ntkrnlpa.exe
      \WINDOWS\system32\hal.dll
      \WINDOWS\system32\KDCOM.DLL
      \WINDOWS\system32\BOOTVID.dll
      sptd.sys
      \WINDOWS\System32\Drivers\WMILIB.SYS
      \WINDOWS\System32\Drivers\SCSIPORT.SYS
      ACPI.sys
      pci.sys
      ohci1394.sys
      \WINDOWS\system32\DRIVERS\1394BUS.SYS
      isapnp.sys
      pciide.sys
      \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
      intelide.sys
      MountMgr.sys
      ftdisk.sys
      dmload.sys
      dmio.sys
      PartMgr.sys
      VolSnap.sys
      atapi.sys
      mv61xx.sys
      \WINDOWS\system32\DRIVERS\mv61xxmm.sys
      disk.sys
      \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
      fltmgr.sys
      sr.sys
      KSecDD.sys
      WudfPf.sys
      Ntfs.sys
      NDIS.sys
      Mup.sys
      \SystemRoot\system32\DRIVERS\intelppm.sys
      \SystemRoot\System32\Drivers\agr8f12f.SYS
      \SystemRoot\system32\DRIVERS\nv4_mini.sys
      \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
      \SystemRoot\system32\DRIVERS\HECI.sys
      \SystemRoot\system32\DRIVERS\usbuhci.sys
      \SystemRoot\system32\DRIVERS\USBPORT.SYS
      \SystemRoot\system32\DRIVERS\usbehci.sys
      \SystemRoot\system32\DRIVERS\HDAudBus.sys
      \SystemRoot\System32\Drivers\ps_1394.sys
      \SystemRoot\system32\DRIVERS\nic1394.sys
      \SystemRoot\system32\DRIVERS\serial.sys
      \SystemRoot\system32\DRIVERS\serenum.sys
      \SystemRoot\system32\DRIVERS\imapi.sys
      \SystemRoot\system32\DRIVERS\cdrom.sys
      \SystemRoot\system32\DRIVERS\redbook.sys
      \SystemRoot\system32\DRIVERS\ks.sys
      \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
      \SystemRoot\system32\DRIVERS\jswscimd.sys
      \SystemRoot\system32\DRIVERS\audstub.sys
      \SystemRoot\system32\DRIVERS\rasl2tp.sys
      \SystemRoot\system32\DRIVERS\ndistapi.sys
      \SystemRoot\system32\DRIVERS\ndiswan.sys
      \SystemRoot\system32\DRIVERS\raspppoe.sys
      \SystemRoot\system32\DRIVERS\raspptp.sys
      \SystemRoot\system32\DRIVERS\TDI.SYS
      \SystemRoot\system32\DRIVERS\psched.sys
      \SystemRoot\system32\DRIVERS\msgpc.sys
      \SystemRoot\system32\DRIVERS\ptilink.sys
      \SystemRoot\system32\DRIVERS\raspti.sys
      \SystemRoot\system32\DRIVERS\tap0901.sys
      \SystemRoot\system32\DRIVERS\rdpdr.sys
      \SystemRoot\system32\DRIVERS\termdd.sys
      \SystemRoot\system32\DRIVERS\kbdclass.sys
      \SystemRoot\system32\DRIVERS\mouclass.sys
      \SystemRoot\system32\DRIVERS\swenum.sys
      \SystemRoot\system32\DRIVERS\update.sys
      \SystemRoot\system32\DRIVERS\mssmbios.sys
      \SystemRoot\system32\DRIVERS\cledx.sys
      \SystemRoot\System32\Drivers\NDProxy.SYS
      \SystemRoot\system32\DRIVERS\usbhub.sys
      \SystemRoot\system32\DRIVERS\USBD.SYS
      \SystemRoot\system32\drivers\sthda.sys
      \SystemRoot\system32\drivers\portcls.sys
      \SystemRoot\system32\drivers\drmk.sys
      \SystemRoot\System32\Drivers\Fs_Rec.SYS
      \SystemRoot\System32\Drivers\Null.SYS
      \SystemRoot\System32\Drivers\Beep.SYS
      \SystemRoot\system32\DRIVERS\ehdrv.sys
      \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
      \SystemRoot\System32\drivers\vga.sys
      \SystemRoot\System32\Drivers\mnmdd.SYS
      \SystemRoot\System32\DRIVERS\RDPCDD.sys
      \SystemRoot\System32\Drivers\Msfs.SYS
      \SystemRoot\System32\Drivers\Npfs.SYS
      \SystemRoot\system32\DRIVERS\rasacd.sys
      \SystemRoot\system32\DRIVERS\usbccgp.sys
      \SystemRoot\system32\DRIVERS\hidusb.sys
      \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
      \SystemRoot\system32\DRIVERS\ipsec.sys
      \SystemRoot\system32\DRIVERS\tcpip.sys
      \SystemRoot\system32\DRIVERS\netbt.sys
      \SystemRoot\system32\DRIVERS\ipnat.sys
      \SystemRoot\system32\DRIVERS\wanarp.sys
      \SystemRoot\system32\DRIVERS\epfwtdir.sys
      \SystemRoot\System32\drivers\afd.sys
      \SystemRoot\system32\DRIVERS\arp1394.sys
      \SystemRoot\system32\DRIVERS\netbios.sys
      \SystemRoot\System32\Drivers\SCDEmu.SYS
      \SystemRoot\system32\DRIVERS\rdbss.sys
      \SystemRoot\system32\DRIVERS\mrxsmb.sys
      \SystemRoot\System32\Drivers\Fips.SYS
      \SystemRoot\System32\Drivers\Cdfs.SYS
      \SystemRoot\system32\DRIVERS\A5AGU.sys
      \SystemRoot\System32\Drivers\ps_avs.sys
      \SystemRoot\system32\DRIVERS\mouhid.sys
      \SystemRoot\system32\DRIVERS\kbdhid.sys
      \SystemRoot\System32\Drivers\dump_atapi.sys
      \SystemRoot\System32\Drivers\dump_WMILIB.SYS
      \SystemRoot\System32\win32k.sys
      \SystemRoot\System32\drivers\Dxapi.sys
      \SystemRoot\System32\watchdog.sys
      \SystemRoot\System32\drivers\dxg.sys
      \SystemRoot\System32\drivers\dxgthk.sys
      \SystemRoot\System32\nv4_disp.dll
      \SystemRoot\System32\ATMFD.DLL
      \SystemRoot\system32\DRIVERS\eamon.sys
      \SystemRoot\system32\DRIVERS\ndisuio.sys
      \SystemRoot\system32\DRIVERS\mrxdav.sys
      \??\C:\WINDOWS\system32\ANIO.SYS
      \SystemRoot\system32\DRIVERS\srv.sys
      \SystemRoot\system32\drivers\wdmaud.sys
      \SystemRoot\system32\drivers\sysaudio.sys
      \SystemRoot\System32\Drivers\HTTP.sys
      \SystemRoot\System32\Drivers\TDTCP.SYS
      \SystemRoot\System32\Drivers\RDPWD.SYS
      \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
      \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
      \WINDOWS\system32\ntdll.dll
      ----------- End -----------
      <<<1>>>
      Upper Device Name: \Device\Harddisk0\DR0
      Upper Device Object: 0xffffffff8ade8ab8
      Upper Device Driver Name: \Driver\Disk\
      Lower Device Name: \Device\Ide\IdeDeviceP2T1L0-5\
      Lower Device Object: 0xffffffff8adfad98
      Lower Device Driver Name: \Driver\atapi\
      Driver name found: atapi
      Initialization returned 0x0
      Load Function returned 0x0
      Downloaded database version: v2013.03.30.06
      Downloaded database version: v2013.03.25.01
      Initializing...
      Done!
      <<<2>>>
      Device number: 0, partition: 1
      Physical Sector Size: 512
      Drive: 0, DevicePointer: 0xffffffff8ade8ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
      --------- Disk Stack ------
      DevicePointer: 0xffffffff8ade7e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
      DevicePointer: 0xffffffff8ade8ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
      DevicePointer: 0xffffffff8ae00f18, DeviceName: \Device\00000081\, DriverName: \Driver\ACPI\
      DevicePointer: 0xffffffff8adfad98, DeviceName: \Device\Ide\IdeDeviceP2T1L0-5\, DriverName: \Driver\atapi\
      ------------ End ----------
      Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
      Upper DeviceData: 0xffffffffe1b3c3c8, 0xffffffff8ade8ab8, 0xffffffff88d247b0
      Lower DeviceData: 0xffffffffe32329f0, 0xffffffff8adfad98, 0xffffffff8898d7b0
      <<<3>>>
      Volume: C:
      File system type: NTFS
      SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
      Scanning directory: C:\WINDOWS\system32\drivers...
      <<<2>>>
      Device number: 0, partition: 1
      <<<3>>>
      Volume: C:
      File system type: NTFS
      SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
      Infected: C:\WINDOWS\system32\drivers\ipsec.sys --> [Rootkit.0Access]
      Replacement file found for a file C:\WINDOWS\system32\drivers\ipsec.sys
      File C:\WINDOWS\system32\drivers\ipsec.sys --> [Forged file]
      File user open failed: C:\WINDOWS\system32\drivers\sptd.sys (0x00000020)
      Done!
      Drive 0
      Scanning MBR on drive 0...
      Inspecting partition table:
      MBR Signature: 55AA
      Disk Signature: 7880787

      Partition information:

      Partition 0 type is Primary (0x7)
      Partition is ACTIVE.
      Partition starts at LBA: 63 Numsec = 976751937
      Partition file system is NTFS
      Partition is bootable

      Partition 1 type is Empty (0x0)
      Partition is NOT ACTIVE.
      Partition starts at LBA: 0 Numsec = 0

      Partition 2 type is Empty (0x0)
      Partition is NOT ACTIVE.
      Partition starts at LBA: 0 Numsec = 0

      Partition 3 type is Empty (0x0)
      Partition is NOT ACTIVE.
      Partition starts at LBA: 0 Numsec = 0

      Disk Size: 500107862016 bytes
      Sector size: 512 bytes

      Scanning physical sectors of unpartitioned space on drive 0 (1-62-976753168-976773168)...
      Done!
      Performing system, memory and registry scan...
      Read File: File "c:\Documents and Settings\All Users\Datos de programa\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}\Fences.dat" is compressed (flags = 1)
      Read File: File "c:\Documents and Settings\All Users\Datos de programa\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}\instance.dat" is compressed (flags = 1)
      Infected: c:\windows\$ntuninstallkb64330$\2559337414\l\00000004.@ --> [Backdoor.0Access]
      Read File: File "c:\windows\$ntuninstallkb64330$\2559337414\l\201d3dde" is compressed (flags = 1)
      Infected: c:\windows\$ntuninstallkb64330$\2559337414\l\201d3dde --> [Backdoor.0Access]
      Read File: File "c:\windows\$ntuninstallkb64330$\2559337414\l\6715e287" is compressed (flags = 1)
      Infected: c:\windows\$ntuninstallkb64330$\2559337414\l\6715e287 --> [Backdoor.0Access]
      Infected: c:\windows\$ntuninstallkb64330$\2559337414\l\76603ac3 --> [Backdoor.0Access]
      Infected: c:\windows\$ntuninstallkb64330$\2559337414\l\azvaibcd --> [Backdoor.0Access]
      Infected: c:\windows\$ntuninstallkb64330$\2559337414\u\00000004.@ --> [Backdoor.0Access]
      Infected: c:\windows\$ntuninstallkb64330$\2559337414\u\00000008.@ --> [Backdoor.0Access]
      Infected: c:\windows\$ntuninstallkb64330$\2559337414\u\000000cb.@ --> [Backdoor.0Access]
      Infected: c:\windows\$ntuninstallkb64330$\2559337414\u\80000000.@ --> [Backdoor.0Access]
      Infected: c:\windows\$ntuninstallkb64330$\2559337414\u\80000032.@ --> [Backdoor.0Access]
      Infected: c:\windows\$ntuninstallkb64330$\2559337414\l --> [Backdoor.0Access]
      Infected: c:\windows\$ntuninstallkb64330$\2559337414\u --> [Backdoor.0Access]
      Infected: c:\windows\$ntuninstallkb64330$\1194885537 --> [Backdoor.0Access]
      Infected: c:\windows\$ntuninstallkb64330$\2559337414 --> [Backdoor.0Access]
      Infected: c:\windows\$ntuninstallkb64330$\2559337414\@ --> [Backdoor.0Access]
      Infected: c:\windows\$ntuninstallkb64330$\2559337414\desktop.ini --> [Backdoor.0Access]
      Infected: HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify --> [PUM.Disabled.SecurityCenter]
      Done!
      Scan finished
      Creating System Restore point...
      Scheduling clean up...
      <<<2>>>
      Device number: 0, partition: 1
      <<<3>>>
      Volume: C:
      File system type: NTFS
      SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
      Removal scheduling successful. System shutdown needed.
      System shutdown occurred
      =======================================


      ---------------------------------------
      Malwarebytes Anti-Rootkit BETA 1.01.0.1022

      (c) Malwarebytes Corporation 2011-2012

      OS version: 5.1.2600 Windows XP Service Pack 3 x86

      Account is Administrative

      Internet Explorer version: 8.0.6001.18702

      Java version: 1.6.0_35

      File system is: NTFS
      Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED
      CPU speed: 2.333000 GHz
      Memory total: 3483680768, free: 2998226944

      Removal queue found; removal started
      Removing c:\windows\$ntuninstallkb64330$\2559337414\l\00000004.@...
      Removing c:\windows\$ntuninstallkb64330$\2559337414\l\201d3dde...
      Removing c:\windows\$ntuninstallkb64330$\2559337414\l\6715e287...
      Removing c:\windows\$ntuninstallkb64330$\2559337414\l\76603ac3...
      Removing c:\windows\$ntuninstallkb64330$\2559337414\l\azvaibcd...
      Removing c:\windows\$ntuninstallkb64330$\2559337414\u\00000004.@...
      Removing c:\windows\$ntuninstallkb64330$\2559337414\u\00000008.@...
      Removing c:\windows\$ntuninstallkb64330$\2559337414\u\000000cb.@...
      Removing c:\windows\$ntuninstallkb64330$\2559337414\u\80000000.@...
      Removing c:\windows\$ntuninstallkb64330$\2559337414\u\80000032.@...
      Removing c:\windows\$ntuninstallkb64330$\2559337414\l...
      Removing c:\windows\$ntuninstallkb64330$\2559337414\u...
      Removing c:\windows\$ntuninstallkb64330$\1194885537...
      Removing c:\windows\$ntuninstallkb64330$\2559337414...
      Removing c:\windows\$ntuninstallkb64330$\2559337414\@...
      Removing c:\windows\$ntuninstallkb64330$\2559337414\desktop.ini...
      Removal finished
      =======================================


      y finalmente combofix:
      ComboFix 13-03-30.01 - pc 30-03-2013 19:09:49.1.4 - x86
      Microsoft Windows XP Professional 5.1.2600.3.1252.56.3082.18.3322.2806 [GMT -4:00]
      Running from: c:\documents and settings\pc\Mis documentos\Downloads\ComboFix.exe
      AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
      * Resident AV is active
      .
      .
      .
      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      c:\windows\system\Pncrt.dll
      c:\windows\system32\14_43260.dll
      c:\windows\system32\28_83260.dll
      c:\windows\system32\lame_enc.dll
      c:\windows\system32\muzapp.exe
      c:\windows\system32\SET61E0.tmp
      c:\windows\system32\SET61E4.tmp
      c:\windows\system32\SET61EC.tmp
      c:\windows\system32\WinSys.exe
      c:\windows\wininit.ini
      .
      .
      ((((((((((((((((((((((((( Files Created from 2013-02-28 to 2013-03-30 )))))))))))))))))))))))))))))))
      .
      .
      2013-03-30 21:26 . 2013-03-30 21:26 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Malwarebytes
      2013-03-30 19:26 . 2013-03-30 19:44 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Spybot - Search & Destroy
      2013-03-30 19:26 . 2009-01-25 16:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
      2013-03-30 19:26 . 2013-03-30 19:26 -------- d-----w- c:\archivos de programa\Spybot - Search & Destroy 2
      2013-03-29 01:54 . 2013-03-29 01:54 -------- d-----w- c:\documents and settings\LocalService\Configuración local\Datos de programa\PCHealth
      2013-03-29 01:54 . 2008-11-07 22:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
      2013-03-28 21:10 . 2013-03-28 21:10 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
      2013-03-25 02:31 . 2013-01-10 19:33 759296 -c----w- c:\windows\system32\dllcache\vgx.dll
      2013-03-25 02:27 . 2013-02-05 20:13 11111424 -c----w- c:\windows\system32\dllcache\ieframe.dll
      2013-03-25 02:27 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
      2013-03-25 02:27 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
      2013-03-03 20:36 . 2013-03-03 20:36 -------- d-----r- c:\documents and settings\LocalService\Favoritos
      2013-03-03 20:35 . 2013-03-03 20:35 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
      .
      .
      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2013-03-28 21:10 . 2011-09-23 00:04 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
      2013-02-12 00:32 . 2008-04-13 18:56 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
      2013-02-12 00:32 . 2004-08-03 21:04 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
      2013-02-07 02:51 . 2013-02-07 02:51 138496 ----a-w- c:\windows\system32\drivers\afd.sys.org
      2013-02-05 20:13 . 2004-08-19 13:42 916480 ----a-w- c:\windows\system32\wininet.dll
      2013-02-05 20:13 . 2004-08-19 13:42 43520 ----a-w- c:\windows\system32\licmgr10.dll
      2013-02-05 20:13 . 2004-08-19 13:43 1469440 ------w- c:\windows\system32\inetcpl.cpl
      2013-02-05 05:54 . 2004-08-19 13:23 385024 ----a-w- c:\windows\system32\html.iec
      2013-01-27 21:40 . 2013-01-27 21:40 224256 ----a-w- c:\documents and settings\All Users\Datos de programa\Microsoft\Media Tools\MediaIconsOverlays.dll
      2013-01-26 03:55 . 2004-08-19 13:42 552448 ----a-w- c:\windows\system32\oleaut32.dll
      2013-01-14 18:00 . 2013-01-27 22:51 112640 ----a-w- c:\windows\system32\ff_vfw.dll
      2013-01-07 07:25 . 2004-08-19 13:33 2151424 ----a-w- c:\windows\system32\ntoskrnl.exe
      2013-01-07 07:25 . 2004-08-19 15:33 2030080 ----a-w- c:\windows\system32\ntkrnlpa.exe
      2013-01-04 10:09 . 2004-08-19 13:30 1867392 ----a-w- c:\windows\system32\win32k.sys
      2013-01-02 06:49 . 2004-08-19 13:43 148992 ----a-w- c:\windows\system32\mpg2splt.ax
      2013-01-02 06:49 . 2004-08-19 13:42 1298432 ----a-w- c:\windows\system32\quartz.dll
      2006-11-16 13:59 . 2011-10-23 21:02 6483968 ----a-w- c:\archivos de programa\AmpliTube2.vpa
      2006-11-15 21:50 . 2011-10-23 21:02 696320 ----a-w- c:\archivos de programa\Amplitube 2.exe
      2011-09-29 06:53 . 2011-11-02 23:18 134104 ----a-w- c:\archivos de programa\mozilla firefox\components\browsercomps.dll
      .
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
      "{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}"= "c:\archivos de programa\Family Toolbar\tbhelper.dll" [2009-05-07 355840]
      .
      [HKEY_CLASSES_ROOT\clsid\{1c4ab6a5-595f-4e86-b15f-f93cce2bbd48}]
      [HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook.1]
      [HKEY_CLASSES_ROOT\TypeLib\{1EA6B471-CAD2-419a-9539-0586EEFE2D09}]
      [HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
      2009-05-07 21:46 2642432 ----a-w- c:\archivos de programa\Family Toolbar\tbcore3.dll
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
      "{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\archivos de programa\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]
      .
      [HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
      [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
      [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
      [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]
      .
      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
      "{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\archivos de programa\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]
      .
      [HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
      [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
      [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
      [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0MediaIconsOerlay]
      @="{1EC23CFF-4C58-458f-924C-8519AEF61B32}"
      [HKEY_CLASSES_ROOT\CLSID\{1EC23CFF-4C58-458f-924C-8519AEF61B32}]
      2012-12-09 09:47 224256 ----a-w- c:\archivos de programa\Mega Codec Pack\Filters\Haali\mmdinfo.dll
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "WinSys2"="c:\windows\system32\winsys2.exe" [2007-10-30 208896]
      "FIREBOX"="c:\archivos de programa\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe" [2005-01-28 1003520]
      "D-Link RangeBooster G WUA-2340"="c:\archivos de programa\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe" [2008-09-23 1667072]
      "ANIWZCS2Service"="c:\archivos de programa\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
      "egui"="c:\archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
      "Autorun Eater"="c:\archivos de programa\Autorun Eater\oldmcdonald.exe" [2010-05-06 516216]
      "H2O"="c:\archivos de programa\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-23 385024]
      "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-04-08 111208]
      "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-04-08 13891176]
      "SysTrayApp"="c:\archivos de programa\IDT\WDM\sttray.exe" [2009-03-12 483422]
      "nwiz"="nwiz.exe" [2007-12-05 1626112]
      "SDTray"="c:\archivos de programa\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
      .
      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
      "DWQueuedReporting"="c:\archiv~1\ARCHIV~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
      .
      c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\
      Herramienta de bandeja de Logitech Media Server.lnk - c:\archivos de programa\Squeezebox\SqueezeTray.exe [2011-12-2 3051619]
      Logitech Media Server Tray Tool.lnk - c:\archivos de programa\Squeezebox\SqueezeTray.exe [2011-12-2 3051619]
      .
      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
      "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\archivos de programa\Fences\FencesMenu.dll" [2009-10-02 128360]
      .
      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
      BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SirefefRemover]
      @=""
      .
      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Adobe Reader Synchronizer.lnk]
      path=c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\Adobe Reader Synchronizer.lnk
      backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
      .
      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Inicio rápido de Adobe Reader.lnk]
      path=c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\Inicio rápido de Adobe Reader.lnk
      backup=c:\windows\pss\Inicio rápido de Adobe Reader.lnkCommon Startup
      .
      [HKLM\~\startupfolder\C:^Documents and Settings^pc^Menú Inicio^Programas^Inicio^Recorte de pantalla e Inicio rápido de OneNote 2007.lnk]
      path=c:\documents and settings\pc\Menú Inicio\Programas\Inicio\Recorte de pantalla e Inicio rápido de OneNote 2007.lnk
      backup=c:\windows\pss\Recorte de pantalla e Inicio rápido de OneNote 2007.lnkStartup
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
      2012-08-28 00:32 59280 ----a-w- c:\archivos de programa\Archivos comunes\Apple\Apple Application Support\APSDaemon.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
      2007-09-06 13:08 136136 ----a-w- c:\archivos de programa\DAEMON Tools Pro\DTProAgent.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvUpdater]
      2012-06-18 04:19 195256 ----a-w- c:\documents and settings\pc\Datos de programa\DRPSu\DrvUpdater.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
      2011-01-18 23:29 136176 ----atw- c:\documents and settings\pc\Configuración local\Datos de programa\Google\Update\GoogleUpdate.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
      2009-02-26 21:36 30040 ----a-w- c:\archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
      2012-09-10 02:30 421776 ----a-w- c:\archivos de programa\iTunes\iTunesHelper.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
      2012-04-18 23:56 421888 ----a-w- c:\archivos de programa\QuickTime\QTTask.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
      2012-01-18 18:02 254696 ----a-w- c:\archivos de programa\Archivos comunes\Java\Java Update\jusched.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xvid]
      2011-01-17 19:41 8192 ----a-w- c:\archivos de programa\Xvid\CheckUpdate.exe
      .
      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)
      .
      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "c:\\Archivos de programa\\Spybot - Search & Destroy 2\\SDTray.exe"=
      "c:\\Archivos de programa\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
      "c:\\Archivos de programa\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
      "c:\\Archivos de programa\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
      .
      R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [14-07-2012 12:59 159536]
      R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12-03-2012 23:25 685816]
      R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [06-02-2009 9:23 106208]
      R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [06-02-2009 9:24 93336]
      R2 ekrn;ESET Service;c:\archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe [06-02-2009 9:23 727720]
      R2 SCPDFReadSpool;SolidConverterPDFReadSpool;c:\windows\Installer\MSI87FB.tmp [15-12-2011 23:21 177784]
      R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\archivos de programa\Spybot - Search & Destroy 2\SDFSSvc.exe [30-03-2013 15:26 1103392]
      R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\archivos de programa\Spybot - Search & Destroy 2\SDUpdSvc.exe [30-03-2013 15:26 1369624]
      R3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [18-01-2011 15:12 386784]
      R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [22-10-2011 22:54 33792]
      R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [18-01-2011 15:12 57440]
      R3 ps_1394;ps_1394;c:\windows\system32\drivers\ps_1394.sys [18-01-2011 15:09 97152]
      R3 ps_avs;ps_avs;c:\windows\system32\drivers\ps_avs.sys [18-01-2011 15:09 24576]
      S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\archivos de programa\Spybot - Search & Destroy 2\SDWSCSvc.exe [30-03-2013 15:26 168384]
      S2 SkypeUpdate;Skype Updater;c:\archivos de programa\Skype\Updater\Updater.exe [13-07-2012 13:28 160944]
      S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [07-02-2012 22:11 80184]
      S3 GPWADrv;Service for L6 GuitarPort Driver (WDM);c:\windows\system32\drivers\GPWADrv.sys [24-11-2011 19:36 583296]
      S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\archivos de programa\D-Link\RangeBooster G WUA-2340\JSWUtil\jswpsapi.exe [18-01-2011 15:12 356434]
      S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [03-11-2012 22:38 18432]
      S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [07-02-2012 22:11 181432]
      S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys --> c:\windows\system32\DRIVERS\wdcsam.sys [?]
      S4 SirefefRemover;SirefefRemover;\??\c:\windows\system32\Drivers\SirefefRemover.sys --> c:\windows\system32\Drivers\SirefefRemover.sys [?]
      .
      Contents of the 'Scheduled Tasks' folder
      .
      2013-03-30 c:\windows\Tasks\Adobe Flash Player Updater.job
      - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-28 21:10]
      .
      2013-01-28 c:\windows\Tasks\AppleSoftwareUpdate.job
      - c:\archivos de programa\Apple Software Update\SoftwareUpdate.exe [2009-10-22 20:57]
      .
      2013-03-30 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
      - c:\archivos de programa\Spybot - Search & Destroy 2\SDUpdate.exe [2013-03-30 18:08]
      .
      2013-03-30 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
      - c:\archivos de programa\Spybot - Search & Destroy 2\SDImmunize.exe [2013-03-30 18:07]
      .
      2013-03-30 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
      - c:\archivos de programa\Spybot - Search & Destroy 2\SDScan.exe [2013-03-30 18:07]
      .
      .
      ------- Supplementary Scan -------
      .
      uStart Page = hxxp://search.myheritage.com
      mStart Page = hxxp://search.myheritage.com
      uInternet Settings,ProxyOverride = *.local
      IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~2\Office12\EXCEL.EXE/3000
      Trusted Zone: line6.net
      TCP: DhcpNameServer = 192.168.0.1
      FF - ProfilePath - c:\documents and settings\pc\Datos de programa\Mozilla\Firefox\Profiles\pc60i9fg.default\
      FF - prefs.js: browser.startup.homepage - hxxp://search.myheritage.com/
      .
      - - - - ORPHANS REMOVED - - - -
      .
      Notify-SDWinLogon - SDWinLogon.dll
      SafeBoot-Wdf01000.sys
      AddRemove-PreSonus 1394 Audio Driver V1.20.0 (FIREBox) Setup - c:\archivos de programa\PreSonus\1394AudioDriver_FIREBox\uninst.exe Software\PreSonus\1394AudioDriver_FIREBox\Setup
      AddRemove-01_Simmental - c:\archivos de programa\Samsung\USB Drivers\01_Simmental\Uninstall.exe
      AddRemove-02_Siberian - c:\archivos de programa\Samsung\USB Drivers\02_Siberian\Uninstall.exe
      AddRemove-03_Swallowtail - c:\archivos de programa\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
      AddRemove-04_semseyite - c:\archivos de programa\Samsung\USB Drivers\04_semseyite\Uninstall.exe
      AddRemove-05_Sloan - c:\archivos de programa\Samsung\USB Drivers\05_Sloan\Uninstall.exe
      AddRemove-06_Spencer - c:\archivos de programa\Samsung\USB Drivers\06_Spencer\Uninstall.exe
      AddRemove-07_Schorl - c:\archivos de programa\Samsung\USB Drivers\07_Schorl\Uninstall.exe
      AddRemove-08_EMPChipset - c:\archivos de programa\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
      AddRemove-09_Hsp - c:\archivos de programa\Samsung\USB Drivers\09_Hsp\Uninstall.exe
      AddRemove-11_HSP_Plus_Default - c:\archivos de programa\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
      AddRemove-16_Shrewsbury - c:\archivos de programa\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
      AddRemove-17_EMP_Chipset2 - c:\archivos de programa\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
      AddRemove-18_Zinia_Serial_Driver - c:\archivos de programa\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
      AddRemove-19_VIA_driver - c:\archivos de programa\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
      AddRemove-20_NXP_Driver - c:\archivos de programa\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
      AddRemove-21_Searsburg - c:\archivos de programa\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
      AddRemove-22_WiBro_WiMAX - c:\archivos de programa\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
      AddRemove-24_flashusbdriver - c:\archivos de programa\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
      AddRemove-25_escape - c:\archivos de programa\Samsung\USB Drivers\25_escape\Uninstall.exe
      .
      .
      .
      **************************************************************************
      .
      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2013-03-30 19:23
      Windows 5.1.2600 Service Pack 3 NTFS
      .
      scanning hidden processes ...
      .
      scanning hidden autostart entries ...
      .
      scanning hidden files ...
      .
      scan completed successfully
      hidden files: 0
      .
      **************************************************************************
      .
      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCPDFReadSpool]
      "ImagePath"="c:\windows\Installer\MSI87FB.tmp"
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------
      .
      [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
      @="?????????????????? v1"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
      @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
      @="?????????????????? v2"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
      @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
      .
      Completion time: 2013-03-30 19:25:34
      ComboFix-quarantined-files.txt 2013-03-30 23:25
      .
      Pre-Run: 203.718.397.952 bytes libres
      Post-Run: 204.019.589.120 bytes libres
      .
      - - End Of File - - 1DC8AD304A04E39CF5064873F468D443


      Por favor ayuda!!!

    2. #2
      Moderador.
      Avatar de @Tincho
      Registrado
      may 2008
      Ubicación
      Argentina
      Mensajes
      14.701

      re: virus Sirefef.gen!C.

      Buenas.

      Las herramientas hicieron su trabajo, como funciona todo?
      Tyny's
      If on your journey, you should encounter God, God will be cut!

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #3
      Usuario Avatar de jedignier
      Registrado
      mar 2013
      Ubicación
      chile
      Mensajes
      4

      re: virus Sirefef.gen!C.

      Hola Tyny's

      Gracias por tu ayuda. Lamentablemente después del trabajo anterior aun estoy infectado.

      Hoy por la mañana corrí ComboFix y éste encontró nuevamente un Zero Access.

      El log es el siguiente:
      ComboFix 13-03-31.01 - pc 31-03-2013 10:08:19.2.4 - x86
      Microsoft Windows XP Professional 5.1.2600.3.1252.56.3082.18.3322.2814 [GMT -4:00]
      Running from: c:\documents and settings\pc\Mis documentos\Downloads\ComboFix.exe
      AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
      * Resident AV is active
      .
      .
      .
      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      c:\windows\wininit.ini
      .
      .
      ((((((((((((((((((((((((( Files Created from 2013-02-28 to 2013-03-31 )))))))))))))))))))))))))))))))
      .
      .
      2013-03-30 21:26 . 2013-03-30 21:26 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Malwarebytes
      2013-03-30 19:26 . 2013-03-31 04:22 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Spybot - Search & Destroy
      2013-03-30 19:26 . 2009-01-25 16:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
      2013-03-30 19:26 . 2013-03-30 19:26 -------- d-----w- c:\archivos de programa\Spybot - Search & Destroy 2
      2013-03-29 01:54 . 2013-03-29 01:54 -------- d-----w- c:\documents and settings\LocalService\Configuración local\Datos de programa\PCHealth
      2013-03-29 01:54 . 2008-11-07 22:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
      2013-03-28 21:10 . 2013-03-28 21:10 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
      2013-03-25 02:31 . 2013-01-10 19:33 759296 -c----w- c:\windows\system32\dllcache\vgx.dll
      2013-03-25 02:27 . 2013-02-05 20:13 11111424 -c----w- c:\windows\system32\dllcache\ieframe.dll
      2013-03-25 02:27 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
      2013-03-25 02:27 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
      2013-03-03 20:36 . 2013-03-03 20:36 -------- d-----r- c:\documents and settings\LocalService\Favoritos
      2013-03-03 20:35 . 2013-03-03 20:35 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
      .
      .
      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2013-03-28 21:10 . 2011-09-23 00:04 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
      2013-02-12 00:32 . 2008-04-13 18:56 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
      2013-02-12 00:32 . 2004-08-03 21:04 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
      2013-02-07 02:51 . 2013-02-07 02:51 138496 ----a-w- c:\windows\system32\drivers\afd.sys.org
      2013-02-05 20:13 . 2004-08-19 13:42 916480 ----a-w- c:\windows\system32\wininet.dll
      2013-02-05 20:13 . 2004-08-19 13:42 43520 ----a-w- c:\windows\system32\licmgr10.dll
      2013-02-05 20:13 . 2004-08-19 13:43 1469440 ------w- c:\windows\system32\inetcpl.cpl
      2013-02-05 05:54 . 2004-08-19 13:23 385024 ----a-w- c:\windows\system32\html.iec
      2013-01-27 21:40 . 2013-01-27 21:40 224256 ----a-w- c:\documents and settings\All Users\Datos de programa\Microsoft\Media Tools\MediaIconsOverlays.dll
      2013-01-26 03:55 . 2004-08-19 13:42 552448 ----a-w- c:\windows\system32\oleaut32.dll
      2013-01-14 18:00 . 2013-01-27 22:51 112640 ----a-w- c:\windows\system32\ff_vfw.dll
      2013-01-07 07:25 . 2004-08-19 13:33 2151424 ----a-w- c:\windows\system32\ntoskrnl.exe
      2013-01-07 07:25 . 2004-08-19 15:33 2030080 ----a-w- c:\windows\system32\ntkrnlpa.exe
      2013-01-04 10:09 . 2004-08-19 13:30 1867392 ----a-w- c:\windows\system32\win32k.sys
      2013-01-02 06:49 . 2004-08-19 13:43 148992 ----a-w- c:\windows\system32\mpg2splt.ax
      2013-01-02 06:49 . 2004-08-19 13:42 1298432 ----a-w- c:\windows\system32\quartz.dll
      2006-11-16 13:59 . 2011-10-23 21:02 6483968 ----a-w- c:\archivos de programa\AmpliTube2.vpa
      2006-11-15 21:50 . 2011-10-23 21:02 696320 ----a-w- c:\archivos de programa\Amplitube 2.exe
      2011-09-29 06:53 . 2011-11-02 23:18 134104 ----a-w- c:\archivos de programa\mozilla firefox\components\browsercomps.dll
      .
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
      "{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}"= "c:\archivos de programa\Family Toolbar\tbhelper.dll" [2009-05-07 355840]
      .
      [HKEY_CLASSES_ROOT\clsid\{1c4ab6a5-595f-4e86-b15f-f93cce2bbd48}]
      [HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook.1]
      [HKEY_CLASSES_ROOT\TypeLib\{1EA6B471-CAD2-419a-9539-0586EEFE2D09}]
      [HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
      2009-05-07 21:46 2642432 ----a-w- c:\archivos de programa\Family Toolbar\tbcore3.dll
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
      "{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\archivos de programa\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]
      .
      [HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
      [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
      [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
      [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]
      .
      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
      "{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\archivos de programa\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]
      .
      [HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
      [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
      [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
      [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0MediaIconsOerlay]
      @="{1EC23CFF-4C58-458f-924C-8519AEF61B32}"
      [HKEY_CLASSES_ROOT\CLSID\{1EC23CFF-4C58-458f-924C-8519AEF61B32}]
      2012-12-09 09:47 224256 ----a-w- c:\archivos de programa\Mega Codec Pack\Filters\Haali\mmdinfo.dll
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "WinSys2"="c:\windows\system32\winsys2.exe" [2007-10-30 208896]
      "FIREBOX"="c:\archivos de programa\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe" [2005-01-28 1003520]
      "D-Link RangeBooster G WUA-2340"="c:\archivos de programa\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe" [2008-09-23 1667072]
      "ANIWZCS2Service"="c:\archivos de programa\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
      "egui"="c:\archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
      "Autorun Eater"="c:\archivos de programa\Autorun Eater\oldmcdonald.exe" [2010-05-06 516216]
      "H2O"="c:\archivos de programa\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-23 385024]
      "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-04-08 111208]
      "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-04-08 13891176]
      "SysTrayApp"="c:\archivos de programa\IDT\WDM\sttray.exe" [2009-03-12 483422]
      "nwiz"="nwiz.exe" [2007-12-05 1626112]
      "SDTray"="c:\archivos de programa\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
      .
      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
      "DWQueuedReporting"="c:\archiv~1\ARCHIV~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
      .
      c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\
      Herramienta de bandeja de Logitech Media Server.lnk - c:\archivos de programa\Squeezebox\SqueezeTray.exe [2011-12-2 3051619]
      Logitech Media Server Tray Tool.lnk - c:\archivos de programa\Squeezebox\SqueezeTray.exe [2011-12-2 3051619]
      .
      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
      "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\archivos de programa\Fences\FencesMenu.dll" [2009-10-02 128360]
      .
      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
      BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
      .
      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Adobe Reader Synchronizer.lnk]
      path=c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\Adobe Reader Synchronizer.lnk
      backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
      .
      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Inicio rápido de Adobe Reader.lnk]
      path=c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\Inicio rápido de Adobe Reader.lnk
      backup=c:\windows\pss\Inicio rápido de Adobe Reader.lnkCommon Startup
      .
      [HKLM\~\startupfolder\C:^Documents and Settings^pc^Menú Inicio^Programas^Inicio^Recorte de pantalla e Inicio rápido de OneNote 2007.lnk]
      path=c:\documents and settings\pc\Menú Inicio\Programas\Inicio\Recorte de pantalla e Inicio rápido de OneNote 2007.lnk
      backup=c:\windows\pss\Recorte de pantalla e Inicio rápido de OneNote 2007.lnkStartup
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
      2012-08-28 00:32 59280 ----a-w- c:\archivos de programa\Archivos comunes\Apple\Apple Application Support\APSDaemon.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
      2007-09-06 13:08 136136 ----a-w- c:\archivos de programa\DAEMON Tools Pro\DTProAgent.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvUpdater]
      2012-06-18 04:19 195256 ----a-w- c:\documents and settings\pc\Datos de programa\DRPSu\DrvUpdater.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
      2011-01-18 23:29 136176 ----atw- c:\documents and settings\pc\Configuración local\Datos de programa\Google\Update\GoogleUpdate.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
      2009-02-26 21:36 30040 ----a-w- c:\archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
      2012-09-10 02:30 421776 ----a-w- c:\archivos de programa\iTunes\iTunesHelper.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
      2012-04-18 23:56 421888 ----a-w- c:\archivos de programa\QuickTime\QTTask.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
      2012-01-18 18:02 254696 ----a-w- c:\archivos de programa\Archivos comunes\Java\Java Update\jusched.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xvid]
      2011-01-17 19:41 8192 ----a-w- c:\archivos de programa\Xvid\CheckUpdate.exe
      .
      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "c:\\Archivos de programa\\Spybot - Search & Destroy 2\\SDTray.exe"=
      "c:\\Archivos de programa\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
      "c:\\Archivos de programa\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
      "c:\\Archivos de programa\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
      "c:\\Archivos de programa\\Squeezebox\\server\\SqueezeSvr.exe"=
      .
      R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [14-07-2012 12:59 159536]
      R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12-03-2012 23:25 685816]
      R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [06-02-2009 9:23 106208]
      R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [06-02-2009 9:24 93336]
      R2 ekrn;ESET Service;c:\archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe [06-02-2009 9:23 727720]
      R2 SCPDFReadSpool;SolidConverterPDFReadSpool;c:\windows\Installer\MSI87FB.tmp [15-12-2011 23:21 177784]
      R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\archivos de programa\Spybot - Search & Destroy 2\SDFSSvc.exe [30-03-2013 15:26 1103392]
      R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\archivos de programa\Spybot - Search & Destroy 2\SDUpdSvc.exe [30-03-2013 15:26 1369624]
      R3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [18-01-2011 15:12 386784]
      R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [22-10-2011 22:54 33792]
      R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [18-01-2011 15:12 57440]
      R3 ps_1394;ps_1394;c:\windows\system32\drivers\ps_1394.sys [18-01-2011 15:09 97152]
      R3 ps_avs;ps_avs;c:\windows\system32\drivers\ps_avs.sys [18-01-2011 15:09 24576]
      S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\archivos de programa\Spybot - Search & Destroy 2\SDWSCSvc.exe [30-03-2013 15:26 168384]
      S2 SkypeUpdate;Skype Updater;c:\archivos de programa\Skype\Updater\Updater.exe [13-07-2012 13:28 160944]
      S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [07-02-2012 22:11 80184]
      S3 GPWADrv;Service for L6 GuitarPort Driver (WDM);c:\windows\system32\drivers\GPWADrv.sys [24-11-2011 19:36 583296]
      S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\archivos de programa\D-Link\RangeBooster G WUA-2340\JSWUtil\jswpsapi.exe [18-01-2011 15:12 356434]
      S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [03-11-2012 22:38 18432]
      S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [07-02-2012 22:11 181432]
      S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys --> c:\windows\system32\DRIVERS\wdcsam.sys [?]
      .
      Contents of the 'Scheduled Tasks' folder
      .
      2013-03-31 c:\windows\Tasks\Adobe Flash Player Updater.job
      - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-28 21:10]
      .
      2013-01-28 c:\windows\Tasks\AppleSoftwareUpdate.job
      - c:\archivos de programa\Apple Software Update\SoftwareUpdate.exe [2009-10-22 20:57]
      .
      2013-03-31 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
      - c:\archivos de programa\Spybot - Search & Destroy 2\SDUpdate.exe [2013-03-30 18:08]
      .
      2013-03-30 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
      - c:\archivos de programa\Spybot - Search & Destroy 2\SDImmunize.exe [2013-03-30 18:07]
      .
      2013-03-30 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
      - c:\archivos de programa\Spybot - Search & Destroy 2\SDScan.exe [2013-03-30 18:07]
      .
      .
      ------- Supplementary Scan -------
      .
      uStart Page = hxxp://search.myheritage.com
      mStart Page = hxxp://search.myheritage.com
      uInternet Settings,ProxyOverride = *.local
      IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~2\Office12\EXCEL.EXE/3000
      Trusted Zone: line6.net
      TCP: DhcpNameServer = 192.168.0.1
      FF - ProfilePath - c:\documents and settings\pc\Datos de programa\Mozilla\Firefox\Profiles\pc60i9fg.default\
      FF - prefs.js: browser.startup.homepage - hxxp://search.myheritage.com/
      .
      .
      **************************************************************************
      .
      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
      Rootkit scan 2013-03-31 10:19
      Windows 5.1.2600 Service Pack 3 NTFS
      .
      scanning hidden processes ...
      .
      scanning hidden autostart entries ...
      .
      scanning hidden files ...
      .
      scan completed successfully
      hidden files: 0
      .
      **************************************************************************
      .
      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCPDFReadSpool]
      "ImagePath"="c:\windows\Installer\MSI87FB.tmp"
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------
      .
      [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
      @="?????????????????? v1"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
      @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
      @="?????????????????? v2"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
      @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
      .
      Completion time: 2013-03-31 10:20:40
      ComboFix-quarantined-files.txt 2013-03-31 14:20
      ComboFix2.txt 2013-03-30 23:25
      .
      Pre-Run: 203.372.154.880 bytes libres
      Post-Run: 203.398.447.104 bytes libres
      .
      - - End Of File - - E30359FF09E092ABA3B04C7D59A458EE


      Luego "por las dudas" lo corrí nuevamente y todavía me dice que estoy infectado. Acá el log.
      ComboFix 13-03-31.01 - pc 31-03-2013 10:43:11.3.4 - x86
      Microsoft Windows XP Professional 5.1.2600.3.1252.56.3082.18.3322.2810 [GMT -4:00]
      Running from: c:\documents and settings\pc\Mis documentos\Downloads\ComboFix.exe
      AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
      * Resident AV is active
      .
      .
      .
      ((((((((((((((((((((((((( Files Created from 2013-02-28 to 2013-03-31 )))))))))))))))))))))))))))))))
      .
      .
      2013-03-30 21:26 . 2013-03-30 21:26 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Malwarebytes
      2013-03-30 19:26 . 2013-03-31 04:22 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Spybot - Search & Destroy
      2013-03-30 19:26 . 2009-01-25 16:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
      2013-03-30 19:26 . 2013-03-30 19:26 -------- d-----w- c:\archivos de programa\Spybot - Search & Destroy 2
      2013-03-29 01:54 . 2013-03-29 01:54 -------- d-----w- c:\documents and settings\LocalService\Configuración local\Datos de programa\PCHealth
      2013-03-29 01:54 . 2008-11-07 22:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
      2013-03-28 21:10 . 2013-03-28 21:10 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
      2013-03-25 02:31 . 2013-01-10 19:33 759296 -c----w- c:\windows\system32\dllcache\vgx.dll
      2013-03-25 02:27 . 2013-02-05 20:13 11111424 -c----w- c:\windows\system32\dllcache\ieframe.dll
      2013-03-25 02:27 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
      2013-03-25 02:27 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
      2013-03-03 20:36 . 2013-03-03 20:36 -------- d-----r- c:\documents and settings\LocalService\Favoritos
      2013-03-03 20:35 . 2013-03-03 20:35 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
      .
      .
      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2013-03-28 21:10 . 2011-09-23 00:04 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
      2013-02-12 00:32 . 2008-04-13 18:56 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
      2013-02-12 00:32 . 2004-08-03 21:04 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
      2013-02-07 02:51 . 2013-02-07 02:51 138496 ----a-w- c:\windows\system32\drivers\afd.sys.org
      2013-02-05 20:13 . 2004-08-19 13:42 916480 ----a-w- c:\windows\system32\wininet.dll
      2013-02-05 20:13 . 2004-08-19 13:42 43520 ----a-w- c:\windows\system32\licmgr10.dll
      2013-02-05 20:13 . 2004-08-19 13:43 1469440 ------w- c:\windows\system32\inetcpl.cpl
      2013-02-05 05:54 . 2004-08-19 13:23 385024 ----a-w- c:\windows\system32\html.iec
      2013-01-27 21:40 . 2013-01-27 21:40 224256 ----a-w- c:\documents and settings\All Users\Datos de programa\Microsoft\Media Tools\MediaIconsOverlays.dll
      2013-01-26 03:55 . 2004-08-19 13:42 552448 ----a-w- c:\windows\system32\oleaut32.dll
      2013-01-14 18:00 . 2013-01-27 22:51 112640 ----a-w- c:\windows\system32\ff_vfw.dll
      2013-01-07 07:25 . 2004-08-19 13:33 2151424 ----a-w- c:\windows\system32\ntoskrnl.exe
      2013-01-07 07:25 . 2004-08-19 15:33 2030080 ----a-w- c:\windows\system32\ntkrnlpa.exe
      2013-01-04 10:09 . 2004-08-19 13:30 1867392 ----a-w- c:\windows\system32\win32k.sys
      2013-01-02 06:49 . 2004-08-19 13:43 148992 ----a-w- c:\windows\system32\mpg2splt.ax
      2013-01-02 06:49 . 2004-08-19 13:42 1298432 ----a-w- c:\windows\system32\quartz.dll
      2006-11-16 13:59 . 2011-10-23 21:02 6483968 ----a-w- c:\archivos de programa\AmpliTube2.vpa
      2006-11-15 21:50 . 2011-10-23 21:02 696320 ----a-w- c:\archivos de programa\Amplitube 2.exe
      2011-09-29 06:53 . 2011-11-02 23:18 134104 ----a-w- c:\archivos de programa\mozilla firefox\components\browsercomps.dll
      .
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
      "{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}"= "c:\archivos de programa\Family Toolbar\tbhelper.dll" [2009-05-07 355840]
      .
      [HKEY_CLASSES_ROOT\clsid\{1c4ab6a5-595f-4e86-b15f-f93cce2bbd48}]
      [HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook.1]
      [HKEY_CLASSES_ROOT\TypeLib\{1EA6B471-CAD2-419a-9539-0586EEFE2D09}]
      [HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
      2009-05-07 21:46 2642432 ----a-w- c:\archivos de programa\Family Toolbar\tbcore3.dll
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
      "{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\archivos de programa\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]
      .
      [HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
      [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
      [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
      [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]
      .
      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
      "{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\archivos de programa\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]
      .
      [HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
      [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
      [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
      [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0MediaIconsOerlay]
      @="{1EC23CFF-4C58-458f-924C-8519AEF61B32}"
      [HKEY_CLASSES_ROOT\CLSID\{1EC23CFF-4C58-458f-924C-8519AEF61B32}]
      2012-12-09 09:47 224256 ----a-w- c:\archivos de programa\Mega Codec Pack\Filters\Haali\mmdinfo.dll
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "WinSys2"="c:\windows\system32\winsys2.exe" [2007-10-30 208896]
      "FIREBOX"="c:\archivos de programa\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe" [2005-01-28 1003520]
      "D-Link RangeBooster G WUA-2340"="c:\archivos de programa\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe" [2008-09-23 1667072]
      "ANIWZCS2Service"="c:\archivos de programa\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
      "egui"="c:\archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
      "Autorun Eater"="c:\archivos de programa\Autorun Eater\oldmcdonald.exe" [2010-05-06 516216]
      "H2O"="c:\archivos de programa\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-23 385024]
      "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-04-08 111208]
      "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-04-08 13891176]
      "SysTrayApp"="c:\archivos de programa\IDT\WDM\sttray.exe" [2009-03-12 483422]
      "nwiz"="nwiz.exe" [2007-12-05 1626112]
      "SDTray"="c:\archivos de programa\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
      .
      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
      "DWQueuedReporting"="c:\archiv~1\ARCHIV~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
      .
      c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\
      Herramienta de bandeja de Logitech Media Server.lnk - c:\archivos de programa\Squeezebox\SqueezeTray.exe [2011-12-2 3051619]
      Logitech Media Server Tray Tool.lnk - c:\archivos de programa\Squeezebox\SqueezeTray.exe [2011-12-2 3051619]
      .
      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
      "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\archivos de programa\Fences\FencesMenu.dll" [2009-10-02 128360]
      .
      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
      BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
      .
      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Adobe Reader Synchronizer.lnk]
      path=c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\Adobe Reader Synchronizer.lnk
      backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
      .
      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Inicio rápido de Adobe Reader.lnk]
      path=c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\Inicio rápido de Adobe Reader.lnk
      backup=c:\windows\pss\Inicio rápido de Adobe Reader.lnkCommon Startup
      .
      [HKLM\~\startupfolder\C:^Documents and Settings^pc^Menú Inicio^Programas^Inicio^Recorte de pantalla e Inicio rápido de OneNote 2007.lnk]
      path=c:\documents and settings\pc\Menú Inicio\Programas\Inicio\Recorte de pantalla e Inicio rápido de OneNote 2007.lnk
      backup=c:\windows\pss\Recorte de pantalla e Inicio rápido de OneNote 2007.lnkStartup
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
      2012-08-28 00:32 59280 ----a-w- c:\archivos de programa\Archivos comunes\Apple\Apple Application Support\APSDaemon.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
      2007-09-06 13:08 136136 ----a-w- c:\archivos de programa\DAEMON Tools Pro\DTProAgent.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvUpdater]
      2012-06-18 04:19 195256 ----a-w- c:\documents and settings\pc\Datos de programa\DRPSu\DrvUpdater.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
      2011-01-18 23:29 136176 ----atw- c:\documents and settings\pc\Configuración local\Datos de programa\Google\Update\GoogleUpdate.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
      2009-02-26 21:36 30040 ----a-w- c:\archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
      2012-09-10 02:30 421776 ----a-w- c:\archivos de programa\iTunes\iTunesHelper.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
      2012-04-18 23:56 421888 ----a-w- c:\archivos de programa\QuickTime\QTTask.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
      2012-01-18 18:02 254696 ----a-w- c:\archivos de programa\Archivos comunes\Java\Java Update\jusched.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xvid]
      2011-01-17 19:41 8192 ----a-w- c:\archivos de programa\Xvid\CheckUpdate.exe
      .
      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "c:\\Archivos de programa\\Spybot - Search & Destroy 2\\SDTray.exe"=
      "c:\\Archivos de programa\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
      "c:\\Archivos de programa\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
      "c:\\Archivos de programa\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
      "c:\\Archivos de programa\\Squeezebox\\server\\SqueezeSvr.exe"=
      .
      R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [14-07-2012 12:59 159536]
      R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12-03-2012 23:25 685816]
      R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [06-02-2009 9:23 106208]
      R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [06-02-2009 9:24 93336]
      R2 ekrn;ESET Service;c:\archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe [06-02-2009 9:23 727720]
      R2 SCPDFReadSpool;SolidConverterPDFReadSpool;c:\windows\Installer\MSI87FB.tmp [15-12-2011 23:21 177784]
      R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\archivos de programa\Spybot - Search & Destroy 2\SDFSSvc.exe [30-03-2013 15:26 1103392]
      R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\archivos de programa\Spybot - Search & Destroy 2\SDUpdSvc.exe [30-03-2013 15:26 1369624]
      R3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [18-01-2011 15:12 386784]
      R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [22-10-2011 22:54 33792]
      R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [18-01-2011 15:12 57440]
      R3 ps_1394;ps_1394;c:\windows\system32\drivers\ps_1394.sys [18-01-2011 15:09 97152]
      R3 ps_avs;ps_avs;c:\windows\system32\drivers\ps_avs.sys [18-01-2011 15:09 24576]
      S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\archivos de programa\Spybot - Search & Destroy 2\SDWSCSvc.exe [30-03-2013 15:26 168384]
      S2 SkypeUpdate;Skype Updater;c:\archivos de programa\Skype\Updater\Updater.exe [13-07-2012 13:28 160944]
      S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [07-02-2012 22:11 80184]
      S3 GPWADrv;Service for L6 GuitarPort Driver (WDM);c:\windows\system32\drivers\GPWADrv.sys [24-11-2011 19:36 583296]
      S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\archivos de programa\D-Link\RangeBooster G WUA-2340\JSWUtil\jswpsapi.exe [18-01-2011 15:12 356434]
      S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [03-11-2012 22:38 18432]
      S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [07-02-2012 22:11 181432]
      S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys --> c:\windows\system32\DRIVERS\wdcsam.sys [?]
      .
      Contents of the 'Scheduled Tasks' folder
      .
      2013-03-31 c:\windows\Tasks\Adobe Flash Player Updater.job
      - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-28 21:10]
      .
      2013-01-28 c:\windows\Tasks\AppleSoftwareUpdate.job
      - c:\archivos de programa\Apple Software Update\SoftwareUpdate.exe [2009-10-22 20:57]
      .
      2013-03-31 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
      - c:\archivos de programa\Spybot - Search & Destroy 2\SDUpdate.exe [2013-03-30 18:08]
      .
      2013-03-30 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
      - c:\archivos de programa\Spybot - Search & Destroy 2\SDImmunize.exe [2013-03-30 18:07]
      .
      2013-03-30 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
      - c:\archivos de programa\Spybot - Search & Destroy 2\SDScan.exe [2013-03-30 18:07]
      .
      .
      ------- Supplementary Scan -------
      .
      uStart Page = hxxp://search.myheritage.com
      mStart Page = hxxp://search.myheritage.com
      uInternet Settings,ProxyOverride = *.local
      IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~2\Office12\EXCEL.EXE/3000
      Trusted Zone: line6.net
      TCP: DhcpNameServer = 192.168.0.1
      FF - ProfilePath - c:\documents and settings\pc\Datos de programa\Mozilla\Firefox\Profiles\pc60i9fg.default\
      FF - prefs.js: browser.startup.homepage - hxxp://search.myheritage.com/
      .
      .
      **************************************************************************
      .
      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
      Rootkit scan 2013-03-31 10:53
      Windows 5.1.2600 Service Pack 3 NTFS
      .
      scanning hidden processes ...
      .
      scanning hidden autostart entries ...
      .
      scanning hidden files ...
      .
      scan completed successfully
      hidden files: 0
      .
      **************************************************************************
      .
      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCPDFReadSpool]
      "ImagePath"="c:\windows\Installer\MSI87FB.tmp"
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------
      .
      [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
      @="?????????????????? v1"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
      @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
      @="?????????????????? v2"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
      @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
      .
      Completion time: 2013-03-31 10:55:06
      ComboFix-quarantined-files.txt 2013-03-31 14:55
      ComboFix2.txt 2013-03-31 14:20
      ComboFix3.txt 2013-03-30 23:25
      .
      Pre-Run: 203.210.395.648 bytes libres
      Post-Run: 203.234.414.592 bytes libres
      .
      - - End Of File - - 95BA872944DF8806AD679FFF7101EBFE


      Alguien sabe cómo puede ser que todavía persista la infección?
      (en el último mbar con todo update no encontró ningún malware).

      Gracias!
      Raimundo

    4. #4
      Usuario Avatar de jedignier
      Registrado
      mar 2013
      Ubicación
      chile
      Mensajes
      4
      se me envío dos veces...

    5. #5
      Moderador.
      Avatar de @Tincho
      Registrado
      may 2008
      Ubicación
      Argentina
      Mensajes
      14.701

      re: virus Sirefef.gen!C.

      Buenas.


      Descarga Gmer Anti-rootkit que se encuentra adjunto en el mensaje. Ejecútalo y presiona la tecla Scan, al finalizar eliminas o reparas la detecciones. Nos traes el reporte generado comentando como funciona tu PC.
      Archivos Adjuntos Archivos Adjuntos
      Tyny's
      If on your journey, you should encounter God, God will be cut!

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    6. #6
      Usuario Avatar de jedignier
      Registrado
      mar 2013
      Ubicación
      chile
      Mensajes
      4

      re: virus Sirefef.gen!C.

      gracias Tyny's por tu ayuda.

      Ejecuté Gmer y al parecer no borró nada, el log es el siguiente:

      GMER 2.1.19155 - GMER - Rootkit Detector and Remover
      Rootkit scan 2013-03-31 22:54:31
      Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-5 WDC_WD5000AAKS-00A7B0 rev.01.03B01 465,76GB
      Running: fvsj4izp.exe; Driver: C:\DOCUME~1\pc\CONFIG~1\Temp\pxtdrpow.sys


      ---- System - GMER 2.1 ----

      SSDT 89775C90 ZwAssignProcessToJobObject
      SSDT sptd.sys ZwCreateKey [0xB7EBE0D0]
      SSDT 89776200 ZwDebugActiveProcess
      SSDT 897762F0 ZwDuplicateObject
      SSDT sptd.sys ZwEnumerateKey [0xB7EC3FB2]
      SSDT sptd.sys ZwEnumerateValueKey [0xB7EC4340]
      SSDT sptd.sys ZwOpenKey [0xB7EBE0B0]
      SSDT 89775590 ZwOpenProcess
      SSDT 89775800 ZwOpenThread
      SSDT 89775FD0 ZwProtectVirtualMemory
      SSDT sptd.sys ZwQueryKey [0xB7EC4418]
      SSDT sptd.sys ZwQueryValueKey [0xB7EC4298]
      SSDT 897760E0 ZwQueueApcThread
      SSDT 89775EC0 ZwSetContextThread
      SSDT 89775D90 ZwSetInformationThread
      SSDT 89772DA0 ZwSetSecurityObject
      SSDT sptd.sys ZwSetValueKey [0xB7EC44AA]
      SSDT 89775B90 ZwSuspendProcess
      SSDT 89775A80 ZwSuspendThread
      SSDT 897756E0 ZwTerminateProcess
      SSDT 89775A50 ZwTerminateThread
      SSDT 897766D0 ZwWriteVirtualMemory

      ---- Kernel code sections - GMER 2.1 ----

      ? C:\WINDOWS\system32\drivers\sptd.sys El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso.
      ? System32\Drivers\ayo892xo.SYS El sistema no puede hallar la ruta especificada. !
      .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB699D3A0, 0x83C195, 0xE8000020]

      ---- User code sections - GMER 2.1 ----

      .text C:\Archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe[988] kernel32.dll!SetUnhandledExceptionFilter 7C8449CD 4 Bytes [C2, 04, 00, 00]
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtCreateFile + 6 7C91D0B4 4 Bytes [28, 10, 5C, 00]
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtCreateFile + B 7C91D0B9 1 Byte [E2]
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtMapViewOfSection + 6 7C91D524 4 Bytes [28, 13, 5C, 00]
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtMapViewOfSection + B 7C91D529 1 Byte [E2]
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtOpenFile + 6 7C91D5A4 4 Bytes [68, 10, 5C, 00]
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtOpenFile + B 7C91D5A9 1 Byte [E2]
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtOpenProcess + 6 7C91D604 4 Bytes [A8, 11, 5C, 00]
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtOpenProcess + B 7C91D609 1 Byte [E2]
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtOpenProcessToken + 6 7C91D614 4 Bytes CALL 7B92322A
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtOpenProcessToken + B 7C91D619 1 Byte [E2]
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtOpenProcessTokenEx + 6 7C91D624 4 Bytes [A8, 12, 5C, 00]
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtOpenProcessTokenEx + B 7C91D629 1 Byte [E2]
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtOpenThread + 6 7C91D664 4 Bytes [68, 11, 5C, 00]
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtOpenThread + B 7C91D669 1 Byte [E2]
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtOpenThreadToken + 6 7C91D674 4 Bytes [68, 12, 5C, 00]
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtOpenThreadToken + B 7C91D679 1 Byte [E2]
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtOpenThreadTokenEx + 6 7C91D684 4 Bytes CALL 7B92329B
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtOpenThreadTokenEx + B 7C91D689 1 Byte [E2]
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtQueryAttributesFile + 6 7C91D714 4 Bytes [A8, 10, 5C, 00]
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtQueryAttributesFile + B 7C91D719 1 Byte [E2]
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtQueryFullAttributesFile + 6 7C91D7B4 4 Bytes CALL 7B9233C9
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtQueryFullAttributesFile + B 7C91D7B9 1 Byte [E2]
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtSetInformationFile + 6 7C91DC64 4 Bytes [28, 11, 5C, 00]
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtSetInformationFile + B 7C91DC69 1 Byte [E2]
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtSetInformationThread + 6 7C91DCB4 4 Bytes [28, 12, 5C, 00]
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtSetInformationThread + B 7C91DCB9 1 Byte [E2]
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtUnmapViewOfSection + 6 7C91DF14 4 Bytes [68, 13, 5C, 00]
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[2176] ntdll.dll!NtUnmapViewOfSection + B 7C91DF19 1 Byte [E2]
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtCreateFile + 6 7C91D0B4 4 Bytes [28, CC, D8, 00] {SUB AH, CL; FADD DWORD [EAX]}
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtCreateFile + B 7C91D0B9 1 Byte [E2]
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtMapViewOfSection + 6 7C91D524 4 Bytes [28, CF, D8, 00] {SUB BH, CL; FADD DWORD [EAX]}
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtMapViewOfSection + B 7C91D529 1 Byte [E2]
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtOpenFile + 6 7C91D5A4 4 Bytes [68, CC, D8, 00]
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtOpenFile + B 7C91D5A9 1 Byte [E2]
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtOpenProcess + 6 7C91D604 4 Bytes [A8, CD, D8, 00] {TEST AL, 0xcd; FADD DWORD [EAX]}
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtOpenProcess + B 7C91D609 1 Byte [E2]
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtOpenProcessToken + 6 7C91D614 4 Bytes CALL 7B92AEE6
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtOpenProcessToken + B 7C91D619 1 Byte [E2]
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtOpenProcessTokenEx + 6 7C91D624 4 Bytes [A8, CE, D8, 00] {TEST AL, 0xce; FADD DWORD [EAX]}
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtOpenProcessTokenEx + B 7C91D629 1 Byte [E2]
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtOpenThread + 6 7C91D664 4 Bytes [68, CD, D8, 00]
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtOpenThread + B 7C91D669 1 Byte [E2]
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtOpenThreadToken + 6 7C91D674 4 Bytes [68, CE, D8, 00]
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtOpenThreadToken + B 7C91D679 1 Byte [E2]
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtOpenThreadTokenEx + 6 7C91D684 4 Bytes CALL 7B92AF57
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtOpenThreadTokenEx + B 7C91D689 1 Byte [E2]
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtQueryAttributesFile + 6 7C91D714 4 Bytes [A8, CC, D8, 00] {TEST AL, 0xcc; FADD DWORD [EAX]}
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtQueryAttributesFile + B 7C91D719 1 Byte [E2]
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtQueryFullAttributesFile + 6 7C91D7B4 4 Bytes CALL 7B92B085
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtQueryFullAttributesFile + B 7C91D7B9 1 Byte [E2]
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtSetInformationFile + 6 7C91DC64 4 Bytes [28, CD, D8, 00] {SUB CH, CL; FADD DWORD [EAX]}
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtSetInformationFile + B 7C91DC69 1 Byte [E2]
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtSetInformationThread + 6 7C91DCB4 4 Bytes [28, CE, D8, 00] {SUB DH, CL; FADD DWORD [EAX]}
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtSetInformationThread + B 7C91DCB9 1 Byte [E2]
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtUnmapViewOfSection + 6 7C91DF14 4 Bytes [68, CF, D8, 00]
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtUnmapViewOfSection + B 7C91DF19 1 Byte [E2]
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtCreateFile + 6 7C91D0B4 4 Bytes [28, 38, D3, 00] {SUB [EAX], BH; ROL [EAX], CL}
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtCreateFile + B 7C91D0B9 1 Byte [E2]
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtMapViewOfSection + 6 7C91D524 4 Bytes [28, 3B, D3, 00] {SUB [EBX], BH; ROL [EAX], CL}
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtMapViewOfSection + B 7C91D529 1 Byte [E2]
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenFile + 6 7C91D5A4 4 Bytes [68, 38, D3, 00]
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenFile + B 7C91D5A9 1 Byte [E2]
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenProcess + 6 7C91D604 4 Bytes [A8, 39, D3, 00] {TEST AL, 0x39; ROL [EAX], CL}
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenProcess + B 7C91D609 1 Byte [E2]
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenProcessToken + 6 7C91D614 4 Bytes CALL 7B92A952
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenProcessToken + B 7C91D619 1 Byte [E2]
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenProcessTokenEx + 6 7C91D624 4 Bytes [A8, 3A, D3, 00] {TEST AL, 0x3a; ROL [EAX], CL}
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenProcessTokenEx + B 7C91D629 1 Byte [E2]
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenThread + 6 7C91D664 4 Bytes [68, 39, D3, 00]
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenThread + B 7C91D669 1 Byte [E2]
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenThreadToken + 6 7C91D674 4 Bytes [68, 3A, D3, 00]
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenThreadToken + B 7C91D679 1 Byte [E2]
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenThreadTokenEx + 6 7C91D684 4 Bytes CALL 7B92A9C3
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenThreadTokenEx + B 7C91D689 1 Byte [E2]
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtQueryAttributesFile + 6 7C91D714 4 Bytes [A8, 38, D3, 00] {TEST AL, 0x38; ROL [EAX], CL}
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtQueryAttributesFile + B 7C91D719 1 Byte [E2]
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtQueryFullAttributesFile + 6 7C91D7B4 4 Bytes CALL 7B92AAF1
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtQueryFullAttributesFile + B 7C91D7B9 1 Byte [E2]
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtSetInformationFile + 6 7C91DC64 4 Bytes [28, 39, D3, 00] {SUB [ECX], BH; ROL [EAX], CL}
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtSetInformationFile + B 7C91DC69 1 Byte [E2]
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtSetInformationThread + 6 7C91DCB4 4 Bytes [28, 3A, D3, 00] {SUB [EDX], BH; ROL [EAX], CL}
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtSetInformationThread + B 7C91DCB9 1 Byte [E2]
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtUnmapViewOfSection + 6 7C91DF14 4 Bytes [68, 3B, D3, 00]
      .text C:\Documents and Settings\pc\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtUnmapViewOfSection + B 7C91DF19 1 Byte [E2]

      ---- Devices - GMER 2.1 ----

      Device \FileSystem\Ntfs \Ntfs 8AED11E8
      Device \Driver\usbuhci \Device\USBPDO-0 89F9D1E8
      Device \Driver\NetBT \Device\NetBT_Tcpip_{ADF4FE20-7BEA-4CAA-9872-2AE813A80C2A} 896D81E8
      Device \Driver\dmio \Device\DmControl\DmIoDaemon 8AF311E8
      Device \Driver\dmio \Device\DmControl\DmConfig 8AF311E8
      Device \Driver\dmio \Device\DmControl\DmPnP 8AF311E8
      Device \Driver\dmio \Device\DmControl\DmInfo 8AF311E8
      Device \Driver\usbuhci \Device\USBPDO-1 89F9D1E8
      Device \Driver\usbuhci \Device\USBPDO-2 89F9D1E8
      Device \Driver\usbehci \Device\USBPDO-3 89F6D1E8
      Device \Driver\usbuhci \Device\USBPDO-4 89F9D1E8

      AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys

      Device \Driver\usbuhci \Device\USBPDO-5 89F9D1E8
      Device \Driver\usbuhci \Device\USBPDO-6 89F9D1E8
      Device \Driver\Ftdisk \Device\HarddiskVolume1 8AF321E8
      Device \Driver\NetBT \Device\NetBT_Tcpip_{F7D2B657-54E4-4E93-B195-B283B77D7199} 896D81E8
      Device \Driver\usbehci \Device\USBPDO-7 89F6D1E8
      Device \Driver\PCI_NTPNP7870 \Device\00000058 sptd.sys
      Device \Driver\Cdrom \Device\CdRom0 89F081E8
      Device \Driver\Ftdisk \Device\HarddiskVolume2 8AF321E8
      Device \Driver\PCI_NTPNP7870 \Device\00000059 sptd.sys
      Device \Driver\Ftdisk \Device\HarddiskVolume3 8AF321E8
      Device \Driver\atapi \Device\Ide\IdePort0 [B7E11B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
      Device \Driver\atapi \Device\Ide\IdePort1 [B7E11B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
      Device \Driver\atapi \Device\Ide\IdePort2 [B7E11B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
      Device \Driver\atapi \Device\Ide\IdePort3 [B7E11B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
      Device \Driver\atapi \Device\Ide\IdePort4 [B7E11B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
      Device \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-12 [B7E11B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
      Device \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-5 [B7E11B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
      Device \Driver\NetBT \Device\NetBt_Wins_Export 896D81E8
      Device \Driver\USBSTOR \Device\00000091 89C4E790
      Device \Driver\NetBT \Device\NetbiosSmb 896D81E8
      Device \Driver\USBSTOR \Device\00000095 89C4E790
      Device \Driver\usbuhci \Device\USBFDO-0 89F9D1E8
      Device \Driver\USBSTOR \Device\00000099 89C4E790
      Device \Driver\usbuhci \Device\USBFDO-1 89F9D1E8
      Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89766790
      Device \Driver\usbuhci \Device\USBFDO-2 89F9D1E8
      Device \FileSystem\MRxSmb \Device\LanmanRedirector 89766790
      Device \Driver\usbehci \Device\USBFDO-3 89F6D1E8
      Device \Driver\usbuhci \Device\USBFDO-4 89F9D1E8
      Device \Driver\Ftdisk \Device\FtControl 8AF321E8
      Device \Driver\usbuhci \Device\USBFDO-5 89F9D1E8
      Device \Driver\usbuhci \Device\USBFDO-6 89F9D1E8
      Device \Driver\usbehci \Device\USBFDO-7 89F6D1E8
      Device \Driver\mv61xx \Device\Scsi\mv61xx1Port5Path0Target14Lun0 8AED31E8
      Device \Driver\ayo892xo \Device\Scsi\ayo892xo1 8A06F1E8
      Device \Driver\mv61xx \Device\Scsi\mv61xx1 8AED31E8
      Device \Driver\USBSTOR \Device\0000009a 89C4E790
      Device \FileSystem\Cdfs \Cdfs 89E12790

      ---- Trace I/O - GMER 2.1 ----

      Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys >>UNKNOWN [0x8aef48ac]<< 8aef48ac
      Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8af188f0] 8af188f0
      Trace 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\00000082[0x8ae95f18] 8ae95f18
      Trace 5 ACPI.sys[b7e7c620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T1L0-5[0x8ae75b00] 8ae75b00

      ---- Registry - GMER 2.1 ----

      Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 771343423
      Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 285507792
      Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 1
      Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
      Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0
      Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0x76 0x50 0xD1 0x31 ...
      Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] C:\Archivos de programa\DAEMON Tools Pro\
      Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
      Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x20 0x01 0x00 0x00 ...
      Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x92 0x48 0x81 0xAE ...
      Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
      Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0xA8 0x15 0xE1 0xFA ...
      Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002
      Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x20 0x01 0x00 0x00 ...
      Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x0F 0x68 0x65 0x46 ...
      Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0
      Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\[email protected] 0xB1 0x61 0x36 0x69 ...
      Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
      Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0
      Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0x76 0x50 0xD1 0x31 ...
      Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] C:\Archivos de programa\DAEMON Tools Pro\
      Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
      Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x20 0x01 0x00 0x00 ...
      Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x92 0x48 0x81 0xAE ...
      Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
      Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0xA8 0x15 0xE1 0xFA ...
      Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet)
      Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x20 0x01 0x00 0x00 ...
      Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x0F 0x68 0x65 0x46 ...
      Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet)
      Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\[email protected] 0xB1 0x61 0x36 0x69 ...

      ---- EOF - GMER 2.1 ----


      Según Combofix el rootkit sigue.

      Gracias por tu ayuda.

    7. #7
      Moderador.
      Avatar de @Tincho
      Registrado
      may 2008
      Ubicación
      Argentina
      Mensajes
      14.701

      re: virus Sirefef.gen!C.

      Buenas.

      Pega el reporte de Combofix en donde decís que marca la infección,
      Tyny's
      If on your journey, you should encounter God, God will be cut!

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.