Kaspersky informa con frecuencia que ha detectado: Objetos ocultos de software riesgosos.
Informe del experimento
[Código]
2007-03-03,12:09:40
Ingeniero de mantenimiento del sistema 2.3.13.690
Ranita (.ini & gt& ltNo aplicable& gt
========================= == ========
Controlador
[Controlador de audio 3D WDM/Servicio ALCXSENS][Ejecutar/Inicio manual]
& ltsystem32 \drivers\ ALCXSENS.SYS><Sensaura Ltd>
Servicio Realtek AC97 Audio (WDM)/ALCXWDM][Ejecución/Inicio manual]
<system32\drivers\ALCXWDM sys><Realtek Semiconductor Corporation>
. [AliIde/AliIde][Detener/Iniciar]
<\SystemRoot\System32\DRIVERS\aliide.sys><No aplicable>
[eti2m tag/ati2m tag][Ejecutar/inicio manual ]
& ltsystem32\DRIVERS\ati2m tag.sys><ATI Technologies Inc.>
[CmdIde/CmdIde][Ejecutar/Iniciar]
<\SystemRoot \System32\DRIVERS\cmdide.sys><CMD Technologies Inc>
[Controlador del adaptador Intel PRO/e100b][Ejecutar/Inicio manual]
<system32\DRIVERS\e100b325.sys><Intel Corporation>
[KL 1/KL 1][Ejecutar/Iniciar]
<\SystemRoot\system32\drivers\KL1.sys><Kaspersky Lab>
[klif/ klif][Ejecutar/Inicio del sistema]
& lt\?\ C:\ WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[knet wch/knet wch][ detener/iniciar sistema]
& lt\?\f:\KAV2007\KNetWch. SYS & gt& ltNo aplicable& gt
[kwa tch 3/kwa tch 3][Ejecutar/Inicio del sistema]
& lt\?\ C:\ WINDOWS \ system32 \ drivers \k ver 3. SYS & gt& ltKingsoft Company& gt
[mega ide/mega ide][Ejecutar/Iniciar]
& lt\ SystemRoot\System32\DRIVERS\mega ide.sys & ltLSI Logic Corporation& gt; .
& gt
[Cripta NPK/Cripta NPK][Ejecutar/Inicio automático]
& lt\?\ f:\ Tencent\QQ\npkcrypt.sys><英Card Internet Co. , Ltd.
[NV/NV][Detener/Inicio manual]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Unidad de enlace paralelo directo /pti Link][Ejecutar/Inicio manual]
<system32\DRIVERS\ptilink.sys><Parallel Technologies Inc>
[Controlador NT del adaptador PCI Fast Ethernet basado en Realtek RTL8139 (A/B /C)/RTL 8139][Detener/Inicio manual]
& ltsystem32\DRIVERS\RTL8139.
SYS & gt& ltRealtek Semiconductor Corporation& gt
[sec drv/sec drv][Ejecutar/Inicio automático]
& ltsystem32\DRIVERS\sec drv>& ltMacrovision Corporation, Macrovision Europe Limited. y Macrovision Japón y Asia k.k.>
[Intel System Management BIOS Services/SMBios][Ejecutar/Inicio manual]
<system32\DRIVERS\ smbios.sys><Intel Corporation>
[sm serial/sm serial][Ejecutar/inicio manual]
<system32\DRIVERS\sm serial.sys> ;& ltMotorola Corporation& gt
[TSP/TSP][ Detener/Inicio manual]
& lt\?\ C:\ WINDOWS\system32\drivers\klif.sys& ><Kaspersky Lab>
[ViaIde/ViaIde][Ejecutar/Iniciar]
<\SystemRoot\system32\DRIVERS\viaide.sys> & ltMicrosoft Corporation& gt
===================== ===============
Complemento del navegador
[Asistente de enlace de Adobe PDF Reader]
{ 06849 e9f -c8 D7-4d 59-B87D-784 b 7 D6 be 0 b 3 } <c:\Program Files\Adobe\Acrobat 7.0\ActiveX\acroiehelper.dll, Adobe Systems Incorporated>
[Clase QQBrowserHelperObject ]
{ 54 EBD 53 a-9bc 1-480 b-966 a-843 a 333 ca 162 } <f:\Tencent\QQ\QQIEHelper.dll, Shenzhen Tencent Computer System Co., Ltd .>
[Ayudante del navegador Thunder]
{ 889 D2 feb-5411-4565-8998-1 dd2c 5261283 } <f:\Xunlei Network\Xunlei\ComDlls\XunLeiBHO_002. dll, Xunlei Network Technology Co., Ltd.>
[Clase NavigatMon]
{ b 69 f 34 DD-f0f 9-42DC-9 edd-957187 da 688d } < D:\360safe\safemon\safemon.dll,>
[Plataforma de combate Fang Hao]
{ 0a 155 d3c-68e 2-4215-A47A-e800a 446447 a } < F:\HFGameOPT\GameClient.exe, Shanghai Fang Hao Online Information Technology Co., Ltd.>
[Protección antivirus web]
{ 1f 460357-8 a94-4d 71-9ca 3-aa 4 ACF 32 ed 8 e } & lt ;f:\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll, Kaspersky Lab>
>[Recuperación de Información (&R)]
{ 92780 b25-18CC-41 c8-B9BE-3c9c 571a 8263 } <d:\ MICROS ~ 1\ office 11\REFIEBAR. Microsoft Corporation & gt
[qqiefalotbarcfgcmd class]
{ dedeb 80d-FA35-45d 9-9460-4983 E5 A8 AFE 6 } & lt; .dll, Shenzhen Tencent Computer System Co., Ltd.>
[objeto CEditCtrl]
{ 488 a 4255-3236-44 B3-8f 27-fa 1 aecaa 8844 } & lt; c:\WINDOWS\system32\aliedit\aliedit.dll, www.alipay.com
[Objeto Flash Shockwave]
{ d 27 CDB 6 e-AE6D-11CF- 96b 8 -444553540000}<c:\WINDOWS\system32\Macromed\Flash\Flash 9b.ocx, Adobe Systems, Inc.>
[Asistente de enlace de Adobe PDF Reader]
{ 06849 e9f-c8 D7-4d 59-B87D-784 b 7 D6 be 0 b 3 } <c:\Program Files\Adobe\Acrobat 7.0\ActiveX\acroiehelper.dll,Adobe Systems Incorporated>
[Clase QQBrowserHelperObject]
{ 54 EBD 53 a-9bc 1-480 b-966 a-843 a 333 ca 162 } <f:\Tencent\QQ\QQIEHelper.dll, Shenzhen City Tencent Computer Systems Co., Ltd.>
[Ayuda del navegador Thunder]
{ 889 D2 feb-5411-4565-8998-1 dd2c 5261283 } & lt; \ ComDlls\ -957187 da 688d } & lt; D:\360safe\safemon\safemon.dll,& gt
[& Descargar con Thunder]
& ltf:\Thunder Network \ Xunlei\Program\GetUrl.htm, no aplicable& gt
[& Utilice Xunlei para descargar todos los enlaces]
& ltf:\Xunlei Network\Xunlei\Program\GetAllUrl.htm, no aplicable>
[Exportar a Microsoft office excel(&X)]
& ltRES://C:\ PROGRA ~ 1 \ MICROS ~ 2 \ office 11 \ EXCEL. EXE/3000, no aplicable.
==================================
Proceso en ejecución
[PID:600][\SystemRoot\System32\smss.exe][Microsoft Corporation, 5.1.2600.2180(xpsp_SP2_RTM.040803-2158)]
[PID: 664][ \? \C:\WINDOWS\system32\csrss.exe][Microsoft Corporation, 5.1.2600.2180(xpsp_SP2_RTM.040803-2158)]
[PID: 688][\? \C:\WINDOWS\system32\winlogon.exe][Microsoft Corporation, 5.1.2600.2180(xpsp_SP2_RTM.040803-2158)]
[C:\WINDOWS\system32\klogon dll][Kaspersky Lab, 6.0.0.299]
[PID:732][C:\WINDOWS\system32\services.exe][Microsoft Corporation, 5.1.2600.2180(xpsp_SP2 _RTM.040803-2158)]
[PID:744][C:\WINDOWS\system32\lsass.exe][Microsoft Corporation, 5.1.2600.2180(xpsp_SP2_RTM.040803- 2158)]
[PID:896][C:\ WINDOWS \ system32 \ ATI 2 evxx . exe][No aplicable, no aplicable]
[PID:908][C :\WINDOWS\system32\svchost.exe][Microsoft Corporation, 5.1.2600.2180(xpsp_SP2_RTM. 040803-2158)]
[PID:1000][C:\WINDOWS\system32 \svchost.exe][Microsoft Corporation, 5.1.2600.2180(xpsp_SP2_RTM.040803-2158)]
[PID:1116][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180(xpsp_SP2_RTM.040803-2158)]
[PID:1204][C:\WINDOWS \system32\svchost.exe][Microsoft Corporation, 5.1 .2600.2180(xpsp_SP2_RTM.040803-2158)]
[PID:1312][C:\WINDOWS\system32\svchost.exe][Microsoft Corporation, 5.1.2600.2180( xpsp_SP2_RTM.040803-2158)]
[PID:1544][C:\WINDOWS\system32\spoolsv.exe][Microsoft Corporation, 5.1.2600.2696(xpsp_SP2_GDR . 050610-1519)]
[C:\WINDOWS\system32\EBPMON2. Seiko Epson Corporation, 2, 20, 0, 0]
[PID:1664][C:\WINDOWS\Explorer.
Microsoft Corporation, 6.00.2900.2180(xpsp_SP2_RTM.040803-2158)]
[D:\360safe\safemon\safemon.dll][,1,0, 0,1004]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\pdf shell.dll][Adobe Systems, Inc., 7.0.0.0]
[f :\Xunlei Network\Xunlei\ com dll\ [ No aplicable, no aplicable]
[C:\Program Files\WinRAR\rar ext.dll][No aplicable, no aplicable]
[F:\Kaspersky Experiment Room\Kaspersky Antivirus 6.0\shellex.dll][Kaspersky Lab, 6.0.0.299]
[f:\Unlocker\Unlocker hook.dll][NA, N/A]
[ C:\WINDOWS\system32\ICM 32.dll][Microsoft Corporation, 5.1.2600.2709(xpsp_SP2_GDR.050628-1518)]
[f :\Unlocker\Unlocker com.dll][No aplicable, no aplicable]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\acroiehelper.dll][Adobe Systems Incorporated, 7.0.7.2006011200]
[PID:1860][C :\ WINDOWS\ hombre de sonido. Realtek Semiconductor, Inc., 5.1.0.22
[PID:1868][C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe][ATI Technologies, Inc., 6.14.10.5120]
[D:\360 safe\safe mon\safe mon .dll][,1,0,0,1004]
[C:\Program Files\ATI Technologies\ATI Panel de control \atipdsxx.dll][ATI Technologies, Inc., 6.14.10.5120]
[C:\ARCHIVOS DE PROGRAMA\ATI TECHNOLOGIES\ATI Control Panel\ATRPUIXX.
CHS][ATI Technologies, Inc., 6.14.10.5120]
[C:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll][ATI Technologies, Inc., 6.14.10.5120]< /p >
[PID:1876][C:\WINDOWS\sm 56 hlpr.exe][Motorola, 6 de septiembre de 2007]
[C:\WINDOWS\sm 56 eng.dll ] [No aplicable, no aplicable]
[C:\ WINDOWS\sm 56 fra .dll][No aplicable, no aplicable]
[C:\ WINDOWS\sm 56 brz . dll][No aplicable, no aplicable]
[C:\ WINDOWS\sm 56 CHS dll][No aplicable, no aplicable]
[C:\ WINDOWS\sm 56. cht .dll][No aplicable, no aplicable]
[C:\ WINDOWS\sm 56 ger dll][No aplicable, no aplicable]
[C:\WINDOWS\. sm 56 ITL . dll][No aplicable, no aplicable]
[C:\ WINDOWS\sm 56 JPN dll][No aplicable, no aplicable]
[C:\ WINDOWS\sm56SPN.dll][No aplicable, no aplicable]
[D:\360 safe\safemon\safemon.dll][, 1, 0, 0, 1004]
[PID:1884][C:\WINDOWS\System32\spool\DRIVERS\w32x 86\3\E_s 10ic 2. Seiko Epson Corporation, 3.03]
[D:\360 safe\safemon\safemon.dll][,1,0,0,1004]
[PID:1912] [D :\ 360 seguro \ mon seguro \ 360Tray.exe][Qihu. com, 1, 1, 1004]
[D:\ 360 seguro \ mon seguro \ mon seguro dll][, 1, 0, 0, 1004]
[d: \360 safe\safe mon\safekrnl.dll][Qihu. com, 1, 0, 3001]
[D:\360 safe\antiadwa.dll][360 safe.com, 2,2,5,1000]
[D: \360safe\live.dll] [360safe.
1, 0, 0, 1011]
[f:\Unlocker\Unlocker hook .dll][No aplicable, no aplicable]
[PID:1944][C:\Programa Archivos\Archivos comunes\Real\Update_OB\Real sched.exe][Real Networks, Inc., 0.1.0.3760]
[D:\360 safe\safemon\safemon.dll][ , 1, 0 , 0, 1004]
[PID:2008][C:\WINDOWS\system32\ctfmon.exe][Microsoft Corporation, 5.1.2600.2180(xpsp_SP2_RTM.040803 -2158)]
[D:\ 360 seguro \ mon seguro \ mon seguro dll][, 1, 0, 0, 1004]
[PID: 212][C :\Archivos de programa\Archivos comunes\EPSON\ EBAPI\sagent 2.exe][SEIKO EPSON CORPORATION, 2, 2, 0, 0]
[C:\WINDOWS\system32\EBAPI2. Seiko Epson Corporation, 1, 4, 0, 0]
[C:\Program Files\Common Files\EPSON\EBAPI\EBPLPT. Seiko Epson Corporation, 2, 20, 0, 0]
[PID:168][C:\Program Files\Common Files\Microsoft Shared\vs 7 debug\MDM. Microsoft Corporation, 7.00.9466
[PID:476][C:\Program Files\Common Files\Sogou PXP\p 2 psvr.exe][Sohu.com Corporation, 2, 0, 0, 28 ]
[C:\Program Files\Sogou PXP\VOD SVR dll][Sohu.com, 2, 3, 0, 1]
[C:\Program Files\. SogouPXP\pxpnet.dll][Sohu.com, 1, 0, 0, 9]
[C:\Program Files\SogouPXP\P2P client.dll][Sohu.com, 2, 9, 1 , 4]
[PID:1724][C:\WINDOWS\System32\alg.exe][Microsoft Corporation, 5.1.2600.2180(xpsp_SP2_RTM.040803 -2158)]
= ===================================
Asociación de archivos
. Texto OK. [%SystemRoot%\system32\NOTEPAD. EXE %1]
. EXE OK. ["%1" %*]
. DE ACUERDO ["%1" %*]
. PIF OK. ["%1" %*]
. Registro exitoso. [regedit.exe " % 1 "]
. Los murciélagos están bien. ["%1" %*]
. La RCS es normal. ["%1" /S]
. CHM OK. ["C:\WINDOWS\hh.exe" %1 "
. HLP OK.
[%SystemRoot%\System32\winhlp32.exe%1]
. DE ACUERDO [%SystemRoot%\System32\NOTEPAD. EXE %1]
. La información es normal. [%SystemRoot%\System32\NOTEPAD. EXE %1]
. EBV está bien. [%SystemRoot%\System32\wscript.exe "%1"%*]
. JS está bien. [%SystemRoot%\System32\wscript.exe "%1"%*]
. LNK está bien. [{ 00021401-0000-0000-C000-0000000046 }]
============================== ====
Proveedor Winsock
No aplicable
===================== = ==============
Autorun.inf
No aplicable
======== == ========================
Archivo host
127.0.0.1 localhost
==================================
Enganche API
¡Advertencia! El ingeniero de mantenimiento del sistema recuerda
El contenido de las siguientes funciones no coincide con los valores esperados. Masculino
Los niños pueden ser modificados por algún malware:
Error de RVA: Cargar biblioteca a
Error de RVA: LoadLibraryExA
Error de RVA: LoadLibraryExW
Error de RVA: cargando biblioteca con
Error de punto de entrada: CreateProcessA
Error de punto de entrada: CreateProcessW
==== = =============================
[/CÓDIGO]