• Registrarse
  • Iniciar sesión


  • Resultados 1 al 6 de 6

    Infectado con Virus Rootkit.0Access y el AVG free no los elimina. (Solucionado)

    Estimados: Mi computadora de escritorio es una Dell Inspiron N4010, tengo instalado un sistema operativo windows 7 ultimate 64. Mi antivirus es un AVG free edition y un spybot SD. Permanentemente me salen mensajes de ...

    1. #1
      Usuario Avatar de fcelayeta
      Registrado
      feb 2013
      Ubicación
      Argentina
      Mensajes
      3

      Atención Infectado con Virus Rootkit.0Access y el AVG free no los elimina. (Solucionado)

      Estimados: Mi computadora de escritorio es una Dell Inspiron N4010, tengo instalado un sistema operativo windows 7 ultimate 64. Mi antivirus es un AVG free edition y un spybot SD.

      Permanentemente me salen mensajes de que no puede eliminar los siguientes items:

      Nombre: Virus Identificado Win64/Patched.A
      Nombre del Objeto: c:\Windows\System32\services.exe

      Nombre: Sirefef

      Les envío el log. Un abrazo y Gracias por ayudarme

      Logfile of Trend Micro HijackThis v2.0.4
      Scan saved at 10:19:50, on 05/02/2013
      Platform: Windows 7 SP1 (WinNT 6.00.3505)
      MSIE: Internet Explorer v9.00 (9.00.8112.16447)
      Boot mode: Normal

      Running processes:
      C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
      C:\Users\Fede\AppData\Local\Akamai\netsession_win.exe
      C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
      C:\Program Files (x86)\AVG\AVG2013\avgui.exe
      C:\Users\Fede\AppData\Local\Akamai\netsession_win.exe
      C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
      C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
      C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      C:\Users\Fede\Downloads\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      F2 - REG:system.ini: UserInit=C:\Windows\SysWOW64\userinit.exe
      O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
      O2 - BHO: CmjBrowserHelperObject Object - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll
      O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
      O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
      O2 - BHO: (no name) - {F1AF26F8-1828-4279-ABCE-074EF3235BD7} - (no file)
      O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
      O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
      O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Fede\AppData\Local\Akamai\netsession_win.exe"
      O4 - HKCU\..\Run: [ModemOnHold] "C:\Program Files (x86)\Netwaiting\netWaiting.exe"
      O4 - Global Startup: Bluetooth.lnk = ?
      O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files (x86)\Digital Line Detect\DLG.exe
      O8 - Extra context menu item: &Enviar a OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
      O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
      O8 - Extra context menu item: Enviar imagen al dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
      O8 - Extra context menu item: Enviar página al dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      O8 - Extra context menu item: Send Image To MindManager - res://C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/201
      O8 - Extra context menu item: Send Link To MindManager - res://C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/203
      O8 - Extra context menu item: Send Page To MindManager - res://C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/204
      O8 - Extra context menu item: Send Text To MindManager - res://C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/202
      O9 - Extra button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll
      O9 - Extra button: Enviar a Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      O9 - Extra 'Tools' menuitem: Enviar a &Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
      O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
      O15 - Trusted Zone: *.dell.com
      O16 - DPF: {5DA9D8E0-5A57-11CF-9E36-00C0930198C0} (Pegasus ImagN' 32-bit (Windowed) ActiveX Control v4.00) - http://www.inmuebles.gov.ar/imw32o40.cab
      O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
      O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
      O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
      O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
      O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @appmgmts.dll,-3250 (AppMgmt) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (AudioSrv) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
      O23 - Service: WatchDog de AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
      O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
      O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\cscsvc.dll,-200 (CscService) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
      O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe
      O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe
      O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
      O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: Servicio de Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
      O23 - Service: Servicio de Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
      O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: HP SI Service (HPSIService) - Unknown owner - C:\Windows\system32\HPSIsvc.exe (file missing)
      O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
      O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
      O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
      O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\peerdistsvc.dll,-9000 (PeerDistSvc) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%systemroot%\sysWow64\perfhost.exe,-2 (PerfHost) - Unknown owner - C:\Windows\SysWow64\perfhost.exe
      O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: Qualcomm Gobi 2000 Download Service (Dell) (QDLService2kDell) - QUALCOMM, Inc. - C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe
      O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
      O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
      O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
      O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
      O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe
      O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
      O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
      O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
      O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe

      --
      End of file - 23275 bytes

    2. #2
      Ex-Colaboradora Avatar de @SanMar
      Registrado
      jun 2008
      Ubicación
      Argentina
      Mensajes
      22.290

      Re: Infectado con Virus y el AVG free no los elimina

      Hola fcelayeta



      Realiza lo siguiente:


      Paso 1.- Desactiva el Tea timer de Spybot.

      Paso 2.- : Desactiva temporalmente el Antivirus y/o Antispyware

      Paso 3.-: Descargue Malwarebytes Anti-Rootkit Beta.zip y descomprima el contenido en su escritorio.


      1. Abra la carpeta Mbar. Doble clic en el archivo Mbar.exe
      2. En la interfaz del programa haga clic en Next.
      3. Haga clic en el botón Update. Terminando clic en Next
      4. Para iniciar el análisis clic en el botón Scan
      5. Terminando, si hay infección clic en CleanUp, si no hay clic en Exit.


      Al finalizar abra la carpeta Mbar, los archivos mbar-log.txt y system-log.txt, copie y pegue todo su contenido en la siguiente respuesta y comentando los resultados.


      Salu2.

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #3
      Usuario Avatar de fcelayeta
      Registrado
      feb 2013
      Ubicación
      Argentina
      Mensajes
      3

      Re: Infectado con Virus y el AVG free no los elimina

      Estimados: les agradezco infinitamente, aparentemente a encontrado 22 malware y los ha eliminado. Pego primero mbar-log y debajo system-log.

      Un abrazo grande
      Federico Celayeta desde Argentina

      Malwarebytes Anti-Rootkit BETA 1.01.0.1017
      Malwarebytes : Free anti-malware download

      Database version: v2013.02.07.04

      Windows 7 Service Pack 1 x64 NTFS
      Internet Explorer 9.0.8112.16421
      Fede :: FEDE-PC [administrator]

      07/02/2013 9:18:32
      mbar-log-2013-02-07 (09-18-32).txt

      Scan type: Quick scan
      Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
      Scan options disabled:
      Objects scanned: 31266
      Time elapsed: 18 minute(s), 27 second(s)

      Memory Processes Detected: 0
      (No malicious items detected)

      Memory Modules Detected: 0
      (No malicious items detected)

      Registry Keys Detected: 0
      (No malicious items detected)

      Registry Values Detected: 0
      (No malicious items detected)

      Registry Data Items Detected: 0
      (No malicious items detected)

      Folders Detected: 2
      c:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\L (Backdoor.0Access) -> Delete on reboot.
      c:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U (Backdoor.0Access) -> Delete on reboot.

      Files Detected: 20
      c:\Windows\System32\services.exe (Rootkit.0Access) -> Delete on reboot.
      c:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\@ (Backdoor.0Access) -> Delete on reboot.
      c:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\L\00000004.@ (Backdoor.0Access) -> Delete on reboot.
      c:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\L\00000008.@ (Trojan.BitMiner) -> Delete on reboot.
      c:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\00000004.@ (Backdoor.0Access) -> Delete on reboot.
      c:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Delete on reboot.
      c:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\000000cb.@ (Backdoor.0Access) -> Delete on reboot.
      c:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\trz4D5A.tmp (Rootkit.0Access) -> Delete on reboot.
      c:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\trzD2C2.tmp (Rootkit.0Access) -> Delete on reboot.
      c:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\trzDD45.tmp (Rootkit.0Access) -> Delete on reboot.
      c:\Windows\assembly\GAC_32\Desktop.ini (Rootkit.0access) -> Delete on reboot.
      c:\Windows\assembly\GAC_64\Desktop.ini (Rootkit.0access) -> Delete on reboot.
      c:\Users\Fede\Desktop\Metro.exe (Trojan.Agent) -> Delete on reboot.
      c:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\L\201d3dde (Backdoor.0Access) -> Delete on reboot.
      c:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\L\76603ac3 (Backdoor.0Access) -> Delete on reboot.
      c:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\trz11D9.tmp (Backdoor.0Access) -> Delete on reboot.
      c:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\trz1E0E.tmp (Backdoor.0Access) -> Delete on reboot.
      c:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\trzA329.tmp (Backdoor.0Access) -> Delete on reboot.
      c:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\trzA4C7.tmp (Backdoor.0Access) -> Delete on reboot.
      c:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\trzD700.tmp (Backdoor.0Access) -> Delete on reboot.

      (end)




      ---------------------------------------
      Malwarebytes Anti-Rootkit BETA 1.01.0.1017

      (c) Malwarebytes Corporation 2011-2012

      OS version: 6.1.7601 Windows 7 Service Pack 1 x64

      Account is Administrative

      Internet Explorer version: 9.0.8112.16421

      Java version: 1.6.0_35

      File system is: NTFS
      Disk drives: C:\ DRIVE_FIXED
      CPU speed: 2.527000 GHz
      Memory total: 4081606656, free: 2367197184

      ------------ Kernel report ------------
      02/07/2013 08:58:43
      ------------ Loaded modules -----------
      \SystemRoot\system32\ntoskrnl.exe
      \SystemRoot\system32\hal.dll
      \SystemRoot\system32\kdcom.dll
      \SystemRoot\system32\mcupdate_GenuineIntel.dll
      \SystemRoot\system32\PSHED.dll
      \SystemRoot\system32\CLFS.SYS
      \SystemRoot\system32\CI.dll
      \SystemRoot\system32\drivers\Wdf01000.sys
      \SystemRoot\system32\drivers\WDFLDR.SYS
      \SystemRoot\system32\drivers\ACPI.sys
      \SystemRoot\system32\drivers\WMILIB.SYS
      \SystemRoot\system32\drivers\msisadrv.sys
      \SystemRoot\system32\drivers\pci.sys
      \SystemRoot\system32\drivers\vdrvroot.sys
      \SystemRoot\System32\drivers\partmgr.sys
      \SystemRoot\system32\DRIVERS\compbatt.sys
      \SystemRoot\system32\DRIVERS\BATTC.SYS
      \SystemRoot\system32\drivers\volmgr.sys
      \SystemRoot\System32\drivers\volmgrx.sys
      \SystemRoot\System32\drivers\mountmgr.sys
      \SystemRoot\system32\drivers\vmbus.sys
      \SystemRoot\system32\drivers\winhv.sys
      \SystemRoot\system32\DRIVERS\iaStor.sys
      \SystemRoot\system32\drivers\atapi.sys
      \SystemRoot\system32\drivers\ataport.SYS
      \SystemRoot\system32\drivers\msahci.sys
      \SystemRoot\system32\drivers\PCIIDEX.SYS
      \SystemRoot\system32\drivers\amdxata.sys
      \SystemRoot\system32\drivers\fltmgr.sys
      \SystemRoot\system32\drivers\fileinfo.sys
      \SystemRoot\system32\DRIVERS\Lbd.sys
      \SystemRoot\System32\Drivers\PxHlpa64.sys
      \SystemRoot\System32\Drivers\Ntfs.sys
      \SystemRoot\System32\Drivers\msrpc.sys
      \SystemRoot\System32\Drivers\ksecdd.sys
      \SystemRoot\System32\Drivers\cng.sys
      \SystemRoot\System32\drivers\pcw.sys
      \SystemRoot\System32\Drivers\Fs_Rec.sys
      \SystemRoot\system32\drivers\ndis.sys
      \SystemRoot\system32\drivers\NETIO.SYS
      \SystemRoot\System32\Drivers\ksecpkg.sys
      \SystemRoot\System32\drivers\tcpip.sys
      \SystemRoot\System32\drivers\fwpkclnt.sys
      \SystemRoot\system32\drivers\vmstorfl.sys
      \SystemRoot\system32\drivers\volsnap.sys
      \SystemRoot\System32\Drivers\spldr.sys
      \SystemRoot\System32\drivers\rdyboost.sys
      \SystemRoot\System32\Drivers\mup.sys
      \SystemRoot\System32\drivers\hwpolicy.sys
      \SystemRoot\System32\DRIVERS\fvevol.sys
      \SystemRoot\system32\DRIVERS\disk.sys
      \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
      \SystemRoot\system32\DRIVERS\avgrkx64.sys
      \SystemRoot\system32\DRIVERS\avgloga.sys
      \SystemRoot\system32\DRIVERS\avgmfx64.sys
      \SystemRoot\system32\DRIVERS\avgidsha.sys
      \SystemRoot\system32\DRIVERS\cdrom.sys
      \SystemRoot\System32\Drivers\Null.SYS
      \SystemRoot\System32\Drivers\Beep.SYS
      \SystemRoot\System32\drivers\vga.sys
      \SystemRoot\System32\drivers\VIDEOPRT.SYS
      \SystemRoot\System32\drivers\watchdog.sys
      \SystemRoot\System32\DRIVERS\RDPCDD.sys
      \SystemRoot\system32\drivers\rdpencdd.sys
      \SystemRoot\system32\drivers\rdprefmp.sys
      \SystemRoot\System32\Drivers\Msfs.SYS
      \SystemRoot\System32\Drivers\Npfs.SYS
      \SystemRoot\system32\DRIVERS\tdx.sys
      \SystemRoot\system32\DRIVERS\TDI.SYS
      \SystemRoot\system32\DRIVERS\avgtdia.sys
      \SystemRoot\System32\DRIVERS\netbt.sys
      \SystemRoot\system32\drivers\afd.sys
      \SystemRoot\system32\DRIVERS\wfplwf.sys
      \SystemRoot\system32\DRIVERS\pacer.sys
      \SystemRoot\system32\DRIVERS\vwififlt.sys
      \SystemRoot\system32\DRIVERS\netbios.sys
      \SystemRoot\system32\DRIVERS\wanarp.sys
      \SystemRoot\system32\drivers\termdd.sys
      \SystemRoot\system32\DRIVERS\rdbss.sys
      \SystemRoot\system32\drivers\nsiproxy.sys
      \SystemRoot\system32\drivers\mssmbios.sys
      \SystemRoot\System32\drivers\discache.sys
      \SystemRoot\system32\drivers\csc.sys
      \SystemRoot\System32\Drivers\dfsc.sys
      \SystemRoot\system32\DRIVERS\blbdrive.sys
      \SystemRoot\system32\DRIVERS\avgldx64.sys
      \SystemRoot\system32\DRIVERS\avgidsdrivera.sys
      \SystemRoot\system32\DRIVERS\tunnel.sys
      \SystemRoot\system32\DRIVERS\igdkmd64.sys
      \SystemRoot\System32\drivers\dxgkrnl.sys
      \SystemRoot\System32\drivers\dxgmms1.sys
      \SystemRoot\system32\DRIVERS\HECIx64.sys
      \SystemRoot\system32\DRIVERS\usbehci.sys
      \SystemRoot\system32\DRIVERS\USBPORT.SYS
      \SystemRoot\system32\drivers\HDAudBus.sys
      \SystemRoot\system32\DRIVERS\bcmwl664.sys
      \SystemRoot\system32\DRIVERS\vwifibus.sys
      \SystemRoot\system32\DRIVERS\L1C62x64.sys
      \SystemRoot\system32\drivers\i8042prt.sys
      \SystemRoot\system32\DRIVERS\kbdclass.sys
      \SystemRoot\system32\DRIVERS\SynTP.sys
      \SystemRoot\system32\DRIVERS\USBD.SYS
      \SystemRoot\system32\DRIVERS\mouclass.sys
      \SystemRoot\system32\DRIVERS\Impcd.sys
      \SystemRoot\system32\DRIVERS\intelppm.sys
      \SystemRoot\system32\drivers\wmiacpi.sys
      \SystemRoot\system32\DRIVERS\CmBatt.sys
      \SystemRoot\system32\drivers\CompositeBus.sys
      \SystemRoot\system32\DRIVERS\AgileVpn.sys
      \SystemRoot\system32\DRIVERS\rasl2tp.sys
      \SystemRoot\system32\DRIVERS\ndistapi.sys
      \SystemRoot\system32\DRIVERS\ndiswan.sys
      \SystemRoot\system32\DRIVERS\raspppoe.sys
      \SystemRoot\system32\DRIVERS\raspptp.sys
      \SystemRoot\system32\DRIVERS\rassstp.sys
      \SystemRoot\system32\DRIVERS\rdpbus.sys
      \SystemRoot\system32\drivers\swenum.sys
      \SystemRoot\system32\drivers\ks.sys
      \SystemRoot\system32\drivers\umbus.sys
      \SystemRoot\system32\DRIVERS\usbhub.sys
      \SystemRoot\System32\Drivers\NDProxy.SYS
      \SystemRoot\system32\drivers\RTKVHD64.sys
      \SystemRoot\system32\drivers\portcls.sys
      \SystemRoot\system32\drivers\drmk.sys
      \SystemRoot\system32\drivers\ksthunk.sys
      \SystemRoot\system32\DRIVERS\IntcDAud.sys
      \SystemRoot\system32\DRIVERS\usbccgp.sys
      \SystemRoot\System32\Drivers\usbvideo.sys
      \SystemRoot\system32\DRIVERS\hidusb.sys
      \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
      \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
      \SystemRoot\System32\Drivers\RtsUStor.sys
      \SystemRoot\system32\DRIVERS\kbdhid.sys
      \SystemRoot\system32\DRIVERS\mouhid.sys
      \SystemRoot\System32\Drivers\crashdmp.sys
      \SystemRoot\System32\Drivers\dump_iaStor.sys
      \SystemRoot\System32\Drivers\dump_dumpfve.sys
      \SystemRoot\System32\win32k.sys
      \SystemRoot\System32\drivers\Dxapi.sys
      \SystemRoot\System32\TSDDD.dll
      \SystemRoot\System32\cdd.dll
      \SystemRoot\system32\drivers\luafv.sys
      \SystemRoot\system32\drivers\WudfPf.sys
      \SystemRoot\System32\ATMFD.DLL
      \SystemRoot\system32\DRIVERS\diginet.sys
      \SystemRoot\system32\DRIVERS\lltdio.sys
      \SystemRoot\system32\DRIVERS\nwifi.sys
      \SystemRoot\system32\DRIVERS\ndisuio.sys
      \SystemRoot\system32\DRIVERS\rspndr.sys
      \SystemRoot\system32\drivers\HTTP.sys
      \SystemRoot\System32\DRIVERS\srvnet.sys
      \SystemRoot\system32\DRIVERS\bowser.sys
      \SystemRoot\system32\DRIVERS\mrxsmb.sys
      \SystemRoot\system32\DRIVERS\mrxsmb10.sys
      \SystemRoot\system32\DRIVERS\mrxsmb20.sys
      \SystemRoot\System32\DRIVERS\srv2.sys
      \SystemRoot\System32\DRIVERS\srv.sys
      \SystemRoot\system32\DRIVERS\vwifimp.sys
      \SystemRoot\system32\drivers\npf.sys
      \SystemRoot\system32\drivers\peauth.sys
      \SystemRoot\System32\Drivers\secdrv.SYS
      \SystemRoot\System32\drivers\tcpipreg.sys
      \SystemRoot\System32\Drivers\BTHUSB.sys
      \SystemRoot\System32\Drivers\bthport.sys
      \SystemRoot\system32\DRIVERS\rfcomm.sys
      \SystemRoot\system32\DRIVERS\BthEnum.sys
      \SystemRoot\system32\DRIVERS\bthpan.sys
      \SystemRoot\system32\DRIVERS\bthmodem.sys
      \SystemRoot\system32\drivers\modem.sys
      \SystemRoot\system32\drivers\btwavdt.sys
      \SystemRoot\system32\drivers\btwaudio.sys
      \SystemRoot\system32\DRIVERS\btwl2cap.sys
      \SystemRoot\system32\DRIVERS\btwrchid.sys
      \SystemRoot\System32\Drivers\fastfat.SYS
      \SystemRoot\system32\DRIVERS\monitor.sys
      \??\C:\Windows\system32\drivers\mbamchameleon.sys
      \??\C:\Windows\system32\drivers\mbamswissarmy.sys
      \Windows\System32\ntdll.dll
      \Windows\System32\smss.exe
      \Windows\System32\apisetschema.dll
      ----------- End -----------
      <<<1>>>
      Upper Device Name: \Device\Harddisk0\DR0
      Upper Device Object: 0xfffffa8004c03060
      Upper Device Driver Name: \Driver\Disk\
      Lower Device Name: \Device\Ide\IAAStorageDevice-1\
      Lower Device Object: 0xfffffa8004968050
      Lower Device Driver Name: \Driver\iaStor\
      Driver name found: iaStor
      Initialization returned 0x0
      Load Function returned 0x0
      Downloaded database version: v2013.02.07.04
      Downloaded database version: v2013.01.23.01
      Initializing...
      Done!
      <<<2>>>
      Device number: 0, partition: 3
      Physical Sector Size: 512
      Drive: 0, DevicePointer: 0xfffffa8004c03060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
      --------- Disk Stack ------
      DevicePointer: 0xfffffa8004c03b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
      DevicePointer: 0xfffffa8004c03060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
      DevicePointer: 0xfffffa8004968050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
      ------------ End ----------
      Upper DeviceData: 0xfffff8a006f54360, 0xfffffa8004c03060, 0xfffffa8009357090
      Lower DeviceData: 0xfffff8a0084c05f0, 0xfffffa8004968050, 0xfffffa800465fe40
      <<<3>>>
      Volume: C:
      File system type: NTFS
      SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
      Scanning directory: C:\Windows\system32\drivers...
      Done!
      Drive 0
      Scanning MBR on drive 0...
      Inspecting partition table:
      MBR Signature: 55AA
      Disk Signature: F69962C3

      Partition information:

      Partition 0 type is Other (0xde)
      Partition is NOT ACTIVE.
      Partition starts at LBA: 2048 Numsec = 204800

      Partition 1 type is Primary (0x7)
      Partition is ACTIVE.
      Partition starts at LBA: 206848 Numsec = 30720000
      Partition file system is NTFS
      Partition is bootable

      Partition 2 type is Primary (0x7)
      Partition is NOT ACTIVE.
      Partition starts at LBA: 30926848 Numsec = 945844272

      Partition 3 type is Empty (0x0)
      Partition is NOT ACTIVE.
      Partition starts at LBA: 0 Numsec = 0

      Disk Size: 500107862016 bytes
      Sector size: 512 bytes

      Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
      Done!
      Performing system, memory and registry scan...
      Read File: File "c:\ProgramData\AVG2013\Chjw\18b4b7bbb4b799a8.dat" is sparse (flags = 32768)
      Infected: c:\Windows\System32\services.exe --> [Rootkit.0Access]
      Backup file found for a file c:\Windows\System32\services.exe
      Infected: c:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\@ --> [Backdoor.0Access]
      Infected: c:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\L\00000004.@ --> [Backdoor.0Access]
      Infected: c:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\L\00000008.@ --> [Trojan.BitMiner]
      Infected: c:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\00000004.@ --> [Backdoor.0Access]
      Infected: c:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\00000008.@ --> [Trojan.Dropper.BCMiner]
      Infected: c:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\000000cb.@ --> [Backdoor.0Access]
      Infected: c:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\trz4D5A.tmp --> [Rootkit.0Access]
      Infected: c:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\trzD2C2.tmp --> [Rootkit.0Access]
      Infected: c:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\trzDD45.tmp --> [Rootkit.0Access]
      Infected: c:\Windows\assembly\GAC_32\Desktop.ini --> [Rootkit.0access]
      Infected: c:\Windows\assembly\GAC_64\Desktop.ini --> [Rootkit.0access]
      Infected: c:\Users\Fede\Desktop\Metro.exe --> [Trojan.Agent]
      Infected: c:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\L --> [Backdoor.0Access]
      Infected: c:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\L\201d3dde --> [Backdoor.0Access]
      Infected: c:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\L\76603ac3 --> [Backdoor.0Access]
      Infected: c:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U --> [Backdoor.0Access]
      Infected: c:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\trz11D9.tmp --> [Backdoor.0Access]
      Infected: c:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\trz1E0E.tmp --> [Backdoor.0Access]
      Infected: c:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\trzA329.tmp --> [Backdoor.0Access]
      Infected: c:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\trzA4C7.tmp --> [Backdoor.0Access]
      Infected: c:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\trzD700.tmp --> [Backdoor.0Access]
      Done!
      Scan finished
      Creating System Restore point...
      Scheduling clean up...
      <<<2>>>
      Device number: 0, partition: 3
      <<<3>>>
      Volume: C:
      File system type: NTFS
      SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
      Removal scheduling successful. System shutdown needed.
      System shutdown occurred
      =======================================


      ---------------------------------------
      Malwarebytes Anti-Rootkit BETA 1.01.0.1017

      (c) Malwarebytes Corporation 2011-2012

      OS version: 6.1.7601 Windows 7 Service Pack 1 x64

      Account is Administrative

      Internet Explorer version: 9.0.8112.16421

      Java version: 1.6.0_35

      File system is: NTFS
      Disk drives: C:\ DRIVE_FIXED
      CPU speed: 2.527000 GHz
      Memory total: 4081606656, free: 2781786112

      Removal queue found; removal started
      Removing c:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\@...
      Removing c:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\L\00000004.@...
      Removing c:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\L\00000008.@...
      Removing c:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\00000004.@...
      Removing c:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\00000008.@...
      Removing c:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\000000cb.@...
      Removing c:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\trz4D5A.tmp...
      Removing c:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\trzD2C2.tmp...
      Removing c:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\trzDD45.tmp...
      Removing c:\Windows\assembly\GAC_32\Desktop.ini...
      Removing c:\Windows\assembly\GAC_64\Desktop.ini...
      Removing c:\Users\Fede\Desktop\Metro.exe...
      Removing c:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\L...
      Removing c:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\L\201d3dde...
      Removing c:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\L\76603ac3...
      Removing c:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U...
      Removing c:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\trz11D9.tmp...
      Removing c:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\trz1E0E.tmp...
      Removing c:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\trzA329.tmp...
      Removing c:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\trzA4C7.tmp...
      Removing c:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\trzD700.tmp...
      Removal finished
      =======================================

    4. #4
      Ex-Colaboradora Avatar de @SanMar
      Registrado
      jun 2008
      Ubicación
      Argentina
      Mensajes
      22.290

      Re: Infectado con Virus y el AVG free no los elimina

      Hola :


      La herramienta ha eliminado un lindo rootkit de tu sistema....


      Comenta como notas ese equipo y si tu AV continua con las detecciones.


      Salu2.

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    5. #5
      Usuario Avatar de fcelayeta
      Registrado
      feb 2013
      Ubicación
      Argentina
      Mensajes
      3

      Re: Infectado con Virus y el AVG free no los elimina

      Estimado SanMar: la computadora anda perfecta, el avg no encuentra mas nada y ya no salen los carteles de warning todo el tiempo que no me dejaban trabajar tranquilo.
      Te agradezco mucho y a todos en el foro
      Un abrazo grande
      fcelayeta

    6. #6
      Ex-Colaboradora Avatar de @SanMar
      Registrado
      jun 2008
      Ubicación
      Argentina
      Mensajes
      22.290

      Re: Infectado con Virus Rootkit.0Access y el AVG free no los elimina. (Solucionado)

      Hola fcelayeta:


      Para terminar solo elimina el .zip y la carpeta de Malwarebytes Anti-Rootkits.

      Que bueno que hayamos podido resolver tu problema..!!

      Si por alguna razón necesitas reabrir este mensaje, le das clik a esta imagen abajo a la izquierda del post , comentando los motivos por los que necesitas reabrir el tema.


      ***Tema Solucionado***

      Como recomendación final, te invitamos a seguirnos en nuestros canales de difusión: Blog, Twitter, Facebook, vía E-Mail, para estar al tanto de los nuevos malwares y como prevenirlos.
      Salu2.

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.