• Registrarse
  • Iniciar sesión


  • Resultados 1 al 3 de 3

    problemas con rootkit.0access, PUP.installBrain.

    Hola a todos! A ver si alguien me puede ayudar. Desde ayer no me puedo conectar a internet y no me funciona el firewall ni Windows defender. Al pasar el antivirus (AVG) y varios antyspywares ...

    1. #1
      Usuario Avatar de vinxenso
      Registrado
      abr 2013
      Ubicación
      España
      Mensajes
      2

      problemas con rootkit.0access, PUP.installBrain.

      Hola a todos! A ver si alguien me puede ayudar. Desde ayer no me puedo conectar a internet y no me funciona el firewall ni Windows defender. Al pasar el antivirus (AVG) y varios antyspywares (Malwarebytes, AT destroyer, spybot y CCleaner) me han detectado varios spywares como PUP.InstallBrain, Rootkit.0Access, Trojan Hider UQI y Backdoor.bot.

      He hecho varias limpiezas con estos programas, y si bien, el sistema va más rápido, sigo sin poder conectarme a internet y sin funcionarme Windows defender. Supongo que aún queda algo por eliminar o reparar. Voy a pegar los Logs actuales de Malwarebytes, AT destroyer y spybot.

      Malwarebytes Anti-Malware (Versión de Prueba) 1.75.0.1300
      www.malwarebytes.org

      Versión de la Base de Datos: v2013.04.24.10

      Windows Vista Service Pack 1 x86 NTFS (modo seguro)
      Internet Explorer 8.0.6001.19088
      portatil :: PORTATIL1 [administrador]

      Protección: Personas de movilidad reducida

      26/04/2013 12:19:19
      mbam-log-2013-04-26 (12-19-19).txt

      Tipos de Análisis: Análisis Rápido
      Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
      Opciones de análisis desactivados: P2P
      Objetos examinados: 200300
      Tiempo transcurrido: 6 minuto(s), 7 segundo(s)

      Procesos en Memoria Detectados: 0
      (No se han detectado elementos maliciosos)

      Módulos de Memoria Detectados: 0
      (No se han detectado elementos maliciosos)

      Claves del Registro Detectados: 0
      (No se han detectado elementos maliciosos)

      Valores del Registro Detectados: 0
      (No se han detectado elementos maliciosos)

      Elementos de Datos del Registro Detectados: 0
      (No se han detectado elementos maliciosos)

      Carpetas Detectadas: 0
      (No se han detectado elementos maliciosos)

      Archivos Detectados: 0
      (No se han detectado elementos maliciosos)

      fin)

      ####################### AT-Destroyer [2.1] By Infospyware.
      Hora/Día/Mes/Año: 02:55:31 \\\ 26/04/2013
      AT-Destroyer 2.1 By Infospyware ---> www.infospyware.com
      Última actualización: 30/11/2012
      Opción escogida: 2 :Buscar y Destruir
      Versión Internet Explorer:8.0.6001.19088
      Privilegios: portatil - Administrador
      Modo Actual: Modo Seguro.
      Nombre del pc: PORTATIL1
      Información del sistema operativo:X86-WIN_VISTA-Service Pack 1
      nombre del usuario:portatil
      Lenguaje del sistema: Español



      >>>>>>> Servicios <<<<<<<



      >>>>>> Carpetas <<<<<<



      >>>>>> Archivos <<<<<<



      >>>>>> Registro <<<<<<



      >>>>>> Heurística <<<<<<



      >>>>>> Internet Explorer <<<<<<

      Start Page==www.google.com
      Local Page==C:\Windows\System32\blank.htm
      Search Page==http://go.microsoft.com/fwlink/?LinkId=54896
      Default_search_url==http://go.microsoft.com/fwlink/?LinkId=54896
      Default_Page_URL==http://www.hp.com


      ''HKCU\Software\Microsoft\Internet Explorer\Main''
      Start Page==www.google.com
      Local Page==C:\Windows\system32\blank.htm
      Search Page==http://go.microsoft.com/fwlink/?LinkId=54896
      Default_search_url==
      Default_Page_URL==http://www.hp.com


      HKEY_USERS\S-1-5-21-968604655-4109506110-550933866-1006\Software\Microsoft\Internet Explorer\Main''
      Start Page==www.google.com
      Local Page==C:\Windows\system32\blank.htm
      Search Page==http://go.microsoft.com/fwlink/?LinkId=54896
      Default_search_url==
      Default_Page_URL==http://www.hp.com


      >>>>>> Plugins Firefox <<<<<<

      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.15.2
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.4

      >>>>>> Google Chrome <<<<<<

      "homepage": "http://www.google.com/",
      "homepage_changed": true,
      "homepage_is_newtabpage": false,


      >>>>>> Extensiones Google Chrome <<<<<<


      ======== Listado ===========

      [18/12/2012 13:15] [18/12/2012 13:15] [N] C:\Users\portatil\AppData\Roaming\AVG2013
      [23/11/2012 20:18] [23/11/2012 20:18] [N] C:\Users\portatil\AppData\Roaming\downloads
      [30/12/2012 23:29] [30/12/2012 23:25] [N] C:\Users\portatil\AppData\Roaming\dvdcss
      [16/02/2010 20:04] [16/02/2010 20:04] [N] C:\Users\portatil\AppData\Roaming\FLEXnet
      [29/12/2007 22:34] [29/12/2007 22:24] [N] C:\Users\portatil\AppData\Roaming\fretsonfire
      [05/04/2011 16:12] [05/04/2011 16:12] [N] C:\Users\portatil\AppData\Roaming\GTek
      [27/11/2007 11:55] [27/11/2007 11:55] [N] C:\Users\portatil\AppData\Roaming\Hewlett-Packard
      [30/11/2007 11:07] [27/11/2007 12:00] [N] C:\Users\portatil\AppData\Roaming\Identities
      [27/11/2007 11:50] [27/11/2007 11:50] [N] C:\Users\portatil\AppData\Roaming\InstallShield
      [16/12/2007 17:45] [16/12/2007 17:45] [N] C:\Users\portatil\AppData\Roaming\InterVideo
      [13/05/2010 20:03] [06/05/2010 19:27] [HS] C:\Users\portatil\AppData\Roaming\lowsec
      [27/11/2007 11:55] [27/11/2007 11:55] [N] C:\Users\portatil\AppData\Roaming\Macromedia
      [24/04/2013 23:55] [24/04/2013 23:55] [N] C:\Users\portatil\AppData\Roaming\Malwarebytes
      [21/10/2012 18:24] [17/12/2007 13:57] [N] C:\Users\portatil\AppData\Roaming\Media Player Classic
      [25/04/2013 11:34] [27/11/2007 11:49] [SN] C:\Users\portatil\AppData\Roaming\Microsoft
      [22/11/2012 18:31] [29/12/2011 23:04] [N] C:\Users\portatil\AppData\Roaming\NCH Software
      [ 31/12/2011 2:51] [ 31/12/2011 2:51] [N] C:\Users\portatil\AppData\Roaming\NCH Swift Sound
      [14/04/2013 14:09] [14/04/2013 14:09] [N] C:\Users\portatil\AppData\Roaming\OpenOffice.org
      [25/04/2013 10:37] [25/04/2013 10:37] [N] C:\Users\portatil\AppData\Roaming\PeerNetworking
      [21/10/2012 18:21] [21/10/2012 18:13] [0] C:\Users\portatil\AppData\Roaming\PerformerSoft
      [09/12/2007 21:28] [09/12/2007 21:27] [N] C:\Users\portatil\AppData\Roaming\Roxio
      C:\Users\portatil\AppData\Roaming\Safer-Networking.log [AN] 364 bytes ( )
      [05/12/2007 23:24] [05/12/2007 23:24] [N] C:\Users\portatil\AppData\Roaming\SampleView
      [17/03/2013 14:24] [20/11/2008 12:00] [N] C:\Users\portatil\AppData\Roaming\Skype
      [ 26/04/2013 1:43] [ 20/11/2008 12:02] [N] C:\Users\portatil\AppData\Roaming\skypePM
      [ 26/04/2013 2:20] [ 26/04/2013 2:20] [N] C:\Users\portatil\AppData\Roaming\SUPERAntiSpyware.com
      [18/12/2012 13:11] [18/12/2012 13:11] [N] C:\Users\portatil\AppData\Roaming\TuneUp Software
      C:\Users\portatil\AppData\Roaming\UserTile.png [AN] 23,6 KB ( )
      [24/04/2013 23:38] [07/11/2012 20:55] [N] C:\Users\portatil\AppData\Roaming\uTorrent
      [25/04/2013 11:16] [21/10/2012 18:13] [N] C:\Users\portatil\AppData\Roaming\vlc
      [16/02/2010 18:53] [16/02/2010 18:53] [N] C:\Users\portatil\AppData\Roaming\Vodafone
      [ 06/12/2007 5:15] [ 06/12/2007 5:15] [0] C:\Users\portatil\AppData\Roaming\WinRAR
      [27/11/2007 11:55] [27/11/2007 11:55] [0] C:\Program Files\AOL
      [10/11/2006 12:55] [10/11/2006 12:55] [HSN] C:\Program Files\Archivos comunes
      [17/02/2010 17:41] [17/02/2010 17:41] [0] C:\Program Files\Ares
      [26/04/2010 21:54] [26/04/2010 21:54] [0] C:\Program Files\Auralog
      [16/03/2010 18:54] [16/03/2010 18:54] [0] C:\Program Files\Avanquest update
      [18/12/2012 13:15] [24/05/2009 18:24] [0] C:\Program Files\AVG
      [06/01/2008 16:11] [06/01/2008 16:11] [0] C:\Program Files\Belkin
      [13/03/2013 12:20] [13/03/2013 12:20] [0] C:\Program Files\BrowseToSave
      [26/04/2013 1:16] [30/12/2011 17:32] [0] C:\Program Files\CCleaner
      [14/03/2013 0:28] [02/11/2006 13:18] [0] C:\Program Files\Common Files
      [27/05/2008 11:38] [26/09/2007 11:21] [0] C:\Program Files\CONEXANT
      C:\Program Files\desktop.ini [HSA] 174 bytes( 0)
      [13/03/2013 12:20] [13/03/2013 12:20] [0] C:\Program Files\EasyLife
      [06/12/2007 5:10] [06/12/2007 5:10] [0] C:\Program Files\Grisoft
      [05/04/2011 16:11] [26/09/2007 11:45] [0] C:\Program Files\Hewlett-Packard
      [05/04/2011 16:11] [26/09/2007 13:03] [0] C:\Program Files\Hp
      [14/03/2013 0:28] [14/03/2013 0:28] [0] C:\Program Files\Hyprotech
      [24/11/2012 7:39] [23/11/2012 20:19] [0] C:\Program Files\InstallerTech
      [23/04/2012 19:07] [26/09/2007 12:24] [H] C:\Program Files\InstallShield Installation Information
      [26/09/2007 12:02] [26/09/2007 12:02] [0] C:\Program Files\Intel
      [30/06/2011 19:59] [02/11/2006 13:18] [0] C:\Program Files\Internet Explorer
      [09/12/2007 18:16] [27/11/2007 11:50] [0] C:\Program Files\InterVideo
      [27/02/2013 9:48] [26/09/2007 12:54] [0] C:\Program Files\Java
      [05/04/2013 11:21] [18/02/2010 20:54] [0] C:\Program Files\JDownloader
      [30/12/2011 0:08] [06/12/2007 5:19] [0] C:\Program Files\K-Lite Codec Pack
      [06/12/2007 0:13] [06/12/2007 0:13] [0] C:\Program Files\KONAMI
      [24/04/2013 23:54] [24/04/2013 23:54] [0] C:\Program Files\Malwarebytes' Anti-Malware
      [02/11/2006 14:35] [02/11/2006 14:35] [0] C:\Program Files\Microsoft Games
      [12/05/2009 11:20] [26/09/2007 12:29] [0] C:\Program Files\Microsoft Office
      [26/09/2007 12:37] [26/09/2007 12:37] [0] C:\Program Files\Microsoft Small Business
      [26/09/2007 12:35] [26/09/2007 12:34] [0] C:\Program Files\Microsoft SQL Server
      [26/09/2007 12:35] [26/09/2007 12:32] [0] C:\Program Files\Microsoft.NET
      [15/10/2010 18:50] [02/11/2006 14:35] [0] C:\Program Files\Movie Maker
      [23/11/2012 20:19] [23/11/2012 20:19] [0] C:\Program Files\Mozilla Firefox
      [02/11/2006 14:35] [02/11/2006 14:35] [0] C:\Program Files\MSBuild
      [13/02/2008 21:17] [13/02/2008 21:17] [0] C:\Program Files\MSXML 4.0
      [22/11/2012 18:30] [29/12/2011 23:04] [0] C:\Program Files\NCH Software
      [29/12/2011 23:05] [29/12/2011 23:05] [0] C:\Program Files\NCH Swift Sound
      [14/04/2013 14:05] [14/04/2013 14:05] [0] C:\Program Files\OpenOffice.org 3
      [11/09/2008 10:08] [11/09/2008 10:08] [0] C:\Program Files\Philips
      [14/03/2013 0:28] [14/03/2013 0:28] [0] C:\Program Files\Rainbow Technologies
      [02/11/2006 14:35] [02/11/2006 14:35] [0] C:\Program Files\Reference Assemblies
      [26/09/2007 12:42] [26/09/2007 12:42] [0] C:\Program Files\Roxio
      [10/02/2008 14:27] [10/02/2008 14:27] [0] C:\Program Files\Samsung
      [20/11/2008 11:59] [20/11/2008 11:59] [0] C:\Program Files\Skype
      [16/03/2010 18:56] [02/11/2009 20:31] [0] C:\Program Files\Sony Ericsson
      [25/04/2013 15:12] [25/04/2013 15:12] [0] C:\Program Files\Spybot - Search & Destroy 2
      [26/09/2007 12:45] [26/09/2007 12:45] [0] C:\Program Files\Synaptics
      [06/03/2011 19:09] [06/03/2011 19:09] [0] C:\Program Files\The Dialog Corporation
      [02/11/2006 14:58] [02/11/2006 14:58] [H] C:\Program Files\Uninstall Information
      [07/11/2012 20:56] [07/11/2012 20:56] [0] C:\Program Files\uTorrent
      [21/10/2012 18:12] [21/10/2012 18:12] [0] C:\Program Files\VideoLAN
      [21/10/2012 18:29] [16/02/2010 18:50] [0] C:\Program Files\Vodafone
      [06/06/2009 21:15] [02/11/2006 14:35] [0] C:\Program Files\Windows Calendar
      [06/06/2009 21:15] [02/11/2006 14:35] [0] C:\Program Files\Windows Collaboration
      [06/06/2009 21:15] [02/11/2006 14:35] [0] C:\Program Files\Windows Defender
      [15/12/2010 21:30] [02/11/2006 13:18] [0] C:\Program Files\Windows Mail
      [25/04/2013 11:16] [02/11/2006 14:35] [0] C:\Program Files\Windows Media Player
      [10/11/2006 12:55] [02/11/2006 13:18] [0] C:\Program Files\Windows NT
      [06/06/2009 21:15] [02/11/2006 14:35] [0] C:\Program Files\Windows Photo Gallery
      [18/11/2010 7:59] [02/11/2006 14:35] [0] C:\Program Files\Windows Sidebar
      [06/12/2007 5:15] [06/12/2007 5:15] [0] C:\Program Files\WinRAR
      [02/11/2006 14:59] [02/11/2006 14:59] [HSN] C:\ProgramData\Application Data
      [24/01/2013 14:01] [24/01/2013 13:59] [N] C:\ProgramData\AVG January 2013 Campaign
      [18/12/2012 13:11] [18/12/2012 13:08] [N] C:\ProgramData\AVG2013
      [17/11/2010 17:45] [03/12/2009 14:32] [N] C:\ProgramData\avg9
      [19/03/2013 20:09] [13/03/2013 12:20] [N] C:\ProgramData\Bruoywse2savee
      [02/11/2009 20:46] [02/11/2009 20:46] [N] C:\ProgramData\BVRP Software
      [18/11/2010 8:01] [18/11/2010 8:01] [H] C:\ProgramData\Common Files
      [10/11/2006 12:55] [10/11/2006 12:55] [HSN] C:\ProgramData\Datos de programa
      [02/11/2006 14:59] [02/11/2006 14:59] [HSN] C:\ProgramData\Desktop
      [10/11/2006 12:55] [10/11/2006 12:55] [HSN] C:\ProgramData\Documentos
      [02/11/2006 14:59] [02/11/2006 14:59] [HSN] C:\ProgramData\Documents
      [10/11/2006 12:55] [10/11/2006 12:55] [HSN] C:\ProgramData\Escritorio
      C:\ProgramData\ezsidmv.dat [HAN] 56 bytes 0
      [02/11/2006 14:59] [02/11/2006 14:59] [HSN] C:\ProgramData\Favorites
      [10/11/2006 12:55] [10/11/2006 12:55] [HSN] C:\ProgramData\Favoritos
      [16/02/2010 18:50] [16/02/2010 18:50] [N] C:\ProgramData\FLEXnet
      [27/11/2007 11:55] [26/09/2007 12:26] [N] C:\ProgramData\Hewlett-Packard
      C:\ProgramData\hpe138.dll [AN] 145 KB 0
      C:\ProgramData\hpe7FAA.dll [AN] 145 KB 0
      [13/03/2013 12:20] [14/03/2013 0:58] [N] C:\ProgramData\InstallMate
      [24/04/2013 23:54] [24/04/2013 23:54] [N] C:\ProgramData\Malwarebytes
      [10/11/2006 12:55] [10/11/2006 12:55] [HSN] C:\ProgramData\Menú Inicio
      [25/04/2013 18:02] [17/11/2010 17:32] [N] C:\ProgramData\MFAData
      [25/04/2013 18:59] [02/11/2006 13:18] [SN] C:\ProgramData\Microsoft
      [12/05/2009 11:13] [26/09/2007 12:29] [N] C:\ProgramData\Microsoft Help
      [22/11/2012 18:30] [29/12/2011 23:05] [N] C:\ProgramData\NCH Software
      [31/12/2011 2:51] [31/12/2011 2:51] [N] C:\ProgramData\NCH Swift Sound
      [10/11/2006 12:55] [10/11/2006 12:55] [HSN] C:\ProgramData\Plantillas
      [12/11/2010 18:37] [09/12/2007 21:28] [N] C:\ProgramData\Roxio
      [10/02/2008 14:27] [10/02/2008 14:27] [N] C:\ProgramData\Samsung
      [20/11/2008 11:59] [20/11/2008 11:59] [N] C:\ProgramData\Skype
      [14/03/2013 0:59] [14/03/2013 0:59] [N] C:\ProgramData\SoftSafe
      [09/12/2007 21:27] [26/09/2007 12:40] [N] C:\ProgramData\Sonic
      [02/11/2009 20:31] [02/11/2009 20:31] [N] C:\ProgramData\Sony Ericsson
      [25/04/2013 16:31] [25/04/2013 15:12] [N] C:\ProgramData\Spybot - Search & Destroy
      [02/11/2006 14:59] [02/11/2006 14:59] [HSN] C:\ProgramData\Start Menu
      [15/10/2010 18:49] [15/10/2010 18:49] [N] C:\ProgramData\Sun
      [26/04/2013 2:20] [26/04/2013 2:20] [N] C:\ProgramData\SUPERAntiSpyware.com
      [02/11/2006 14:59] [02/11/2006 14:59] [HSN] C:\ProgramData\Templates
      [16/02/2010 18:51] [16/02/2010 18:51] [N] C:\ProgramData\Vodafone
      [19/11/2009 18:19] [19/11/2009 18:19] [N] C:\ProgramData\WindowsSearch

      ==================== EOF ==================

      Search results from Spybot - Search & Destroy

      26/04/2013 13:20:18
      Scan took 00:17:03.
      5 items found.

      Log: [SBI $8E73A7FB] Activity: ntbtlog.txt (File, nothing done)
      C:\Windows\ntbtlog.txt
      Properties.size=10210
      Properties.md5=6FAE412C1156E71F9DC2436362E85FF9
      Properties.filedate=1366975219
      Properties.filedatetext=2013-04-26 13:20:18

      Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

      Windows Explorer: [SBI $2026AFB6] User Assistant history IE (Registry Key, nothing done)
      HKEY_USERS\S-1-5-21-968604655-4109506110-550933866-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

      Windows Explorer: [SBI $6107D172] User Assistant history files (Registry Key, nothing done)
      HKEY_USERS\S-1-5-21-968604655-4109506110-550933866-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

      History: [SBI $49804B54] Browser: History (3) (Browser: History, nothing done)



      --- Spybot - Search & Destroy version: 2.0.12.131 DLL (build: 20121113) ---

      2012-11-13 blindman.exe (2.0.12.151)
      2012-11-13 explorer.exe (2.0.12.173)
      2012-11-13 SDBootCD.exe (2.0.12.109)
      2012-11-13 SDCleaner.exe (2.0.12.110)
      2012-11-13 SDDelFile.exe (2.0.12.94)
      2012-11-13 SDFiles.exe (2.0.12.135)
      2012-11-13 SDFileScanHelper.exe (2.0.12.1)
      2012-11-13 SDFSSvc.exe (2.0.12.205)
      2012-11-13 SDImmunize.exe (2.0.12.130)
      2012-11-13 SDLogReport.exe (2.0.12.107)
      2012-11-13 SDPESetup.exe (2.0.12.3)
      2012-11-13 SDPEStart.exe (2.0.12.86)
      2012-11-13 SDPhoneScan.exe (2.0.12.27)
      2012-11-13 SDPRE.exe (2.0.12.13)
      2012-11-13 SDPrepPos.exe (2.0.12.10)
      2012-11-13 SDQuarantine.exe (2.0.12.103)
      2012-11-13 SDRootAlyzer.exe (2.0.12.116)
      2012-11-13 SDSBIEdit.exe (2.0.12.39)
      2012-11-13 SDScan.exe (2.0.12.173)
      2012-11-13 SDScript.exe (2.0.12.53)
      2012-11-13 SDSettings.exe (2.0.12.130)
      2012-11-13 SDShred.exe (2.0.12.105)
      2012-11-13 SDSysRepair.exe (2.0.12.101)
      2012-11-13 SDTools.exe (2.0.12.150)
      2012-11-13 SDTray.exe (2.0.12.127)
      2012-11-13 SDUpdate.exe (2.0.12.89)
      2012-11-13 SDUpdSvc.exe (2.0.12.76)
      2012-11-13 SDWelcome.exe (2.0.12.126)
      2012-11-13 SDWSCSvc.exe (2.0.12.2)
      2013-04-25 unins000.exe (51.1052.0.0)
      1999-12-02 xcacls.exe
      2012-08-23 borlndmm.dll (10.0.2288.42451)
      2012-09-05 DelZip190.dll (1.9.0.107)
      2012-09-10 libeay32.dll (1.0.0.4)
      2012-09-10 libssl32.dll (1.0.0.4)
      2012-11-13 SDAdvancedCheckLibrary.dll (2.0.12.98)
      2012-11-13 SDECon32.dll (2.0.12.113)
      2012-11-13 SDEvents.dll (2.0.12.2)
      2012-11-13 SDFileScanLibrary.dll (2.0.12.9)
      2012-11-13 SDHelper.dll (2.0.12.88)
      2012-11-13 SDImmunizeLibrary.dll (2.0.12.2)
      2012-11-13 SDLists.dll (2.0.12.4)
      2012-11-13 SDResources.dll (2.0.12.7)
      2012-11-13 SDScanLibrary.dll (2.0.12.131)
      2012-11-13 SDTasks.dll (2.0.12.15)
      2012-11-13 SDWinLogon.dll (2.0.12.0)
      2012-08-23 sqlite3.dll
      2012-09-10 ssleay32.dll (1.0.0.4)
      2012-11-13 Tools.dll (2.0.12.36)
      2012-11-13 UninsSrv.dll (2.0.12.52)
      2012-11-14 Includes\Adware.sbi (*)
      2012-11-14 Includes\AdwareC.sbi (*)
      2010-08-13 Includes\Cookies.sbi (*)
      2012-11-14 Includes\Dialer.sbi (*)
      2012-11-14 Includes\DialerC.sbi (*)
      2012-11-14 Includes\HeavyDuty.sbi (*)
      2012-11-14 Includes\Hijackers.sbi (*)
      2012-11-14 Includes\HijackersC.sbi (*)
      2012-11-14 Includes\iPhone.sbi (*)
      2012-11-14 Includes\Keyloggers.sbi (*)
      2012-11-14 Includes\KeyloggersC.sbi (*)
      2012-11-14 Includes\Malware.sbi (*)
      2012-11-14 Includes\MalwareC.sbi (*)
      2012-11-14 Includes\PUPS.sbi (*)
      2012-11-14 Includes\PUPSC.sbi (*)
      2012-11-14 Includes\Security.sbi (*)
      2012-11-14 Includes\SecurityC.sbi (*)
      2008-06-03 Includes\Spybots.sbi (*)
      2008-06-03 Includes\SpybotsC.sbi (*)
      2012-11-14 Includes\Spyware.sbi (*)
      2012-11-14 Includes\SpywareC.sbi (*)
      2011-06-07 Includes\Tracks.sbi (*)
      2005-02-17 Includes\Tracks.uti (*)
      2012-11-14 Includes\Trojans.sbi (*)
      2012-11-14 Includes\TrojansC-02.sbi (*)
      2012-11-14 Includes\TrojansC-03.sbi (*)
      2012-11-14 Includes\TrojansC-04.sbi (*)
      2012-11-14 Includes\TrojansC-05.sbi (*)
      2012-11-14 Includes\TrojansC.sbi (*)

      Muchas gracias!

    2. #2
      Moderador.
      Avatar de @Tincho
      Registrado
      may 2008
      Ubicación
      Argentina
      Mensajes
      14.701

      Re: problemas con rootkit.0access, PUP.installBrain.

      Buenas


      Es importante que leas con atención el siguiente procedimiento:


      Descarga la herramienta ComboFix.exe y guárdala en el escritorio.

      • Desactiva temporalmente el Antivirus y/o Antispyware.
      • Cierra todas las ventanas abiertas y programas
      • Hacele doble clic al archivo ComboFix.exe y seguí las instrucciones. Si pide actualizar "Update" aceptas.
        • *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
        • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación, de no ser así lo reinicias manualmente.
        • Al finalizar el trabajo Comobofix generara un registro en C:\ComboFix.txt.



      Atención!! No use ComboFix a menos que se le haya indicado específicamente en su mensaje por un integrante de nuestro Staff. Es una herramienta de gran alcance destinada por su creador a ser usada bajo la orientación y supervisión de un experto, no para uso privado. El uso de ComboFix incorrectamente podría generar problemas en su sistema. Por favor, lea las "Negaciones de la Garantía" de ComboFix.


      En tu Próxima respuesta necesitamos la siguiente Información



      • El reporte de Combofix que se encuentra en C:\ComboFix.txt lo pegas en este mismo tema.
      • Comentar como esta funcionado tu sistema en relacion al problema inicial.


      Saludos.
      Tyny's
      If on your journey, you should encounter God, God will be cut!

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #3
      Usuario Avatar de vinxenso
      Registrado
      abr 2013
      Ubicación
      España
      Mensajes
      2

      Re: problemas con rootkit.0access, PUP.installBrain.

      Muchas gracias por tu respuesta. He seguido tus instrucciones y se ha solucionado el problema. ahora el sistema funciona correctamente. A continuación pego el log del combofix.

      ComboFix 13-04-26.01 - portatil 26/04/2013 20:54:31.1.1 - x86
      Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.34.3082.18.2039.1334 [GMT 2:00]
      Running from: G:\ComboFix.exe
      AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
      SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
      SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
      SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      .
      .
      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      c:\programdata\Bruoywse2savee
      c:\programdata\Bruoywse2savee\5141a44097a90.tlb
      c:\programdata\Bruoywse2savee\settings.ini
      c:\programdata\Bruoywse2savee\uninstall.exe
      c:\programdata\hpe138.dll
      c:\programdata\hpe7FAA.dll
      c:\programdata\Microsoft\Windows\Start Menu\Programs\Bruoywse2savee
      c:\programdata\Microsoft\Windows\Start Menu\Programs\Bruoywse2savee\Bruoywse2savee.lnk
      c:\programdata\Microsoft\Windows\Start Menu\Programs\Bruoywse2savee\Uninstall.lnk
      c:\windows\$NtUninstallKB62280$
      c:\windows\$NtUninstallKB62280$\3095759782
      c:\windows\$NtUninstallKB62280$\485945278\Desktop.ini
      c:\windows\system32\URTTemp
      c:\windows\system32\URTTemp\regtlib.exe
      F:\Autorun.inf
      .
      c:\windows\system32\drivers\tdx.sys was missing
      Restored copy from - c:\windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6000.16386_none_e807064fdf2a97e3\tdx.sys
      .
      .
      ((((((((((((((((((((((((( Files Created from 2013-03-26 to 2013-04-26 )))))))))))))))))))))))))))))))
      .
      .
      2013-04-26 19:06 . 2013-04-26 19:11 -------- d-----w- c:\users\portatil\AppData\Local\temp
      2013-04-26 00:20 . 2013-04-26 00:20 -------- d-----w- c:\users\portatil\AppData\Roaming\SUPERAntiSpyware.com
      2013-04-26 00:20 . 2013-04-26 00:20 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
      2013-04-25 23:17 . 2013-04-26 10:34 -------- d-----w- C:\_AT-Destroyer
      2013-04-25 13:12 . 2013-04-26 17:42 -------- d-----w- c:\programdata\Spybot - Search & Destroy
      2013-04-25 13:12 . 2009-01-25 10:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
      2013-04-25 13:12 . 2013-04-25 13:12 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
      2013-04-25 08:37 . 2013-04-25 08:37 -------- d-----w- c:\users\portatil\AppData\Roaming\PeerNetworking
      2013-04-24 21:55 . 2013-04-24 21:55 -------- d-----w- c:\users\portatil\AppData\Roaming\Malwarebytes
      2013-04-24 21:54 . 2013-04-24 21:54 -------- d-----w- c:\programdata\Malwarebytes
      2013-04-24 21:54 . 2013-04-24 21:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
      2013-04-24 21:54 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
      2013-04-14 12:09 . 2013-04-14 12:09 -------- d-----w- c:\users\portatil\AppData\Roaming\OpenOffice.org
      2013-04-14 12:05 . 2013-04-14 12:05 -------- d-----w- c:\program files\OpenOffice.org 3
      .
      .
      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2013-02-27 07:48 . 2013-02-27 07:48 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
      2013-02-27 07:48 . 2013-02-27 07:49 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
      2013-02-27 07:48 . 2010-10-15 16:48 782240 ----a-w- c:\windows\system32\deployJava1.dll
      2013-02-26 15:32 . 2013-02-26 15:32 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
      2013-02-26 15:32 . 2013-02-26 15:32 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
      .
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
      "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320]
      "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-09-24 434176]
      "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392]
      "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
      "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
      "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
      "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-05-07 159744]
      "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
      "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-12 141848]
      "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-12 154136]
      "Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-12 129560]
      "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
      "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
      "WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2006-09-05 184320]
      .
      c:\users\portatil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
      OpenOffice.org 3.4.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
      .
      c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
      BTTray.lnk - c:\program files\Belkin\Bluetooth Software\BTTray.exe [2006-6-7 553021]
      DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2007-11-27 184320]
      Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "EnableUIADesktopToggle"= 0 (0x0)
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "mixer2"=wdmaud.drv
      .
      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
      BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
      @="Service"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_UI]
      2012-12-11 02:52 3147384 ----a-w- c:\program files\AVG\AVG2013\avgui.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
      2012-11-13 12:08 3825176 ----a-w- c:\program files\Spybot - Search & Destroy 2\SDTray.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
      bthsvcs REG_MULTI_SZ BthServ
      .
      Contents of the 'Scheduled Tasks' folder
      .
      2013-04-26 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
      - c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2013-04-25 12:08]
      .
      2013-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-968604655-4109506110-550933866-1006Core.job
      - c:\users\portatil\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-18 15:41]
      .
      2013-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-968604655-4109506110-550933866-1006UA.job
      - c:\users\portatil\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-18 15:41]
      .
      2013-04-25 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
      - c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2013-04-25 12:07]
      .
      2013-01-24 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
      - c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-24 21:16]
      .
      2013-04-25 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
      - c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2013-04-25 12:07]
      .
      .
      ------- Supplementary Scan -------
      .
      uStart Page = Google
      mStart Page = Google
      IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
      IE: Enviar a &Bluetooth - c:\program files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
      TCP: DhcpNameServer = 87.216.1.65 87.216.1.66
      .
      - - - - ORPHANS REMOVED - - - -
      .
      Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
      WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
      Notify-SDWinLogon - SDWinLogon.dll
      AddRemove-{147154C0-CBBC-4D5A-A226-AEC1539228A0} - c:\progra~2\INSTAL~1\{BE558~1\Setup.exe
      AddRemove-{ACE9FB2A-31A5-4285-9510-43F1636EAB21} - c:\progra~2\INSTAL~1\{ACE9F~1\Setup.exe
      AddRemove-{CC0372C4-506C-C784-F9ED-447834A090C1} - c:\progra~2\INSTAL~1\{8659B~1\Setup.exe
      .
      .
      .
      **************************************************************************
      .
      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
      Rootkit scan 2013-04-26 21:10
      Windows 6.0.6001 Service Pack 1 NTFS
      .
      scanning hidden processes ...
      .
      scanning hidden autostart entries ...
      .
      scanning hidden files ...
      .
      scan completed successfully
      hidden files: 0
      .
      **************************************************************************
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------
      .
      - - - - - - - > 'Explorer.exe'(1584)
      c:\windows\system32\btneighborhood.dll
      c:\windows\system32\wbtapi.dll
      c:\windows\system32\btwpimif.dll
      c:\windows\system32\btosif.dll
      c:\windows\system32\btrez.dll
      c:\windows\system32\CSH.dll
      c:\windows\system32\BtXpPanel.Dll
      c:\windows\system32\btncopy.dll
      .
      ------------------------ Other Running Processes ------------------------
      .
      c:\progra~1\AVG\AVG2013\avgrsx.exe
      c:\program files\AVG\AVG2013\avgcsrvx.exe
      c:\program files\Belkin\Bluetooth Software\bin\btwdins.exe
      c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
      c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
      c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
      c:\windows\system32\WUDFHost.exe
      c:\windows\system32\DRIVERS\xaudio.exe
      c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
      c:\windows\system32\conime.exe
      c:\program files\Windows Media Player\wmpnetwk.exe
      c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
      c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
      c:\windows\servicing\TrustedInstaller.exe
      c:\windows\system32\igfxsrvc.exe
      .
      **************************************************************************
      .
      Completion time: 2013-04-26 21:18:33 - machine was rebooted
      ComboFix-quarantined-files.txt 2013-04-26 19:18
      .
      Pre-Run: 6.821.175.296 bytes libres
      Post-Run: 6.736.920.576 bytes libres
      .
      - - End Of File - - 1B6D4BCD3FE716FA61077095F11BC319

      Gracias por todo. saludos.