Título: Tengo un intruso Publicado por: 7isma88 en 29 Mayo 2015, 22:24 pm creo que tengo una persona que me ha entrado en el PC No se como hecharlo y cerrarle las puertas, dejo un GMER por si sirve de ayuda.
GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-05-29 21:24:33 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002a WDC_WD6400AAKS-22A7B2 rev.01.03B01 596,17GB Running: gmer.exe; Driver: C:\Users\Ismael\AppData\Local\Temp\kwldapow.sys ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- Files - GMER 2.1 ---- File C:\Users\Ismael\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt 0 bytes ---- Processes - GMER 2.1 ---- Library C:\Users\Ismael\AppData\Local\Temp\{907A1104-E812-4b5c-959B-E4DAB37A96AB}\dbghelp.dll (*** suspicious ***) @ C:\Users\Ismael\AppData\Local\Temp\{907A1104-E812-4b5c-959B-E4DAB37A96AB}\Install.exe [3236] (Windows Image Helper/Microsoft Corporation)(2015-05-29 18:53:39) 0000000003000000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\SDScannerService@ServiceWebPortFileScannerActive 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\SDScannerService@ServiceWebPortFirewallActive 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\SDUpdateService@ServiceWebPortActive 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters@ServiceDllUnloadOnStop 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemLastStartTime 0x06 0x1B 0xE8 0xF5 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\ACR0064LEF080014210_27_07D8_14^6742D576E8B376F69DE478D074E6BE99@Timestamp 0x39 0x11 0xC6 0x7A ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Store@LastTileRefresh 0x4C 0x96 0xE8 0x6E ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFStartTime 0x4E 0x78 0x78 0x78 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Store\RefreshBannedAppList@BannedAppsLastModified 0x80 0x65 0xA0 0x7D ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFLastStartTime 0xD3 0xDF 0xEC 0xF5 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime 0xDC 0x7D 0x75 0x78 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{085C6A7A-42BB-4ED9-8B2A-B9DF3399F17D}@ReusableType 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shutdown@CleanShutdown 1 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\SQMLogger@FileCounter 10 Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@es-ES 107 Reg HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence 109 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId 110 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 12 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 1404916693 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D0DE6CB9-1CE3-4564-8022-2A8994DE884D}@LeaseObtainedTime 1432925081 Reg HKLM\SYSTEM\CurrentControlSet\Services\{D0DE6CB9-1CE3-4564-8022-2A8994DE884D}\Parameters\Tcpip@LeaseObtainedTime 1432925081 Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{da712857-c08b-4588-a532-1267e5630c15}@LastProbeTime 1432932483 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D0DE6CB9-1CE3-4564-8022-2A8994DE884D}@T1 1433054681 Reg HKLM\SYSTEM\CurrentControlSet\Services\{D0DE6CB9-1CE3-4564-8022-2A8994DE884D}\Parameters\Tcpip@T1 1433054681 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D0DE6CB9-1CE3-4564-8022-2A8994DE884D}@T2 1433151881 Reg HKLM\SYSTEM\CurrentControlSet\Services\{D0DE6CB9-1CE3-4564-8022-2A8994DE884D}\Parameters\Tcpip@T2 1433151881 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D0DE6CB9-1CE3-4564-8022-2A8994DE884D}@LeaseTerminatesTime 1433184281 Reg HKLM\SYSTEM\CurrentControlSet\Services\{D0DE6CB9-1CE3-4564-8022-2A8994DE884D}\Parameters\Tcpip@LeaseTerminatesTime 1433184281 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@First Counter 1848 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Object List 1848 1854 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@First Help 1849 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Last Counter 1860 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Last Help 1861 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 18633 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\AITEventLog@FileCounter 2 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WdiContextLog@FileCounter 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 365 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime 443962743 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive@UuidSequenceNumber 4521682 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID 4a0723e4-2b0e-4596-9836-d067833 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer@GlobalAssocChangedCounter 54 Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 800 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ???=??????N??>??????????????{f3c5e28e-63f6-49c7-a204-e48a1bc4b09d}???????>?>??????R??>??????????????%SystemRoot%\system32\drivers\fltmgr.sys????? ???????????????????>?#?????? ?N?g???????????????????????N??>??????????????{e595f735-b42a-494b-afcd-b68666945cd3}???????>?>??????B??>??????????????%SystemRoot%\system32\mpssvc.dll????? ???????????????????>?#?????? ?N?h???????????????????N??>??????????????{dea07764-0790-44de-b9c4-49677b17174f}??Ev???>?>??????<??>???i??????????%SystemRoot%\system32\fms.dll???? ???????????????????>?#?????? ?N?i?'?????????????????????????N??>??????????????{538cbbad-4877-4eb2-b26e-7caee8f0f8cb}?V?????>?>??????D??>??????????????%SystemRoot%\system32\fdphost.dll???? ???????????????????>?#?????? ?X?j?%?????????????????????????N??>??????????????{55ab77f6-fa04-43ef-af45-688fbf500482}?ntL???>?>??????X??>???i??????????%SystemRoot%\system32\drivers\msgpioclx.sys?????? ???????????????????>?#?????? ?N?k?????????????????y?????N??>??????????????{aea1b4fa-97d1-45f2-a64c-4d69fffd92c9}???????>?>??????@ Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@LastBootPlanUserTime ?vi.?, ?may. ?29 ?15, 08:50:14????????????????????????????????? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{085C6A7A-42BB-4ED9-8B2A-B9DF3399F17D}\Connection@Name Reusable ISATAP Interface {085C6A7A-42BB-4ED9-8B2A-B9DF3399F17D} Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{085C6A7A-42BB-4ED9-8B2A-B9DF3399F17D}@InterfaceName Reusable ISATAP Interface {085C6A7A-42BB-4ED9-8B2A-B9DF3399F17D} ---- Threads - GMER 2.1 ---- Thread C:\WINDOWS\system32\svchost.exe [1548:3560] 00007fff39881b70 Thread C:\WINDOWS\system32\svchost.exe [1548:3536] 00007fff39c54440 Thread C:\WINDOWS\system32\svchost.exe [1548:3540] 00007fff40f41600 Thread C:\WINDOWS\system32\csrss.exe [596:632] fffff960009be2d0 ---- EOF - GMER 2.1 ---- Título: Re: Tengo un intruso Publicado por: andavid en 3 Junio 2015, 17:49 pm Rootkit revealer
http://www.filehippo.com/es/download_rootkit_revealer/ TDS Killer http://support.kaspersky.com/viruses/solutions/5353 Título: Re: Tengo un intruso Publicado por: 7isma88 en 6 Junio 2015, 11:46 am muchas gracias por la ayuda pero el rootkit revealer no se me inicia ni iniciandolo como administrador ¿que debo hacer?
Título: Re: Tengo un intruso Publicado por: andavid en 8 Junio 2015, 15:11 pm Vi recientemente que puede presentar problemas en la ejecucion con windows seven. Probaste el de kaspersky?. Podrias probar con este otro tambien:
GMER http://www.gmer.net/ |