 Re: Problemas con trojans
Aquí esta el report del SDFix , después de hacer todo lo señalado anteriormente
-----------------------------------------------------------------------------
SDFix: Version 1.85
Run by Edson - 29/05/2007 - 13:18:55.14
Microsoft Windows XP [Versi¢n 5.1.2600]
Running From: D:\DOCUME~1\EDSON~1.PUN\ESCRIT~1\SDFix
Safe Mode:
Checking Services:
Name:
kprof
poof
wincom32
windev-5698-10b2
ImagePath:
\??\D:\WINDOWS\System32\kprof
\??\D:\WINDOWS\System32\poof
\??\D:\WINDOWS\System32\wincom32.sys
\??\D:\WINDOWS\system32\windev-5698-10b2.sys
kprof - Deleted
poof - Deleted
wincom32 - Deleted
windev-5698-10b2 - Deleted
Killing PID 156 'smss.exe'
Killing PID 228 'winlogon.exe'
ndis.sys Infected!
Patched File copied to Backups Folder
Attempting to replace ndis.sys with original version...
Original ndis.sys Restored
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Below files will be copied to Backups folder then removed:
D:\WINDOWS\system32\windev-5698-10b2.sys - Deleted
D:\WINDOWS\system32\alt.exe.exe - Deleted
D:\WINDOWS\system32\pee.exe.exe - Deleted
D:\DOCUME~1\EDSON~1.PUN\CONFIG~1\Temp\winlogon.exe - Deleted
D:\WINDOWS\system32\kprof - Deleted
D:\WINDOWS\system32\poof - Deleted
D:\WINDOWS\system32\rpcc.dll - Deleted
D:\WINDOWS\system32\svcp.csv - Deleted
D:\WINDOWS\system32\wincom32.ini - Deleted
D:\WINDOWS\system32\windev-peers.ini - Deleted
D:\WINDOWS\system32\winsub.xml - Deleted
Removing Temp Files...
ADS Check:
Checking if ADS is attached to system32 Folder
D:\WINDOWS\system32
No streams found.
Checking if ADS is attached to svchost.exe
D:\WINDOWS\system32\svchost.exe
No streams found.
Final Check:
Remaining Services:
------------------
Rootkit PE386 Found, Use a Rootkit scanner !
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\WINDOWS\\system32\\dxdiag.exe"="D:\\WINDOWS\\ system32\\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool"
"D:\\WINDOWS\\system32\\dpnsvr.exe"="D:\\WINDOWS\\ system32\\dpnsvr.exe:*:Enabled:Servidor de DirectPlay8 de Microsoft"
"D:\\Archivos de programa\\Valve\\hl.exe"="D:\\Archivos de programa\\Valve\\hl.exe:*:Enabled:Half-Life Launcher"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files:
---------------
Backups Folder: - D:\DOCUME~1\EDSON~1.PUN\ESCRIT~1\SDFix\backups\bac kups.zip
Checking For Files with Hidden Attributes:
D:\Documents and Settings\Edson.PUNKS-6TOR9P384\Configuraci¢n local\Datos de programa\Microsoft\Messenger\edsonburger505@hotmai l.com\Sharing Folders\pentagrama80@hotmail.com\Thumbs.db
D:\Documents and Settings\Edson.PUNKS-6TOR9P384\Configuraci¢n local\Datos de programa\Microsoft\Messenger\sadeflow@hotmail.com\ Sharing Folders\vacafoca@hotmail.com\Thumbs.db
D:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
D:\Archivos de programa\Outlook Express\msimn.exe
D:\WINDOWS\system32\config\default.tmp.LOG
D:\WINDOWS\system32\config\software.tmp.LOG
D:\WINDOWS\system32\config\system.tmp.LOG
D:\WINDOWS\Temp\18467.tmp.LOG
Finished
--------------------------------------------------------------------------
Bueno parece que todo anda bien ahora, algo que no comente anteriormente es que mi firewall (Armor2net), detectaba intentos de conexión de 'Explorador de Windows' cada 2 segundos, y se me reinició la pc 2 veces, ahora ya no así que supongo que eso se resolvió.
Si tengo algo mas que hacer, avisarme.
salu2  |