Gracias por tu respuesta, he seguido todos los paso te pogo los informes:
SDFix: Version 1.214
Run by Leandro on 2008-08-09 at 20:35
Microsoft Windows XP [Versi¢n 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\WINDOWS\syspr.prx - Deleted
C:\WINDOWS\system32\drivers\hosts - Deleted
C:\WINDOWS\system32\ntld.bin - Deleted
C:\WINDOWS\system32\ntld.bin - Deleted
Could Not Remove C:\WINDOWS\system32\dwave.sys
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-09 20:41:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\a347scsi\Config\jdgg40]
"ujdew"=hex:20,02,00,00,67,a1,ee,82,93,4f,00,72,0a ,03,1e,28,d5,b5,45,5a,14,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\BTHPORT\Parameters\Keys\0013eff142cd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg]
"s0"=dword:0a5f04ca
"s1"=dword:853bc2c2
"s2"=dword:e9038d89
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:0d,f6,c6,4b,65,85,fe,34,3e,52,92,82,14 ,df,4e,0c,63,29,84,30,21,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\B THPORT\Parameters\Keys\0013eff142cd]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:0d,f6,c6,4b,65,85,fe,34,3e,52,92,82,14 ,df,4e,0c,63,29,84,30,21,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:0d,f6,c6,4b,65,85,fe,34,3e,52,92,82,14 ,df,4e,0c,63,29,84,30,21,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
"DisplayName"="Alcohol 120%"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000066
"TracesSuccessful"=dword:00000011
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Archivos de programa\\eMule\\emule.exe"="C:\\Archivos de programa\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Archivos de programa\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Arch ivos de programa\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled: BlueSoleil"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
Remaining Files :
C:\WINDOWS\system32\dwave.sys Found
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Archivos de programa\Spybot - Search & Destroy\SDUpdate.exe"
Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Archivos de programa\Spybot - Search & Destroy\SpybotSD.exe"
Mon 7 Jul 2008 2,156,368 A.SHR --- "C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe"
Wed 3 May 2006 163,328 ..SHR --- "C:\WINDOWS\system32\flvDX.dll"
Wed 21 Feb 2007 31,232 ..SHR --- "C:\WINDOWS\system32\msfDX.dll"
Mon 17 Dec 2007 27,648 ..SH. --- "C:\WINDOWS\system32\Smab0.dll"
Mon 4 Feb 2008 151,040 ..SH. --- "C:\WINDOWS\system32\VistaUltm.dll"
Sun 26 Jun 2005 616,448 ..SHR --- "C:\Archivos de programa\eRightSoft\SUPER\cygwin1.dll"
Tue 21 Jun 2005 45,568 ..SHR --- "C:\Archivos de programa\eRightSoft\SUPER\cygz.dll"
Fri 21 Mar 2008 72,704 ..SHR --- "C:\Archivos de programa\eRightSoft\SUPER\Setup.exe"
Fri 27 Oct 2006 16,384 A.SHR --- "C:\Archivos de programa\eRightSoft\SUPER\_Setup.dll"
Thu 20 Jan 2005 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 4 Jun 2002 84,992 ...HR --- "C:\Archivos de programa\eRightSoft\SUPER\mencoder\14_43260.dll"
Tue 4 Jun 2002 44,032 ...HR --- "C:\Archivos de programa\eRightSoft\SUPER\mencoder\28_83260.dll"
Tue 10 Dec 2002 73,766 ...HR --- "C:\Archivos de programa\eRightSoft\SUPER\mencoder\atrc3260.dll"
Tue 10 Dec 2002 65,575 ...HR --- "C:\Archivos de programa\eRightSoft\SUPER\mencoder\cook3260.dll"
Sun 9 Jun 2002 36,864 ...HR --- "C:\Archivos de programa\eRightSoft\SUPER\mencoder\ddnt3260.dll"
Tue 4 Jun 2002 20,480 ...HR --- "C:\Archivos de programa\eRightSoft\SUPER\mencoder\dnet3260.dll"
Tue 10 Dec 2002 102,437 ...HR --- "C:\Archivos de programa\eRightSoft\SUPER\mencoder\drv13260.dll"
Tue 10 Dec 2002 176,165 ...HR --- "C:\Archivos de programa\eRightSoft\SUPER\mencoder\drv23260.dll"
Tue 10 Dec 2002 208,935 ...HR --- "C:\Archivos de programa\eRightSoft\SUPER\mencoder\drv33260.dll"
Tue 10 Dec 2002 217,127 ...HR --- "C:\Archivos de programa\eRightSoft\SUPER\mencoder\drv43260.dll"
Sun 9 Jun 2002 40,448 ...HR --- "C:\Archivos de programa\eRightSoft\SUPER\mencoder\dspr3260.dll"
Sun 4 Nov 2001 225,280 ...HR --- "C:\Archivos de programa\eRightSoft\SUPER\mencoder\ivvideo.dll"
Tue 10 Apr 2001 225,280 ...HR --- "C:\Archivos de programa\eRightSoft\SUPER\mencoder\qtmlClient.dll"
Fri 20 Feb 2004 232,960 ...HR --- "C:\Archivos de programa\eRightSoft\SUPER\mencoder\raac.dll"
Sun 9 Jun 2002 525,824 ...HR --- "C:\Archivos de programa\eRightSoft\SUPER\mencoder\rnco3260.dll"
Tue 10 Dec 2002 245,805 ...HR --- "C:\Archivos de programa\eRightSoft\SUPER\mencoder\rnlt3260.dll"
Tue 10 Dec 2002 45,093 ...HR --- "C:\Archivos de programa\eRightSoft\SUPER\mencoder\rv103260.dll"
Tue 10 Dec 2002 98,341 ...HR --- "C:\Archivos de programa\eRightSoft\SUPER\mencoder\rv203260.dll"
Tue 10 Dec 2002 94,247 ...HR --- "C:\Archivos de programa\eRightSoft\SUPER\mencoder\rv303260.dll"
Tue 10 Dec 2002 90,151 ...HR --- "C:\Archivos de programa\eRightSoft\SUPER\mencoder\rv403260.dll"
Tue 10 Dec 2002 102,439 ...HR --- "C:\Archivos de programa\eRightSoft\SUPER\mencoder\sipr3260.dll"
Sun 9 Jun 2002 49,152 ...HR --- "C:\Archivos de programa\eRightSoft\SUPER\mencoder\tokr3260.dll"
Thu 7 Aug 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc261 2ebcefc90e7dee4c276ee95e\BIT7.tmp"
Finished! Código:
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-08-09 22:46:10
PROTECTIONS: 1
MALWARE: 2
SUSPECTS: 2
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Norton Antivirus 2005 11.0.17 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139535 Application/Processor HackTools No 0 No No C:\Documents and Settings\Leandro\DoctorWeb\Quarantine\SDFix.exe[C:\Documents and Settings\Leandro\DoctorWeb\Quarantine\SDFix.exe][SDFix\apps\Process.exe]
00139535 Application/Processor HackTools No 0 No No C:\Documents and Settings\Leandro\DoctorWeb\Quarantine\00011696.EXE[C:\Documents and Settings\Leandro\DoctorWeb\Quarantine\00011696.EXE][SDFix\apps\Process.exe]
00959032 Adware/Cydoor Adware No 0 Yes No C:\Documents and Settings\Leandro\Mis documentos\Programas\FlashGet.v1.60.Final.Incl.Keygen.Mutilanguage-TSRh.zip[fgf160.exe]
;===================================================================================================================================================================================
SUSPECTS
Sent Location @
;===================================================================================================================================================================================
No C:\Documents and Settings\Leandro\Mis documentos\Juegos\Titan Quest\chtnitrn.exe @
No C:\Documents and Settings\Leandro\Mis documentos\Juegos\Titan Quest\immortalthroneplus14.zip[chtnitrn.exe]
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description @
;===================================================================================================================================================================================
184380 MEDIUM MS08-002 @
184379 MEDIUM MS08-001 @
182048 HIGH MS07-069 @
182046 HIGH MS07-067 @
182043 HIGH MS07-064 @
179553 HIGH MS07-061 @
176382 HIGH MS07-057 @
176383 HIGH MS07-058 @
170911 HIGH MS07-050 @
170907 HIGH MS07-046 @
170906 HIGH MS07-045 @
170904 HIGH MS07-043 @
;===================================================================================================================================================================================
Internet parece que ha dejado de darme problemas... pero sigo sin mis unidades D: y E: XDD
Que más puedo hacer??
Gracias de nuevo por la ayuda!