Foro de Spyware - Ver Mensaje Individual - Envio resultados del Scaneo

Tema: Envio resultados del Scaneo

Ver Mensaje Individual

post #1 (permalink)

13/06/07, 15:56:56

Nolberto

Usuario

Registrado: jun 2007

Ubicación: Colombia

Mensajes: 3

Envio resultados del Scaneo

Buenas tardes, para el foro. Necesito ayuda, ya que le hice a mi pc un scaneo con el panda y me arrojo este resultado:

Incidencia Estado Elemento

Herramienta potencialmente no deseada:Application/SystemDoctor2006 No desinfectado C:\Archivos de programa\Spyware Doctor\swdsvc.exe
Spyware:Spyware/DuncanMonitor No desinfectado C:\WINDOWS\system32\amsmap.dll
Herramienta potencialmente no deseada:application/funweb No desinfectado HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Virus:Trj/Lowzones.TP Desinfectado C:\Documents and Settings\pc\Configuración local\Archivos temporales de Internet\Content.IE5\CPAVW1YJ\koocwolla_20070601[1]
Spyware:Spyware/Virtumonde No desinfectado C:\Documents and Settings\pc\Configuración local\Archivos temporales de Internet\Content.IE5\MD381WFE\ffa_dn[1]
Virus:Trj/Agent.FQU Desinfectado C:\Documents and Settings\pc\Configuración local\Archivos temporales de Internet\Content.IE5\T4O3T10P\nauj[1]
Spyware:Cookie/Atlas DMT No desinfectado C:\Documents and Settings\pc\Cookies\pc@atdmt[2].txt
Spyware:Cookie/Clickbank No desinfectado C:\Documents and Settings\pc\Cookies\pc@clickbank[1].txt
Spyware:Cookie/Winantivirus No desinfectado C:\Documents and Settings\pc\Cookies\pc@es.winantivirus[1].txt
Spyware:Cookie/Reliablestats No desinfectado C:\Documents and Settings\pc\Cookies\pc@stats1.reliablestats[2].txt
Spyware:Cookie/Weborama No desinfectado C:\Documents and Settings\pc\Cookies\pc@weborama[2].txt
Spyware:Cookie/Winantivirus No desinfectado C:\Documents and Settings\pc\Cookies\pc@winantivirus[2].txt
Spyware:Cookie/ademails No desinfectado C:\Documents and Settings\pc\Cookies\pc@www.ademails[2].txt
Virus:Trj/Lowzones.TP Desinfectado C:\Documents and Settings\pc\Datos de programa\tmp26.tmp.exe
Virus:Trj/Agent.FQU Desinfectado C:\Documents and Settings\pc\Datos de programa\tmp29.tmp.exe
Spyware:Spyware/Virtumonde No desinfectado C:\Documents and Settings\pc\Datos de programa\tmp2A.tmp.exe
Virus:Trj/Lowzones.TP Desinfectado C:\Documents and Settings\pc\Datos de programa\tmp2B.tmp.exe
Virus:Trj/Agent.FQU Desinfectado C:\Documents and Settings\pc\Datos de programa\tmpC.tmp.exe
Spyware:Spyware/Virtumonde No desinfectado C:\Documents and Settings\pc\Datos de programa\tmpD.tmp.exe
Spyware:Spyware/DuncanMonitor No desinfectado C:\WINDOWS\system32\jkhfc.exe
Hacktool:Hacktool/Supervisor.A No desinfectado D:\Software Alejo 1\interactivo 1\interactivo 2\hacking\Ezines\Phrack\p43-11.phk[hack.exe]
Hacktool:Hacktool/Supervisor.A

con el kaspersky, y me arrojaron los siguientes resultados.

C:\Archivos de programa\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

C:\Archivos de programa\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

C:\Archivos de programa\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped

C:\Archivos de programa\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

C:\Documents and Settings\All Users\Datos de programa\Microsoft\Dr Watson\drwtsn32.log Object is locked skipped

C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Configuración local\Historial\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\pc\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\pc\Configuración local\Archivos temporales de Internet\Content.IE5\MD381WFE\ffa_dn[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped

C:\Documents and Settings\pc\Configuración local\Archivos temporales de Internet\Content.IE5\MD381WFE\nauj[1] Infected: Trojan.Win32.BHO.g skipped

C:\Documents and Settings\pc\Configuración local\Datos de programa\Ahead\Nero Home\bl.db Object is locked skipped

C:\Documents and Settings\pc\Configuración local\Datos de programa\Ahead\Nero Home\bl.db-journal Object is locked skipped

C:\Documents and Settings\pc\Configuración local\Datos de programa\Ahead\Nero Home\is2.db Object is locked skipped

C:\Documents and Settings\pc\Configuración local\Datos de programa\Ahead\Nero Home\is2.db-journal Object is locked skipped

C:\Documents and Settings\pc\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\pc\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\pc\Configuración local\Historial\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\pc\Configuración local\Historial\History.IE5\MSHist0120070611200706 12\index.dat Object is locked skipped

C:\Documents and Settings\pc\Configuración local\Temp\install\Setup.exe Infected: Trojan-Dropper.Win32.Mudrop.du skipped

C:\Documents and Settings\pc\Configuración local\Temp\~DF2A23.tmp Object is locked skipped

C:\Documents and Settings\pc\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\pc\Datos de programa\tmp2A.tmp.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped

C:\Documents and Settings\pc\Datos de programa\tmp648.tmp.exe Infected: Trojan.Win32.BHO.g skipped

C:\Documents and Settings\pc\Datos de programa\tmp649.tmp.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped

C:\Documents and Settings\pc\Datos de programa\tmpD.tmp.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped

C:\Documents and Settings\pc\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\pc\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Venturi2\Client\vent2.log Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{30EEF6A0-D489-4DCF-8DC1-5A0D2349215E}\RP229\A0052723.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped

C:\System Volume Information\_restore{30EEF6A0-D489-4DCF-8DC1-5A0D2349215E}\RP230\A0053398.exe Infected: Trojan.Win32.Agent.anr skipped

C:\System Volume Information\_restore{30EEF6A0-D489-4DCF-8DC1-5A0D2349215E}\RP230\A0053399.exe Infected: Trojan.Win32.BHO.g skipped

C:\System Volume Information\_restore{30EEF6A0-D489-4DCF-8DC1-5A0D2349215E}\RP230\A0053400.exe Infected: Trojan.Win32.Agent.anr skipped

C:\System Volume Information\_restore{30EEF6A0-D489-4DCF-8DC1-5A0D2349215E}\RP230\A0053401.exe Infected: Trojan.Win32.BHO.g skipped

C:\System Volume Information\_restore{30EEF6A0-D489-4DCF-8DC1-5A0D2349215E}\RP230\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\khebyx.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped

C:\WINDOWS\system32\config\OSession.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\spool\PRINTERS\FP00005.SHD Object is locked skipped

C:\WINDOWS\system32\spool\PRINTERS\FP00005.SPL Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_624.dat Object is locked skipped

C:\WINDOWS\Temp\spnserv.dat Object is locked skipped

C:\WINDOWS\Temp\spserv.dat Object is locked skipped

C:\WINDOWS\tutqqr.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\INTERNET\Control de ciber\servidor\consumib.dat Object is locked skipped

D:\Software Alejo 1\interactivo 1\interactivo 2\hacking\Ezines\raregazz\RareG007.zip/RAREGAZZ.ZIP/Virii.zip/CHKSYS.BAT Infected: Trojan.BAT.Godog skipped

D:\Software Alejo 1\interactivo 1\interactivo 2\hacking\Ezines\raregazz\RareG007.zip/RAREGAZZ.ZIP/Virii.zip Infected: Trojan.BAT.Godog skipped

D:\Software Alejo 1\interactivo 1\interactivo 2\hacking\Ezines\raregazz\RareG007.zip/RAREGAZZ.ZIP Infected: Trojan.BAT.Godog skipped

D:\Software Alejo 1\interactivo 1\interactivo 2\hacking\Ezines\raregazz\RareG007.zip ZIP: infected - 3 skipped

D:\Software Alejo 1\interactivo 1\interactivo 2\hacking\Ezines\raregazz\RareG016.zip/r16_08 Suspicious: Exploit.HTML.SecurityBreach.3 skipped

D:\Software Alejo 1\interactivo 1\interactivo 2\hacking\Ezines\raregazz\RareG016.zip ZIP: suspicious - 1 skipped

D:\Software Alejo 1\interactivo 1\interactivo 2\hacking\Ezines\uci\gilip01.htm Infected: not-virus:BadJoke.JS.Blinker skipped

D:\Software Alejo 1\interactivo 1\interactivo 2\hacking\Ezines\uci\gilipcrypt.htm Infected: not-virus:BadJoke.JS.Blinker skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

D:\System Volume Information\_restore{30EEF6A0-D489-4DCF-8DC1-5A0D2349215E}\RP230\change.log Object is locked skipped

Scan process completed.

Después les solicite que debía hacer, y segui todo el procedimiento de acuerdo a lo que me informaron; y los resultados obtenidos fueron los siguientes, con el hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 14:01:27, on 13/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

**LOG BORRADO**
**ZONA NO ADECUADA**

Con el Psguard obtuve los siguientes resultados:

DelPSGuard v 4.5.6
by www.ForoSpyware.com
Escaneo a las: 13:58:31,26, 13/06/2007
SO: Microsoft Windows XP [Versi¢n 5.1.2600]

»»»»»»»»»»»» Carpetas y Archivos infectados »»»»»»»»»»»»

»»»»»»»»»»»» Programas Malwares »»»»»»»»»»»»

»»»»»»»»»»»» FIN »»»»»»»»»»»»

Pero hasta el momento, veo que el equipo sigue presentando fallas, porque cuando ingreso a internet explorer, despuès de abrir alguna página, empiezan a abrirsen más paginas automaticamente sin darles autorización o sin abrirlas. e inicie el escaneo con el panda nuevamente y se queda suspendido y al parecer no inicia el proceso de escaneo.
Por favor ayudenme ya que no se que más hacerle al equipo. Muchas gracias.