 |
| |||||||
| Foro Oficial de HijackThis en español Analizamos tu log de HijackThis para eliminar Hijackers, Spyware, Adware, ToolBars, Virus, Troyanos y Malwares en gral. Antes lea las Políticas del Foro de HijackThis. |
 |
| | Herramientas |
 | 
26/09/06, 22:56:57
|  |
| |||
 gusano en mi correo tengo problemas con mi correo he ejecutado todos los antivirus y ninguno me lo elimina del hijachthis tengo lo siguiente: Logfile of HijackThis v1.99.1 Scan saved at 21:44:07, on 26-09-2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\ARCHIV~1\ARCHIV~1\Stardock\SDMCP.exe C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Archivos de programa\Eset\nod32krn.exe C:\Archivos de programa\PDF Complete\pdfsvc.exe C:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Archivos de programa\Analog Devices\SoundMAX\SMTray.exe C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Archivos de programa\PDF Complete\pdfsty.exe C:\Archivos de programa\D-Tools\daemon.exe C:\WINDOWS\system32\ctfmon.exe C:\Archivos de programa\Messenger\msmsgs.exe C:\Archivos de programa\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Archivos de programa\Internet Explorer\iexplore.exe C:\Archivos de programa\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [Smapp] C:\Archivos de programa\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [ATIPTA] C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [FRYMXINS] "C:\Archivos de programa\ATI Technologies\Fire GL 3D Studio Max\atiimxgl" O4 - HKLM\..\Run: [PDF Complete] "C:\Archivos de programa\PDF Complete\pdfsty.exe" O4 - HKLM\..\Run: [nod32kui] "C:\Archivos de programa\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Archivos de programa\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [TaskSwitchXP] C:\Archivos de programa\TaskSwitchXP\TaskSwitchXP.exe O4 - HKCU\..\Run: [googletalk] "C:\Archivos de programa\Google\Google Talk\googletalk.exe" /autostart O4 - Startup: Rainlendar.lnk = C:\Archivos de programa\Rainlendar\Rainlendar.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Archivos de programa\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe O12 - Plugin for .pdf: C:\Archivos de programa\Internet Explorer\PLUGINS\nppdf32.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} (dnlplayer Class) - http://www.digitalwebbooks.com/reader/dbplugin.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129933912000 O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://152.74.180.12/tsweb/msrdp.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{512D7FFD-ACDE-4AC4-9441-82D552A3B6D6}: NameServer = 152.74.180.2,200.27.2.2 O17 - HKLM\System\CS1\Services\Tcpip\..\{512D7FFD-ACDE-4AC4-9441-82D552A3B6D6}: NameServer = 152.74.180.2,200.27.2.2 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARCHIV~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: MCPClient - C:\ARCHIV~1\ARCHIV~1\Stardock\mcpstub.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Archivos de programa\Eset\nod32krn.exe O23 - Service: Oracle%ORACLE_HOME_SERVICE%ClientCache80 - Unknown owner - C:\ORANT\BIN\ONRSD80.EXE O23 - Service: Oraclehome_9iClientCache80 - Unknown owner - C:\ORANT9i\BIN\ONRSD80.EXE O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Archivos de programa\PDF Complete\pdfsvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm1 2.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe ejecute el panda y sale lo siguiente: Incident Status Location Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Profiles\default\vvj8ybef.slt\coo kies.txt[.atwola.com/] Virus:W32/Netsky.AE.worm Renamed C:\Respaldo COrreo 14-07-2006\Thunderbird\Profiles\u4qo2prb.default\Mail\at enea.ipvg.cl\Inbox[~0029911.~][message_scr.vir] Virus:W32/Netsky.AE.worm Renamed C:\Respaldo COrreo 14-07-2006\Thunderbird\Profiles\u4qo2prb.default\Mail\at enea.ipvg.cl\Inbox[~0032656.~][document_nfj_exe.vir] Virus:W32/Netsky.AE.worm Renamed C:\Thunderbird\Profiles\nfvgm6xi.default\Mail\200. 27.183.171\Inbox[~0029911.~][message_scr.vir] Virus:W32/Netsky.AE.worm Renamed C:\Thunderbird\Profiles\nfvgm6xi.default\Mail\200. 27.183.171\Inbox[~0032656.~][document_nfj_exe.vir] ejecute el karspersky y me sale esto KASPERSKY ONLINE SCANNER REPORT Tuesday, September 26, 2006 9:14:00 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 26/09/2006 Kaspersky Anti-Virus database records: 213389 Scan Settings Scan using the following antivirus database standard Scan Archives true Scan Mail Bases true Scan Target My Computer A:\ C:\ D:\ E:\ G:\ H:\ Scan Statistics Total number of scanned objects 98030 Number of viruses found 4 Number of infected objects 121 / 0 Number of suspicious objects 0 Duration of the scan process 11:21:31 Infected Object Name Virus Name Last Action C:\Documents and Settings\Administrador\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Administrador\Configuración local\Historial\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Administrador\Configuración local\Historial\History.IE5\MSHist0120060926200609 27\index.dat Object is locked skipped C:\Documents and Settings\Administrador\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Administrador\Datos de programa\Thunderbird\Profiles\e5nnpcj1.default\Mai l\200.27.183.171\Inbox/[From Viviana Tallia ][Date Fri, 07 Oct 2005 18:42:15 -0400]/UNNAMED/[From Pato Salazar ][Date Fri, 7 Oct 2005 20:22:09 -0400]/UNNAMED/[From "Sheraz" ][Date Fri, 09 Dec 2005 20:22:48 +0500]/text/[From "Bodega Gotcha" ][Date Mon, 12 Dec 2005 10:54:38 -0300]/UNNAMED/[From cecilia@atenea.ipvg.cl][Date Mon, 12 Dec 2005 15:23:42 GMT]/UNNAMED/mailtext.zip/File-packed_dataInfo_exe.VIR Infected: Email-Worm.Win32.Sober.y skipped C:\Documents and Settings\Administrador\Datos de programa\Thunderbird\Profiles\e5nnpcj1.default\Mai l\200.27.183.171\Inbox/[From Viviana Tallia ][Date Fri, 07 Oct 2005 18:42:15 -0400]/UNNAMED/[From Pato Salazar ][Date Fri, 7 Oct 2005 20:22:09 -0400]/UNNAMED/[From "Sheraz" ][Date Fri, 09 Dec 2005 20:22:48 +0500]/text/[From "Bodega Gotcha" ][Date Mon, 12 Dec 2005 10:54:38 -0300]/UNNAMED/[From cecilia@atenea.ipvg.cl][Date Mon, 12 Dec 2005 15:23:42 GMT]/UNNAMED/mailtext.zip Infected: Email-Worm.Win32.Sober.y skipped C:\Documents and Settings\Administrador\Datos de programa\Thunderbird\Profiles\e5nnpcj1.default\Mai l\200.27.183.171\Inbox/[From Viviana Tallia ][Date Fri, 07 Oct 2005 18:42:15 -0400]/UNNAMED/[From Pato Salazar ][Date Fri, 7 Oct 2005 20:22:09 -0400]/UNNAMED/[From "Sheraz" ][Date Fri, 09 Dec 2005 20:22:48 +0500]/text/[From "Bodega Gotcha" ][Date Mon, 12 Dec 2005 10:54:38 -0300]/UNNAMED/[From cecilia@atenea.ipvg.cl][Date Mon, 12 Dec 2005 15:23:42 GMT]/UNNAMED Infected: Email-Worm.Win32.Sober.y skipped C:\Documents and Settings\Administrador\Datos de programa\Thunderbird\Profiles\e5nnpcj1.default\Mai l\200.27.183.171\Inbox Mail Berkeley mbox: infected - 7 skipped C:\Documents and Settings\Administrador\Datos de programa\Thunderbird\Profiles\e5nnpcj1.default\Mai l\200.27.183.171\Inbox.sbd\Sportlife/[From =?iso-8859-1?Q?Ana_Maria_Ya=F1ez?= ][Date Thu, 28 Aug 2003 10:13:14 -0400]/UNNAMED/[From "Rene Marcelo Arriagada B." ][Date Wed, 03 Sep 2003 05:13:26 +0000]/UNNAMED/[From "Rene Marcelo Arriagada B." ][Date Fri, 05 Sep 2003 05:51:48 +0000]/UNNAMED/[From from quoted-printable to 8bit by atenea.ipvg.cl id h84DuwK094 ... /[From "Rene Marcelo Arriagada B." ][Date Thu, 30 Oct 2003 11:47:05 + ... /UNNAMED Infected: not-virus:BadJoke.Win32.Melter skipped C:\Documents and Settings\Administrador\Datos de programa\Thunderbird\Profiles\e5nnpcj1.default\Mai l\200.27.183.171\Inbox.sbd\Sportlife/[From =?iso-8859-1?Q?Ana_Maria_Ya=F1ez?= ][Date Thu, 28 Aug 2003 10:13:14 -0400]/UNNAMED/[From "Rene Marcelo Arriagada B." ][Date Wed, 03 Sep 2003 05:13:26 +0000]/UNNAMED/[From "Rene Marcelo Arriagada B." ][Date Fri, 05 Sep 2003 05:51:48 +0000]/UNNAMED/[From from quoted-printable to 8bit by atenea.ipvg.cl id h84DuwK094 ... /[From "Rene Marcelo Arriagada B." ][Date Thu, 30 Oct 2003 11:47:05 +0000]/UNNAMED Infected: not-virus:BadJoke.Win32.Melter skipped C:\Documents and Settings\Administrador\Datos de programa\Thunderbird\Profiles\e5nnpcj1.default\Mai l\200.27.183.171\Inbox.sbd\Sportlife/[From =?iso-8859-1?Q?Ana_Maria_Ya=F1ez?= ][Date Thu, 28 Aug 2003 10:13:14 -0400]/UNNAMED/[From "Rene Marcelo Arriagada B." ][Date Wed, 03 Sep 2003 05:13:26 +0000]/UNNAMED/[From "Rene Marcelo Arriagada B." ][Date Fri, 05 Sep 2003 05:51:48 +0000]/UNNAMED/[From from quoted-printable to 8bit by atenea.ipvg.cl id h84DuwK094 . ... /[From "Ortiz S, Natalia" ][Date Fri, 31 Oct 2003 09:49:51 -0400]/UNNAMED Infected: not-virus:BadJoke.Win32.Melter skipped C:\Documents and Settings\Administrador\Datos de programa\Thunderbird\Profiles\e5nnpcj1.default\Mai l\200.27.183.171\Inbox.sbd\Sportlife Mail Berkeley mbox: infected - 14 skipped C:\Documents and Settings\Administrador\ntuser.dat Object is locked skipped C:\Documents and Settings\Administrador\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Respaldo COrreo 14-07-2006\Thunderbird\Profiles\u4qo2prb.default\Mail\20 0.27.183.171\Inbox/[From Viviana Tallia ][Date Fri, 07 Oct 2005 18:42:15 -0400]/UNNAMED/[From Pato Salazar ][Date Fri, 7 Oct 2005 20:22:09 -0400]/UNNAMED/[From "Sheraz" ][Date Fri, 09 Dec 2005 20:22:48 +0500]/text/[From "Bodega Gotcha" ][Date Mon, 12 Dec 2005 10:54:38 -0300]/UNNAMED/[From cecilia@atenea.ipvg.cl][Date Mon, 12 Dec 2005 15:23:42 GMT]/UNNAMED/mailtext.zip/File-packed_dataInfo_exe.VIR Infected: Email-Worm.Win32.Sober.y skipped C:\Respaldo COrreo 14-07-2006\Thunderbird\Profiles\u4qo2prb.default\Mail\20 0.27.183.171\Inbox/[From Viviana Tallia ][Date Fri, 07 Oct 2005 18:42:15 -0400]/UNNAMED/[From Pato Salazar ][Date Fri, 7 Oct 2005 20:22:09 -0400]/UNNAMED/[From "Sheraz" ][Date Fri, 09 Dec 2005 20:22:48 +0500]/text/[From "Bodega Gotcha" ][Date Mon, 12 Dec 2005 10:54:38 -0300]/UNNAMED/[From cecilia@atenea.ipvg.cl][Date Mon, 12 Dec 2005 15:23:42 GMT]/UNNAMED/mailtext.zip Infected: Email-Worm.Win32.Sober.y skipped C:\Respaldo COrreo 14-07-2006\Thunderbird\Profiles\u4qo2prb.default\Mail\20 0.27.183.171\Inbox/[From Viviana Tallia ][Date Fri, 07 Oct 2005 18:42:15 -0400]/UNNAMED/[From Pato Salazar ][Date Fri, 7 Oct 2005 20:22:09 -0400]/UNNAMED/[From "Sheraz" ][Date Fri, 09 Dec 2005 20:22:48 +0500]/text/[From "Bodega Gotcha" ][Date Mon, 12 Dec 2005 10:54:38 -0300]/UNNAMED/[From cecilia@atenea.ipvg.cl][Date Mon, 12 Dec 2005 15:23:42 GMT]/UNNAMED Infected: Email-Worm.Win32.Sober.y skipped C:\Respaldo COrreo 14-07-2006\Thunderbird\Profiles\u4qo2prb.default\Mail\20 0.27.183.171\Inbox.sbd\Sportlife/[From =?iso-8859-1?Q?Ana_Maria_Ya=F1ez?= ][Date Thu, 28 Aug 2003 10:13:14 -0400]/UNNAMED/[From "Rene Marcelo Arriagada B." ][Date Wed, 03 Sep 2003 05:13:26 +0000]/UNNAMED/[From "Rene Marcelo Arriagada B." ][Date Fri, 05 Sep 2003 05:51:48 +0000]/UNNAMED/[From from quoted-printable to 8bit by atenea.ipvg.cl id h84DuwK094 ... /[From "Rene Marcelo Arriagada B." ][Date Thu, 30 Oct 2003 11:47:05 +0000]/UNNAMED Infected: not-virus:BadJoke.Win32.Melter skipped C:\Respaldo COrreo 14-07-2006\Thunderbird\Profiles\u4qo2prb.default\Mail\20 0.27.183.171\Inbox.sbd\Sportlife/[From =?iso-8859-1?Q?Ana_Maria_Ya=F1ez?= ][Date Thu, 28 Aug 2003 10:13:14 -0400]/UNNAMED/[From "Rene Marcelo Arriagada B." ][Date Wed, 03 Sep 2003 05:13:26 +0000]/UNNAMED/[From "Rene Marcelo Arriagada B." ][Date Fri, 05 Sep 2003 05:51:48 +0000]/UNNAMED/[From from quoted-printable to 8bit by atenea.ipvg.cl id h84DuwK094 . ... /[From "Ortiz S, Natalia" ][Date Fri, 31 Oct 2003 09:49:51 -0400]/UNNAMED Infected: not-virus:BadJoke.Win32.Melter skipped C:\Respaldo COrreo 14-07-2006\Thunderbird\Profiles\u4qo2prb.default\Mail\20 0.27.183.171\Inbox.sbd\Sportlife Mail Berkeley mbox: infected - 14 skipped C:\Respaldo COrreo 14-07-2006\Thunderbird\Profiles\u4qo2prb.default\Mail\at enea.ipvg.cl\Inbox/[From Andreas Polymeris ][Date Thu, 17 Aug 2000 10:05:15 -0400]/text/[From "Gustavo A. Donoso M." ][Date Fri, 18 Aug 2000 12:50:46 -0500]/text/[From from quoted-printable to 8bit by atenea.ipvg.cl id QAA16825][Date Mon, 21 Aug 2000 16:35:50 -0400]/text/[From from quoted-printable to 8bit by atenea.ipvg.cl id GAA25021][Date Wed, 15 Nov ... /[From Yso-885 ... /[From "Eduardo Mendez O." ][Date Thu, 26 Jul 2001 17  02 GMT]/UNNAMED Infected: Email-Worm.Win32.Magistr.a skipped C:\Respaldo COrreo 14-07-2006\Thunderbird\Profiles\u4qo2prb.default\Mail\at enea.ipvg.cl\Inbox/[From Andreas Polymeris ][Date Thu, 17 Aug 2000 10:05:15 -0400]/text/[From "Gustavo A. Donoso M." ][Date Fri, 18 Aug 2000 12:50:46 -0500]/text/[From from quoted-printable to 8bit by atenea.ipvg.cl id QAA16825][Date Mon, 21 Aug 2000 16:35:50 -0400]/text/[From from quoted-printable to 8bit by atenea.ipvg.cl id GAA25021][Date Wed, 15 Nov 2 . ... /[From from quot ... /[From Ennio Pereira ][Date Thu, 26 Jul 2001 11:36:30 -0500]/text Infected: Email-Worm.Win32.Magistr.a skipped C:\Respaldo COrreo 14-07-2006\Thunderbird\Profiles\u4qo2prb.default\Mail\at enea.ipvg.cl\Inbox/[From Andreas Polymeris ][Date Thu, 17 Aug 2000 10:05:15 -0400]/text/[From "Gustavo A. Donoso M." ][Date Fri, 18 Aug 2000 12:50:46 -0500]/text/[From from quoted-printable to 8bit by atenea.ipvg.cl id QAA16825][Date Mon, 21 Aug 2000 16:35:50 -0400]/text/[From from quoted-printable to 8bit by atenea.ipvg.cl id GAA25021][Date Wed, 15 Nov 2 . ... /[From from quoted-printable to 8bit by atenea.ipvg.cl id UAA18807][Date Wed, 25 Jul 2001 22:27:59 GMT]/text Infected: Email-Worm.Win32.Magistr.a skipped C:\Respaldo COrreo 14-07-2006\Thunderbird\Profiles\u4qo2prb.default\Mail\at enea.ipvg.cl\Inbox/[From Andreas Polymeris ][Date Thu, 17 Aug 2000 10:05:15 -0400]/text/[From "Gustavo A. Donoso M." ][Date Fri, 18 Aug 2000 12:50:46 -0500]/text/[From from quoted-printable to 8bit by atenea.ipvg.cl id QAA16825][Date Mon, 21 Aug 2000 16:35:50 -0400]/text/[From from quoted-printable to 8bit by atenea.ipvg.cl id GAA25021][Date Wed, 15 Nov 2000 ... /[From "C ... /[From "lorena gonzalez"][Date Sat, 21 Jul 2001 11:31:04 -0400]/UNNAMED Infected: Email-Worm.Win32.Magistr.a skipped C:\Respaldo COrreo 14-07-2006\Thunderbird\Profiles\u4qo2prb.default\Mail\at enea.ipvg.cl\Inbox/[From Andreas Polymeris ][Date Thu, 17 Aug 2000 10:05:15 -0400]/text/[From "Gustavo A. Donoso M." ][Date Fri, 18 Aug 2000 12:50:46 -0500]/text/[From from quoted-printable to 8bit by atenea.ipvg.cl id QAA16825][Date Mon, 21 Aug 2000 16:35:50 -0400]/text/[From from quoted-printable to 8bit by atenea.ipvg.cl id GAA25021][Date Wed, 15 Nov 2000 12: ... /[From Yso-8859-1?Q?Marcela_Zuñiga?][Date Tue, 17 Jul 2001 20:50:25 -0400]/text Infected: Email-Worm.Win32.Magistr.a skipped C:\Respaldo COrreo 14-07-2006\Thunderbird\Profiles\u4qo2prb.default\Mail\at enea.ipvg.cl\Inbox/[From Andreas Polymeris ][Date Thu, 17 Aug 2000 10:05:15 -0400]/text/[From "Gustavo A. Donoso M." ][Date Fri, 18 Aug 2000 12:50:46 -0500]/text/[From from quoted-printable to 8bit by atenea.ipvg.cl id QAA16825][Date Mon, 21 Aug 2000 16:35:50 -0400]/text/[From from quoted-printable to 8bit by atenea.ipvg.cl id i471nXi05584][Date Thu, 22 Apr ... ... /[From Mail Delivery S ... /[From cecilia@atenea.ipvg.cl][Date Mon, 17 May 2004 16:59:14 - ... /UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped C:\Respaldo COrreo 14-07-2006\Thunderbird\Profiles\u4qo2prb.default\Mail\at enea.ipvg.cl\Inbox/[From Andreas Polymeris ][Date Thu, 17 Aug 2000 10:05:15 -0400]/text/[From "Gustavo A. Donoso M." ][Date Fri, 18 Aug 2000 12:50:46 -0500]/text/[From from quoted-printable to 8bit by atenea.ipvg.cl id QAA16825][Date Mon, 21 Aug 2000 16:35:50 -0400]/text/[From from quoted-printable to 8bit by atenea.ipvg.cl id i471nXi05584][Date Thu, 22 Apr ... ... /[From Mail Delivery S ... /[From cecilia@atenea.ipvg.cl][Date Mon, 17 May 2004 16:59:14 -0400]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped C:\Respaldo COrreo 14-07-2006\Thunderbird\Profiles\u4qo2prb.default\Mail\at enea.ipvg.cl\Inbox/[From Andreas Polymeris ][Date Thu, 17 Aug 2000 10:05:15 -0400]/text/[From "Gustavo A. Donoso M." ][Date Fri, 18 Aug 2000 12:50:46 -0500]/text/[From from quoted-printable to 8bit by atenea.ipvg.cl id QAA16825][Date Mon, 21 Aug 2000 16:35:50 -0400]/text/[From from quoted-printable to 8bit by atenea.ipvg.cl id i471nXi05584][Date Thu, 22 Apr ... ... /[From Mail Delivery Service ][Date Mon, 10 May 2004 12:59:33 -0400]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped C:\Respaldo COrreo 14-07-2006\Thunderbird\Profiles\u4qo2prb.default\Mail\at enea.ipvg.cl\Inbox/[From Andreas Polymeris ][Date Thu, 17 Aug 2000 10:05:15 -0400]/text/[From "Gustavo A. Donoso M." ][Date Fri, 18 Aug 2000 12:50:46 -0500]/text/[From from quoted-printable to 8bit by atenea.ipvg.cl id QAA16825][Date Mon, 21 Aug 2000 16:35:50 -0400]/text/[From from quoted-printable to 8bit by atenea.ipvg.cl id i471nXi05584][Date Thu, 22 Apr 2 ... /[From "" <5.1.0.14.0.200 ... /[From f.torron@codetel.net.do][Date Sat, 8 May 2004 10:59:42 +0200]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped C:\Respaldo COrreo 14-07-2006\Thunderbird\Profiles\u4qo2prb.default\Mail\at enea.ipvg.cl\Inbox/[From Andreas Polymeris ][Date Thu, 17 Aug 2000 10:05:15 -0400]/text/[From "Gustavo A. Donoso M." ][Date Fri, 18 Aug 2000 12:50:46 -0500]/text Infected: Email-Worm.Win32.NetSky.q skipped C:\Respaldo COrreo 14-07-2006\Thunderbird\Profiles\u4qo2prb.default\Mail\at enea.ipvg.cl\Inbox/[From Andreas Polymeris ][Date Thu, 17 Aug 2000 10:05:15 -0400]/text Infected: Email-Worm.Win32.NetSky.q skipped C:\Respaldo COrreo 14-07-2006\Thunderbird\Profiles\u4qo2prb.default\Mail\at enea.ipvg.cl\Inbox Mail Berkeley mbox: infected - 29 skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\tracking.log Object is locked skipped C:\Thunderbird\Profiles\nfvgm6xi.default\Mail\200. 27.183.171\Inbox/[From Andreas Polymeris ][Date Thu, 17 Aug 2000 10:05:15 -0400]/text/[From "Gustavo A. Donoso M." ][Date Fri, 18 Aug 2000 12:50:46 -0500]/text/[From from quoted-printable to 8bit by atenea.ipvg.cl id QAA16825][Date Mon, 21 Aug 2000 16:35:50 -0400]/text/[From from quoted-printable to 8bit by atenea.ipvg.cl id GAA25021][Date Wed, 15 Nov ... /[From Yso-885 ... /[From "Eduardo Mendez O." ][Date Thu, 26 Jul 2001 17 02 GMT]/UNNAMED Infected: Email-Worm.Win32.Magistr.a skipped C:\Thunderbird\Profiles\nfvgm6xi.default\Mail\200. 27.183.171\Inbox/[From Andreas Polymeris ][Date Thu, 17 Aug 2000 10:05:15 -0400]/text/[From "Gustavo A. Donoso M." ][Date Fri, 18 Aug 2000 12:50:46 -0500]/text/[From from quoted-printable to 8bit by atenea.ipvg.cl id QAA16825][Date Mon, 21 Aug 2000 16:35:50 -0400]/text/[From from quoted-printable to 8bit by atenea.ipvg.cl id GAA25021][Date Wed, 15 Nov ... /[From Yso-8859-1?Q?Mónica_Román_Gallegos?][Date Thu, 26 Jul 2001 16:51:00 -0400]/UNNAMED Infected: Email-Worm.Win32.Magistr.a skipped C:\Thunderbird\Profiles\nfvgm6xi.default\Mail\200. 27.183.171\Inbox/[From Andreas Polymeris ][Date Thu, 17 Aug 2000 10:05:15 -0400]/text/[From "Gustavo A. Donoso M." ][Date Fri, 18 Aug 2000 12:50:46 -0500]/text/[From from quoted-printable to 8bit by atenea.ipvg.cl id QAA16825][Date Mon, 21 Aug 2000 16:35:50 -0400]/text/[From from quoted-printable to 8bit by atenea.ipvg.cl id GAA25021][Date Wed, 15 Nov 2 . ... /[From Mail Delivery Subsystem ][Date Wed, 25 Jul 2001 14:33:29 -0600]/UNNAMED Infected: Email-Worm.Win32.Magistr.a skipped C:\Thunderbird\Profiles\nfvgm6xi.default\Mail\200. 27.183.171\Inbox/[From Andreas Polymeris ][Date Thu, 17 Aug 2000 10:05:15 -0400]/text/[From "Gustavo A. Donoso M." ][Date Fri, 18 Aug 2000 12:50:46 -0500]/text/[From from quoted-printable to 8bit by atenea.ipvg.cl id QAA16825][Date Mon, 21 Aug 2000 16:35:50 -0400]/text/[From from quoted-printable to 8bit by atenea.ipvg.cl id GAA25021][Date Wed, 15 Nov 2 . ... /[From "Marcelo ... /[From etf-8?Q?Jeanette_Miño?][Date Wed, 25 Jul 2001 08:34:27 -0300]/text Infected: Email-Worm.Win32.Magistr.a skipped C:\Thunderbird\Profiles\nfvgm6xi.default\Mail\200. 27.183.171\Inbox/[From Andreas Polymeris ][Date Thu, 17 Aug 2000 10:05:15 -0400]/text/[From "Gustavo A. Donoso M." ][Date Fri, 18 Aug 2000 12:50:46 -0500]/text/[From from quoted-printable to 8bit by atenea.ipvg.cl id QAA16825][Date Mon, 21 Aug 2000 16:35:50 -0400]/text/[From from quoted-printable to 8bit by atenea.ipvg.cl id GAA25021][Date Wed, 15 Nov 200 ... /[From "Marcelo Andres Ramos Bout" ][Date Sat, 21 Jul 2001 21 39 -0400]/html Infected: Email-Worm.Win32.Magistr.a skipped C:\Thunderbird\Profiles\nfvgm6xi.default\Mail\200. 27.183.171\Inbox/[From Andreas Polymeris ][Date Thu, 17 Aug 2000 10:05:15 -0400]/text/[From "Gustavo A. Donoso M." ][Date Fri, 18 Aug 2000 12:50:46 -0500]/text/[From from quoted-printable to 8bit by atenea.ipvg.cl id QAA16825][Date Mon, 21 Aug 2000 16:35:50 -0400]/text/[From from quoted-printable to 8bit by atenea.ipvg.cl id i471nXi05584][Date Thu, 22 Apr ... ... /[From Mail Delivery S ... /[From cecilia@atenea.ipvg.cl][Date Mon, 17 May 2004 16:59:14 - ... /UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped C:\Thunderbird\Profiles\nfvgm6xi.default\Mail\200. 27.183.171\Inbox/[From Andreas Polymeris ][Date Thu, 17 Aug 2000 10:05:15 -0400]/text/[From "Gustavo A. Donoso M." ][Date Fri, 18 Aug 2000 12:50:46 -0500]/text/[From from quoted-printable to 8bit by atenea.ipvg.cl id QAA16825][Date Mon, 21 Aug 2000 16:35:50 -0400]/text/[From from quoted-printable to 8bit by atenea.ipvg.cl id i471nXi05584][Date Thu, 22 Apr ... ... /[From Mail Delivery S ... /[From cecilia@atenea.ipvg.cl][Date Mon, 17 May 2004 16:59:14 -0400]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped C:\Thunderbird\Profiles\nfvgm6xi.default\Mail\200. 27.183.171\Inbox/[From Andreas Polymeris ][Date Thu, 17 Aug 2000 10:05:15 -0400]/text/[From "Gustavo A. Donoso M." ][Date Fri, 18 Aug 2000 12:50:46 -0500]/text/[From from quoted-printable to 8bit by atenea.ipvg.cl id QAA16825][Date Mon, 21 Aug 2000 16:35:50 -0400]/text/[From from quoted-printable to 8bit by atenea.ipvg.cl id i471nXi05584][Date Thu, 22 Apr ... ... /[From Mail Delivery Service ][Date Mon, 10 May 2004 12:59:33 -0400]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped C:\Thunderbird\Profiles\nfvgm6xi.default\Mail\200. 27.183.171\Inbox/[From Andreas Polymeris ][Date Thu, 17 Aug 2000 10:05:15 -0400]/text/[From "Gustavo A. Donoso M." ][Date Fri, 18 Aug 2000 12:50:46 -0500]/text/[From from quoted-printable to 8bit by atenea.ipvg.cl id QAA16825][Date Mon, 21 Aug 2000 16:35:50 -0400]/text/[From from quoted-printable to 8bit by atenea.ipvg.cl id i471nXi05584][Date Thu, 22 Apr 2004 16:07:08 -0400]/text Infected: Email-Worm.Win32.NetSky.q skipped C:\Thunderbird\Profiles\nfvgm6xi.default\Mail\200. 27.183.171\Inbox/[From Andreas Polymeris ][Date Thu, 17 Aug 2000 10:05:15 -0400]/text Infected: Email-Worm.Win32.NetSky.q skipped C:\Thunderbird\Profiles\nfvgm6xi.default\Mail\200. 27.183.171\Inbox Mail Berkeley mbox: infected - 29 skipped C:\Thunderbird\Profiles\nfvgm6xi.default\Mail\200. 27.183.171\Inbox.sbd\Sportlife/[From =?iso-8859-1?Q?Ana_Maria_Ya=F1ez?= ][Date Thu, 28 Aug 2003 10:13:14 -0400]/UNNAMED/[From "Rene Marcelo Arriagada B." ][Date Wed, 03 Sep 2003 05:13:26 +0000]/UNNAMED/[From "Rene Marcelo Arriagada B." ][Date Fri, 05 Sep 2003 05:51:48 +0000]/UNNAMED/[From from quoted-printable to 8bit by atenea.ipvg.cl id h84DuwK094 ... /[From "Rene Marcelo Arriagada B." ][Date Thu, 30 Oct 2003 11:47:05 + ... /UNNAMED Infected: not-virus:BadJoke.Win32.Melter skipped C:\Thunderbird\Profiles\nfvgm6xi.default\Mail\200. 27.183.171\Inbox.sbd\Sportlife/[From =?iso-8859-1?Q?Ana_Maria_Ya=F1ez?= ][Date Thu, 28 Aug 2003 10:13:14 -0400]/UNNAMED/[From "Rene Marcelo Arriagada B." ][Date Wed, 03 Sep 2003 05:13:26 +0000]/UNNAMED/[From "Rene Marcelo Arriagada B." ][Date Fri, 05 Sep 2003 05:51:48 +0000]/UNNAMED/[From from quoted-printable to 8bit by atenea.ipvg.cl id h84DuwK094 ... /[From "Rene Marcelo Arriagada B." ][Date Thu, 30 Oct 2003 11:47:05 +0000]/UNNAMED Infected: not-virus:BadJoke.Win32.Melter skipped C:\Thunderbird\Profiles\nfvgm6xi.default\Mail\200. 27.183.171\Inbox.sbd\Sportlife/[From =?iso-8859-1?Q?Ana_Maria_Ya=F1ez?= ][Date Thu, 28 Aug 2003 10:13:14 -0400]/UNNAMED/[From "Rene Marcelo Arriagada B." ][Date Wed, 03 Sep 2003 05:13:26 +0000]/UNNAMED Infected: not-virus:BadJoke.Win32.Melter skipped C:\Thunderbird\Profiles\nfvgm6xi.default\Mail\200. 27.183.171\Inbox.sbd\Sportlife/[From =?iso-8859-1?Q?Ana_Maria_Ya=F1ez?= ][Date Thu, 28 Aug 2003 10:13:14 -0400]/UNNAMED Infected: not-virus:BadJoke.Win32.Melter skipped C:\Thunderbird\Profiles\nfvgm6xi.default\Mail\200. 27.183.171\Inbox.sbd\Sportlife Mail Berkeley mbox: infected - 14 skipped C:\WINDOWS\CSC\00000001 Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.log Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.log Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.log Object is locked skipped C:\WINDOWS\system32\drivers\atapi.sys Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped Scan process completed. Borre algunos del reporte porque no me alcanzan en el mensaje..... que puedo hacer? se me borran mis correos cuando los quiero ver... o se me cruzan     |
|
27/09/06, 09:19:50
| |
| ||||
| Re: gusano en mi correo Hola bienvenido al foro El log no muesta nada, pero los reportes online muestran algo que parece un correo electronico infectado. Busca y elimina estos archivos con el KillBox, usando la opcion delete on reboot. C:\Documents and Settings\Administrador\Datos de programa\Thunderbird\Profiles\e5nnpcj1.default\Mai l\200.27.183.171\ La Carpeta si no es importante o todo su contenido. Si no se deja haslo desde Modo Seguro Luego le pasas:
Saludos  Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog * Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando. * Para evitar Virus y Spywares al navegar por internet, USE FIREFOX !! * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro. |
|
27/09/06, 11:22:51
| |
| |||
| Re: gusano en mi correo Lo que pasa es que esa carpeta si es importante ... está mi correo de mi trabajo... si la pierdo.. pierdo demasiado... ese es mi problema... todo lo otro ya lo había hecho... ad-ware, reg seeker y disk cleaner |
|
« Tema Anterior
|
Próximo Tema »
| Herramientas | |
|
|
| 
Temas Similares | |
| Tema | Autor | Foro | Respuestas | Último mensaje |
| "Botnets como herramientas de fraude en sistemas de pago por click" | kontainer | Últimas Noticias | 0 | 17/05/06 22:16:39 |
| problemas con mi pc en general (Solucionado) | Momets | Temas Solucionados | 5 | 30/03/06 21:54:23 |
| Entran miles de correo en mi cuenta. (Solucionado) | ¦David¦ | Temas Solucionados | 6 | 26/02/06 20:14:10 |
| 540filost.com y demás problemas en mi PC... (Solucionado) | ele_icequeen | Temas Solucionados | 10 | 31/01/06 05:14:19 |
| mi windows XP tarda mucho en iniciar (dejo mi Logfile of HijackThis) | princesa_Ameria | Foro Oficial de HijackThis en español | 19 | 21/10/05 23:18:01 |
Todas las horas son GMT -4. La hora es 06:08:15.
