• Registrarse
  • Iniciar sesión


  • Resultados 1 al 10 de 10

    Internet explorer se abre solo con pagina de publicidad(china)

    Resumen del tema: Internet explorer se abre solo con pagina de publicidad(china) - Que tal, tengo un problema desde hace ya varios dias... cada media hora se abre internet explorer con un pagina de publicidad, y sinceramente esto me dificulta mucho porque juego online y cuando esto pasa ...

      
    1. #1
      Usuario Avatar de ale9007
      Registrado
      mar 2008
      Ubicación
      panama
      Mensajes
      7

      Internet explorer se abre solo con pagina de publicidad(china)

      Que tal, tengo un problema desde hace ya varios dias... cada media hora se abre internet explorer con un pagina de publicidad, y sinceramente esto me dificulta mucho porque juego online y cuando esto pasa la conexion se me va del juego.. ya he pasado varios antispywares y no me detectan nada, agradeceria que me pudieran ayudar

      Aqui el log de hijack:

      Scan saved at 10:53:52 PM, on 4/15/2010
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Unable to get Internet Explorer version!
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
      C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
      C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Unlocker\UnlockerAssistant.exe
      C:\WINDOWS\ehome\ehtray.exe
      C:\Program Files\Apoint\Apoint.exe
      C:\WINDOWS\system32\igfxpers.exe
      C:\WINDOWS\system32\igfxsrvc.exe
      C:\Program Files\DivX\DivX Update\DivXUpdate.exe
      C:\WINDOWS\system32\CDC4D0\47D352.EXE
      C:\Program Files\Windows Sidebar\sidebar.exe
      C:\Program Files\Apoint\Apntex.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Pando Networks\Media Booster\PMB.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
      C:\Program Files\SpyCatcher\Scheduler daemon.exe
      C:\WINDOWS\system32\wuauolts.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\cisvc.exe
      C:\WINDOWS\eHome\ehRecvr.exe
      C:\WINDOWS\eHome\ehSched.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
      C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
      C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
      C:\WINDOWS\system32\dllhost.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\Program Files\Windows Sidebar\sidebar.exe
      C:\Program Files\Windows Sidebar\sidebar.exe
      C:\DOCUME~1\Felipe\LOCALS~1\Temp\SSUPDATE.EXE
      C:\WINDOWS\eHome\ehmsas.exe
      C:\Program Files\RocketDock\RocketDock.exe
      C:\Program Files\mIRC\mirc.exe
      C:\WINDOWS\system32\cidaemon.exe
      C:\WINDOWS\system32\cidaemon.exe
      C:\WINDOWS\system32\36FAE6\WL7F65E2.EXE
      C:\WINDOWS\system32\36FAE6\QB83F71E.EXE
      C:\Program Files\Ares\Ares.exe
      C:\Documents and Settings\Felipe\Desktop\OnlinePatcher10.exe
      C:\Documents and Settings\Felipe\Desktop\Soccerbot2010.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Program Files\Windows Live\Contacts\wlcomm.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\EA Sports\FIFA 10\FIFA10.exe
      C:\WINDOWS\system32\msiexec.exe
      C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2546324
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R3 - URLSearchHook: contadorvisitas Toolbar - {eaafd3e7-1bcc-4f58-9300-071ef858c219} - C:\Program Files\contadorvisitas\tbcont.dll
      O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
      O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
      O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O2 - BHO: contadorvisitas Toolbar - {eaafd3e7-1bcc-4f58-9300-071ef858c219} - C:\Program Files\contadorvisitas\tbcont.dll
      O2 - BHO: TBSB08993 - {FD4E08F0-3DE7-4014-99C9-A84E5A99A2AD} - C:\Program Files\HyperCam Toolbar\tbcore3.dll
      O3 - Toolbar: HyperCam Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll
      O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll
      O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
      O3 - Toolbar: contadorvisitas Toolbar - {eaafd3e7-1bcc-4f58-9300-071ef858c219} - C:\Program Files\contadorvisitas\tbcont.dll
      O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe -H
      O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
      O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
      O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
      O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
      O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
      O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
      O4 - HKLM\..\Run: [47D352] C:\WINDOWS\system32\CDC4D0\47D352.EXE
      O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
      O4 - HKLM\..\Run: [GhostSurfDelSatellite] "C:\Program Files\SpyCatcher\DeleteSatellite.exe"
      O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
      O4 - Startup: 47D352.lnk = C:\WINDOWS\system32\CDC4D0\47D352.EXE
      O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe
      O4 - Global Startup: fgahu.lnk = C:\Program Files\mosss.exe
      O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
      O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
      O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
      O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll/206 (file missing)
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
      O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O13 - Gopher Prefix:
      O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
      O16 - DPF: {15075194-6A1F-4F5A-8182-0FA84851E571} (GCCenterLauncherControl Control) - http://juegos.etb.net.co/GCCenter/GCCenterLauncher.cab
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
      O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
      O20 - Winlogon Notify: RelevantKnowledge - C:\Program Files\RelevantKnowledge\rlls.dll
      O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
      O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
      O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
      O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
      O23 - Service: Google Update Service (gupdate1ca0ed88649c7ec) (gupdate1ca0ed88649c7ec) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
      O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
      O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Program Files\MATLAB71\webserver\bin\win32\matlabserver.exe (file missing)
      O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
      O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
      O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
      O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
      O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

      --
      End of file - 11901 bytes


      De antemano, gracias y saludos.

    2. #2
      Usuario Avatar de roadbear
      Registrado
      nov 2009
      Ubicación
      La Serena, Chile
      Mensajes
      2

      Re: Internet explorer se abre solo con pagina de publicidad(china)

      amigo, eso es un virus... es mas o menos potente, intenta instalando Nod32 y luego repasas con CCleaner para borrar cualquier rastro que pudiera quedar del virus despues que corras el Nod32.

      espero haberte sido de ayuda.

    3. #3
      Moderador Gral.
      Avatar de Firewall
      Registrado
      ene 2007
      Ubicación
      Portugal
      Mensajes
      21.456

      Re: Internet explorer se abre solo con pagina de publicidad(china)

      Con todos los programas cerrados ejecuta el HijackThis y dale a estas entradas:

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2546324
      R3 - URLSearchHook: contadorvisitas Toolbar - {eaafd3e7-1bcc-4f58-9300-071ef858c219} - C:\Program Files\contadorvisitas\tbcont.dll
      O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
      O2 - BHO: contadorvisitas Toolbar - {eaafd3e7-1bcc-4f58-9300-071ef858c219} - C:\Program Files\contadorvisitas\tbcont.dll
      O2 - BHO: TBSB08993 - {FD4E08F0-3DE7-4014-99C9-A84E5A99A2AD} - C:\Program Files\HyperCam Toolbar\tbcore3.dll
      O3 - Toolbar: HyperCam Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll
      O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll
      O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
      O3 - Toolbar: contadorvisitas Toolbar - {eaafd3e7-1bcc-4f58-9300-071ef858c219} - C:\Program Files\contadorvisitas\tbcont.dll
      O4 - HKLM\..\Run: [47D352] C:\WINDOWS\system32\CDC4D0\47D352.EXE
      O4 - HKLM\..\Run: [GhostSurfDelSatellite] "C:\Program Files\SpyCatcher\DeleteSatellite.exe
      O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll/206 (file missing)
      O20 - Winlogon Notify: RelevantKnowledge - C:\Program Files\RelevantKnowledge\rlls.dll


      Luego decarga y ejecuta MalwareByte's Antimalware y analiza el equipo completamente, eliminando todo lo que encuentre.

      Me pegas los resultados y me comentas como sigue el equipo.

      Blog | Antivirus Online | Eliminar Malwares | Antivirus Gratis

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    4. #4
      Usuario Avatar de ale9007
      Registrado
      mar 2008
      Ubicación
      panama
      Mensajes
      7

      Re: Internet explorer se abre solo con pagina de publicidad(china)

      Que tal , disculpa la demora pero el scann duro alrededor de 1:30..tambien hice lo del checked

      Aqui el reporte:

      Malwarebytes' Anti-Malware 1.44
      Versión de la Base de Datos: 3663
      Windows 5.1.2600 Service Pack 3
      Internet Explorer 8.0.6001.18702

      4/16/2010 1:25:13 AM
      mbam-log-2010-04-16 (01-25-13).txt

      Tipo de examen : Examen Completo (C:\|)
      Objetos examinados: 234920
      Tiempo transcurrido: 1 hour(s), 26 minute(s), 30 second(s)

      Procesos en Memoria Infectados: 0
      Módulos en Memoria Infectados: 3
      Claves del Registro Infectadas: 47
      Valores del Registro Infectados: 1
      Elementos de Datos del Registro Infectados: 1
      Carpetas Infectadas: 3
      Ficheros Infectados: 18

      Procesos en Memoria Infectados:
      (No se han detectado elementos maliciosos)

      Módulos en Memoria Infectados:
      C:\Program Files\RelevantKnowledge\MSVCR71.DLL (Spyware.MarketScore) -> Delete on reboot.
      C:\Program Files\RelevantKnowledge\rlls.dll (Spyware.MarketScore) -> Delete on reboot.
      C:\Program Files\RelevantKnowledge\components\rlxg.dll (Spyware.MarketScore) -> Delete on reboot.

      Claves del Registro Infectadas:
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DSMain.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMailMon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFWSvc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFW.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rav.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMonD.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavStub.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTask.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d08d9f98-1c78-4704-87e6-368b0023d831} (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safebox.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsynmgr.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccregvfy.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fyfirewall.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavplus.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpopmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kwatchui.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npfmntor.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ravtimer.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwmain.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rsmain.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rsnetsvr.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstray.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rtvscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeboxtray.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scanfrm.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trojdie.kxp (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vptray.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vshwin32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsstat.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webscanx.exe (Security.Hijack) -> Quarantined and deleted successfully.

      Valores del Registro Infectados:
      HKEY_CLASSES_ROOT\exefile\nevershowext (Trojan.Autorun) -> Quarantined and deleted successfully.

      Elementos de Datos del Registro Infectados:
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

      Carpetas Infectadas:
      C:\Program Files\RelevantKnowledge (Spyware.MarketScore) -> Delete on reboot.
      C:\Program Files\RelevantKnowledge\components (Spyware.MarketScore) -> Quarantined and deleted successfully.
      C:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge (Spyware.MarketScore) -> Quarantined and deleted successfully.

      Ficheros Infectados:
      C:\WINDOWS\system32\36FAE6\RegEx.fnr (Worm.AutoRun) -> Quarantined and deleted successfully.
      C:\Program Files\RelevantKnowledge\chrome.manifest (Spyware.MarketScore) -> Quarantined and deleted successfully.
      C:\Program Files\RelevantKnowledge\install.rdf (Spyware.MarketScore) -> Quarantined and deleted successfully.
      C:\Program Files\RelevantKnowledge\MSVCP71.DLL (Spyware.MarketScore) -> Delete on reboot.
      C:\Program Files\RelevantKnowledge\MSVCR71.DLL (Spyware.MarketScore) -> Delete on reboot.
      C:\Program Files\RelevantKnowledge\rlls.dll (Spyware.MarketScore) -> Delete on reboot.
      C:\Program Files\RelevantKnowledge\rlls64.dll (Spyware.MarketScore) -> Quarantined and deleted successfully.
      C:\Program Files\RelevantKnowledge\rloci.bin (Spyware.MarketScore) -> Quarantined and deleted successfully.
      C:\Program Files\RelevantKnowledge\rlph.dll (Spyware.MarketScore) -> Quarantined and deleted successfully.
      C:\Program Files\RelevantKnowledge\rlservice.exe (Spyware.MarketScore) -> Quarantined and deleted successfully.
      C:\Program Files\RelevantKnowledge\rlvknlg.exe (Spyware.MarketScore) -> Quarantined and deleted successfully.
      C:\Program Files\RelevantKnowledge\rlvknlg64.exe (Spyware.MarketScore) -> Quarantined and deleted successfully.
      C:\Program Files\RelevantKnowledge\rlxf.dll (Spyware.MarketScore) -> Quarantined and deleted successfully.
      C:\Program Files\RelevantKnowledge\components\rlxg.dll (Spyware.MarketScore) -> Quarantined and deleted successfully.
      C:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
      C:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
      C:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge\Support.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
      C:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.


      Gracias por la ayuda.

    5. #5
      Usuario Avatar de ale9007
      Registrado
      mar 2008
      Ubicación
      panama
      Mensajes
      7

      Re: Internet explorer se abre solo con pagina de publicidad(china)

      Bueno hoy me he levantado y para sorpresa mia luego de pasarle el malware anty-spyware me sale la misma pagina de publicidad apenas inicie mi pc aqui la imagen



    6. #6
      Moderador Gral.
      Avatar de Firewall
      Registrado
      ene 2007
      Ubicación
      Portugal
      Mensajes
      21.456

      Re: Internet explorer se abre solo con pagina de publicidad(china)

      Quiero que vayas a agregar y quitar programas y desintales todas las toolbares que tengas de cuanlquier tipo, luego pasa de nuevo el Malwarebytes' Anti-Malware con la base de datos actualizada reinicia y me pegas un nuevo log de HJ.

      Blog | Antivirus Online | Eliminar Malwares | Antivirus Gratis

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    7. #7
      Usuario Avatar de ale9007
      Registrado
      mar 2008
      Ubicación
      panama
      Mensajes
      7

      Re: Internet explorer se abre solo con pagina de publicidad(china)

      ok pero el unico que no logro instalar es la de msn plus :/

    8. #8
      Moderador Gral.
      Avatar de Firewall
      Registrado
      ene 2007
      Ubicación
      Portugal
      Mensajes
      21.456

      Re: Internet explorer se abre solo con pagina de publicidad(china)

      Cita Originalmente publicado por ale9007 Ver Mensaje
      ok pero el unico que no logro instalar es la de msn plus :/
      Dije desintalar, mas no instalar de todas formas usa el siguiente programa Manual de Revo Uninstaller

      Blog | Antivirus Online | Eliminar Malwares | Antivirus Gratis

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    9. #9
      Usuario Avatar de ale9007
      Registrado
      mar 2008
      Ubicación
      panama
      Mensajes
      7

      Re: Internet explorer se abre solo con pagina de publicidad(china)

      Disculpa la demora pero no me habia podido conectar,, desinstale el msn plus con el revor installer, y aun asi me sigue saliendo la barra en firefox...

      Le pase otro antivus que me recomendaron EliStar y me detecto un virus llamado autorun.DQ(comp) pienso q es un win..32 aqui el log de hijack otra vez.


      Logfile of Trend Micro HijackThis v2.0.3 (BETA)
      Scan saved at 2:18:14 PM, on 4/19/2010
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Unable to get Internet Explorer version!
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
      C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
      C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\RocketDock\RocketDock.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\cisvc.exe
      C:\WINDOWS\eHome\ehRecvr.exe
      C:\WINDOWS\eHome\ehSched.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
      C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
      C:\WINDOWS\system32\dllhost.exe
      C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\WINDOWS\system32\cidaemon.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\mIRC\mirc.exe
      C:\Program Files\EA Sports\FIFA 10\FIFA10.exe
      C:\Documents and Settings\Felipe\Desktop\OnlinePatcher10.exe
      C:\Documents and Settings\Felipe\Desktop\Soccerbot2010.exe
      C:\Program Files\rkfree\rkfree.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Program Files\Windows Live\Contacts\wlcomm.exe
      C:\Documents and Settings\Felipe\My Documents\Downloads\EliStarA.exe
      C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
      O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
      O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
      O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O4 - HKLM\..\Run: [rkfree] "C:\Program Files\rkfree\rkfree.exe" /b
      O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
      O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
      O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
      O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
      O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
      O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
      O16 - DPF: {15075194-6A1F-4F5A-8182-0FA84851E571} (GCCenterLauncherControl Control) - http://juegos.etb.net.co/GCCenter/GCCenterLauncher.cab
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
      O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
      O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
      O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
      O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
      O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
      O23 - Service: Google Update Service (gupdate1ca0ed88649c7ec) (gupdate1ca0ed88649c7ec) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
      O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
      O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Program Files\MATLAB71\webserver\bin\win32\matlabserver.exe (file missing)
      O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
      O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
      O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
      O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
      O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

      --
      End of file - 8036 bytes



      gracias espero su ayuda

    10. #10
      Moderador Gral.
      Avatar de Firewall
      Registrado
      ene 2007
      Ubicación
      Portugal
      Mensajes
      21.456

      Re: Internet explorer se abre solo con pagina de publicidad(china)

      Falto el reporte del Malwarebytes actualizado, de tomas maneras aprovecha y me pegas uno de antivirus online.

      Analisis online con kaspersky online scanner como lo indica su manual y nos dejas su reporte.

      Blog | Antivirus Online | Eliminar Malwares | Antivirus Gratis

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.