Estimados:
He seguido con suma atencion todos los procedimientos indicados por
El piedra para eliminar el troyano starpage, que efectivamente lo elimina, sin embargo, al entrar por segunda vez con el explorer, este troyano se activa.
Hace meses que uso Firefox, me encanta, ningun problema.
Sin embargo , debo trabajar con paginas que solo se accede con IE, como por ejemplo Servicio de Impuestos Internos (SII) de Chile, Pagina del Poder Judicial de Chile, y ahi estan los pop, y esas ventanas odiosas. Uso ademas el MSN diariamente.
He seguido todos los pasos y no he podido. Esto debido a lo lento que se ha puesto mi pc, especialmente al trabajar con Powepoints, o con algunos archivos word. Le pasé el Panda on Line y no detecta virus. Tengo instalado el Mcaffe, detecta el starpage, o sp, pero no lo elimina.
Recurro a Uds, para me den una solución, les adjunto mi log. Desde ya muchas gracias, por su atención.
Logfile of HijackThis v1.99.0
Scan saved at 12:11:56, on 02-02-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\toshiba\ivp\ism\pinger.exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\ACD Systems\ImageFox\ImageFox.exe
C:\Program Files\Toshiba\NetDevSw\netdevsw.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\IVANCITO\LOCALS~1\Temp\sp.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O1 - Hosts: 209.66.123.175 sexyrabbit.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {6A6A9DC4-0CDF-CB12-F375-2DBD946719F3} - (no file)
O3 - Toolbar: (no name) - {5AA06644-BC46-4220-A460-47A6EB47C96D} - (no file)
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 10
O4 - HKLM\..\Run: [Pinger] C:\toshiba\ivp\ism\pinger.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /waitservice
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\E-WHEE~1\wh_exec.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [areslite] "C:\Program Files\Ares Lite Edition\AresLite.exe" -h
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ImageFox.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Network Device Switch.lnk = C:\Program Files\Toshiba\NetDevSw\netdevsw.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab30149.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab30149.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{727FD201-19E4-4E6F-8A10-F6DA51E7A484}: NameServer = 216.155.73.154 200.75.0.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{8590C05C-1FCD-4680-B6CA-8AECCEA9B55B}: NameServer = 216.155.73.40,216.155.73.41
O17 - HKLM\System\CS1\Services\Tcpip\..\{727FD201-19E4-4E6F-8A10-F6DA51E7A484}: NameServer = 216.155.73.154 200.75.0.5
O18 - Filter: text/html - {03F9EB1D-EE23-4F28-8F99-4A2B741493A1} - C:\WINDOWS\system32\gnk.dll
O18 - Filter: text/plain - {03F9EB1D-EE23-4F28-8F99-4A2B741493A1} - C:\WINDOWS\system32\gnk.dll
O23 - Service: McAfee Alert Manager - McAfee Division of Network Associates, Inc. - C:\Program Files\Network Associates\Alert Manager\amgrsrvc.exe
O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: McAfee Framework Service - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Outpost Firewall Service - Agnitum - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe


Registrate para responder