Tema: Se abren pestañas con publicidad
Ver Mensaje Individual
  post #1 (permalink)  
Antiguo 20/03/08, 12:55:05
Avatar de bran
bran bran está offline
Usuario
  
Registrado: ene 2005
Ubicación: España
Mensajes: 72
Malware Se abren pestañas con publicidad
Desde hace un par de días, y coincidiendo, curiosamente, con la instalación del SP1 de Windows Vista Ultimate, cuando navego por internet, repentinamente se me abren nuevas pestañas de publicidad no solicitada (Barclays Bank, Tele2, páginas de supuestos programas anti-malware, etc). He escaneado con Ad-aware, Spybot, Windows defender y Superantispyware, pero las pestañas se siguen abriendo, a pesar de eliminar lo que han encontrado. Os dejo el log de HijackThis para que, por favor, le echéis un vistazo. Muchas gracias:
StartupList report, 20/03/2008, 18:47:30
StartupList version: 1.52.2
Started from : D:\Windows Vista\Programas instalados\HijackThis.EXE
Detected: Windows Vista SP1 (WinNT 6.00.1905)
Detected: Internet Explorer v7.00 (7.00.6001.18000)
* Using default options
==================================================

Running processes:

L:\Windows\system32\taskeng.exe
L:\Windows\Explorer.EXE
L:\Windows\system32\taskeng.exe
L:\Program Files\Windows Defender\MSASCui.exe
L:\Program Files\Microsoft IntelliType Pro\itype.exe
L:\Program Files\Microsoft IntelliPoint\ipoint.exe
D:\Windows Vista\Programas instalados\Java\bin\jusched.exe
L:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
L:\Windows\ehome\ehtray.exe
L:\Program Files\Windows Media Player\wmpnscfg.exe
L:\Users\Paco\AppData\Local\oghop.exe
L:\Windows\ehome\ehmsas.exe
L:\Program Files\Eset\nod32kui.exe
L:\Windows\system32\wbem\unsecapp.exe
D:\Windows Vista\Programas instalados\HijackThis.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = L:\Windows\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

nod32kui = "L:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
Cmaudio = RunDll32 cmicnfg.cpl,CMICtrlWnd
itype = "L:\Program Files\Microsoft IntelliType Pro\itype.exe"
IntelliPoint = "L:\Program Files\Microsoft IntelliPoint\ipoint.exe"
SunJavaUpdateSched = "D:\Windows Vista\Programas instalados\Java\bin\jusched.exe"

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

SpybotSD TeaTimer = L:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
ehTray.exe = L:\Windows\ehome\ehTray.exe
WMPNSCFG = L:\Program Files\Windows Media Player\WMPNSCFG.exe
oghop = l:\users\paco\appdata\local\oghop.exe oghop

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
=

--------------------------------------------------

Shell & screensaver key from L:\Windows\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=explorer.exe
SCRNSAVE.EXE=L:\Windows\system32\Bubbles.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - L:\Program Files\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - D:\Windows Vista\Programas instalados\Microsoft Office\Office12\GrooveShellExtensions.dll - {72853161-30C5-4D22-B7F9-0BBC1D38A37E}
(no name) - D:\Windows Vista\Programas instalados\Java\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - L:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}
(no name) - L:\Program Files\Windows Live Toolbar\msntb.dll - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Comprobar actualizaciones de Windows Live Toolbar.job
Mantenimiento con 1 clic.job

--------------------------------------------------

Enumerating Download Program Files:

[Shockwave ActiveX Control]
InProcServer32 = L:\Windows\system32\macromed\Director\SwDir.dll
CODEBASE = http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab

[Windows Live OneCare safety scanner control]
InProcServer32 = %ProgramFiles%\Windows Live Safety Center\wlscCtrl2.dll
CODEBASE = http://cdn.scan.onecare.live.com/resource/download/scanner/es-ES/wlscctrl2.cab

[Shockwave Flash Object]
InProcServer32 = L:\Windows\system32\Macromed\Flash\Flash9e.ocx
CODEBASE = http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

[Virtools WebPlayer Class]
InProcServer32 = L:\Program Files\Virtools\3D Life Player\WebPlayer.ocx
CODEBASE = http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: L:\Windows\system32\NLAapi.dll
NameSpace #2: L:\Windows\system32\napinsp.dll
NameSpace #3: L:\Windows\system32\pnrpnsp.dll
NameSpace #4: L:\Windows\system32\pnrpnsp.dll

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: L:\Windows\system32\webcheck.dll

--------------------------------------------------
End of report, 5.607 bytes
Report generated in 0,032 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
Responder Con Cita