• Registrarse
  • Iniciar sesión


  • Resultados 1 al 10 de 10

    Pop unders publicitarios en mi ordenador

    Hola a todos. Tengo un problema en mi ordenador y necesitaría un poco de ayuda, por favor. De vez en cuando (6 o 7 veces al día), me aparecen pop unders publicitarios en la pantalla ...

    1. #1
      Usuario Avatar de nach
      Registrado
      nov 2012
      Ubicación
      Castellon, españa
      Mensajes
      5

      Malware Pop unders publicitarios en mi ordenador

      Hola a todos. Tengo un problema en mi ordenador y necesitaría un poco de ayuda, por favor.
      De vez en cuando (6 o 7 veces al día), me aparecen pop unders publicitarios en la pantalla cada vez que navego por internet, y no son de las páginas que visito.
      Tengo instalado el antivirus Bitdefender total security (gratuito de prueba), y no me detecta nada. También he escaneado el ordenador con Super Ad Blocker, y tampoco he conseguido eliminar estos pop unders.

      Mi sistema operativo es Windows7 Home Premium.

      ¿Alguién me puede ayudar?

      Muchas gracias por todo.

    2. #2
      Usuario Avatar de Raudron
      Registrado
      sep 2012
      Ubicación
      El Mundo
      Mensajes
      1.467

      Re: Pop unders publicitarios en mi ordenador

      Hola Nacho Bienvenido a ForoSpyware.

      Por favor, realiza lo siguiente:

      Descarga y ejecuta >> Ccleaner.
      • Usando primero su opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que te muestre como obsoletos.
      • Después usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad).
      Ejecuta Malwarebytes Antimalware.
      • Selecciona "Realizar un análisis completo" y luego presiona Analizar.
      • El Análisis puede tomar algún tiempo para terminar, así que por favor se paciente.
      • Cuando el Análisis se haya completado, haga clic en 'Aceptar', a continuación, mostrar los resultados. Elimina todo lo que encuentre (Haciendo clic en "Eliminar seleccionados") como muestra la imagen
      • Es posible que le solicite reiniciar su ordenador para completar con la desinfección y reparación de las áreas afectadas del sistema, por lo que permita el reinicio para terminar.


      • Descarga >> AT-Destroyer 2.0 (Adwares/Toolbars-Destroyer 2.0) by @Infospyware.
      • Desactiva temporalmente el Antivirus y/o Antispyware.
      • Ejecuta AT-Destroyer. (Si usas Windows Vista o 7 Presiona clic derecho y selecciona "Ejecutar como Administrador.")
      • Aparecerá el Disclaimer, si estás de acuerdo, presiona SI para continuar.
      • Presiona sobre la opción Buscar y Destruir para comenzar el escaneo.
      • AT-Destroyer desconectará el escritorio momentáneamente, esto es normal.
      • Una vez terminado el escaneo, podrás volver a ver el escritorio y se te abrirá un reporte, que deberás copiar en tu próxima respuesta comentando cómo funciona el sistema.(También lo puedes encontrar en C:\AT-Destroyer.log)
      • Inmediatamente debes Reiniciar el equipo.
      Nos traes los reportes de Malwarebytes Antimalware y AT-Destroyer 2.0
      Y nos comentas si siguen apareciendo las ventanas publicitarias que mencionas.

      Saludos

    3. #3
      Usuario Avatar de nach
      Registrado
      nov 2012
      Ubicación
      Castellon, españa
      Mensajes
      5

      Re: Pop unders publicitarios en mi ordenador

      Muchas gracias Raudron,
      He hecho todo esto y me siguen saliendo los pop unders.
      A continuación envio el reporte del escaneo con AT-destroyer, primero el que hice con buscar (Por error), y después el que hice con Buscar y destruir. Me falta el report de Malwarebytes Antimalware que no pude guardar (lo siento, no me di cuenta.

      Report AT-destroyer opción buscar:

      ######################## AT-Destroyer By Infospyware.
      Hora/Día/Mes/Año: 12:29:28 \\\ 28/11/2012
      AT-Destroyer 2.0 By Infospyware ---> InfoSpyware
      Última actualización: 05/11/2012
      Opción escogida: 1 :Buscar
      Versión Internet Explorer:9.0.8112.16421
      Mozilla Firefox:16.0.2.4680
      Privilegios: Nacho - Administrador
      Modo Actual: Modo Normal.
      Nombre del pc: NACHO-PC
      Información del sistema operativo:X64-WIN_7-Service Pack 1
      nombre del usuario:Nacho
      Lenguaje del sistema: Español



      >>>>>> Servicios <<<<<<



      >>>>>> Carpetas <<<<<<



      >>>>>> Archivos <<<<<<

      Encontrado: : C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
      Encontrado: : C:\Windows\System32\ezsidmv.dat


      >>>>>> Registro <<<<<<



      >>>>>> Heurística <<<<<<



      >>>>>> Internet Explorer <<<<<<

      Start Page==http://g.uk.msn.com/CQCON/9
      Local Page==C:\Windows\SysWOW64\blank.htm
      Search Page==http://go.microsoft.com/fwlink/?LinkId=54896
      Default_search_url==http://go.microsoft.com/fwlink/?LinkId=54896
      Default_Page_URL==http://g.uk.msn.com/CQCON/9


      ''HKCU\Software\Microsoft\Internet Explorer\Main''
      Start Page==http://www.google.com/
      Local Page==C:\Windows\system32\blank.htm
      Search Page==http://go.microsoft.com/fwlink/?LinkId=54896
      Default_search_url==
      Default_Page_URL==http://uk.msn.com/?ocid=OIE9HP


      HKEY_USERS\S-1-5-21-485482080-3286206404-2051142973-1001\Software\Microsoft\Internet Explorer\Main''
      Start Page==http://www.google.com/
      Local Page==C:\Windows\system32\blank.htm
      Search Page==http://go.microsoft.com/fwlink/?LinkId=54896
      Default_search_url==
      Default_Page_URL==http://uk.msn.com/?ocid=OIE9HP


      >>>>>> Firefox <<<<<<

      user_pref("CT1460988.homepageProtectorEnableByLogin", true);
      user_pref("browser.startup.homepage", "google.es");
      user_pref("browser.startup.homepage_override.buildID", "20121024073032");
      user_pref("browser.startup.homepage_override.mstone", "16.0.2");


      >>>>>> Extensiones Firefox <<<<<<


      C:\Program Files (x86)\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
      C:\Program Files (x86)\{972ce4c6-7e08-4474-a285-3208198ce6fd}
      C:\Program Files (x86)\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
      C:\Program Files (x86)\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
      C:\Program Files (x86)\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

      >>>>>> Plugins Firefox <<<<<<

      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513

      >>>>>> Google Chrome <<<<<<



      >>>>>> Extensiones Google Chrome <<<<<<


      ======== Listado ===========

      [06/09/2010 16:44] [06/09/2010 16:44] -C:\Users\Nacho\AppData\Roaming\AnvSoft [DI]
      [28/10/2010 23:59] [28/10/2010 23:59] -C:\Users\Nacho\AppData\Roaming\Canneverbe Limited [DI]
      [28/07/2011 19:10] [28/07/2011 19:10] -C:\Users\Nacho\AppData\Roaming\CyberLink [DI]
      [22/09/2011 14:49] [08/07/2010 10:06] -C:\Users\Nacho\AppData\Roaming\dvdcss [DI]
      [16/08/2010 12:09] [16/08/2010 12:09] -C:\Users\Nacho\AppData\Roaming\freshgames [DI]
      [20/06/2011 21:20] [20/06/2011 21:20] -C:\Users\Nacho\AppData\Roaming\funkitron [DI]
      C:\Users\Nacho\AppData\Roaming\GhostObjGAFix.xml [AI] 1,81 KB ( )
      [02/08/2011 9:49] [02/08/2011 9:42] -C:\Users\Nacho\AppData\Roaming\Google [DI]
      [27/12/2010 17:41] [24/03/2010 9:55] -C:\Users\Nacho\AppData\Roaming\Hewlett-Packard [DI]
      [26/11/2012 16:28] [01/04/2010 17:29] -C:\Users\Nacho\AppData\Roaming\HP Support Assistant [DI]
      [27/11/2012 8:11] [01/04/2010 17:36] -C:\Users\Nacho\AppData\Roaming\hpqLog [DI]
      [26/11/2012 16:28] [01/04/2010 17:29] -C:\Users\Nacho\AppData\Roaming\HpUpdate [DI]
      [24/03/2010 9:59] [24/03/2010 9:59] -C:\Users\Nacho\AppData\Roaming\Identities [DI]
      [11/10/2011 16:04] [11/10/2011 15:23] -C:\Users\Nacho\AppData\Roaming\Intelli-studio [DI]
      [02/04/2010 15:08] [02/04/2010 15:08] -C:\Users\Nacho\AppData\Roaming\iWin [DI]
      [24/03/2010 10:01] [24/03/2010 10:01] -C:\Users\Nacho\AppData\Roaming\Macromedia [DI]
      [28/11/2012 11:26] [28/11/2012 11:26] -C:\Users\Nacho\AppData\Roaming\Malwarebytes [DI]
      [14/07/2009 9:44] [24/03/2010 9:54] -C:\Users\Nacho\AppData\Roaming\Media Center Programs [DI]
      [23/06/2012 17:28] [24/03/2010 9:54] -C:\Users\Nacho\AppData\Roaming\Microsoft [SDI]
      [24/03/2010 17:05] [24/03/2010 17:04] -C:\Users\Nacho\AppData\Roaming\Mozilla [DI]
      [24/11/2011 18:04] [08/06/2011 12:32] -C:\Users\Nacho\AppData\Roaming\Notepad++ [DI]
      [28/03/2010 15:34] [28/03/2010 15:34] -C:\Users\Nacho\AppData\Roaming\OpenOffice.org [DI]
      [25/11/2012 8:47] [25/11/2012 8:47] -C:\Users\Nacho\AppData\Roaming\QuickScan [DI]
      [28/11/2012 11:20] [25/03/2010 10:51] -C:\Users\Nacho\AppData\Roaming\Skype [DI]
      [06/11/2011 11:34] [25/03/2010 10:52] -C:\Users\Nacho\AppData\Roaming\skypePM [DI]
      [19/03/2012 20:39] [24/03/2010 19:49] -C:\Users\Nacho\AppData\Roaming\SmartVoip [DI]
      [25/11/2012 9:03] [25/11/2012 9:03] -C:\Users\Nacho\AppData\Roaming\SuperAdBlocker.com [DI]
      [09/05/2010 8:27] [21/04/2010 20:42] -C:\Users\Nacho\AppData\Roaming\SUPERAntiSpyware.com [DI]
      [24/07/2010 8:32] [24/07/2010 8:32] -C:\Users\Nacho\AppData\Roaming\Tific [DI]
      [08/07/2010 9:56] [08/07/2010 9:56] -C:\Users\Nacho\AppData\Roaming\Uniblue [DI]
      [28/11/2012 12:24] [24/03/2010 17:08] -C:\Users\Nacho\AppData\Roaming\uTorrent [DI]
      [25/10/2011 23:11] [08/12/2010 16:18] -C:\Users\Nacho\AppData\Roaming\vlc [DI]
      [08/12/2011 18:44] [24/03/2010 19:42] -C:\Users\Nacho\AppData\Roaming\VoipBuster [DI]
      [01/04/2010 17:35] [01/04/2010 17:35] -C:\Users\Nacho\AppData\Roaming\WinBatch [DI]
      [24/11/2010 7:46] [24/11/2010 7:46] -C:\Users\Nacho\AppData\Roaming\Windows Live Writer [DI]
      [23/05/2010 18:43] [23/05/2010 18:43] -C:\Users\Nacho\AppData\Roaming\WinRAR [DI]
      [13/09/2011 9:06] [25/03/2010 16:41] -C:\Users\Nacho\AppData\Roaming\_MDLogs [DI]
      [12/01/2012 7:28] [12/01/2012 7:28] -C:\Program Files (x86)\Adobe [D]
      [06/09/2010 16:44] [06/09/2010 16:44] -C:\Program Files (x86)\AnvSoft [D]
      [20/09/2011 8:39] [20/09/2011 8:38] -C:\Program Files (x86)\AVS4YOU [D]
      [13/08/2010 23:33] [13/08/2010 23:33] -C:\Program Files (x86)\Babylon [D]
      [11/06/2011 21:04] [11/06/2011 21:04] -C:\Program Files (x86)\BabylonToolbar [D]
      [16/01/2011 5:48] [15/01/2011 12:02] -C:\Program Files (x86)\blinkx Remote Toolbar [D]
      [28/11/2012 11:13] [14/07/2009 5:20] -C:\Program Files (x86)\Common Files [D]
      [13/08/2010 23:33] [13/08/2010 23:33] -C:\Program Files (x86)\Conduit [D]
      [28/12/2009 17:41] [28/12/2009 17:36] -C:\Program Files (x86)\Cyberlink [D]
      C:\Program Files (x86)\desktop.ini [HSA] 174 bytes( 0)
      [29/08/2010 20:04] [29/08/2010 19:57] -C:\Program Files (x86)\Download Direct [D]
      [13/09/2011 9:07] [28/12/2009 17:56] -C:\Program Files (x86)\EasyBits For Kids [D]
      [13/08/2010 23:33] [13/08/2010 23:33] -C:\Program Files (x86)\Flash Player [D]
      [30/11/2010 23:52] [30/11/2010 23:46] -C:\Program Files (x86)\Gabest [D]
      [02/08/2011 9:39] [02/08/2011 9:39] -C:\Program Files (x86)\Google [D]
      [27/11/2012 8:12] [28/12/2009 17:31] -C:\Program Files (x86)\Hewlett-Packard [D]
      [28/12/2009 17:42] [28/12/2009 17:32] -C:\Program Files (x86)\hp [D]
      [14/02/2012 16:56] [28/12/2009 17:52] -C:\Program Files (x86)\HP Games [D]
      [27/11/2012 8:18] [28/12/2009 17:34] -C:\Program Files (x86)\InstallShield Installation Information [HD]
      [16/11/2012 7:37] [14/07/2009 5:20] -C:\Program Files (x86)\Internet Explorer [D]
      [20/10/2012 18:20] [28/05/2012 11:28] -C:\Program Files (x86)\Java [D]
      [04/11/2011 13:08] [04/11/2011 13:08] -C:\Program Files (x86)\lx_Cats [D]
      [10/05/2010 15:40] [10/05/2010 15:40] -C:\Program Files (x86)\Mahjong Memoirs [D]
      [29/08/2010 15:06] [29/08/2010 15:06] -C:\Program Files (x86)\MajorShare [D]
      [05/05/2012 22:16] [28/12/2009 17:58] -C:\Program Files (x86)\Microsoft [D]
      [20/09/2011 14:01] [20/09/2011 14:01] -C:\Program Files (x86)\Microsoft Analysis Services [D]
      [20/09/2011 14:15] [24/03/2010 9:57] -C:\Program Files (x86)\Microsoft Office [D]
      [19/05/2012 13:24] [19/05/2012 13:24] -C:\Program Files (x86)\Microsoft Silverlight [D]
      [20/09/2011 14:05] [28/12/2009 17:58] -C:\Program Files (x86)\Microsoft SQL Server Compact Edition [D]
      [20/09/2011 14:05] [20/09/2011 14:05] -C:\Program Files (x86)\Microsoft Synchronization Services [D]
      [20/09/2011 14:02] [20/09/2011 14:02] -C:\Program Files (x86)\Microsoft Visual Studio 8 [D]
      [12/10/2012 0:37] [24/03/2010 9:57] -C:\Program Files (x86)\Microsoft Works [D]
      [29/12/2010 17:48] [27/03/2010 19:06] -C:\Program Files (x86)\Microsoft.NET [D]
      [27/10/2012 21:21] [27/10/2012 21:21] -C:\Program Files (x86)\Mozilla Firefox [D]
      [29/10/2012 6:40] [03/05/2012 19:39] -C:\Program Files (x86)\Mozilla Maintenance Service [D]
      [20/09/2011 14:06] [14/07/2009 7:32] -C:\Program Files (x86)\MSBuild [D]
      [08/08/2012 9:23] [08/08/2012 9:23] -C:\Program Files (x86)\NetRatingsNetSight [D]
      [24/11/2011 18:04] [08/06/2011 12:32] -C:\Program Files (x86)\Notepad++ [D]
      [24/03/2010 9:55] [28/12/2009 17:52] -C:\Program Files (x86)\Online Services [RD]
      [28/03/2010 14:09] [28/03/2010 14:08] -C:\Program Files (x86)\OpenOffice.org 3 [D]
      [28/12/2009 17:34] [28/12/2009 17:34] -C:\Program Files (x86)\Realtek [D]
      [14/07/2009 7:32] [14/07/2009 7:32] -C:\Program Files (x86)\Reference Assemblies [D]
      [11/10/2011 15:23] [04/01/2011 17:30] -C:\Program Files (x86)\Samsung [D]
      [23/03/2012 19:17] [25/03/2010 10:50] -C:\Program Files (x86)\Skype [RD]
      [24/03/2010 19:45] [24/03/2010 19:45] -C:\Program Files (x86)\SmartVoip.com [D]
      [25/11/2012 19:08] [25/11/2012 9:03] -C:\Program Files (x86)\SuperAdBlocker.com [D]
      [09/05/2010 8:27] [21/04/2010 20:42] -C:\Program Files (x86)\SUPERAntiSpyware [D]
      [28/12/2009 17:35] [28/12/2009 17:34] -C:\Program Files (x86)\Temp [HD]
      [15/06/2011 19:00] [08/03/2011 20:18] -C:\Program Files (x86)\The Amazing Brain Train [D]
      [15/06/2011 19:00] [08/04/2010 16:11] -C:\Program Files (x86)\Total Video Converter [D]
      [14/07/2009 6:57] [14/07/2009 6:57] -C:\Program Files (x86)\Uninstall Information [HD]
      [18/06/2011 14:41] [18/06/2011 0:42] -C:\Program Files (x86)\URUSoft [D]
      [15/06/2011 19:00] [24/03/2010 17:09] -C:\Program Files (x86)\uTorrent [D]
      [08/07/2010 10:05] [02/04/2010 14:22] -C:\Program Files (x86)\VideoLAN [D]
      [29/12/2009 2:18] [14/07/2009 7:32] -C:\Program Files (x86)\Windows Defender [D]
      [03/05/2012 7:39] [28/12/2009 17:56] -C:\Program Files (x86)\Windows Live [D]
      [27/06/2011 23:57] [14/07/2009 5:20] -C:\Program Files (x86)\Windows Mail [D]
      [27/06/2011 23:57] [14/07/2009 7:32] -C:\Program Files (x86)\Windows Media Player [D]
      [14/07/2009 7:32] [14/07/2009 5:20] -C:\Program Files (x86)\Windows NT [D]
      [27/06/2011 23:57] [14/07/2009 7:32] -C:\Program Files (x86)\Windows Photo Viewer [D]
      [27/06/2011 23:57] [14/07/2009 7:32] -C:\Program Files (x86)\Windows Portable Devices [D]
      [27/06/2011 23:57] [14/07/2009 7:32] -C:\Program Files (x86)\Windows Sidebar [D]
      [23/05/2010 18:43] [23/05/2010 18:43] -C:\Program Files (x86)\WinRAR [D]
      C:\ProgramData\1354097230.bdinstall.bin [AI] 220 KB 0
      [08/11/2012 10:48] [10/05/2010 20:03] -C:\ProgramData\Adobe [DI]
      [14/07/2009 7:08] [14/07/2009 7:08] -C:\ProgramData\Application Data [HSDLI]
      [23/07/2012 16:12] [23/07/2012 16:12] -C:\ProgramData\Ask [DI]
      [20/09/2011 8:39] [20/09/2011 8:39] -C:\ProgramData\AVS4YOU [DI]
      [25/11/2012 8:55] [25/11/2012 8:51] -C:\ProgramData\BDLogging [DI]
      [28/10/2010 23:59] [28/10/2010 23:59] -C:\ProgramData\Canneverbe Limited [DI]
      [28/07/2011 19:10] [28/12/2009 17:37] -C:\ProgramData\CyberLink [DI]
      [24/03/2010 9:54] [24/03/2010 9:54] -C:\ProgramData\Datos de programa [HSDLI]
      [14/07/2009 7:08] [14/07/2009 7:08] -C:\ProgramData\Desktop [HSDLI]
      [24/03/2010 9:54] [24/03/2010 9:54] -C:\ProgramData\Documentos [HSDLI]
      [14/07/2009 7:08] [14/07/2009 7:08] -C:\ProgramData\Documents [HSDLI]
      [24/03/2010 9:54] [24/03/2010 9:54] -C:\ProgramData\Escritorio [HSDLI]
      [14/07/2009 7:08] [14/07/2009 7:08] -C:\ProgramData\Favorites [HSDLI]
      [24/03/2010 9:54] [24/03/2010 9:54] -C:\ProgramData\Favoritos [HSDLI]
      [08/07/2010 9:58] [08/07/2010 9:58] -C:\ProgramData\FileCure [DI]
      [16/08/2010 12:09] [06/08/2010 1:43] -C:\ProgramData\FreshGames [DI]
      [02/08/2011 9:39] [02/08/2011 9:39] -C:\ProgramData\Google [DI]
      [31/12/2010 8:08] [28/12/2009 17:45] -C:\ProgramData\Hewlett-Packard [DI]
      [18/03/2012 7:27] [18/03/2012 7:27] -C:\ProgramData\IBUpdaterService [DI]
      [01/12/2010 0:14] [01/12/2010 0:14] -C:\ProgramData\InterVideo [DI]
      [11/08/2011 20:41] [11/08/2011 20:41] -C:\ProgramData\LightScribe [DI]
      [28/11/2012 11:26] [28/11/2012 11:26] -C:\ProgramData\Malwarebytes [DI]
      [08/11/2012 10:48] [08/11/2012 10:48] -C:\ProgramData\McAfee [DI]
      [24/03/2010 9:54] [24/03/2010 9:54] -C:\ProgramData\Menú Inicio [HSDLI]
      [06/05/2012 7:14] [14/07/2009 5:20] -C:\ProgramData\Microsoft [SDI]
      [15/11/2012 22:30] [27/03/2010 19:04] -C:\ProgramData\Microsoft Help [DI]
      [03/05/2012 19:39] [03/05/2012 19:39] -C:\ProgramData\Mozilla [DI]
      [25/11/2012 8:42] [20/11/2012 16:13] -C:\ProgramData\Norton [DI]
      [20/11/2012 16:12] [20/11/2012 16:12] -C:\ProgramData\NortonInstaller [DI]
      [28/12/2009 17:34] [28/12/2009 17:34] -C:\ProgramData\NVIDIA [DI]
      [28/12/2009 17:43] [28/12/2009 17:43] -C:\ProgramData\PC-Doctor for Windows [DI]
      [23/06/2010 0:57] [23/06/2010 0:57] -C:\ProgramData\PCSettings [DI]
      [24/03/2010 9:54] [24/03/2010 9:54] -C:\ProgramData\Plantillas [HSDLI]
      [30/12/2010 19:56] [07/04/2010 11:37] -C:\ProgramData\Recovery [DI]
      [17/03/2012 10:27] [17/03/2012 10:27] -C:\ProgramData\Samsung [DI]
      [22/08/2012 19:02] [25/03/2010 10:50] -C:\ProgramData\Skype [DI]
      [05/11/2011 14:03] [05/06/2011 11:09] -C:\ProgramData\Skype Extras [DI]
      [14/07/2009 7:08] [14/07/2009 7:08] -C:\ProgramData\Start Menu [HSDLI]
      [02/04/2010 13:57] [02/04/2010 13:57] -C:\ProgramData\Sun [DI]
      [21/04/2010 20:42] [21/04/2010 20:42] -C:\ProgramData\SUPERAntiSpyware.com [DI]
      [22/09/2012 10:23] [28/12/2009 17:36] -C:\ProgramData\Temp [DAI]
      [14/07/2009 7:08] [14/07/2009 7:08] -C:\ProgramData\Templates [HSDLI]
      [14/02/2012 16:56] [28/12/2009 17:52] -C:\ProgramData\WildTangent [DI]
      [13/07/2011 14:30] [13/07/2011 14:30] -C:\ProgramData\WinMaximizer [DI]
      [27/11/2012 8:10] [27/11/2012 8:10] -C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF} [DI]
      [28/12/2009 17:33] [28/12/2009 17:33] -C:\ProgramData\{B12D13C3-76FD-479D-AD99-8C6F18156BC9} [HDC]
      [27/03/2010 19:07] [27/03/2010 19:07] -C:\ProgramData\{B3C2C1CD-6B77-4A96-B670-F734AC2A1CBC} [DI]
      ======================EOF=======================


      Report AT-destroyer opción buscar y destruir:

      ######################## AT-Destroyer [2.0] By Infospyware.
      Hora/Día/Mes/Año: 12:32:08 \\\ 28/11/2012
      AT-Destroyer 2.0 By Infospyware ---> InfoSpyware
      Última actualización: 05/11/2012
      Opción escogida: 2 :Buscar y Destruir
      Versión Internet Explorer:9.0.8112.16421
      Mozilla Firefox:16.0.2.4680
      Privilegios: Nacho - Administrador
      Modo Actual: Modo Normal.
      Nombre del pc: NACHO-PC
      Información del sistema operativo:X64-WIN_7-Service Pack 1
      nombre del usuario:Nacho
      Lenguaje del sistema: Español



      >>>>>>> Servicios <<<<<<<



      >>>>>> Carpetas <<<<<<



      >>>>>> Archivos <<<<<<

      C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
      C:\Windows\System32\ezsidmv.dat


      >>>>>> Registro <<<<<<

      HKEY_LOCAL_MACHINE\SOFTWARE\Conduit
      HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}


      >>>>>> Heurística <<<<<<



      >>>>>> Internet Explorer <<<<<<

      Start Page==www.google.com
      Local Page==C:\Windows\SysWOW64\blank.htm
      Search Page==http://go.microsoft.com/fwlink/?LinkId=54896
      Default_search_url==http://go.microsoft.com/fwlink/?LinkId=54896
      Default_Page_URL==http://g.uk.msn.com/CQCON/9


      ''HKCU\Software\Microsoft\Internet Explorer\Main''
      Start Page==www.google.com
      Local Page==C:\Windows\system32\blank.htm
      Search Page==http://go.microsoft.com/fwlink/?LinkId=54896
      Default_search_url==
      Default_Page_URL==http://uk.msn.com/?ocid=OIE9HP


      HKEY_USERS\S-1-5-21-485482080-3286206404-2051142973-1001\Software\Microsoft\Internet Explorer\Main''
      Start Page==www.google.com
      Local Page==C:\Windows\system32\blank.htm
      Search Page==http://go.microsoft.com/fwlink/?LinkId=54896
      Default_search_url==
      Default_Page_URL==http://uk.msn.com/?ocid=OIE9HP


      >>>>>> Firefox <<<<<<

      user_pref("CT1460988.homepageProtectorEnableByLogin", true);
      user_pref("browser.startup.homepage", "google.es");
      user_pref("browser.startup.homepage_override.buildID", "20121024073032");
      user_pref("browser.startup.homepage_override.mstone", "16.0.2");


      >>>>>> Extensiones Firefox <<<<<<


      C:\Program Files (x86)\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
      C:\Program Files (x86)\{972ce4c6-7e08-4474-a285-3208198ce6fd}
      C:\Program Files (x86)\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
      C:\Program Files (x86)\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
      C:\Program Files (x86)\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
      C:\Program Files (x86)\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
      C:\Program Files (x86)\{972ce4c6-7e08-4474-a285-3208198ce6fd}
      C:\Program Files (x86)\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
      C:\Program Files (x86)\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
      C:\Program Files (x86)\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

      >>>>>> Plugins Firefox <<<<<<

      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513


      >>>>>> Extensiones Google Chrome <<<<<<


      ======== Listado ===========

      [06/09/2010 16:44] [06/09/2010 16:44] [DI] C:\Users\Nacho\AppData\Roaming\AnvSoft
      [28/10/2010 23:59] [28/10/2010 23:59] [DI] C:\Users\Nacho\AppData\Roaming\Canneverbe Limited
      [28/07/2011 19:10] [28/07/2011 19:10] [DI] C:\Users\Nacho\AppData\Roaming\CyberLink
      [22/09/2011 14:49] [08/07/2010 10:06] [DI] C:\Users\Nacho\AppData\Roaming\dvdcss
      [16/08/2010 12:09] [16/08/2010 12:09] [DI] C:\Users\Nacho\AppData\Roaming\freshgames
      [20/06/2011 21:20] [20/06/2011 21:20] [DI] C:\Users\Nacho\AppData\Roaming\funkitron
      C:\Users\Nacho\AppData\Roaming\GhostObjGAFix.xml [AI] 1,81 KB ( )
      [ 02/08/2011 9:49] [ 02/08/2011 9:42] [DI] C:\Users\Nacho\AppData\Roaming\Google
      [27/12/2010 17:41] [24/03/2010 9:55] [DI] C:\Users\Nacho\AppData\Roaming\Hewlett-Packard
      [26/11/2012 16:28] [01/04/2010 17:29] [DI] C:\Users\Nacho\AppData\Roaming\HP Support Assistant
      [ 27/11/2012 8:11] [ 01/04/2010 17:36] [DI] C:\Users\Nacho\AppData\Roaming\hpqLog
      [26/11/2012 16:28] [01/04/2010 17:29] [DI] C:\Users\Nacho\AppData\Roaming\HpUpdate
      [ 24/03/2010 9:59] [ 24/03/2010 9:59] [DI] C:\Users\Nacho\AppData\Roaming\Identities
      [11/10/2011 16:04] [11/10/2011 15:23] [DI] C:\Users\Nacho\AppData\Roaming\Intelli-studio
      [02/04/2010 15:08] [02/04/2010 15:08] [DI] C:\Users\Nacho\AppData\Roaming\iWin
      [24/03/2010 10:01] [24/03/2010 10:01] [DI] C:\Users\Nacho\AppData\Roaming\Macromedia
      [28/11/2012 11:26] [28/11/2012 11:26] [DI] C:\Users\Nacho\AppData\Roaming\Malwarebytes
      [ 14/07/2009 9:44] [ 24/03/2010 9:54] [DI] C:\Users\Nacho\AppData\Roaming\Media Center Programs
      [23/06/2012 17:28] [24/03/2010 9:54] [SDI] C:\Users\Nacho\AppData\Roaming\Microsoft
      [24/03/2010 17:05] [24/03/2010 17:04] [DI] C:\Users\Nacho\AppData\Roaming\Mozilla
      [24/11/2011 18:04] [08/06/2011 12:32] [DI] C:\Users\Nacho\AppData\Roaming\Notepad++
      [28/03/2010 15:34] [28/03/2010 15:34] [DI] C:\Users\Nacho\AppData\Roaming\OpenOffice.org
      [ 25/11/2012 8:47] [ 25/11/2012 8:47] [DI] C:\Users\Nacho\AppData\Roaming\QuickScan
      [28/11/2012 11:20] [25/03/2010 10:51] [DI] C:\Users\Nacho\AppData\Roaming\Skype
      [06/11/2011 11:34] [25/03/2010 10:52] [DI] C:\Users\Nacho\AppData\Roaming\skypePM
      [19/03/2012 20:39] [24/03/2010 19:49] [DI] C:\Users\Nacho\AppData\Roaming\SmartVoip
      [ 25/11/2012 9:03] [ 25/11/2012 9:03] [DI] C:\Users\Nacho\AppData\Roaming\SuperAdBlocker.com
      [ 09/05/2010 8:27] [ 21/04/2010 20:42] [DI] C:\Users\Nacho\AppData\Roaming\SUPERAntiSpyware.com
      [ 24/07/2010 8:32] [ 24/07/2010 8:32] [DI] C:\Users\Nacho\AppData\Roaming\Tific
      [ 08/07/2010 9:56] [ 08/07/2010 9:56] [DI] C:\Users\Nacho\AppData\Roaming\Uniblue
      [28/11/2012 12:24] [24/03/2010 17:08] [DI] C:\Users\Nacho\AppData\Roaming\uTorrent
      [25/10/2011 23:11] [08/12/2010 16:18] [DI] C:\Users\Nacho\AppData\Roaming\vlc
      [08/12/2011 18:44] [24/03/2010 19:42] [DI] C:\Users\Nacho\AppData\Roaming\VoipBuster
      [01/04/2010 17:35] [01/04/2010 17:35] [DI] C:\Users\Nacho\AppData\Roaming\WinBatch
      [ 24/11/2010 7:46] [ 24/11/2010 7:46] [DI] C:\Users\Nacho\AppData\Roaming\Windows Live Writer
      [23/05/2010 18:43] [23/05/2010 18:43] [DI] C:\Users\Nacho\AppData\Roaming\WinRAR
      [ 13/09/2011 9:06] [ 25/03/2010 16:41] [DI] C:\Users\Nacho\AppData\Roaming\_MDLogs
      [12/01/2012 7:28] [12/01/2012 7:28] [D] C:\Program Files (x86)\Adobe
      [06/09/2010 16:44] [06/09/2010 16:44] [D] C:\Program Files (x86)\AnvSoft
      [20/09/2011 8:39] [20/09/2011 8:38] [D] C:\Program Files (x86)\AVS4YOU
      [13/08/2010 23:33] [13/08/2010 23:33] [D] C:\Program Files (x86)\Babylon
      [11/06/2011 21:04] [11/06/2011 21:04] [D] C:\Program Files (x86)\BabylonToolbar
      [16/01/2011 5:48] [15/01/2011 12:02] [D] C:\Program Files (x86)\blinkx Remote Toolbar
      [28/11/2012 11:13] [14/07/2009 5:20] [D] C:\Program Files (x86)\Common Files
      [13/08/2010 23:33] [13/08/2010 23:33] [D] C:\Program Files (x86)\Conduit
      [28/12/2009 17:41] [28/12/2009 17:36] [D] C:\Program Files (x86)\Cyberlink
      C:\Program Files (x86)\desktop.ini [HSA] 174 bytes( 0)
      [29/08/2010 20:04] [29/08/2010 19:57] [D] C:\Program Files (x86)\Download Direct
      [13/09/2011 9:07] [28/12/2009 17:56] [D] C:\Program Files (x86)\EasyBits For Kids
      [13/08/2010 23:33] [13/08/2010 23:33] [D] C:\Program Files (x86)\Flash Player
      [30/11/2010 23:52] [30/11/2010 23:46] [D] C:\Program Files (x86)\Gabest
      [02/08/2011 9:39] [02/08/2011 9:39] [D] C:\Program Files (x86)\Google
      [27/11/2012 8:12] [28/12/2009 17:31] [D] C:\Program Files (x86)\Hewlett-Packard
      [28/12/2009 17:42] [28/12/2009 17:32] [D] C:\Program Files (x86)\hp
      [14/02/2012 16:56] [28/12/2009 17:52] [D] C:\Program Files (x86)\HP Games
      [27/11/2012 8:18] [28/12/2009 17:34] [HD] C:\Program Files (x86)\InstallShield Installation Information
      [16/11/2012 7:37] [14/07/2009 5:20] [D] C:\Program Files (x86)\Internet Explorer
      [20/10/2012 18:20] [28/05/2012 11:28] [D] C:\Program Files (x86)\Java
      [04/11/2011 13:08] [04/11/2011 13:08] [D] C:\Program Files (x86)\lx_Cats
      [10/05/2010 15:40] [10/05/2010 15:40] [D] C:\Program Files (x86)\Mahjong Memoirs
      [29/08/2010 15:06] [29/08/2010 15:06] [D] C:\Program Files (x86)\MajorShare
      [05/05/2012 22:16] [28/12/2009 17:58] [D] C:\Program Files (x86)\Microsoft
      [20/09/2011 14:01] [20/09/2011 14:01] [D] C:\Program Files (x86)\Microsoft Analysis Services
      [20/09/2011 14:15] [24/03/2010 9:57] [D] C:\Program Files (x86)\Microsoft Office
      [19/05/2012 13:24] [19/05/2012 13:24] [D] C:\Program Files (x86)\Microsoft Silverlight
      [20/09/2011 14:05] [28/12/2009 17:58] [D] C:\Program Files (x86)\Microsoft SQL Server Compact Edition
      [20/09/2011 14:05] [20/09/2011 14:05] [D] C:\Program Files (x86)\Microsoft Synchronization Services
      [20/09/2011 14:02] [20/09/2011 14:02] [D] C:\Program Files (x86)\Microsoft Visual Studio 8
      [12/10/2012 0:37] [24/03/2010 9:57] [D] C:\Program Files (x86)\Microsoft Works
      [29/12/2010 17:48] [27/03/2010 19:06] [D] C:\Program Files (x86)\Microsoft.NET
      [27/10/2012 21:21] [27/10/2012 21:21] [D] C:\Program Files (x86)\Mozilla Firefox
      [29/10/2012 6:40] [03/05/2012 19:39] [D] C:\Program Files (x86)\Mozilla Maintenance Service
      [20/09/2011 14:06] [14/07/2009 7:32] [D] C:\Program Files (x86)\MSBuild
      [08/08/2012 9:23] [08/08/2012 9:23] [D] C:\Program Files (x86)\NetRatingsNetSight
      [24/11/2011 18:04] [08/06/2011 12:32] [D] C:\Program Files (x86)\Notepad++
      [24/03/2010 9:55] [28/12/2009 17:52] [RD] C:\Program Files (x86)\Online Services
      [28/03/2010 14:09] [28/03/2010 14:08] [D] C:\Program Files (x86)\OpenOffice.org 3
      [28/12/2009 17:34] [28/12/2009 17:34] [D] C:\Program Files (x86)\Realtek
      [14/07/2009 7:32] [14/07/2009 7:32] [D] C:\Program Files (x86)\Reference Assemblies
      [11/10/2011 15:23] [04/01/2011 17:30] [D] C:\Program Files (x86)\Samsung
      [23/03/2012 19:17] [25/03/2010 10:50] [RD] C:\Program Files (x86)\Skype
      [24/03/2010 19:45] [24/03/2010 19:45] [D] C:\Program Files (x86)\SmartVoip.com
      [25/11/2012 19:08] [25/11/2012 9:03] [D] C:\Program Files (x86)\SuperAdBlocker.com
      [09/05/2010 8:27] [21/04/2010 20:42] [D] C:\Program Files (x86)\SUPERAntiSpyware
      [28/12/2009 17:35] [28/12/2009 17:34] [HD] C:\Program Files (x86)\Temp
      [15/06/2011 19:00] [08/03/2011 20:18] [D] C:\Program Files (x86)\The Amazing Brain Train
      [15/06/2011 19:00] [08/04/2010 16:11] [D] C:\Program Files (x86)\Total Video Converter
      [14/07/2009 6:57] [14/07/2009 6:57] [HD] C:\Program Files (x86)\Uninstall Information
      [18/06/2011 14:41] [18/06/2011 0:42] [D] C:\Program Files (x86)\URUSoft
      [15/06/2011 19:00] [24/03/2010 17:09] [D] C:\Program Files (x86)\uTorrent
      [08/07/2010 10:05] [02/04/2010 14:22] [D] C:\Program Files (x86)\VideoLAN
      [29/12/2009 2:18] [14/07/2009 7:32] [D] C:\Program Files (x86)\Windows Defender
      [03/05/2012 7:39] [28/12/2009 17:56] [D] C:\Program Files (x86)\Windows Live
      [27/06/2011 23:57] [14/07/2009 5:20] [D] C:\Program Files (x86)\Windows Mail
      [27/06/2011 23:57] [14/07/2009 7:32] [D] C:\Program Files (x86)\Windows Media Player
      [14/07/2009 7:32] [14/07/2009 5:20] [D] C:\Program Files (x86)\Windows NT
      [27/06/2011 23:57] [14/07/2009 7:32] [D] C:\Program Files (x86)\Windows Photo Viewer
      [27/06/2011 23:57] [14/07/2009 7:32] [D] C:\Program Files (x86)\Windows Portable Devices
      [27/06/2011 23:57] [14/07/2009 7:32] [D] C:\Program Files (x86)\Windows Sidebar
      [23/05/2010 18:43] [23/05/2010 18:43] [D] C:\Program Files (x86)\WinRAR
      C:\ProgramData\1354097230.bdinstall.bin [AI] 220 KB 0
      [08/11/2012 10:48] [10/05/2010 20:03] [DI] C:\ProgramData\Adobe
      [14/07/2009 7:08] [14/07/2009 7:08] [HSDLI] C:\ProgramData\Application Data
      [23/07/2012 16:12] [23/07/2012 16:12] [DI] C:\ProgramData\Ask
      [20/09/2011 8:39] [20/09/2011 8:39] [DI] C:\ProgramData\AVS4YOU
      [25/11/2012 8:55] [25/11/2012 8:51] [DI] C:\ProgramData\BDLogging
      [28/10/2010 23:59] [28/10/2010 23:59] [DI] C:\ProgramData\Canneverbe Limited
      [28/07/2011 19:10] [28/12/2009 17:37] [DI] C:\ProgramData\CyberLink
      [24/03/2010 9:54] [24/03/2010 9:54] [HSDLI] C:\ProgramData\Datos de programa
      [14/07/2009 7:08] [14/07/2009 7:08] [HSDLI] C:\ProgramData\Desktop
      [24/03/2010 9:54] [24/03/2010 9:54] [HSDLI] C:\ProgramData\Documentos
      [14/07/2009 7:08] [14/07/2009 7:08] [HSDLI] C:\ProgramData\Documents
      [24/03/2010 9:54] [24/03/2010 9:54] [HSDLI] C:\ProgramData\Escritorio
      [14/07/2009 7:08] [14/07/2009 7:08] [HSDLI] C:\ProgramData\Favorites
      [24/03/2010 9:54] [24/03/2010 9:54] [HSDLI] C:\ProgramData\Favoritos
      [08/07/2010 9:58] [08/07/2010 9:58] [DI] C:\ProgramData\FileCure
      [16/08/2010 12:09] [06/08/2010 1:43] [DI] C:\ProgramData\FreshGames
      [02/08/2011 9:39] [02/08/2011 9:39] [DI] C:\ProgramData\Google
      [31/12/2010 8:08] [28/12/2009 17:45] [DI] C:\ProgramData\Hewlett-Packard
      [18/03/2012 7:27] [18/03/2012 7:27] [DI] C:\ProgramData\IBUpdaterService
      [01/12/2010 0:14] [01/12/2010 0:14] [DI] C:\ProgramData\InterVideo
      [11/08/2011 20:41] [11/08/2011 20:41] [DI] C:\ProgramData\LightScribe
      [28/11/2012 11:26] [28/11/2012 11:26] [DI] C:\ProgramData\Malwarebytes
      [08/11/2012 10:48] [08/11/2012 10:48] [DI] C:\ProgramData\McAfee
      [24/03/2010 9:54] [24/03/2010 9:54] [HSDLI] C:\ProgramData\Menú Inicio
      [06/05/2012 7:14] [14/07/2009 5:20] [SDI] C:\ProgramData\Microsoft
      [15/11/2012 22:30] [27/03/2010 19:04] [DI] C:\ProgramData\Microsoft Help
      [03/05/2012 19:39] [03/05/2012 19:39] [DI] C:\ProgramData\Mozilla
      [25/11/2012 8:42] [20/11/2012 16:13] [DI] C:\ProgramData\Norton
      [20/11/2012 16:12] [20/11/2012 16:12] [DI] C:\ProgramData\NortonInstaller
      [28/12/2009 17:34] [28/12/2009 17:34] [DI] C:\ProgramData\NVIDIA
      [28/12/2009 17:43] [28/12/2009 17:43] [DI] C:\ProgramData\PC-Doctor for Windows
      [23/06/2010 0:57] [23/06/2010 0:57] [DI] C:\ProgramData\PCSettings
      [24/03/2010 9:54] [24/03/2010 9:54] [HSDLI] C:\ProgramData\Plantillas
      [30/12/2010 19:56] [07/04/2010 11:37] [DI] C:\ProgramData\Recovery
      [17/03/2012 10:27] [17/03/2012 10:27] [DI] C:\ProgramData\Samsung
      [22/08/2012 19:02] [25/03/2010 10:50] [DI] C:\ProgramData\Skype
      [05/11/2011 14:03] [05/06/2011 11:09] [DI] C:\ProgramData\Skype Extras
      [14/07/2009 7:08] [14/07/2009 7:08] [HSDLI] C:\ProgramData\Start Menu
      [02/04/2010 13:57] [02/04/2010 13:57] [DI] C:\ProgramData\Sun
      [21/04/2010 20:42] [21/04/2010 20:42] [DI] C:\ProgramData\SUPERAntiSpyware.com
      [22/09/2012 10:23] [28/12/2009 17:36] [DAI] C:\ProgramData\Temp
      [14/07/2009 7:08] [14/07/2009 7:08] [HSDLI] C:\ProgramData\Templates
      [14/02/2012 16:56] [28/12/2009 17:52] [DI] C:\ProgramData\WildTangent
      [13/07/2011 14:30] [13/07/2011 14:30] [DI] C:\ProgramData\WinMaximizer
      [27/11/2012 8:10] [27/11/2012 8:10] [DI] C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
      [28/12/2009 17:33] [28/12/2009 17:33] [HDC] C:\ProgramData\{B12D13C3-76FD-479D-AD99-8C6F18156BC9}
      [27/03/2010 19:07] [27/03/2010 19:07] [DI] C:\ProgramData\{B3C2C1CD-6B77-4A96-B670-F734AC2A1CBC}

      ==================== EOF ==================

      Ahora he instalado el antivirus Norton 360. No sé que hacer!!

      Un saludo y gracias de antemano.

    4. #4
      Usuario Avatar de Raudron
      Registrado
      sep 2012
      Ubicación
      El Mundo
      Mensajes
      1.467

      Re: Pop unders publicitarios en mi ordenador

      Hola,

      El reporte de Malwarebytes Antimalware podés encontrarlo en su pestaña Registros

      Por favor, realiza lo siguiente:

      Descarga al escritorio (pero no ejecutes aún) las siguientes herramientas:

      Malwarebytes Antimalware | Manual. Actualiza la base de datos de este programa.

      Rkill.
      Procede en Modo Seguro

      Ejecuta Rkill como administrador. Es muy importante que, a partir de este punto, no reinicies el sistema hasta que se te solicite.

      Ejecuta nuevamente Malwarebytes Antimalware.
      • Selecciona "Realizar un análisis completo" y luego presiona Analizar.
      • El Análisis puede tomar algún tiempo para terminar, así que por favor se paciente.
      • Cuando el Análisis se haya completado, haga clic en 'Aceptar', a continuación, mostrar los resultados. Elimina todo lo que encuentre (Haciendo clic en "Eliminar seleccionados") como muestra la imagen
      • Es posible que le solicite reiniciar su ordenador para completar con la desinfección y reparación de las áreas afectadas del sistema, por lo que permita el reinicio para terminar.
      Desinstala completamente estos programas con Revo Uninstaller en su Modo Avanzado, como lo indica su Manual:

      • Uniblue
      • WinMaximizer
      • Todo lo que tenga que ver con Babylon
      • Todo lo que tenga que ver con Blinx
      • Conduit
      • Ask
      • Descarga OTM a tu escritorio. Te dejo su Manual.
      • Ejecuta OTM.exe
      • Nota: Si estás utilizando Windows Vista o Windows 7. Da click derecho sobre OTM.exe y selecciona Ejecutar Como Admistrador
      • Copia y pega el siguiente Script que se encuentra dentro del recuadro de abajo. (Se excluye la palabra Código)


      Código:
      :files
      C:\Program Files (x86)\Babylon /d
      C:\Program Files (x86)\BabylonToolbar /d
      C:\Program Files (x86)\blinkx Remote Toolbar /d
      C:\Program Files (x86)\Conduit /d
      C:\ProgramData\WinMaximizer /d
      C:\ProgramData\Ask /d
      C:\Users\Nacho\AppData\Roaming\Uniblue /d
      
      :commands
      [resethosts]
      [emptytemp]
      [Reboot]
      • Presiona el botón rojo MoveIt!
      • Espera hasta cuando el resultado aparezca en el marco Results.
      • Permite que se reinicie el equipo, esto es importante.
      • Copia y Pega en tu próxima resuesta el reporte de OTM situado sobre C: \ _ OTM\MovedFiles\***_***.log


      Nota: Es posible que note archivos o carpetas visibles en el escritorio y/o en otro apartado del sistema, esto es normal, al finalizar los procedimientos, todo volverá a la normalidad.
      Por último, subí este archivo a Virustotal
      C:\Users\Nacho\AppData\Roaming\GhostObjGAFix.xml
      Podrías hacer una captura de todas las extensiones y plugins que tengas en Chrome y Firefox?

      Nos traes los reportes de Rkill, MBAM y OTM. Junto con el link del escaneo de Virustotal.
      Y nos comentas cómo funciona tu pc.
      Saludos

    5. #5
      Usuario Avatar de nach
      Registrado
      nov 2012
      Ubicación
      Castellon, españa
      Mensajes
      5

      Re: Pop unders publicitarios en mi ordenador

      Hola Raudron,
      He seguido todos los pasos y sigo con los pop unders. A continuación envio los reports de Rkill, Mbam y OTM.

      Rkill:
      Rkill 2.4.5 by Lawrence Abrams (Grinler)
      Bleeping Computer - Technical Support and Computer Help
      Copyright 2008-2012 BleepingComputer.com
      More Information about Rkill can be found at this link:
      RKill - What it does and What it Doesn&#39;t - A brief introduction to the program

      Program started at: 11/28/2012 09:06:13 PM in x64 mode.
      Windows Version: Windows 7 Home Premium Service Pack 1

      Checking for Windows services to stop:

      * No malware services found to stop.

      Checking for processes to terminate:

      * No malware processes found to kill.

      Checking Registry for malware related settings:

      * Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

      Backup Registry file created at:
      C:\Users\Nacho\Desktop\rkill\rkill-11-28-2012-09-06-16.reg

      Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

      Performing miscellaneous checks:

      * Windows Defender Disabled

      [HKLM\SOFTWARE\Microsoft\Windows Defender]
      "DisableAntiSpyware" = dword:00000001

      Checking Windows Service Integrity:

      * Windows Defender (WinDefend) is not Running.
      Startup Type set to: Manual

      Searching for Missing Digital Signatures:

      * No issues found.

      Checking HOSTS File:

      * No issues found.

      Program finished at: 11/28/2012 09:06:27 PM
      Execution time: 0 hours(s), 0 minute(s), and 13 seconds(s)

      MBAM:
      Malwarebytes Anti-Malware (Versión de Prueba) 1.65.1.1000
      Malwarebytes : Free anti-malware download

      Versión de la Base de Datos: v2012.11.28.08

      Windows 7 Service Pack 1 x64 NTFS
      Internet Explorer 9.0.8112.16421
      Nacho :: NACHO-PC [administrador]

      Protección: Personas de movilidad reducida

      28/11/2012 21:17:20
      mbam-log-2012-11-28 (21-17-20).txt

      Tipos de Análisis: Análisis Completo (C:\|D:\|)
      Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
      Opciones de análisis desactivados: P2P
      Objetos examinados: 394669
      Tiempo transcurrido: 1 hora(s), 7 minuto(s), 49 segundo(s)

      Procesos en Memoria Detectados: 0
      (No se han detectado elementos maliciosos)

      Módulos de Memoria Detectados: 0
      (No se han detectado elementos maliciosos)

      Claves del Registro Detectados: 0
      (No se han detectado elementos maliciosos)

      Valores del Registro Detectados: 0
      (No se han detectado elementos maliciosos)

      Elementos de Datos del Registro Detectados: 0
      (No se han detectado elementos maliciosos)

      Carpetas Detectadas: 0
      (No se han detectado elementos maliciosos)

      Archivos Detectados: 0
      (No se han detectado elementos maliciosos)

      fin)

      OTM:
      All processes killed
      ========== FILES ==========
      C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonChrome.crx deleted successfully.
      C:\Program Files (x86)\Babylon\Babylon-Pro\Utils folder deleted successfully.
      C:\Program Files (x86)\Babylon\Babylon-Pro folder deleted successfully.
      C:\Program Files (x86)\Babylon folder deleted successfully.
      C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbar.crx deleted successfully.
      C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19 folder deleted successfully.
      C:\Program Files (x86)\BabylonToolbar\BabylonToolbar folder deleted successfully.
      C:\Program Files (x86)\BabylonToolbar folder deleted successfully.
      C:\Program Files (x86)\blinkx Remote Toolbar folder deleted successfully.
      C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll deleted successfully.
      C:\Program Files (x86)\Conduit\Community Alerts folder deleted successfully.
      C:\Program Files (x86)\Conduit folder deleted successfully.
      C:\ProgramData\WinMaximizer\WinMaximizer\LOGS\LOGS_07_13_2011_14_30_25_PM.log deleted successfully.
      C:\ProgramData\WinMaximizer\WinMaximizer\LOGS folder deleted successfully.
      C:\ProgramData\WinMaximizer\WinMaximizer\Backup\Backup_July_13_11_14_31_38.reg deleted successfully.
      C:\ProgramData\WinMaximizer\WinMaximizer\Backup folder deleted successfully.
      C:\ProgramData\WinMaximizer\WinMaximizer\TipofDay_EN.xml deleted successfully.
      C:\ProgramData\WinMaximizer\WinMaximizer\wxfdata.wxf deleted successfully.
      C:\ProgramData\WinMaximizer\WinMaximizer folder deleted successfully.
      C:\ProgramData\WinMaximizer folder deleted successfully.
      C:\ProgramData\Ask\APN-Stub folder deleted successfully.
      C:\ProgramData\Ask folder deleted successfully.
      C:\Users\Nacho\AppData\Roaming\Uniblue\RegistryBooster\_temp folder deleted successfully.
      C:\Users\Nacho\AppData\Roaming\Uniblue\RegistryBooster\history\latest_scan_results.html deleted successfully.
      C:\Users\Nacho\AppData\Roaming\Uniblue\RegistryBooster\history folder deleted successfully.
      C:\Users\Nacho\AppData\Roaming\Uniblue\RegistryBooster\backup folder deleted successfully.
      C:\Users\Nacho\AppData\Roaming\Uniblue\RegistryBooster\error.log deleted successfully.
      C:\Users\Nacho\AppData\Roaming\Uniblue\RegistryBooster\last_scan.dat deleted successfully.
      C:\Users\Nacho\AppData\Roaming\Uniblue\RegistryBooster\settings.dat deleted successfully.
      C:\Users\Nacho\AppData\Roaming\Uniblue\RegistryBooster folder deleted successfully.
      C:\Users\Nacho\AppData\Roaming\Uniblue folder deleted successfully.
      ========== COMMANDS ==========
      C:\Windows\System32\drivers\etc\Hosts moved successfully.
      HOSTS file reset successfully

      [EMPTYTEMP]

      User: All Users

      User: Default
      ->Temp folder emptied: 0 bytes
      ->Temporary Internet Files folder emptied: 33170 bytes

      User: Default User
      ->Temp folder emptied: 0 bytes
      ->Temporary Internet Files folder emptied: 0 bytes

      User: Nacho
      ->Temp folder emptied: 0 bytes
      ->Temporary Internet Files folder emptied: 6940856 bytes
      ->Java cache emptied: 6246120 bytes
      ->FireFox cache emptied: 61987017 bytes
      ->Flash cache emptied: 5921588 bytes

      User: Public

      %systemdrive% .tmp files removed: 0 bytes
      %systemroot% .tmp files removed: 0 bytes
      %systemroot%\System32 .tmp files removed: 0 bytes
      %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
      %systemroot%\System32\drivers .tmp files removed: 0 bytes
      Windows Temp folder emptied: 1684620 bytes
      %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 93140 bytes
      %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 755 bytes
      %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 68042 bytes
      RecycleBin emptied: 12777173 bytes


      Ahora las capturas de pantallas (solo uso Firefox, después tengo internet explorer que no uso):



      http://i.imgur.com/Ma6g8.png

      http://i.imgur.com/VDSzn.png


      Un saludo

    6. #6
      Usuario Avatar de Raudron
      Registrado
      sep 2012
      Ubicación
      El Mundo
      Mensajes
      1.467

      Re: Pop unders publicitarios en mi ordenador

      Hola,

      Actualiza tu versión de Java y desinstala todas las versiones anteriores.

      Desinstala todas tus extensiones de Firefox, una por una, y probando luego de haberlas desinstalado.
      También desinstala el plugin de Nielsen.

      Nos comentas si siguen apareciendo las extensiones.
      El problema sólo te ocurre en Firefox?

      Saludos

    7. #7
      Usuario Avatar de nach
      Registrado
      nov 2012
      Ubicación
      Castellon, españa
      Mensajes
      5

      Re: Pop unders publicitarios en mi ordenador

      Hola Raudron, muchas gracias,

      Parece que ya no me aparecen los pop unders. Java ya estaba actualizado. No llegué a desinstalar las extensiones de Firefox o el plugin de Nielsen.

      ¿Puede ser que después de seguir tus instrucciones, y que apareciese otro pop under, Malwarebytes se actualizó y eliminó el problema? o no sé que ha ocurrido... El caso es que parece que el problema se ha solucionado.

      Muchas gracias por todo.

      un saludo

    8. #8
      Usuario Avatar de Raudron
      Registrado
      sep 2012
      Ubicación
      El Mundo
      Mensajes
      1.467

      Re: Pop unders publicitarios en mi ordenador

      Hola,


      Desaparecieron completamente los pop unders?

      Igualmente, deberias eliminar las extensiones y los plugins correspondientes a: Nielsen, StumbleUpon, myBabylon Toolbar, y todas las toolbars que veas
      Si tenés alguna duda sobre esto, podés consultarnos.

      Probá unas horas más el ordenador, reiniciando varias veces y navegando por varios sitios. Y nos comentas si siguen apareciendo los pop unders

      Saludos

    9. #9
      Usuario Avatar de nach
      Registrado
      nov 2012
      Ubicación
      Castellon, españa
      Mensajes
      5

      Re: Pop unders publicitarios en mi ordenador

      Hola Raudron,

      He hecho lo que me has indicado, y ya ha pasado más de una semana y no han vuelto a aparecer. Problema solucionado.

      Muchas gracias,

      Un saludo

    10. #10
      Usuario Avatar de Raudron
      Registrado
      sep 2012
      Ubicación
      El Mundo
      Mensajes
      1.467

      Re: Pop unders publicitarios en mi ordenador

      Hola,

      Para terminar solo quedaría desinstalar OTM de la siguiente forma:

      Estando CONECTADO A INTERNET Ejecuta OTM.exe
      • Presiona el botón CleanUp!
      • Confirma el inicio del proceso de limpieza pulsando en "Yes".
      • Aparecerá un listado de las herramientas usadas durante la desinfección.
      • OTMoveIt pedirá que reinicie el sistema, confírmalo pulsando en "Yes".


      Me alegra que hayamos podido solucionar tu problema. Fue un placer ayudarte.

      *Tema Solucionado*


      Si por alguna razón necesitas reabrir este mensaje, le das clik a esta imagen , abajo a la izquierda del post, comentando los motivos por los que necesitas reabrir el tema.

      Como Reportar Mensajes?
      Como recomendación final, te invitamos a seguirnos en nuestros canales de difusión: Blog, Twitter, Facebook, vía E-Mail, para estar al tanto de los nuevos malwares y como prevenirlos.
      Te damos las gracias por haber confiado en ForoSpyware.
      Saludos!