• Registrarse
  • Iniciar sesión


  • Resultados 1 al 6 de 6

    Al buscar en Google, se abren ventanas infinitas

    Hola amigos! He estado buscando por ahi y no he encontrado nada En varios equipos de la misma red, le pasa lo mismo, al buscar (principalmente con ie) se abren ventanas nuevas con google de ...

    1. #1
      Usuario Avatar de sallen
      Registrado
      ago 2006
      Ubicación
      Madrid - España
      Mensajes
      10

      Investigación Al buscar en Google, se abren ventanas infinitas

      Hola amigos!

      He estado buscando por ahi y no he encontrado nada

      En varios equipos de la misma red, le pasa lo mismo, al buscar (principalmente con ie) se abren ventanas nuevas con google de nuevo, y a no ser que cierres 2 o 3 rapidamente, aparentemente no para.

      Cacharreando un poco, me fije que el motor de busqueda, ponia google, pero no su icono, y la direccion, aparentemente ponia la direccion de google 2 veces, como si fuera un loop.

      Lo que ha generado que google bloque a ratos cualquier busqueda procedente de esa ip.

      Como hay miles de porquerias que modifican el motor de busqueda, no me ha "sorprendido" pero claro, que generer busquedas redundantes que haga bloquear google, ya es cosa seria, y tambien que en la misma red se haya propagado por varios equipos, es ya algo que me preocupa.

      El superantispyware ni el malwarebytes no encuentran nada.
      Tras hacer los procesos habituales, ccleaner y antivirus, matando procesos aparentemente sigue existiendo el mismo problema.

      Eliminar el motor de busqueda de los navegadores, se arregla, pero no es eliminar el problema ya que no se si puede seguir existiendo el virus...

      Lo unico raro que me he encontrado en en chrome, esta modificacion con los datos extraidos del ccleaner:

      Si App Búsqueda de Google 0.0.0.19 Primer usuario C:\Users\crdeprada\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1
      Si App Gmail 7 Primer usuario C:\Users\crdeprada\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
      Si App YouTube 4.2.5 Primer usuario C:\Users\crdeprada\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1

      No creo que las apps de google se guarden en esos directorios... a demas de que el resto de app, no tienen esa estructura.

      El scan del hijackthis aparentemente esta limpio, pero antes de postearlo preferio saber si alguien puede saber por donde van los tiros de este poltgeist.

      Graciaaas!

    2. #2
      Moderador
      Avatar de @MarioL
      Registrado
      nov 2006
      Ubicación
      Málaga - España
      Mensajes
      8.819

      Re: Al buscar en Google, se abren ventanas infinitas

      Hola

      Pasale esta herramienta a todas tus máquinas con problemas. Tras terminar comenta como funcionan

      • Realiza lo siguiente:
      • Descarga AT-Destroyer (Adwares/Toolbars-Destroyer) By Infospyware.
      • Ejecuta la herramienta como administrador.
      • Aparecerá el Disclaimer de la herramienta.Presiona .
      • Presiona sobre la opción 1 (Buscar y Destruir)
      • La herramienta desconectará el escritorio moméntaneamente.
      • En caso de estar infectado,la herramienta lo indicará con lineas rojas donde se haya encontrado la infección,sino,serán lineas verdes.
      • Una vez terminado el escaneo,podrás volver a ver el escritorio y se te abrirá un reporte,que deberás copiar en tu próxima respuesta comentando cómo funciona el sistema.
      Invy

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #3
      Usuario Avatar de sallen
      Registrado
      ago 2006
      Ubicación
      Madrid - España
      Mensajes
      10

      Mensaje Re: Al buscar en Google, se abren ventanas infinitas

      Muchas gracias Invy por tu respuesta!

      Buena y sencilla herramienta, y mas si pilla toolbars tan cansinas como babylon.

      En los 3 equipos, solo ha detectado infeccion en registro, a continuacion te dejo los logs a ver si veis algo interpretable.
      Lo que me llama la atencion en 2 de los logs, es el directorio de 3 extensiones del chrome.

      Tambien veo en el primero que en listado tiene varios directorio temporales sospechosos... pero que en el resto no aparece.

      por cierto, el apartado de listado, ¿que lista, vaya en base a que realiza ese listado? porque veo un poco de todo

      Código:
      ######################## AT-Destroyer [2.1] By Infospyware.
      Hora/Día/Mes/Año: 12:04:17  \\\  21/03/2013
      AT-Destroyer 2.1 By Infospyware ---> www.infospyware.com
      Última actualización: 30/11/2012
      Opción escogida: 2 :Buscar y Destruir
      Versión Internet Explorer:9.0.8112.16421
      Google Chrome:25.0.1364.172
      Privilegios: crdeprada - Administrador
      Modo Actual: Modo Normal.  
      Nombre del pc: PC-CRDEPRADA
      Información del sistema operativo:X64-WIN_7-
      nombre del usuario:crdeprada
      Lenguaje del sistema: Español
      
      
      
      >>>>>>>  Servicios <<<<<<<
      
      
      
      >>>>>> Carpetas <<<<<<
      
      
      
      >>>>>>  Archivos  <<<<<<
      
      
      
      >>>>>>  Registro  <<<<<<
      
      HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      
      
      >>>>>> Heurística <<<<<<
      
      
      
       >>>>>> Internet Explorer <<<<<<
      
      Start Page==www.google.com
      Local Page==C:\Windows\SysWOW64\blank.htm
      Search Page==http://go.microsoft.com/fwlink/?LinkId=54896
      Default_search_url==http://go.microsoft.com/fwlink/?LinkId=54896
      Default_Page_URL==http://g.uk.msn.com/HPCOM/14
      
      
      ''HKCU\Software\Microsoft\Internet Explorer\Main''
      Start Page==www.google.com
      Local Page==C:\Windows\system32\blank.htm
      Search Page==http://go.microsoft.com/fwlink/?LinkId=54896
      Default_search_url==
      Default_Page_URL==http://g.uk.msn.com/HPCOM/14
      
      
      HKEY_USERS\S-1-5-21-2434528865-4017363958-4069960943-1135\Software\Microsoft\Internet Explorer\Main''
      Start Page==www.google.com
      Local Page==C:\Windows\system32\blank.htm
      Search Page==http://go.microsoft.com/fwlink/?LinkId=54896
      Default_search_url==
      Default_Page_URL==http://g.uk.msn.com/HPCOM/14
      
      
      >>>>>> Extensiones Firefox <<<<<<
      
      
      
      >>>>>> Plugins Firefox <<<<<<
      
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Acrobat
      
      >>>>>> Google Chrome <<<<<<
      
         "homepage": "http://www.google.com/",
         "homepage_changed": true,
         "homepage_is_newtabpage": false,
      
      
      >>>>>> Extensiones Google Chrome <<<<<<
      
      C:\Users\crdeprada\AppData\Local\Google\Chrome\User Data\Default\Extensions\3
      C:\Users\crdeprada\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
      C:\Users\crdeprada\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
      C:\Users\crdeprada\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
      
      ======== Listado ===========
      
      [12/09/2011 11:00]    [12/09/2011 10:13]   [DI]   C:\Users\crdeprada\AppData\Roaming\Apple Computer
      [22/03/2012 14:12]    [22/03/2012 14:12]   [DI]   C:\Users\crdeprada\AppData\Roaming\com.socialbro.air
      [  28/03/2011 9:48]    [  28/03/2011 9:48]   [DI]   C:\Users\crdeprada\AppData\Roaming\DigitalPersona
      [  19/09/2012 9:14]    [  18/09/2012 13:12]   [DI]   C:\Users\crdeprada\AppData\Roaming\Huuka
      [  28/03/2011 9:48]    [  28/03/2011 9:48]   [DI]   C:\Users\crdeprada\AppData\Roaming\Identities
      [28/03/2011 10:14]    [28/03/2011 10:14]   [DI]   C:\Users\crdeprada\AppData\Roaming\Macromedia
      [21/03/2013 10:15]    [21/03/2013 10:15]   [DI]   C:\Users\crdeprada\AppData\Roaming\Malwarebytes
      [  14/07/2009 9:45]    [  28/03/2011 9:48]   [DI]   C:\Users\crdeprada\AppData\Roaming\Media Center Programs
      [18/09/2012 13:12]    [28/03/2011 9:48]   [SDI]   C:\Users\crdeprada\AppData\Roaming\Microsoft
      [  19/09/2012 8:49]    [  19/09/2012 8:49]   [DI]   C:\Users\crdeprada\AppData\Roaming\SUPERAntiSpyware.com
      C:\Users\crdeprada\AppData\Roaming\Valores separados por comas (Windows).ADR   [AI]    22,4 KB    ( )
      [06/06/2011 10:56]    [06/06/2011 10:56]   [DI]   C:\Users\crdeprada\AppData\Roaming\Windows Live Writer
      [18/09/2012 13:12]    [18/09/2012 13:12]   [DI]   C:\Users\crdeprada\AppData\Roaming\Yqoqi
      [02/10/2012 11:39]    [18/09/2012 13:12]   [DI]   C:\Users\crdeprada\AppData\Roaming\Zuoroz
      [12/09/2011 10:13]    [12/09/2011 10:12]   [D]   C:\Program Files (x86)\Apple Software Update
      [14/10/2011 11:57]    [14/10/2011 11:57]   [D]   C:\Program Files (x86)\Bonjour
      [22/03/2012 14:10]    [14/07/2009 5:20]   [D]   C:\Program Files (x86)\Common Files
      C:\Program Files (x86)\desktop.ini   [HSA]    174 bytes( 0)
      [02/03/2012 10:03]    [25/03/2011 13:24]   [D]   C:\Program Files (x86)\ESET
      [10/10/2012 10:21]    [10/10/2012 10:21]   [D]   C:\Program Files (x86)\Google
      [25/01/2011 21:04]    [25/01/2011 20:48]   [D]   C:\Program Files (x86)\Hewlett-Packard
      [25/01/2011 21:02]    [25/01/2011 20:58]   [D]   C:\Program Files (x86)\HP Games
      [25/01/2011 20:58]    [25/01/2011 20:50]   [HD]   C:\Program Files (x86)\InstallShield Installation Information
      [25/01/2011 20:51]    [25/01/2011 20:41]   [D]   C:\Program Files (x86)\Intel
      [14/03/2013 9:54]    [14/07/2009 5:20]   [D]   C:\Program Files (x86)\Internet Explorer
      [25/01/2011 20:53]    [25/01/2011 20:52]   [D]   C:\Program Files (x86)\InterVideo
      [14/10/2011 12:03]    [14/10/2011 12:02]   [D]   C:\Program Files (x86)\iTunes
      [28/03/2011 9:31]    [25/03/2011 13:30]   [D]   C:\Program Files (x86)\Java
      [21/03/2013 10:15]    [21/03/2013 10:15]   [D]   C:\Program Files (x86)\Malwarebytes' Anti-Malware
      [25/03/2011 13:20]    [25/01/2011 21:03]   [D]   C:\Program Files (x86)\Microsoft
      [25/03/2011 13:23]    [25/01/2011 20:56]   [D]   C:\Program Files (x86)\Microsoft Office
      [27/02/2013 10:21]    [02/03/2012 10:06]   [D]   C:\Program Files (x86)\Microsoft Security Client
      [13/03/2013 14:27]    [13/03/2013 14:27]   [D]   C:\Program Files (x86)\Microsoft Silverlight
      [31/03/2011 12:49]    [31/03/2011 12:49]   [D]   C:\Program Files (x86)\Microsoft SQL Server Compact Edition
      [25/03/2011 13:23]    [25/03/2011 13:23]   [D]   C:\Program Files (x86)\Microsoft Visual Studio
      [01/04/2011 14:09]    [25/03/2011 13:23]   [D]   C:\Program Files (x86)\Microsoft Works
      [25/03/2011 13:22]    [25/01/2011 20:45]   [D]   C:\Program Files (x86)\Microsoft.NET
      [14/07/2009 7:32]    [14/07/2009 7:32]   [D]   C:\Program Files (x86)\MSBuild
      [28/03/2011 11:02]    [25/01/2011 20:57]   [D]   C:\Program Files (x86)\MSECache
      [28/03/2011 14:17]    [28/03/2011 14:17]   [D]   C:\Program Files (x86)\MSXML 4.0
      [25/03/2011 13:10]    [25/01/2011 20:58]   [RD]   C:\Program Files (x86)\Online Services
      [12/09/2011 10:13]    [12/09/2011 10:13]   [D]   C:\Program Files (x86)\QuickTime
      [25/01/2011 20:50]    [25/01/2011 20:50]   [D]   C:\Program Files (x86)\Realtek
      [14/07/2009 7:32]    [14/07/2009 7:32]   [D]   C:\Program Files (x86)\Reference Assemblies
      [31/05/2012 10:38]    [31/05/2012 10:38]   [D]   C:\Program Files (x86)\SocialBro
      [27/07/2012 9:34]    [27/07/2012 9:34]   [D]   C:\Program Files (x86)\TeamViewer
      [25/01/2011 20:50]    [25/01/2011 20:50]   [HD]   C:\Program Files (x86)\Temp
      [14/07/2009 6:57]    [14/07/2009 6:57]   [HD]   C:\Program Files (x86)\Uninstall Information
      [25/03/2011 13:58]    [14/07/2009 7:32]   [D]   C:\Program Files (x86)\Windows Defender
      [31/03/2011 12:50]    [31/03/2011 12:48]   [D]   C:\Program Files (x86)\Windows Live
      [29/03/2011 10:09]    [14/07/2009 5:20]   [D]   C:\Program Files (x86)\Windows Mail
      [25/03/2011 13:58]    [14/07/2009 7:32]   [D]   C:\Program Files (x86)\Windows Media Player
      [14/07/2009 7:32]    [14/07/2009 5:20]   [D]   C:\Program Files (x86)\Windows NT
      [25/03/2011 13:58]    [14/07/2009 7:32]   [D]   C:\Program Files (x86)\Windows Photo Viewer
      [14/07/2009 7:32]    [14/07/2009 7:32]   [D]   C:\Program Files (x86)\Windows Portable Devices
      [25/03/2011 13:58]    [14/07/2009 7:32]   [D]   C:\Program Files (x86)\Windows Sidebar
      [12/09/2011 10:18]    [12/09/2011 10:12]   [DI]   C:\ProgramData\Apple
      [12/09/2011 10:14]    [12/09/2011 10:13]   [DI]   C:\ProgramData\Apple Computer
      [14/07/2009 7:08]    [14/07/2009 7:08]   [HSDLI]   C:\ProgramData\Application Data
      [25/01/2011 20:53]    [25/01/2011 20:53]   [DI]   C:\ProgramData\Corel
      [14/07/2009 7:08]    [14/07/2009 7:08]   [HSDLI]   C:\ProgramData\Desktop
      [14/07/2009 7:08]    [14/07/2009 7:08]   [HSDLI]   C:\ProgramData\Documents
      [25/03/2011 13:29]    [25/03/2011 13:29]   [DI]   C:\ProgramData\ESET
      [14/07/2009 7:08]    [14/07/2009 7:08]   [HSDLI]   C:\ProgramData\Favorites
      [25/03/2011 22:05]    [25/01/2011 20:49]   [DI]   C:\ProgramData\Hewlett-Packard
      [21/03/2013 12:04]    [25/01/2011 20:49]   [DI]   C:\ProgramData\HPQLOG
      [25/01/2011 20:51]    [25/01/2011 20:51]   [DI]   C:\ProgramData\intel
      [25/01/2011 20:49]    [25/01/2011 20:49]   [DI]   C:\ProgramData\Macrovision
      [21/03/2013 10:15]    [21/03/2013 10:15]   [DI]   C:\ProgramData\Malwarebytes
      [02/03/2012 10:06]    [14/07/2009 5:20]   [SDI]   C:\ProgramData\Microsoft
      [13/03/2013 14:30]    [25/03/2011 13:20]   [DI]   C:\ProgramData\Microsoft Help
      [25/03/2011 13:22]    [25/01/2011 21:03]   [DI]   C:\ProgramData\Norton
      [25/01/2011 21:03]    [25/01/2011 21:03]   [DI]   C:\ProgramData\NortonInstaller
      C:\ProgramData\ntuser.pol   [RHSAI]    2,86 KB    0
      [25/03/2011 13:21]    [25/03/2011 13:21]   [DI]   C:\ProgramData\PDFC
      [13/05/2011 10:27]    [13/05/2011 10:27]   [DI]   C:\ProgramData\regid.1986-12.com.adobe
      [14/07/2009 7:08]    [14/07/2009 7:08]   [HSDLI]   C:\ProgramData\Start Menu
      [25/03/2011 13:30]    [25/03/2011 13:30]   [DI]   C:\ProgramData\Sun
      [07/05/2012 9:46]    [07/05/2012 9:46]   [DI]   C:\ProgramData\SUPERAntiSpyware.com
      [25/01/2011 20:53]    [25/01/2011 20:53]   [DI]   C:\ProgramData\Temp
      [14/07/2009 7:08]    [14/07/2009 7:08]   [HSDLI]   C:\ProgramData\Templates
      [25/01/2011 21:02]    [25/01/2011 20:58]   [DI]   C:\ProgramData\WildTangent
      [25/01/2011 20:57]    [25/01/2011 20:57]   [HDC]   C:\ProgramData\{0D9D262D-4BA2-4BC3-9CD3-4D1A9AE63E18}
      [12/09/2011 10:15]    [12/09/2011 10:14]   [DI]   C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
      [25/01/2011 20:54]    [25/01/2011 20:54]   [DI]   C:\ProgramData\{D13C0989-F3EC-4F44-A33D-B3F83DF90FAF}
      Código:
      ######################## AT-Destroyer [2.1] By Infospyware.
      Hora/Día/Mes/Año: 12:17:33  \\\  21/03/2013
      AT-Destroyer 2.1 By Infospyware ---> www.infospyware.com
      Última actualización: 30/11/2012
      Opción escogida: 2 :Buscar y Destruir
      Versión Internet Explorer:9.0.8112.16421
      Google Chrome:25.0.1364.172
      Privilegios: cesquivel - Administrador
      Modo Actual: Modo Normal.  
      Nombre del pc: PCCESQUIVEL
      Información del sistema operativo:X64-WIN_7-Service Pack 1
      nombre del usuario:cesquivel
      Lenguaje del sistema: Español
      
      
      
      >>>>>>>  Servicios <<<<<<<
      
      
      
      >>>>>> Carpetas <<<<<<
      
      
      
      >>>>>>  Archivos  <<<<<<
      
      
      
      >>>>>>  Registro  <<<<<<
      
      HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      
      
      >>>>>> Heurística <<<<<<
      
      
      
       >>>>>> Internet Explorer <<<<<<
      
      Start Page==www.google.com
      Local Page==C:\Windows\SysWOW64\blank.htm
      Search Page==http://go.microsoft.com/fwlink/?LinkId=54896
      Default_search_url==http://go.microsoft.com/fwlink/?LinkId=54896
      Default_Page_URL==http://g.uk.msn.com/HPCOM/23
      
      
      ''HKCU\Software\Microsoft\Internet Explorer\Main''
      Start Page==www.google.com
      Local Page==C:\Windows\system32\blank.htm
      Search Page==http://go.microsoft.com/fwlink/?LinkId=54896
      Default_search_url==
      Default_Page_URL==http://g.uk.msn.com/HPCOM/23
      
      
      HKEY_USERS\S-1-5-21-2434528865-4017363958-4069960943-1207\Software\Microsoft\Internet Explorer\Main''
      Start Page==www.google.com
      Local Page==C:\Windows\system32\blank.htm
      Search Page==http://go.microsoft.com/fwlink/?LinkId=54896
      Default_search_url==
      Default_Page_URL==http://g.uk.msn.com/HPCOM/23
      
      
      >>>>>> Extensiones Firefox <<<<<<
      
      
      
      >>>>>> Plugins Firefox <<<<<<
      
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader
      
      >>>>>> Google Chrome <<<<<<
      
         "homepage": "http://www.google.com/",
         "homepage_changed": true,
         "homepage_is_newtabpage": false,
      
      
      >>>>>> Extensiones Google Chrome <<<<<<
      
      C:\Users\cesquivel\AppData\Local\Google\Chrome\User Data\Default\Extensions\3
      C:\Users\cesquivel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
      C:\Users\cesquivel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
      C:\Users\cesquivel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
      
      ======== Listado ===========
      
      [28/02/2012 11:31]    [28/02/2012 11:31]   [DI]   C:\Users\cesquivel\AppData\Roaming\DigitalPersona
      [16/05/2012 18:36]    [16/05/2012 18:16]   [DI]   C:\Users\cesquivel\AppData\Roaming\Google
      [28/02/2012 11:53]    [28/02/2012 11:53]   [DI]   C:\Users\cesquivel\AppData\Roaming\hewlett-packard
      [28/02/2012 11:31]    [28/02/2012 11:31]   [DI]   C:\Users\cesquivel\AppData\Roaming\Identities
      [28/02/2012 12:17]    [28/02/2012 12:17]   [DI]   C:\Users\cesquivel\AppData\Roaming\Macromedia
      [20/03/2013 12:48]    [20/03/2013 12:48]   [DI]   C:\Users\cesquivel\AppData\Roaming\Malwarebytes
      [  21/11/2010 8:17]    [  28/02/2012 11:31]   [DI]   C:\Users\cesquivel\AppData\Roaming\Media Center Programs
      [27/11/2012 13:24]    [28/02/2012 11:31]   [SDI]   C:\Users\cesquivel\AppData\Roaming\Microsoft
      C:\Users\cesquivel\AppData\Roaming\Microsoft Excel 97-2003.CAL   [AI]    12,6 KB    ( )
      [22/02/2013 14:19]    [22/02/2013 14:19]   [DI]   C:\Users\cesquivel\AppData\Roaming\SUPERAntiSpyware.com
      [07/03/2012 11:01]    [07/03/2012 11:01]   [DI]   C:\Users\cesquivel\AppData\Roaming\WinRAR
      [28/02/2012 12:41]    [14/07/2009 5:20]   [D]   C:\Program Files (x86)\Common Files
      [08/01/2012 1:00]    [08/01/2012 1:00]   [D]   C:\Program Files (x86)\Cyberlink
      C:\Program Files (x86)\desktop.ini   [HSA]    174 bytes( 0)
      [11/12/2012 16:43]    [28/02/2012 12:22]   [D]   C:\Program Files (x86)\Google
      [28/02/2012 10:47]    [08/01/2012 0:52]   [D]   C:\Program Files (x86)\Hewlett-Packard
      [08/01/2012 1:03]    [08/01/2012 1:01]   [D]   C:\Program Files (x86)\HP Games
      [08/01/2012 1:00]    [08/01/2012 0:53]   [HD]   C:\Program Files (x86)\InstallShield Installation Information
      [08/01/2012 1:06]    [08/01/2012 0:49]   [D]   C:\Program Files (x86)\Intel
      [14/03/2013 3:18]    [14/07/2009 5:20]   [D]   C:\Program Files (x86)\Internet Explorer
      [20/03/2013 12:48]    [20/03/2013 12:48]   [D]   C:\Program Files (x86)\Malwarebytes' Anti-Malware
      [28/02/2012 10:38]    [08/01/2012 1:04]   [D]   C:\Program Files (x86)\Microsoft
      [28/02/2012 12:39]    [28/02/2012 12:39]   [D]   C:\Program Files (x86)\Microsoft Analysis Services
      [28/02/2012 12:41]    [28/02/2012 12:39]   [D]   C:\Program Files (x86)\Microsoft Office
      [27/02/2013 3:00]    [28/02/2012 11:16]   [D]   C:\Program Files (x86)\Microsoft Security Client
      [14/03/2013 3:00]    [14/03/2013 3:00]   [D]   C:\Program Files (x86)\Microsoft Silverlight
      [28/02/2012 12:41]    [28/02/2012 12:41]   [D]   C:\Program Files (x86)\Microsoft SQL Server Compact Edition
      [28/02/2012 12:41]    [28/02/2012 12:41]   [D]   C:\Program Files (x86)\Microsoft Sync Framework
      [28/02/2012 12:41]    [28/02/2012 12:41]   [D]   C:\Program Files (x86)\Microsoft Synchronization Services
      [28/02/2012 12:40]    [28/02/2012 12:40]   [D]   C:\Program Files (x86)\Microsoft Visual Studio 8
      [28/02/2012 12:41]    [11/02/2011 21:25]   [D]   C:\Program Files (x86)\Microsoft.NET
      [28/02/2012 12:41]    [14/07/2009 7:32]   [D]   C:\Program Files (x86)\MSBuild
      [08/01/2012 0:59]    [08/01/2012 0:59]   [D]   C:\Program Files (x86)\MSECache
      [27/02/2012 17:20]    [08/01/2012 1:00]   [RD]   C:\Program Files (x86)\Online Services
      [08/01/2012 0:54]    [08/01/2012 0:54]   [D]   C:\Program Files (x86)\Realtek
      [14/07/2009 7:32]    [14/07/2009 7:32]   [D]   C:\Program Files (x86)\Reference Assemblies
      [08/01/2012 1:05]    [08/01/2012 1:05]   [D]   C:\Program Files (x86)\SymSilent
      [08/01/2012 0:54]    [08/01/2012 0:54]   [HD]   C:\Program Files (x86)\Temp
      [14/07/2009 6:57]    [14/07/2009 6:57]   [HD]   C:\Program Files (x86)\Uninstall Information
      [08/01/2012 1:01]    [08/01/2012 1:01]   [D]   C:\Program Files (x86)\WildTangent Games
      [08/01/2012 0:34]    [14/07/2009 7:32]   [D]   C:\Program Files (x86)\Windows Defender
      [08/01/2012 0:34]    [14/07/2009 5:20]   [D]   C:\Program Files (x86)\Windows Mail
      [08/01/2012 0:34]    [14/07/2009 7:32]   [D]   C:\Program Files (x86)\Windows Media Player
      [14/07/2009 7:32]    [14/07/2009 5:20]   [D]   C:\Program Files (x86)\Windows NT
      [08/01/2012 0:34]    [14/07/2009 7:32]   [D]   C:\Program Files (x86)\Windows Photo Viewer
      [21/11/2010 4:31]    [14/07/2009 7:32]   [D]   C:\Program Files (x86)\Windows Portable Devices
      [27/02/2012 17:20]    [14/07/2009 7:32]   [D]   C:\Program Files (x86)\Windows Sidebar
      [14/07/2009 7:08]    [14/07/2009 7:08]   [HSDLI]   C:\ProgramData\Application Data
      [08/01/2012 1:00]    [08/01/2012 1:00]   [DI]   C:\ProgramData\CyberLink
      [14/07/2009 7:08]    [14/07/2009 7:08]   [HSDLI]   C:\ProgramData\Desktop
      [08/01/2012 2:27]    [08/01/2012 2:27]   [DI]   C:\ProgramData\DigitalPersona
      [14/07/2009 7:08]    [14/07/2009 7:08]   [HSDLI]   C:\ProgramData\Documents
      [14/07/2009 7:08]    [14/07/2009 7:08]   [HSDLI]   C:\ProgramData\Favorites
      [08/01/2012 0:54]    [08/01/2012 0:54]   [DI]   C:\ProgramData\FLEXnet
      [28/02/2012 12:23]    [28/02/2012 12:22]   [DI]   C:\ProgramData\Google
      [28/02/2012 2:14]    [08/01/2012 0:53]   [DI]   C:\ProgramData\Hewlett-Packard
      [08/01/2012 0:54]    [08/01/2012 0:54]   [DI]   C:\ProgramData\HPQLOG
      [08/01/2012 2:27]    [08/01/2012 0:55]   [DI]   C:\ProgramData\intel
      [08/01/2012 0:54]    [08/01/2012 0:54]   [DI]   C:\ProgramData\Macrovision
      [20/03/2013 12:48]    [20/03/2013 12:48]   [DI]   C:\ProgramData\Malwarebytes
      [08/01/2012 1:07]    [08/01/2012 1:07]   [DI]   C:\ProgramData\McAfee
      [28/02/2012 12:41]    [14/07/2009 5:20]   [SDI]   C:\ProgramData\Microsoft
      [14/03/2013 3:02]    [28/02/2012 10:49]   [DI]   C:\ProgramData\Microsoft Help
      [28/02/2012 10:44]    [08/01/2012 1:05]   [DI]   C:\ProgramData\Norton
      [08/01/2012 1:05]    [08/01/2012 1:05]   [DI]   C:\ProgramData\NortonInstaller
      C:\ProgramData\ntuser.pol   [RHSAI]    2,86 KB    0
      [28/02/2012 10:38]    [28/02/2012 10:38]   [DI]   C:\ProgramData\PDFC
      [28/02/2012 14:48]    [28/02/2012 14:48]   [DI]   C:\ProgramData\RICOH
      [14/07/2009 7:08]    [14/07/2009 7:08]   [HSDLI]   C:\ProgramData\Start Menu
      [22/02/2013 14:19]    [22/02/2013 14:19]   [DI]   C:\ProgramData\SUPERAntiSpyware.com
      [08/01/2012 1:00]    [08/01/2012 0:58]   [DI]   C:\ProgramData\Temp
      [14/07/2009 7:08]    [14/07/2009 7:08]   [HSDLI]   C:\ProgramData\Templates
      [08/01/2012 1:03]    [08/01/2012 1:01]   [DI]   C:\ProgramData\WildTangent
      [08/01/2012 0:56]    [08/01/2012 0:56]   [DI]   C:\ProgramData\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}
      Código:
      ######################## AT-Destroyer [2.1] By Infospyware.
      Hora/Día/Mes/Año: 11:35:53  \\\  22/03/2013
      AT-Destroyer 2.1 By Infospyware ---> www.infospyware.com
      Última actualización: 30/11/2012
      Opción escogida: 2 :Buscar y Destruir
      Versión Internet Explorer:9.0.8112.16421
      Privilegios: cillera - Administrador
      Modo Actual: Modo Normal.  
      Nombre del pc: PC-MBARRIOS
      Información del sistema operativo:X64-WIN_7-Service Pack 1
      nombre del usuario:cillera
      Lenguaje del sistema: Español
      
      
      
      >>>>>>>  Servicios <<<<<<<
      
      
      
      >>>>>> Carpetas <<<<<<
      
      
      
      >>>>>>  Archivos  <<<<<<
      
      
      
      >>>>>>  Registro  <<<<<<
      
      HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      
      
      >>>>>> Heurística <<<<<<
      
      
      
       >>>>>> Internet Explorer <<<<<<
      
      Start Page==www.google.com
      Local Page==C:\WINDOWS\SYSTEM32\blank.htm
      Search Page==http://go.microsoft.com/fwlink/?LinkId=54896
      Default_search_url==http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      Default_Page_URL==http://go.microsoft.com/fwlink/?LinkId=69157
      
      
      ''HKCU\Software\Microsoft\Internet Explorer\Main''
      Start Page==www.google.com
      Local Page==C:\Windows\system32\blank.htm
      Search Page==http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      Default_search_url==
      Default_Page_URL==http://g.uk.msn.com/HPCOM/23
      
      
      HKEY_USERS\S-1-5-21-2434528865-4017363958-4069960943-1132\Software\Microsoft\Internet Explorer\Main''
      Start Page==www.google.com
      Local Page==C:\Windows\system32\blank.htm
      Search Page==http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      Default_search_url==
      Default_Page_URL==http://g.uk.msn.com/HPCOM/23
      
      
      >>>>>> Extensiones Firefox <<<<<<
      
      
      
      >>>>>> Plugins Firefox <<<<<<
      
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.17.2
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0
      
      ======== Listado ===========
      
      [17/05/2012 11:50]    [17/05/2012 11:50]   [DI]   C:\Users\cillera\AppData\Roaming\DigitalPersona
      [17/05/2012 11:50]    [17/05/2012 11:50]   [DI]   C:\Users\cillera\AppData\Roaming\Identities
      [27/11/2012 16:17]    [27/11/2012 16:17]   [DI]   C:\Users\cillera\AppData\Roaming\IrfanView
      [18/05/2012 13:08]    [18/05/2012 13:08]   [DI]   C:\Users\cillera\AppData\Roaming\Macromedia
      [  21/03/2013 9:56]    [  21/03/2013 9:56]   [DI]   C:\Users\cillera\AppData\Roaming\Malwarebytes
      [  21/11/2010 8:17]    [  17/05/2012 11:49]   [DI]   C:\Users\cillera\AppData\Roaming\Media Center Programs
      [27/11/2012 13:50]    [17/05/2012 11:49]   [SDI]   C:\Users\cillera\AppData\Roaming\Microsoft
      [18/05/2012 13:13]    [18/05/2012 13:13]   [DI]   C:\Users\cillera\AppData\Roaming\WinRAR
      [21/03/2013 10:22]    [14/07/2009 5:20]   [D]   C:\Program Files (x86)\Common Files
      [17/02/2012 8:19]    [17/02/2012 8:19]   [D]   C:\Program Files (x86)\Cyberlink
      C:\Program Files (x86)\desktop.ini   [HSA]    174 bytes( 0)
      [17/02/2012 8:27]    [17/02/2012 8:12]   [D]   C:\Program Files (x86)\Hewlett-Packard
      [17/02/2012 8:25]    [17/02/2012 8:22]   [D]   C:\Program Files (x86)\HP Games
      [17/02/2012 8:19]    [17/02/2012 8:13]   [HD]   C:\Program Files (x86)\InstallShield Installation Information
      [17/02/2012 8:27]    [17/02/2012 8:08]   [D]   C:\Program Files (x86)\Intel
      [14/03/2013 11:20]    [14/07/2009 5:20]   [D]   C:\Program Files (x86)\Internet Explorer
      [14/03/2012 16:14]    [14/03/2012 16:14]   [D]   C:\Program Files (x86)\IrfanView
      [21/03/2013 10:22]    [21/03/2013 10:22]   [D]   C:\Program Files (x86)\Java
      [21/03/2013 9:56]    [21/03/2013 9:55]   [D]   C:\Program Files (x86)\Malwarebytes' Anti-Malware
      [08/03/2012 9:54]    [17/02/2012 8:25]   [D]   C:\Program Files (x86)\Microsoft
      [24/05/2012 16:27]    [24/05/2012 16:27]   [D]   C:\Program Files (x86)\Microsoft Analysis Services
      [24/05/2012 14:15]    [17/02/2012 8:18]   [D]   C:\Program Files (x86)\Microsoft Office
      [05/03/2013 19:00]    [08/03/2012 9:48]   [D]   C:\Program Files (x86)\Microsoft Security Client
      [13/03/2013 17:53]    [13/03/2013 17:53]   [D]   C:\Program Files (x86)\Microsoft Silverlight
      [24/05/2012 14:15]    [24/05/2012 14:15]   [D]   C:\Program Files (x86)\Microsoft SQL Server Compact Edition
      [25/09/2012 12:52]    [25/09/2012 12:52]   [D]   C:\Program Files (x86)\Microsoft Sync Framework
      [24/05/2012 14:15]    [24/05/2012 14:15]   [D]   C:\Program Files (x86)\Microsoft Synchronization Services
      [08/03/2012 9:49]    [08/03/2012 9:49]   [D]   C:\Program Files (x86)\Microsoft Visual Studio
      [09/03/2012 15:31]    [08/03/2012 9:49]   [D]   C:\Program Files (x86)\Microsoft Works
      [08/03/2012 9:49]    [11/02/2011 21:25]   [D]   C:\Program Files (x86)\Microsoft.NET
      [14/07/2009 7:32]    [14/07/2009 7:32]   [D]   C:\Program Files (x86)\MSBuild
      [08/03/2012 9:36]    [17/02/2012 8:20]   [RD]   C:\Program Files (x86)\Online Services
      [18/05/2012 13:18]    [18/05/2012 13:18]   [D]   C:\Program Files (x86)\OutlookSpy
      [17/02/2012 8:13]    [17/02/2012 8:13]   [D]   C:\Program Files (x86)\Realtek
      [14/07/2009 7:32]    [14/07/2009 7:32]   [D]   C:\Program Files (x86)\Reference Assemblies
      [13/09/2012 15:02]    [13/09/2012 15:02]   [RD]   C:\Program Files (x86)\Skype
      [17/02/2012 8:27]    [17/02/2012 8:27]   [D]   C:\Program Files (x86)\SymSilent
      [13/07/2012 12:52]    [13/07/2012 12:52]   [D]   C:\Program Files (x86)\TeamViewer
      [17/02/2012 8:14]    [17/02/2012 8:13]   [HD]   C:\Program Files (x86)\Temp
      [14/07/2009 6:57]    [14/07/2009 6:57]   [HD]   C:\Program Files (x86)\Uninstall Information
      [17/02/2012 8:22]    [17/02/2012 8:22]   [D]   C:\Program Files (x86)\WildTangent Games
      [17/02/2012 7:51]    [14/07/2009 7:32]   [D]   C:\Program Files (x86)\Windows Defender
      [17/02/2012 7:51]    [14/07/2009 5:20]   [D]   C:\Program Files (x86)\Windows Mail
      [17/02/2012 7:51]    [14/07/2009 7:32]   [D]   C:\Program Files (x86)\Windows Media Player
      [14/07/2009 7:32]    [14/07/2009 5:20]   [D]   C:\Program Files (x86)\Windows NT
      [17/02/2012 7:51]    [14/07/2009 7:32]   [D]   C:\Program Files (x86)\Windows Photo Viewer
      [21/11/2010 4:31]    [14/07/2009 7:32]   [D]   C:\Program Files (x86)\Windows Portable Devices
      [08/03/2012 9:35]    [14/07/2009 7:32]   [D]   C:\Program Files (x86)\Windows Sidebar
      [14/07/2009 7:08]    [14/07/2009 7:08]   [HSDLI]   C:\ProgramData\Application Data
      [17/02/2012 8:19]    [17/02/2012 8:19]   [DI]   C:\ProgramData\CyberLink
      [14/07/2009 7:08]    [14/07/2009 7:08]   [HSDLI]   C:\ProgramData\Desktop
      [17/02/2012 9:16]    [17/02/2012 9:16]   [DI]   C:\ProgramData\DigitalPersona
      [14/07/2009 7:08]    [14/07/2009 7:08]   [HSDLI]   C:\ProgramData\Documents
      [14/07/2009 7:08]    [14/07/2009 7:08]   [HSDLI]   C:\ProgramData\Favorites
      [17/02/2012 8:13]    [17/02/2012 8:13]   [DI]   C:\ProgramData\FLEXnet
      [08/03/2012 18:26]    [17/02/2012 8:12]   [DI]   C:\ProgramData\Hewlett-Packard
      [17/02/2012 8:13]    [17/02/2012 8:13]   [DI]   C:\ProgramData\HPQLOG
      [17/02/2012 8:15]    [17/02/2012 8:15]   [DI]   C:\ProgramData\intel
      [17/02/2012 8:13]    [17/02/2012 8:13]   [DI]   C:\ProgramData\Macrovision
      [21/03/2013 9:55]    [21/03/2013 9:55]   [DI]   C:\ProgramData\Malwarebytes
      [17/02/2012 8:29]    [17/02/2012 8:29]   [DI]   C:\ProgramData\McAfee
      [24/05/2012 14:14]    [14/07/2009 5:20]   [SDI]   C:\ProgramData\Microsoft
      [14/03/2013 12:51]    [08/03/2012 9:47]   [DI]   C:\ProgramData\Microsoft Help
      [08/03/2012 10:16]    [17/02/2012 8:26]   [DI]   C:\ProgramData\Norton
      [17/02/2012 8:26]    [17/02/2012 8:26]   [DI]   C:\ProgramData\NortonInstaller
      C:\ProgramData\ntuser.pol   [RHSAI]    2,86 KB    0
      [08/03/2012 9:54]    [08/03/2012 9:54]   [DI]   C:\ProgramData\PDFC
      [21/03/2013 14:28]    [08/03/2012 10:01]   [DI]   C:\ProgramData\regid.1986-12.com.adobe
      [29/06/2012 9:15]    [29/06/2012 9:15]   [DI]   C:\ProgramData\RICOH
      [13/09/2012 15:02]    [17/02/2012 8:20]   [DI]   C:\ProgramData\Skype
      [14/07/2009 7:08]    [14/07/2009 7:08]   [HSDLI]   C:\ProgramData\Start Menu
      [08/03/2012 9:53]    [08/03/2012 9:53]   [DI]   C:\ProgramData\Sun
      [17/02/2012 8:19]    [17/02/2012 8:15]   [DI]   C:\ProgramData\Temp
      [14/07/2009 7:08]    [14/07/2009 7:08]   [HSDLI]   C:\ProgramData\Templates
      [17/02/2012 8:25]    [17/02/2012 8:22]   [DI]   C:\ProgramData\WildTangent
      [17/02/2012 8:16]    [17/02/2012 8:16]   [DI]   C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
      Muchas gracias por todo!

    4. #4
      Moderador
      Avatar de @MarioL
      Registrado
      nov 2006
      Ubicación
      Málaga - España
      Mensajes
      8.819

      Re: Al buscar en Google, se abren ventanas infinitas

      Hola.

      El listado se vaya sobre todo en Archivos de programa, datos de programa y algunas más :)

      Vamos a analizar las máquinas ahora con ADWCleaner, descargatelo en tú escritorio y dale a delete, luego pega sus reportes.


      Tras esto comenta como van los ordenadores.

      Un saludo.
      Invy

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    5. #5
      Usuario Avatar de sallen
      Registrado
      ago 2006
      Ubicación
      Madrid - España
      Mensajes
      10

      Re: Al buscar en Google, se abren ventanas infinitas

      Hola de nuevo, estuve haciendo scaneo de todo a los ordenadores que les pasaba.
      Con el adware, daba todo limpio

      Aparentemente en los 3 dias (laborables) de la semana pasada, iba todo sobre ruedas, pero hoy ha vuelto a aparecer.

      Lo unico que se detecto fue en este log, a otro ordenador que le hice, con el at-destroyer dio positivo en la entrada del registro.
      Con el adware, estaba limpio

      Código:
      ######################## AT-Destroyer [2.1] By Infospyware.
      Hora/Día/Mes/Año: 11:55:43  \\\  01/04/2013
      AT-Destroyer 2.1 By Infospyware ---> www.infospyware.com
      Última actualización: 30/11/2012
      Opción escogida: 2 :Buscar y Destruir
      Versión Internet Explorer:9.0.8112.16421
      Mozilla Firefox:10.0.2.4428
      Google Chrome:25.0.1364.172
      Privilegios: lsampedro - Administrador
      Modo Actual: Modo Normal.  
      Nombre del pc: PC-LSAMPEDRO
      Información del sistema operativo:X64-WIN_7-
      nombre del usuario:lsampedro
      Lenguaje del sistema: Español
      
      
      
      >>>>>>>  Servicios <<<<<<<
      
      
      
      >>>>>> Carpetas <<<<<<
      
      
      
      >>>>>>  Archivos  <<<<<<
      
      
      
      >>>>>>  Registro  <<<<<<
      
      HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      
      
      >>>>>> Heurística <<<<<<
      
      
      
       >>>>>> Internet Explorer <<<<<<
      
      Start Page==www.google.com
      Local Page==C:\Windows\SysWOW64\blank.htm
      Search Page==http://go.microsoft.com/fwlink/?LinkId=54896
      Default_search_url==http://go.microsoft.com/fwlink/?LinkId=54896
      Default_Page_URL==http://g.uk.msn.com/HPCOM/14
      
      
      ''HKCU\Software\Microsoft\Internet Explorer\Main''
      Start Page==www.google.com
      Local Page==C:\Windows\system32\blank.htm
      Search Page==http://go.microsoft.com/fwlink/?LinkId=54896
      Default_search_url==
      Default_Page_URL==http://g.uk.msn.com/HPCOM/14
      
      
      HKEY_USERS\S-1-5-21-2434528865-4017363958-4069960943-1141\Software\Microsoft\Internet Explorer\Main''
      Start Page==www.google.com
      Local Page==C:\Windows\system32\blank.htm
      Search Page==http://go.microsoft.com/fwlink/?LinkId=54896
      Default_search_url==
      Default_Page_URL==http://g.uk.msn.com/HPCOM/14
      
      
      >>>>>> Firefox <<<<<<
      
      user_pref("browser.startup.homepage", "http://www.google.es/");
      user_pref("browser.startup.homepage_override.buildID", "20120215223356");
      user_pref("browser.startup.homepage_override.mstone", "rv:10.0.2");
      
      
      >>>>>> Extensiones Firefox <<<<<<
      
      
      C:\Program Files (x86)\{972ce4c6-7e08-4474-a285-3208198ce6fd}
      C:\Program Files (x86)\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
      C:\Program Files (x86)\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
      C:\Program Files (x86)\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
      
      >>>>>> Plugins Firefox <<<<<<
      
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.17.2
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0
      
      >>>>>> Google Chrome <<<<<<
      
         "homepage": "http://www.google.com/",
         "homepage_changed": true,
         "homepage_is_newtabpage": false,
      
      
      >>>>>> Extensiones Google Chrome <<<<<<
      
      C:\Users\lsampedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\4
      C:\Users\lsampedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
      C:\Users\lsampedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
      C:\Users\lsampedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm
      C:\Users\lsampedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
      
      ======== Listado ===========
      
      C:\Users\lsampedro\AppData\Roaming\Adobe GIF Format CS5 Prefs   [AI]    132 bytes    ( )
      C:\Users\lsampedro\AppData\Roaming\Adobe PNG Format CS5 Prefs   [AI]    132 bytes    ( )
      [24/03/2011 11:45]    [24/03/2011 11:45]   [DI]   C:\Users\lsampedro\AppData\Roaming\DigitalPersona
      [06/06/2012 18:19]    [18/01/2012 12:50]   [DI]   C:\Users\lsampedro\AppData\Roaming\DivX
      [  29/03/2011 9:59]    [  29/03/2011 9:59]   [DI]   C:\Users\lsampedro\AppData\Roaming\Downloaded Installations
      [13/12/2011 14:50]    [13/12/2011 14:50]   [DI]   C:\Users\lsampedro\AppData\Roaming\Elephant Games
      [05/10/2011 15:04]    [05/10/2011 15:04]   [DI]   C:\Users\lsampedro\AppData\Roaming\Floodlight Games
      [06/07/2012 13:40]    [06/07/2012 13:40]   [DI]   C:\Users\lsampedro\AppData\Roaming\FreeAudioPack
      [  09/07/2012 9:47]    [  09/07/2012 9:47]   [DI]   C:\Users\lsampedro\AppData\Roaming\FreeCDRipper
      C:\Users\lsampedro\AppData\Roaming\GhostObjGAFix.xml   [AI]    1,81 KB    ( )
      [28/05/2012 17:15]    [28/05/2012 17:15]   [DI]   C:\Users\lsampedro\AppData\Roaming\Google
      [  25/04/2011 9:39]    [  25/04/2011 9:39]   [DI]   C:\Users\lsampedro\AppData\Roaming\Hewlett-Packard
      [24/03/2011 11:45]    [24/03/2011 11:45]   [DI]   C:\Users\lsampedro\AppData\Roaming\Identities
      [29/03/2011 10:41]    [29/03/2011 10:41]   [DI]   C:\Users\lsampedro\AppData\Roaming\IndigoRose
      [25/03/2011 12:37]    [25/03/2011 12:37]   [DI]   C:\Users\lsampedro\AppData\Roaming\KONICA MINOLTA
      [24/03/2011 11:56]    [24/03/2011 11:56]   [DI]   C:\Users\lsampedro\AppData\Roaming\Macromedia
      [  14/07/2009 9:45]    [  24/03/2011 11:45]   [DI]   C:\Users\lsampedro\AppData\Roaming\Media Center Programs
      [28/05/2012 17:19]    [24/03/2011 11:45]   [SDI]   C:\Users\lsampedro\AppData\Roaming\Microsoft
      [16/06/2011 14:58]    [16/06/2011 14:58]   [DI]   C:\Users\lsampedro\AppData\Roaming\Mozilla
      [29/06/2012 15:46]    [27/06/2012 15:41]   [DI]   C:\Users\lsampedro\AppData\Roaming\PlayFirst
      [26/09/2011 15:37]    [26/09/2011 15:37]   [DI]   C:\Users\lsampedro\AppData\Roaming\Silverback Productions
      [12/02/2013 10:36]    [12/02/2013 10:32]   [DI]   C:\Users\lsampedro\AppData\Roaming\Sony
      [13/03/2012 11:20]    [13/03/2012 11:20]   [DI]   C:\Users\lsampedro\AppData\Roaming\SUPERAntiSpyware.com
      [28/06/2012 14:48]    [27/06/2012 15:35]   [DI]   C:\Users\lsampedro\AppData\Roaming\WildTangent
      [24/03/2011 12:07]    [24/03/2011 12:07]   [DI]   C:\Users\lsampedro\AppData\Roaming\WinRAR
      [19/09/2011 10:16]    [19/09/2011 10:16]   [D]   C:\Program Files (x86)\Autodesk
      [29/03/2011 10:22]    [29/03/2011 10:00]   [D]   C:\Program Files (x86)\AutoPlay Media Studio 7.0 Trial
      [12/01/2012 8:39]    [11/01/2012 12:18]   [D]   C:\Program Files (x86)\Celebrity Toolbar
      [15/03/2013 11:18]    [15/03/2013 11:18]   [D]   C:\Program Files (x86)\Classic Menu for Office
      [11/03/2013 9:17]    [14/07/2009 5:20]   [D]   C:\Program Files (x86)\Common Files
      C:\Program Files (x86)\desktop.ini   [HSA]    174 bytes( 0)
      [13/02/2012 8:15]    [18/01/2012 12:46]   [D]   C:\Program Files (x86)\DivX
      [27/06/2012 11:27]    [21/06/2012 15:31]   [D]   C:\Program Files (x86)\Easy Flyer Creator 3.0
      [25/04/2012 9:41]    [23/03/2011 12:48]   [D]   C:\Program Files (x86)\ESET
      [06/07/2012 13:40]    [06/07/2012 13:40]   [D]   C:\Program Files (x86)\Free mp3 Wma Converter
      [01/04/2013 10:12]    [05/04/2011 14:20]   [D]   C:\Program Files (x86)\Google
      [17/02/2011 0:30]    [17/02/2011 0:15]   [D]   C:\Program Files (x86)\Hewlett-Packard
      [14/04/2011 16:21]    [17/02/2011 0:25]   [D]   C:\Program Files (x86)\HP Games
      [12/02/2013 10:29]    [17/02/2011 0:16]   [HD]   C:\Program Files (x86)\InstallShield Installation Information
      [17/02/2011 0:17]    [17/02/2011 0:07]   [D]   C:\Program Files (x86)\Intel
      [14/03/2013 9:01]    [14/07/2009 5:20]   [D]   C:\Program Files (x86)\Internet Explorer
      [17/02/2011 0:19]    [17/02/2011 0:19]   [D]   C:\Program Files (x86)\InterVideo
      [11/03/2013 9:16]    [11/03/2013 9:16]   [D]   C:\Program Files (x86)\Java
      [15/03/2011 11:44]    [17/02/2011 0:29]   [D]   C:\Program Files (x86)\Microsoft
      [22/05/2012 14:26]    [22/05/2012 14:26]   [D]   C:\Program Files (x86)\Microsoft Analysis Services
      [22/05/2012 14:30]    [15/03/2011 11:47]   [D]   C:\Program Files (x86)\Microsoft Office
      [11/03/2013 9:03]    [24/04/2012 14:20]   [D]   C:\Program Files (x86)\Microsoft Security Client
      [13/03/2013 16:03]    [13/03/2013 16:03]   [D]   C:\Program Files (x86)\Microsoft Silverlight
      [22/05/2012 14:30]    [22/05/2012 14:30]   [D]   C:\Program Files (x86)\Microsoft SQL Server Compact Edition
      [22/05/2012 14:30]    [22/05/2012 14:30]   [D]   C:\Program Files (x86)\Microsoft Sync Framework
      [22/05/2012 14:30]    [22/05/2012 14:30]   [D]   C:\Program Files (x86)\Microsoft Synchronization Services
      [15/03/2011 11:49]    [15/03/2011 11:49]   [D]   C:\Program Files (x86)\Microsoft Visual Studio
      [24/04/2012 18:31]    [15/03/2011 11:49]   [D]   C:\Program Files (x86)\Microsoft Works
      [15/03/2011 11:49]    [17/02/2011 0:11]   [D]   C:\Program Files (x86)\Microsoft.NET
      [01/03/2012 8:38]    [16/06/2011 14:58]   [D]   C:\Program Files (x86)\Mozilla Firefox
      [14/07/2009 7:32]    [14/07/2009 7:32]   [D]   C:\Program Files (x86)\MSBuild
      [29/03/2011 10:25]    [17/02/2011 0:23]   [D]   C:\Program Files (x86)\MSECache
      [24/03/2011 3:07]    [24/03/2011 3:07]   [D]   C:\Program Files (x86)\MSXML 4.0
      [15/03/2011 11:24]    [17/02/2011 0:24]   [RD]   C:\Program Files (x86)\Online Services
      [05/04/2011 12:14]    [05/04/2011 12:14]   [D]   C:\Program Files (x86)\PDFCreator
      [17/02/2011 0:16]    [17/02/2011 0:16]   [D]   C:\Program Files (x86)\Realtek
      [14/07/2009 7:32]    [14/07/2009 7:32]   [D]   C:\Program Files (x86)\Reference Assemblies
      [19/02/2013 13:39]    [12/02/2013 10:29]   [D]   C:\Program Files (x86)\Sony
      [12/03/2013 9:40]    [12/03/2013 9:40]   [D]   C:\Program Files (x86)\Sony Ericsson
      [12/02/2013 10:33]    [12/02/2013 10:32]   [D]   C:\Program Files (x86)\Sony Media Go Install
      [31/10/2011 10:20]    [31/10/2011 10:17]   [D]   C:\Program Files (x86)\SPSS
      [17/02/2011 0:16]    [17/02/2011 0:16]   [HD]   C:\Program Files (x86)\Temp
      [14/07/2009 6:57]    [14/07/2009 6:57]   [HD]   C:\Program Files (x86)\Uninstall Information
      [10/09/2012 14:24]    [06/04/2011 18:05]   [D]   C:\Program Files (x86)\VMapXXI
      [14/04/2011 16:20]    [14/04/2011 16:20]   [D]   C:\Program Files (x86)\WildTangent Games
      [31/10/2011 10:14]    [28/09/2011 13:39]   [D]   C:\Program Files (x86)\Winamp
      [23/03/2011 12:27]    [14/07/2009 7:32]   [D]   C:\Program Files (x86)\Windows Defender
      [24/03/2011 3:25]    [14/07/2009 5:20]   [D]   C:\Program Files (x86)\Windows Mail
      [23/03/2011 12:27]    [14/07/2009 7:32]   [D]   C:\Program Files (x86)\Windows Media Player
      [14/07/2009 7:32]    [14/07/2009 5:20]   [D]   C:\Program Files (x86)\Windows NT
      [23/03/2011 12:27]    [14/07/2009 7:32]   [D]   C:\Program Files (x86)\Windows Photo Viewer
      [14/07/2009 7:32]    [14/07/2009 7:32]   [D]   C:\Program Files (x86)\Windows Portable Devices
      [23/03/2011 12:27]    [14/07/2009 7:32]   [D]   C:\Program Files (x86)\Windows Sidebar
      [23/03/2011 12:45]    [23/03/2011 12:44]   [D]   C:\Program Files (x86)\WinRAR
      [14/07/2009 7:08]    [14/07/2009 7:08]   [HSDLI]   C:\ProgramData\Application Data
      [30/12/2011 13:23]    [30/12/2011 13:23]   [DI]   C:\ProgramData\avg9
      [21/06/2012 13:51]    [21/06/2012 13:51]   [HD]   C:\ProgramData\Common Files
      [17/02/2011 0:19]    [17/02/2011 0:19]   [DI]   C:\ProgramData\Corel
      [14/07/2009 7:08]    [14/07/2009 7:08]   [HSDLI]   C:\ProgramData\Desktop
      [13/02/2012 8:15]    [18/01/2012 12:45]   [DI]   C:\ProgramData\DivX
      [14/07/2009 7:08]    [14/07/2009 7:08]   [HSDLI]   C:\ProgramData\Documents
      [13/12/2011 14:50]    [13/12/2011 14:50]   [DI]   C:\ProgramData\Elephant Games
      [23/03/2011 12:47]    [23/03/2011 12:47]   [DI]   C:\ProgramData\ESET
      [14/07/2009 7:08]    [14/07/2009 7:08]   [HSDLI]   C:\ProgramData\Favorites
      [05/04/2011 11:26]    [24/03/2011 12:08]   [DI]   C:\ProgramData\FLEXnet
      [05/10/2011 15:04]    [05/10/2011 15:04]   [DI]   C:\ProgramData\Floodlight Games
      [24/11/2011 8:50]    [24/11/2011 8:50]   [DI]   C:\ProgramData\Fugazo
      [19/02/2013 13:39]    [28/05/2012 17:15]   [DI]   C:\ProgramData\Google
      [15/03/2011 19:19]    [17/02/2011 0:15]   [DI]   C:\ProgramData\Hewlett-Packard
      [01/04/2013 11:55]    [17/02/2011 0:15]   [DI]   C:\ProgramData\HPQLOG
      [17/02/2011 0:18]    [17/02/2011 0:18]   [DI]   C:\ProgramData\intel
      [17/02/2011 0:15]    [17/02/2011 0:15]   [DI]   C:\ProgramData\Macrovision
      [22/05/2012 14:28]    [14/07/2009 5:20]   [SDI]   C:\ProgramData\Microsoft
      [13/03/2013 16:07]    [15/03/2011 11:47]   [DI]   C:\ProgramData\Microsoft Help
      [15/03/2011 11:45]    [17/02/2011 0:30]   [DI]   C:\ProgramData\Norton
      [17/02/2011 0:29]    [17/02/2011 0:29]   [DI]   C:\ProgramData\NortonInstaller
      C:\ProgramData\ntuser.pol   [RHSAI]    2,86 KB    0
      [15/03/2011 11:46]    [15/03/2011 11:46]   [DI]   C:\ProgramData\PDFC
      [29/06/2012 15:46]    [27/06/2012 15:41]   [DI]   C:\ProgramData\PlayFirst
      [05/05/2011 15:13]    [05/05/2011 15:13]   [DI]   C:\ProgramData\Playrix Entertainment
      [15/04/2011 10:22]    [24/03/2011 14:12]   [DI]   C:\ProgramData\regid.1986-12.com.adobe
      [19/02/2013 12:18]    [19/02/2013 12:18]   [DI]   C:\ProgramData\RICOH
      [14/10/2011 8:24]    [14/10/2011 8:24]   [DI]   C:\ProgramData\SafeNet Sentinel
      [12/02/2013 10:29]    [12/02/2013 10:29]   [DI]   C:\ProgramData\Sony
      [19/02/2013 13:39]    [12/02/2013 10:33]   [DI]   C:\ProgramData\Sony Corporation
      [12/03/2013 9:40]    [12/03/2013 9:40]   [DI]   C:\ProgramData\Sony Ericsson
      [14/07/2009 7:08]    [14/07/2009 7:08]   [HSDLI]   C:\ProgramData\Start Menu
      [23/03/2011 12:50]    [23/03/2011 12:50]   [DI]   C:\ProgramData\Sun
      [13/03/2012 11:20]    [13/03/2012 11:20]   [DI]   C:\ProgramData\SUPERAntiSpyware.com
      [01/04/2013 10:05]    [17/02/2011 0:20]   [DAI]   C:\ProgramData\Temp
      [14/07/2009 7:08]    [14/07/2009 7:08]   [HSDLI]   C:\ProgramData\Templates
      [24/11/2011 8:50]    [24/11/2011 8:50]   [DI]   C:\ProgramData\Trymedia
      [28/06/2012 14:48]    [17/02/2011 0:25]   [DI]   C:\ProgramData\WildTangent
      [17/02/2011 0:24]    [17/02/2011 0:24]   [HDC]   C:\ProgramData\{0D9D262D-4BA2-4BC3-9CD3-4D1A9AE63E18}
      [17/02/2011 0:20]    [17/02/2011 0:20]   [DI]   C:\ProgramData\{D13C0989-F3EC-4F44-A33D-B3F83DF90FAF}
      
                 ==================== EOF ==================
      Lo demas lo dio limpio. Pero despues de "destruirlo", seguia pasando...
      Reiniciaba el equipo, he intenet explorer tenia como motor de busqueda una pagina que era:
      search.myheritage.com

      Buscando no he conseguido ningun tipo de solucion excepto la que ya habia adoptado yo, resetear todos los paremetros del navegador, y tenerlo cual recien formateado...
      pero hay alguna idea de por donde van los tiros??

      Aun asi, muchas gracias Invy por tus consejos de desinfeccion

    6. #6
      Moderador
      Avatar de @MarioL
      Registrado
      nov 2006
      Ubicación
      Málaga - España
      Mensajes
      8.819

      Re: Al buscar en Google, se abren ventanas infinitas

      Vamos a realizar estos pasos en modo normal, es importante que leas con detenemiento y sin ejecutarlas haz lo siguiente:


      1. Descarga en tú escritorio el TDSSKiller pero NO la ejecutes aún.
      2. Descarga, instala y actualiza el Malwarebytes.


      Ahora vamos a realizar estos pasos:

      1º- Ejecutamos el TDSSKiller según su manual.

      Recuerda marcar ambas opciones:


      Una vez terminado copia su reporte.



      2º- Ejecutamos el Malwarebytes y realizamos lo siguiente:


      1. Pestaña "Actualización" y luego al botón "Actualizar"
      2. Pestaña "Escáner" y luego a "Escaneo Completo" y seguido a "Escanear"
      3. Una vez acabado le das a la opción "Mostrar Resultados" y seguidamente a "Quitar elementos Seleccionado"
      4. Sí te pide reiniciar hazlo.
      5. Copia su último reporte ubicado en la pestaña "Registro"


      3º-
      Analiza tú máquina con ESET Online Scanner siguiendo los pasos con detenimiento
      Bien, una vez acabado el nod32 peganos tambien el reporte, una vez que lo tengamos ya continuamos con más pasos sí fuese necesario


      Resumen:

      • Colocar el reporte del Malwarebytes.
      • Colocar el reporte del TDSSkiller.
      • Colocar el reporte del ESET Online Scanner.
      • Comentar como va el ordenador.


      Un saludo.
      Invy

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.