Buen dia amigos de infoSpyware..
tengo un problema alguien manipulo mi laptop e instalo el babylon search y blekko search..!!! ahora no puedo eliminarlos y encima cada que abro una ventana aparece por defecto estos buscadores..!!!
Bienvenidos al Foro de InfoSpyware
La mayor comunidad en idioma español de:
...Malwares en general y otras amenazas que inundan la internet
Regístrese para solicitar ayuda personalizada, o siga guías de ayuda.
p.s.: Pueden seguirnos en nuestras vías de difusión: Twitter, G+, Blog, Facebook.
Resumen del tema: babylon y blekko..!! (Solucionado) - Buen dia amigos de infoSpyware.. tengo un problema alguien manipulo mi laptop e instalo el babylon search y blekko search..!!! ahora no puedo eliminarlos y encima cada que abro una ventana aparece por defecto estos ...
babylon y blekko..!! (Solucionado) Buen dia amigos de infoSpyware..
tengo un problema alguien manipulo mi laptop e instalo el babylon search y blekko search..!!! ahora no puedo eliminarlos y encima cada que abro una ventana aparece por defecto estos buscadores..!!!
Hola.
Realiza lo siguiente:
- Descarga AT-Destroyer (Adwares/Toolbars-Destroyer) By Infospyware.
- Desactiva temporalmente el Antivirus y/o Antispyware.
- Ejecuta la herramienta como administrador.
- Aparecerá el Disclaimer de la herramienta.Presiona Sí.
- Presiona sobre la opción 1 (Buscar y Destruir)
- La herramienta desconectará el escritorio moméntaneamente.
- En caso de estar infectado,la herramienta lo indicará con lineas rojas donde se haya encontrado la infección,sino,serán lineas verdes.
- Una vez terminado el escaneo,podrás volver a ver el escritorio y se te abrirá un reporte,que deberás copiar en tu próxima respuesta comentando cómo funciona el sistema.
Saludos.
Blog | Antivirus Online | Eliminar Malwares | Antivirus Gratis
* Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
* Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
* No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.
Muxas gracias amigo... se elimino... la barra de babylon pero aun mantengo el problema de la barra BLEKKO...
Psdta... te anexo el reporte k me mando el programa recomendado....
#################################################### A/T-Destroyer by InfoSpyware ############
A/T-Destroyer 1.0.6 By Infospyware
www.infospyware.com
Fecha iniciada en el analisis 08/08/2012
Hora iniciada en el analisis 16:17:13,45
Usuario Actual : [C:\Users\Stefany]
Sistema Operativo: Windows 7 Ultimate
Service pack: Service Pack 1
Arquitectura: Sistema operativo de 32 bits
Versión Internet Explorer: 8.0.7601.17514
Modo Actual: Modo Normal.
Privilegios: [Stefany-Administrador]
Versión Google Chrome: 21.0.1180.60
Versión Mozilla Firefox:
====== Servicios Eliminados By A/T-Destroyer ======
====== Claves Eliminadas By A/T-Destroyer ======
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | ( {98889811-442D-49dd-99D7-DC866BE87DBC} )
HKEY_CLASSES_ROOT\AppID\escort.DLL
HKEY_CLASSES_ROOT\AppID\escort.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}
HKEY_LOCAL_MACHINE\SOFTWARE\Iminent
HKEY_LOCAL_MACHINE\SOFTWARE\Iminent
====== Archivos/Carpetas Eliminados By A/T-Destroyer ======
C:\Program Files\babylontoolbar\BabylonToolbar
C:\Program Files\babylontoolbar\BabylonToolbar\1.5.29.1
C:\Program Files\babylontoolbar\BabylonToolbar\1.5.29.1\BabylonToolbarApp.dll
C:\Program Files\babylontoolbar\BabylonToolbar\1.5.29.1\BabylonToolbarEng.dll
C:\Program Files\babylontoolbar\BabylonToolbar\1.5.29.1\BabylonToolbarsrv.exe
C:\Program Files\babylontoolbar\BabylonToolbar\1.5.29.1\BabylonToolbarTlbr.dll
C:\Program Files\babylontoolbar\BabylonToolbar\1.5.29.1\bh
C:\Program Files\babylontoolbar\BabylonToolbar\1.5.29.1\escortShld.dll
C:\Program Files\babylontoolbar\BabylonToolbar\1.5.29.1\uninstall.exe
C:\Program Files\babylontoolbar\BabylonToolbar\1.5.29.1\bh\BabylonToolbar.dll
"C:\Program Files\babylontoolbar"
C:\Program Files\Babylon\Babylon-Pro
C:\Program Files\Babylon\Babylon-Pro\Utils
"C:\Program Files\Babylon"
C:\Users\Stefany\Appdata\Local\Babylon\Setup
C:\Users\Stefany\Appdata\Local\Babylon\Setup\cp1.zpb
C:\Users\Stefany\Appdata\Local\Babylon\Setup\default_client_dats.zpb
C:\Users\Stefany\Appdata\Local\Babylon\Setup\Setup-client.zpb
C:\Users\Stefany\Appdata\Local\Babylon\Setup\Setup-tbmntr903.zpb
C:\Users\Stefany\Appdata\Local\Babylon\Setup\Setup-tc.zpb
"C:\Users\Stefany\Appdata\Local\Babylon"
C:\Users\Stefany\AppData\Roaming\Babylon\log_file.txt
"C:\Users\Stefany\AppData\Roaming\Babylon"
"C:\ProgramData\Babylon"
C:\Users\Stefany\Appdata\Local\GDIPFONTCACHEV1.DAT
C:\user.js
====== Información Extra ======
-_-_-_-_-_-_-_-_ Configuraciones de internet Explorer -_-_-_-_-_-_-_-_
"HKCU\Software\Microsoft\Internet Explorer\Main"
Start Page == http://www.google.com
Search Page == http://go.microsoft.com/fwlink/?LinkId=54896
Local Page == C:\Windows\system32\blank.htm
"HKLM\Software\Microsoft\Internet Explorer\Main"
Start Page == http://www.google.com
Search Page == http://go.microsoft.com/fwlink/?LinkId=54896
Local Page == C:\Windows\System32\blank.htm
Default_Search_URL == http://go.microsoft.com/fwlink/?LinkId=54896
Default_Page_URL == http://go.microsoft.com/fwlink/?LinkId=69157
======= EOF =======
Hola .
Realice lo siguiente:
Descargar OTL en el escritorio.
- Haga doble clic sobre el icono para ejecutarla.
- Asegúrese de que todas las ventanas estén cerradas y que no se interrumpa la ejecución.
- Marque la opción Analizar todos
- Sombree el contenido del recuadro de abajo luego haga clic derecho con el mouse > copiar.
Código:msconfig %SYSTEMDRIVE%\*.* %PROGRAMFILES%\*.* CREATERESTOREPOINT- Clic derecho con el ratón bajo la casilla Análisis Personalizados/Codigo de Reparación > Pegar
- Haga clic en el botón Análisis Rápido/Mínimo.
- No modifique alguna otra configuración a menos que se le indique.
- Sea paciente, el escaneo se puede llevar un tiempo.
- Cuando finalice la exploración, se abrirán dos ventanas con el block de notas: OTL.Txt y Extras.Txt, estos se guardan en el escritorio.
- Copie (Editar-> Seleccionar todo, Editar-> Copiar) el contenido del archivo OTL.txt y péguelo en la siguiente respuesta.
- Cierre la herramienta al terminar el proceso.
Saludos.
Blog | Antivirus Online | Eliminar Malwares | Antivirus Gratis
* Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
* Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
* No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.
Bueno amigo gracias por la ayuda...
este es el reporte.....
OTL logfile created on: 12/08/2012 9:29:42 p.m. - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Stefany\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy
1,97 Gb Total Physical Memory | 0,70 Gb Available Physical Memory | 35,45% Memory free
3,93 Gb Paging File | 2,43 Gb Available in Paging File | 61,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140,72 Gb Total Space | 101,61 Gb Free Space | 72,21% Space Free | Partition Type: NTFS
Drive D: | 46,76 Gb Total Space | 35,47 Gb Free Space | 75,85% Space Free | Partition Type: NTFS
Drive E: | 39,06 Gb Total Space | 36,50 Gb Free Space | 93,45% Space Free | Partition Type: NTFS
Drive F: | 3,23 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: ALFA_01 | User Name: Stefany | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/08/12 21:04:42 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Stefany\Downloads\OTL.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/07/03 11:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Archivos de programa\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 11:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Archivos de programa\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/05/24 03:19:40 | 001,190,912 | ---- | M] (http://at-my-window.blogspot.com/?page=songr) -- C:\Archivos de programa\Songr\Songr.exe
PRC - [2012/04/04 00:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Archivos de programa\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/02/02 10:55:22 | 003,209,216 | ---- | M] (Ares Development Group) -- C:\Archivos de programa\Ares\Ares.exe
PRC - [2011/04/07 14:23:34 | 002,672,600 | ---- | M] (PC Tools) -- C:\Archivos de programa\PC Tools Firewall Plus\FirewallGUI.exe
PRC - [2011/03/28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Archivos de programa\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011/03/28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Archivos de programa\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2011/01/24 13:23:14 | 000,286,000 | ---- | M] (PC Tools) -- C:\Archivos de programa\PC Tools Firewall Plus\FWService.exe
PRC - [2011/01/16 12:57:05 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Windows Media Player\wmpnetwk.exe
PRC - [2011/01/16 12:56:10 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/16 12:56:06 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2006/10/27 00:47:42 | 000,031,016 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2004/10/22 04:16:58 | 000,118,736 | R--- | M] (Macrovision Corporation) -- C:\Users\Stefany\AppData\Local\Temp\set2DA4.tmp
========== Modules (No Company Name) ==========
MOD - [2012/08/07 01:43:40 | 000,442,392 | ---- | M] () -- C:\Users\Stefany\AppData\Local\Google\Chrome\Application\21.0.1180.75\ppGoogleNaClPluginChrome.dll
MOD - [2012/08/07 01:43:39 | 012,235,800 | ---- | M] () -- C:\Users\Stefany\AppData\Local\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll
MOD - [2012/08/07 01:43:37 | 003,997,720 | ---- | M] () -- C:\Users\Stefany\AppData\Local\Google\Chrome\Application\21.0.1180.75\pdf.dll
MOD - [2012/08/07 01:42:21 | 000,526,872 | ---- | M] () -- C:\Users\Stefany\AppData\Local\Google\Chrome\Application\21.0.1180.75\libglesv2.dll
MOD - [2012/08/07 01:42:20 | 000,104,984 | ---- | M] () -- C:\Users\Stefany\AppData\Local\Google\Chrome\Application\21.0.1180.75\libegl.dll
MOD - [2012/08/07 01:42:09 | 000,144,424 | ---- | M] () -- C:\Users\Stefany\AppData\Local\Google\Chrome\Application\21.0.1180.75\avutil-51.dll
MOD - [2012/08/07 01:42:08 | 000,266,792 | ---- | M] () -- C:\Users\Stefany\AppData\Local\Google\Chrome\Application\21.0.1180.75\avformat-54.dll
MOD - [2012/08/07 01:42:07 | 002,480,680 | ---- | M] () -- C:\Users\Stefany\AppData\Local\Google\Chrome\Application\21.0.1180.75\avcodec-54.dll
MOD - [2012/07/31 14:54:32 | 000,758,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\e30ded9b9c19a264a974b1cc40d7d2cc\System.Runtime.Remoting.ni.dll
MOD - [2012/07/31 14:54:00 | 001,819,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\e8ab3b63bade82c3522613f2b1240c0d\Microsoft.VisualBasic.ni.dll
MOD - [2012/07/27 20:36:25 | 005,571,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e997d0200c25f7db6bd32313d50b729d\System.Xml.ni.dll
MOD - [2012/07/27 20:36:21 | 000,973,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ac18c2dcd06bd2a0589bac94ccae5716\System.Configuration.ni.dll
MOD - [2012/07/27 20:36:04 | 007,025,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\713647b987b140a17e3c4ffe4c721f85\System.Core.ni.dll
MOD - [2012/07/27 20:35:52 | 013,006,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\17e020ae92d7fab33bcc1c98b25019d0\System.Windows.Forms.ni.dll
MOD - [2012/07/27 20:35:42 | 003,779,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\d17606e813f01376bd0def23726ecc62\WindowsBase.ni.dll
MOD - [2012/07/27 20:35:40 | 001,651,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\dd57bc19f5807c6dbe8f88d4a23277f6\System.Drawing.ni.dll
MOD - [2012/07/27 20:35:37 | 009,000,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\964da027ebca3b263a05cadb8eaa20a3\System.ni.dll
MOD - [2012/07/27 20:35:27 | 014,415,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\246f1a5abb686b9dcdf22d3505b08cea\mscorlib.ni.dll
MOD - [2004/10/22 03:51:22 | 000,397,312 | ---- | M] () -- C:\Users\Stefany\AppData\Local\Temp\{5E8277AA-2152-456C-9CD2-F168CE82C99F}\{AA4C6CB3-9AAC-412A-9173-4719D113ED59}\_isres.dll
========== Win32 Services (SafeList) ==========
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/07/03 11:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Archivos de programa\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/04/04 00:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Archivos de programa\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Archivos de programa\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011/01/24 13:23:14 | 000,286,000 | ---- | M] (PC Tools) [Auto | Running] -- C:\Archivos de programa\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus)
SRV - [2011/01/16 12:57:05 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Archivos de programa\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Archivos de programa\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/10/27 00:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006/10/26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - [2012/07/09 16:54:25 | 000,011,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/07/03 11:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/07/03 11:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/07/03 11:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/07/03 11:21:53 | 000,057,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/07/03 11:21:53 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/07/03 11:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/03/26 18:56:44 | 000,022,632 | ---- | M] (TamoSoft) [Kernel | System | Running] -- C:\Windows\System32\drivers\TsLwWfF.sys -- (TsLwWfF)
DRV - [2011/07/08 17:32:48 | 000,121,872 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\JME.sys -- (JME)
DRV - [2011/03/02 12:40:54 | 000,160,576 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
DRV - [2011/01/17 0926 | 000,251,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2011/01/17 08:11:12 | 000,125,248 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctplfw.sys -- (pctplfw)
DRV - [2011/01/16 12:56:37 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2011/01/16 12:56:21 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2011/01/16 12:55:31 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2011/01/16 12:55:31 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2011/01/16 12:55:31 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2011/01/16 12:55:31 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2011/01/16 12:55:31 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2011/01/16 12:55:31 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2011/01/16 12:55:31 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)
DRV - [2011/01/16 12:55:31 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2011/01/16 12:55:31 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2011/01/16 12:55:29 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2011/01/16 12:55:29 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2011/01/12 10:36:22 | 000,089,472 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctNdis-PacketFilter.sys -- (PCTFW-PacketFilter)
DRV - [2010/07/08 08:49:10 | 000,057,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctNdis.sys -- (pctNdisMP)
DRV - [2010/07/08 08:49:10 | 000,057,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pctNdis.sys -- (pctNdis)
DRV - [2010/01/19 17:55:06 | 000,996,896 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3094715473-294380779-2908077200-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.pe/
IE - HKU\S-1-5-21-3094715473-294380779-2908077200-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3094715473-294380779-2908077200-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3094715473-294380779-2908077200-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Stefany\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Stefany\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
[2012/08/04 21:04:24 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\extensions
========== Chrome ==========
CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Stefany\AppData\Local\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Stefany\AppData\Local\Google\Chrome\Application\21.0.1180.75\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Stefany\AppData\Local\Google\Chrome\Application\21.0.1180.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Stefany\AppData\Local\Google\Chrome\Application\21.0.1180.75\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.5 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Stefany\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: avast! WebRep = C:\Users\Stefany\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Archivos de programa\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (no name) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (blekko search bar) - {f4f99c6d-f390-4fbc-858b-1541f9113fd8} - C:\Archivos de programa\blekkotb_001\blekkotb_019X.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Archivos de programa\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (blekko search bar) - {f4f99c6d-f390-4fbc-858b-1541f9113fd8} - C:\Archivos de programa\blekkotb_001\blekkotb_019X.dll ()
O3 - HKU\S-1-5-21-3094715473-294380779-2908077200-1000\..\Toolbar\WebBrowser: (no name) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No CLSID value found.
O4 - HKLM..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TaskTray] File not found
O4 - HKU\S-1-5-21-3094715473-294380779-2908077200-1000..\Run: [ares] C:\Program Files\Ares\Ares.exe (Ares Development Group)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: E&xportar a Microsoft Excel - C:\Archivos de programa\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm File not found
O9 - Extra Button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Archivos de programa\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Archivos de programa\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Archivos de programa\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.48.225.130 200.48.225.146
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6565FB7-114C-471F-B585-AECC038E9042}: DhcpNameServer = 200.48.225.130 200.48.225.146
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Archivos de programa\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Archivos de programa\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\Stefany\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012/08/12 21:02:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision
[2012/08/12 21:01:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2012/08/12 20:30:00 | 000,000,000 | ---D | C] -- C:\Users\Stefany\AppData\Local\{19893865-7589-473D-A693-271661B3EA54}
[2012/08/12 20:29:36 | 000,000,000 | ---D | C] -- C:\Users\Stefany\AppData\Local\{131E8117-C467-4D79-9FB9-298138D049FA}
[2012/08/12 10:16:04 | 000,000,000 | ---D | C] -- C:\Users\Stefany\Documents\CommView for WiFi
[2012/08/12 10:15:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CommView for WiFi
[2012/08/12 10:15:52 | 000,000,000 | ---D | C] -- C:\Program Files\CommViewWiFi
[2012/08/11 11:45:36 | 000,000,000 | ---D | C] -- C:\Users\Stefany\AppData\Local\{FA9142FD-D560-42F7-88F2-1A25581D675F}
[2012/08/11 11:45:23 | 000,000,000 | ---D | C] -- C:\Users\Stefany\AppData\Local\{AE644691-D313-4471-8E64-710586F36EDF}
[2012/08/08 18:54:48 | 000,000,000 | ---D | C] -- C:\Users\Stefany\Documents\DriverGenius
[2012/08/08 18:52:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Genius Professional Edition
[2012/08/08 18:52:46 | 000,000,000 | ---D | C] -- C:\Program Files\Driver-Soft
[2012/08/08 17:56:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/08/08 16:16:36 | 000,036,864 | ---- | C] (NirSoft) -- C:\Windows\nircmd.exe
[2012/08/07 19:56:56 | 000,000,000 | ---D | C] -- C:\Users\Stefany\AppData\Local\{5AD6C36E-8027-4033-8377-46B6462B7FB2}
[2012/08/07 19:56:38 | 000,000,000 | ---D | C] -- C:\Users\Stefany\AppData\Local\{C911C2A4-7E97-4B56-BF6B-32B1D95768F2}
[2012/08/05 16:44:13 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/08/05 16:27:27 | 000,000,000 | ---D | C] -- C:\Users\Stefany\Documents\Mis archivos recibidos
[2012/08/05 15:38:10 | 000,000,000 | ---D | C] -- C:\Users\Stefany\AppData\Local\{D043084F-02F4-48F4-9EE7-18A08817C90F}
[2012/08/05 15:37:39 | 000,000,000 | ---D | C] -- C:\Users\Stefany\AppData\Local\{D0DA39A9-8F0E-4A24-AA7D-777D2947C639}
[2012/08/04 21:04:24 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/08/04 20:56:22 | 000,000,000 | ---D | C] -- C:\Users\Stefany\Desktop\Zima tv
[2012/08/03 22:48:52 | 000,000,000 | ---D | C] -- C:\Users\Stefany\AppData\Roaming\RegistryKeys
[2012/08/03 22:47:57 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars
[2012/08/03 22:47:40 | 000,000,000 | ---D | C] -- C:\Program Files\blekkotb_001
[2012/08/03 22:47:39 | 000,000,000 | ---D | C] -- C:\Users\Stefany\AppData\Local\blekkotb_001
[2012/08/03 18:14:38 | 000,000,000 | ---D | C] -- C:\Users\Stefany\AppData\Local\{FF0E8552-FEA8-4B42-B8CF-0336B2E81ECC}
[2012/08/03 18:14:12 | 000,000,000 | ---D | C] -- C:\Users\Stefany\AppData\Local\{B6A3B7B8-B3AA-487F-9F09-C40FF84A902F}
[2012/08/02 22:40:55 | 000,000,000 | ---D | C] -- C:\Program Files\CutMaster2D
[2012/08/02 21:50:28 | 000,000,000 | ---D | C] -- C:\Users\Stefany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CutMaster 2D
[2012/08/02 21:49:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012/07/30 20
[2012/07/30 20
[2012/07/28 19:56:26 | 000,000,000 | ---D | C] -- C:\Users\Stefany\AppData\Local\{7A621609-4B55-4F37-8698-127D95052B4D}
[2012/07/28 19:55:10 | 000,000,000 | ---D | C] -- C:\Users\Stefany\AppData\Local\{307E1609-6C33-4B0F-97B7-8CFABBE637B0}
[2012/07/28 17:11:22 | 000,000,000 | ---D | C] -- C:\Users\Stefany\AppData\Roaming\Xilisoft
[2012/07/28 17:02:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xilisoft
[2012/07/28 17:00:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Xilisoft
[2012/07/28 17:00:25 | 000,000,000 | ---D | C] -- C:\Program Files\Xilisoft
[2012/07/27 20:38:56 | 000,000,000 | ---D | C] -- C:\Users\Stefany\AppData\Local\{76FD165E-261E-4E74-A3EF-750E81F4FA6D}
[2012/07/27 20:38:34 | 000,000,000 | ---D | C] -- C:\Users\Stefany\AppData\Local\{968CA4E2-C736-42F0-8CFE-1849E3331C40}
[2012/07/27 19:56:54 | 000,000,000 | ---D | C] -- C:\Users\Stefany\AppData\Local\Songr
[2012/07/27 19:56:14 | 000,000,000 | ---D | C] -- C:\Program Files\Songr
[2012/07/27 17:21:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/27 17:21:42 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/07/27 17:21:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/07/27 00:15:16 | 000,000,000 | ---D | C] -- C:\Users\Stefany\AppData\Local\{FA685286-04BF-4C2E-9637-BBD2C3C30280}
[2012/07/25 18:15:15 | 000,000,000 | ---D | C] -- C:\Users\Stefany\AppData\Local\{4035DC96-349F-40EF-AF07-E3B582DA6217}
[2012/07/25 18:14:59 | 000,000,000 | ---D | C] -- C:\Users\Stefany\AppData\Local\{721C0372-3D9A-40D4-A8A0-8E8FEAC1FD99}
[2012/07/24 13:12:40 | 000,000,000 | ---D | C] -- C:\Users\Stefany\AppData\Local\{EE7FAE46-052C-4BEB-B6CD-C078596976D9}
[2012/07/24 13:12:27 | 000,000,000 | ---D | C] -- C:\Users\Stefany\AppData\Local\{6BB8504C-80AB-44BF-87C0-660FF7DB0272}
[2012/07/23 23:29:15 | 000,000,000 | ---D | C] -- C:\Users\Stefany\AppData\Local\Activision
[2012/07/23 22:55:18 | 000,000,000 | ---D | C] -- C:\Program Files\Activision
[2012/07/23 13:43:32 | 000,000,000 | ---D | C] -- C:\Users\Stefany\AppData\Local\{C14BDFD2-F38E-4112-AAFA-A2487097E475}
[2012/07/23 13:43:20 | 000,000,000 | ---D | C] -- C:\Users\Stefany\AppData\Local\{CE06C506-98FD-4223-91D9-C22DF52B6483}
[2012/07/20 19:17:22 | 000,000,000 | ---D | C] -- C:\Users\Stefany\AppData\Local\{833E0E08-E2F7-42BE-BD25-7B0BE98CE632}
[2012/07/20 19:16:44 | 000,000,000 | ---D | C] -- C:\Users\Stefany\AppData\Local\{50BA0A9E-F5A3-4ED6-80A8-F387BBA60198}
[2012/07/20 09:13:32 | 000,000,000 | ---D | C] -- C:\ProgramData\TamoSoft
[2012/07/20 09:03:19 | 000,000,000 | ---D | C] -- C:\Users\Stefany\Desktop\Accesos directos - Hack
[2012/07/19 18:38:01 | 000,000,000 | ---D | C] -- C:\Users\Stefany\AppData\Local\{68A06DCA-5495-4BE0-A645-6BA3C41529DC}
[2012/07/19 18:37:13 | 000,000,000 | ---D | C] -- C:\Users\Stefany\AppData\Local\{04013394-D14D-47BD-BFD9-10C940888262}
[2012/07/18 19:31:55 | 000,000,000 | ---D | C] -- C:\Users\Stefany\AppData\Local\{BBB08134-CE6E-4ECA-83D6-88DAB04F1DC7}
[2012/07/17 14:33:15 | 000,000,000 | ---D | C] -- C:\Users\Stefany\AppData\Local\{38CB2FBB-3DAE-4876-ADDE-EE7C4AF5543E}
[2012/07/17 14:32:35 | 000,000,000 | ---D | C] -- C:\Users\Stefany\AppData\Local\{50080FA9-CC53-41EC-8065-D66E9A20BF9A}
[2012/07/17 06:34:13 | 000,000,000 | ---D | C] -- C:\Users\Stefany\AppData\Local\{0ECA5977-0DEF-4575-BB4C-CD2C7C39D130}
[2012/07/16 12:38:13 | 000,000,000 | ---D | C] -- C:\Users\Stefany\AppData\Local\{6FD2E140-1CA0-43D3-BBC7-665781C4BFCE}
[2012/07/16 12:37:06 | 000,000,000 | ---D | C] -- C:\Users\Stefany\AppData\Local\{2CB13E1B-9F54-4E64-AB37-DD024AC4454D}
[2012/07/16 06:19:08 | 000,000,000 | ---D | C] -- C:\Users\Stefany\AppData\Local\{C71808E4-D99F-4B8E-B2FE-5CC9592BCA9E}
[2012/07/15 11:27:06 | 000,000,000 | ---D | C] -- C:\Users\Stefany\AppData\Local\{577E0D00-AB71-4F4F-9081-C32ECABF3B3E}
[2012/07/15 11:25:13 | 000,000,000 | ---D | C] -- C:\Users\Stefany\AppData\Local\{7CDC4C43-F363-441D-8C1D-64420639926C}
[2012/07/15 07:50:46 | 000,000,000 | ---D | C] -- C:\Users\Stefany\AppData\Local\{2FA40EC2-0348-4CD0-929A-E3F2DB76FDB6}
[2012/07/14 16:12:51 | 000,000,000 | ---D | C] -- C:\Users\Stefany\AppData\Local\{54BB1125-CCFA-4F53-94F5-098C5856559C}
[2012/07/14 16:12:14 | 000,000,000 | ---D | C] -- C:\Users\Stefany\AppData\Local\{091CC9DC-D5C6-4189-8690-C075E7BF8C91}
[2012/07/14 12:19:18 | 000,000,000 | ---D | C] -- C:\Users\Stefany\AppData\Local\{6A20BAED-E135-471B-B0B5-9B8589FA5470}
[2012/07/14 12:09:57 | 000,000,000 | ---D | C] -- C:\Users\Stefany\AppData\Local\{151D7988-0BD4-4F2F-84F5-09A9308BCE3E}
[1 C:\Users\Stefany\Desktop\*.tmp files -> C:\Users\Stefany\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/08/12 21:27:23 | 000,000,000 | -H-- | M] () -- C:\Users\Stefany\Desktop\Eminem - Love The Way You Lie ft. Rihanna.avi
[2012/08/12 21:17:44 | 003,035,669 | ---- | M] () -- C:\Users\Stefany\Desktop\Los Lobos - Canción Del Mariachi (Morena De Mi Corazón).mp3
[2012/08/12 21:08:55 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/12 21:08:55 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/12 21:02:19 | 000,001,028 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty - Modern Warfare 2.lnk
[2012/08/12 21:00:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/12 21:00:08 | 1583,222,784 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/12 20:46:00 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3094715473-294380779-2908077200-1000UA.job
[2012/08/11 19:46:00 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3094715473-294380779-2908077200-1000Core.job
[2012/08/10 21:31:39 | 198,977,619 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/08/10 20:15:47 | 000,016,764 | ---- | M] () -- C:\Users\Stefany\Desktop\391384_501130166580781_1639590434_n.jpg
[2012/08/10 07:06:00 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/08/10 06:57:56 | 000,413,360 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/08/08 18:52:51 | 000,001,088 | ---- | M] () -- C:\Users\Stefany\Desktop\Driver Genius Professional Edition.lnk
[2012/08/07 20:18:21 | 096,772,434 | ---- | M] () -- C:\Users\Stefany\Desktop\Porta vs Chus vs Nayara.avi
[2012/08/02 22:39:07 | 002,385,116 | ---- | M] () -- C:\Users\Stefany\Desktop\CutMaster_2D_Pro_v1.3.3__keygen__by_sonnycds.7z
[2012/07/28 17:02:11 | 000,002,131 | ---- | M] () -- C:\Users\Public\Desktop\Xilisoft Video Convertidor Ultimate.lnk
[2012/07/28 11:56:12 | 000,703,840 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
[2012/07/28 11:56:12 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/28 11:56:12 | 000,137,806 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
[2012/07/28 11:56:12 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/28 11:49:19 | 000,000,963 | ---- | M] () -- C:\Windows\System32\InstallUtil.InstallLog
[2012/07/27 20:37:43 | 000,000,000 | ---- | M] () -- C:\Windows\System32\extensions.sqlite
[2012/07/27 17:34:43 | 000,001,074 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/24 19:40:14 | 000,000,682 | ---- | M] () -- C:\Users\Stefany\Desktop\Call of Duty® World at War - Acceso directo.lnk
[1 C:\Users\Stefany\Desktop\*.tmp files -> C:\Users\Stefany\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/08/12 21:27:22 | 000,000,000 | -H-- | C] () -- C:\Users\Stefany\Desktop\Eminem - Love The Way You Lie ft. Rihanna.avi
[2012/08/12 21:16:47 | 003,035,669 | ---- | C] () -- C:\Users\Stefany\Desktop\Los Lobos - Canción Del Mariachi (Morena De Mi Corazón).mp3
[2012/08/12 21:02:19 | 000,001,028 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty - Modern Warfare 2.lnk
[2012/08/10 21:31:39 | 198,977,619 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/08/10 20:15:53 | 000,016,764 | ---- | C] () -- C:\Users\Stefany\Desktop\391384_501130166580781_1639590434_n.jpg
[2012/08/10 06:57:46 | 000,413,360 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/08/08 18:52:51 | 000,001,088 | ---- | C] () -- C:\Users\Stefany\Desktop\Driver Genius Professional Edition.lnk
[2012/08/08 16:16:36 | 000,069,660 | ---- | C] () -- C:\Windows\Fart.exe
[2012/08/08 16:16:36 | 000,022,528 | ---- | C] () -- C:\Windows\AT-Uninstall.exe
[2012/08/08 16:16:36 | 000,011,776 | ---- | C] () -- C:\Windows\Colous.exe
[2012/08/07 19:48:42 | 096,772,434 | ---- | C] () -- C:\Users\Stefany\Desktop\Porta vs Chus vs Nayara.avi
[2012/08/02 22:39:01 | 002,385,116 | ---- | C] () -- C:\Users\Stefany\Desktop\CutMaster_2D_Pro_v1.3.3__keygen__by_sonnycds.7z
[2012/07/28 17:02:11 | 000,002,131 | ---- | C] () -- C:\Users\Public\Desktop\Xilisoft Video Convertidor Ultimate.lnk
[2012/07/27 20:37:43 | 000,000,000 | ---- | C] () -- C:\Windows\System32\extensions.sqlite
[2012/07/27 20:37:39 | 000,000,963 | ---- | C] () -- C:\Windows\System32\InstallUtil.InstallLog
[2012/07/27 19:56:18 | 000,001,000 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Songr.lnk
[2012/07/27 17:34:43 | 000,001,074 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/24 19:40:14 | 000,000,682 | ---- | C] () -- C:\Users\Stefany\Desktop\Call of Duty® World at War - Acceso directo.lnk
[2012/07/08 17:58:16 | 000,011,232 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2012/07/07 15:11:40 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2011/01/16 12:56:37 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/01/16 12:56:35 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
========== LOP Check ==========
[2012/07/09 20:31:23 | 000,000,000 | ---D | M] -- C:\Users\Stefany\AppData\Roaming\Canneverbe Limited
[2012/07/19 13:52:34 | 000,000,000 | ---D | M] -- C:\Users\Stefany\AppData\Roaming\Opera
[2012/07/08 17:06:13 | 000,000,000 | ---D | M] -- C:\Users\Stefany\AppData\Roaming\PCToolsFirewallPlus
[2012/08/03 22:48:52 | 000,000,000 | ---D | M] -- C:\Users\Stefany\AppData\Roaming\RegistryKeys
[2012/07/28 17:11:22 | 000,000,000 | ---D | M] -- C:\Users\Stefany\AppData\Roaming\Xilisoft
[2012/08/01 20:17:11 | 000,032,588 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2012/08/08 16:19:33 | 000,003,473 | ---- | M] () -- C:\AT-Destroyer.txt
[2009/06/10 16:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2011/01/16 12:55:35 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2012/07/07 07:56:46 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009/06/10 16:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2012/08/12 21:00:08 | 1583,222,784 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/08 16:23:26 | 000,000,829 | ---- | M] () -- C:\Navegadores.txt
[2012/08/12 21:00:07 | 2110,967,808 | -HS- | M] () -- C:\pagefile.sys
< %PROGRAMFILES%\*.* >
[2009/07/13 23:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
========== Alternate Data Streams ==========
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:C31F31E6
@Alternate Data Stream - 12 bytes -> C:\Windows\System32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}
< End of report >
Hola.
Realice lo siguiente:
- Sombree el contenido del siguiente recuadro (excepto la palabra código), luego haga clic derecho con el ratón > Copiar.
Código::OTL PRC - [2004/10/22 04:16:58 | 000,118,736 | R--- | M] (Macrovision Corporation) -- C:\Users\Stefany\AppData\Local\Temp\set2DA4.tmp MOD - [2004/10/22 03:51:22 | 000,397,312 | ---- | M] () -- C:\Users\Stefany\AppData\Local\Temp\{5E8277AA-2152-456C-9CD2-F168CE82C99F}\{AA4C6CB3-9AAC-412A-9173-4719D113ED59}\_isres.dll [2012/08/04 21:04:24 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\extensions O2 - BHO: (blekko search bar) - {f4f99c6d-f390-4fbc-858b-1541f9113fd8} - C:\Archivos de programa\blekkotb_001\blekkotb_019X.dll () O3 - HKLM\..\Toolbar: (blekko search bar) - {f4f99c6d-f390-4fbc-858b-1541f9113fd8} - C:\Archivos de programa\blekkotb_001\blekkotb_019X.dll () [2012/08/03 22:47:57 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars [2012/08/03 22:47:40 | 000,000,000 | ---D | C] -- C:\Program Files\blekkotb_001 [2012/08/03 22:47:39 | 000,000,000 | ---D | C] -- C:\Users\Stefany\AppData\Local\blekkotb_001 [1 C:\Users\Stefany\Desktop\*.tmp files -> C:\Users\Stefany\Desktop\*.tmp -> ] @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:C31F31E6 @Alternate Data Stream - 12 bytes -> C:\Windows\System32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57} :services :reg :files C:\Archivos de programa\blekkotb_001 /d C:\*.txt :commands [resethosts] [emptytemp] [createrestorepoint]- Ejecutar OTL.exe
- Clic derecho con el ratón bajo la casilla Análisis Personalizados/Código de Reparación > Pegar.
- Luego haga clic en el botón Reparar ubicado en la parte superior.
- Deje que el programa se ejecute sin trabas, reinicie cuando lo pida hacer.
- Al reiniciar se creará un reporte por defecto en C:\_OTL\MovedFiles, copie y pegue ese log en la próxima respuesta.
Nos comenta los resultados.
Saludos.
Blog | Antivirus Online | Eliminar Malwares | Antivirus Gratis
* Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
* Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
* No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.
Gracias por la ayuda al fin pude desactivar la barra de herramientas de blekko..
Un monton de gracias....
ahi te mando el reporte....
All processes killed
========== OTL ==========
No active process named set2DA4.tmp was found!
C:\Archivos de programa\Mozilla Firefox\extensions folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f4f99c6d-f390-4fbc-858b-1541f9113fd8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f4f99c6d-f390-4fbc-858b-1541f9113fd8}\ deleted successfully.
File C:\Archivos de programa\blekkotb_001\blekkotb_019X.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{f4f99c6d-f390-4fbc-858b-1541f9113fd8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f4f99c6d-f390-4fbc-858b-1541f9113fd8}\ not found.
File C:\Archivos de programa\blekkotb_001\blekkotb_019X.dll not found.
C:\ProgramData\blekko toolbars folder moved successfully.
Folder C:\Program Files\blekkotb_001\ not found.
C:\Users\Stefany\AppData\Local\blekkotb_001\data folder moved successfully.
C:\Users\Stefany\AppData\Local\blekkotb_001 folder moved successfully.
C:\Users\Stefany\Desktop\$3b5ec07c-59c8-4b27-b050-c000ab4db154.tmp deleted successfully.
C:\Users\Stefany\Desktop\$8447730c-f640-46c6-b42c-df2ecb863318.tmp deleted successfully.
ADS C:\ProgramData\TEMP:C31F31E6 deleted successfully.
ADS C:\Windows\System32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57} deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\Archivos de programa\blekkotb_001 not found.
C:\AT-Destroyer.txt moved successfully.
C:\Navegadores.txt moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: Stefany
->Temp folder emptied: 77937952 bytes
->Temporary Internet Files folder emptied: 84281161 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 367603966 bytes
->Flash cache emptied: 1084 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1574032 bytes
RecycleBin emptied: 54039005 bytes
Total Files Cleaned = 558,00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.57.0 log created on 08132012_193638
Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
PendingFileRenameOperations files...
[2012/08/13 19:39:43 | 000,000,000 | ---- | M] () C:\Windows\temp\_avast_\Webshlock.txt : Unable to obtain MD5
Registry entries deleted on Reboot...
Una consulta adicional amigo...
Antes de comprar esta laptop tenia una pc convencional con xp y cada vez que le entraba virus usaba el ghost del hirens boot cd 9-0
Pero ahora que tengo esta laptop parece que ese programa no funciona con win7 y me gustaria saber con que programa puedo crear la imagen de mi Sistema operativo
Por favor si pudieras orientarme o indicarme donde puedo solicitar este tipo de ayuda...
Hola.
1.- dale doble clic a OTL.exe y luego presiona el botón LIMPIAR.
2.- Puedes usar Acronis o Norton Ghost para crear una imagen del disco duro.
Saludos.
Última edición por M@co fecha: 13/08/12 a las 21:42:29
Blog | Antivirus Online | Eliminar Malwares | Antivirus Gratis
* Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
* Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
* No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.
Muchas gracias por la ayuda...!!
Al parecer ya todo fue solucionado..
Ahora como cierro el tema.???
Buenas y con permiso, aunque el tema ya esta solucionado.
Solo paso a comentar, que ademas de las excelente herramientas que te indica el compañero M@co.
A mi me gusta y suelo usar este otro procedimiento, y digo que me gusta porque se realiza desde un LiveCD de Linux, con lo que es totalmente independiente al sistema operativo que uno tenga instalado en el pc :
Yo te aconsejo el uso de este excelente vídeo/manual que hizo la compañera Alyana>> Tutorial de Clonezilla on Vimeo.
Este programa para mi es mejor que otros, ya que se usa externamente a Ubuntu(Linux), Windows y cualquier sistema operativo.
Es un sistema cómodo e indoloro, lo haces todo a través de menús y no necesitas acceder a linea de comandos.
Y aunque tu Sistema operativo no funcione, podrás restaurar la imagen arrancando con el Livecd de Clonezilla que tendrás que crear.
Para hacer la imagen tendrás que usar un disco externo conectado por usb, o un segundo disco interno, también te puede servir un pendrive o memoria usb, si tiene la capacidad/espacio suficiente.
Espero que esto aclare tus dudas.
Saludos, Javier.
~~ Quien no lo intenta, no lo Consigue. |;-) ~~
Blog | Antivirus Online | Eliminar Malwares | Antivirus Gratis
* Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
* Infórmate de las últimas amenazas de la red desde >> InfoSpyware Blog
* No se resuelven dudas por Privados ni por E-mail, ya que para eso está el foro.
Registrate para responder
