• Registrarse
  • Iniciar sesión


  • Resultados 1 al 3 de 3

    Search page V9 and Babylon Search engine

    Hi, my name is Facundo. I'm new at the forum, I had some trouble during the few last days becuase of an extra instalation of this two guys, mostly Babylon. I was reading another person's ...

    1. #1
      Usuario Avatar de Dravian
      Registrado
      ago 2012
      Ubicación
      Argentina
      Mensajes
      2

      Search page V9 and Babylon Search engine

      Hi, my name is Facundo.

      I'm new at the forum, I had some trouble during the few last days becuase of an extra instalation of this two guys, mostly Babylon. I was reading another person's post and tried the AT-Destroyer program, but with no good results.

      I've just downloaded OTL and analyzed my computer. The report is the following:

      OTL logfile created on: 19/08/2012 4:02:38 - Run 2
      OTL by OldTimer - Version 3.2.58.0 Folder = C:\Users\Facu\Downloads
      Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
      Internet Explorer (Version = 8.0.7600.16385)
      Locale: 00000c0a | Country: España | Language: ESN | Date Format: dd/MM/yyyy

      1,75 Gb Total Physical Memory | 0,90 Gb Available Physical Memory | 51,39% Memory free
      3,50 Gb Paging File | 2,62 Gb Available in Paging File | 74,82% Paging File free
      Paging file location(s): ?:\pagefile.sys [binary data]

      %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
      Drive C: | 297,99 Gb Total Space | 205,83 Gb Free Space | 69,07% Space Free | Partition Type: NTFS
      Drive F: | 971,85 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

      Computer Name: FACU-PC | User Name: Facu | Logged in as Administrator.
      Boot Mode: Normal | Scan Mode: Current user
      Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

      ========== Processes (SafeList) ==========

      PRC - [2012/08/19 03:54:06 | 000,598,016 | ---- | M] (OldTimer Tools) -- C:\Users\Facu\Downloads\OTL.exe
      PRC - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
      PRC - [2012/07/03 13:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Archivos de programa\AVAST Software\Avast\AvastUI.exe
      PRC - [2012/07/03 13:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Archivos de programa\AVAST Software\Avast\AvastSvc.exe
      PRC - [2012/05/15 06:27:34 | 000,857,920 | ---- | M] (NVIDIA Corporation) -- C:\Archivos de programa\NVIDIA Corporation\Display\nvxdsync.exe
      PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Archivos de programa\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
      PRC - [2012/04/26 09:33:16 | 002,743,104 | ---- | M] (DT Soft Ltd) -- C:\Archivos de programa\DAEMON Tools Pro\DTShellHlp.exe
      PRC - [2012/04/04 02:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Archivos de programa\Common Files\Adobe\ARM\1.0\armsvc.exe
      PRC - [2009/07/13 22:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Windows Media Player\wmpnetwk.exe
      PRC - [2009/07/13 22:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
      PRC - [2009/07/13 22:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
      PRC - [2009/07/13 22:14:12 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe


      ========== Modules (No Company Name) ==========

      MOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Archivos de programa\Common Files\Apple\Apple Application Support\zlib1.dll
      MOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Archivos de programa\Common Files\Apple\Apple Application Support\libxml2.dll
      MOD - [2005/07/18 17:46:08 | 000,074,240 | ---- | M] () -- C:\Archivos de programa\iPhone Folders\zlibwapi.dll


      ========== Win32 Services (SafeList) ==========

      SRV - [2012/08/03 09:59:39 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
      SRV - [2012/07/28 11:38:34 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Archivos de programa\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
      SRV - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
      SRV - [2012/07/03 13:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Archivos de programa\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
      SRV - [2012/07/03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Archivos de programa\Skype\Updater\Updater.exe -- (SkypeUpdate)
      SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Archivos de programa\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
      SRV - [2012/04/04 02:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Archivos de programa\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
      SRV - [2009/07/13 22:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
      SRV - [2009/07/13 22:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
      SRV - [2009/07/13 22:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Archivos de programa\Windows Defender\MpSvc.dll -- (WinDefend)
      SRV - [2009/07/13 22:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Archivos de programa\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)


      ========== Driver Services (SafeList) ==========

      DRV - [2012/08/17 03:29:52 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
      DRV - [2012/07/03 13:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
      DRV - [2012/07/03 13:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
      DRV - [2012/07/03 13:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
      DRV - [2012/07/03 13:21:53 | 000,057,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
      DRV - [2012/07/03 13:21:53 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
      DRV - [2012/07/03 13:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
      DRV - [2012/05/15 07:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
      DRV - [2012/04/18 14:08:04 | 000,148,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
      DRV - [2010/11/01 06:08:46 | 000,014,416 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Archivos de programa\IObit\Game Booster 3\Driver\WinRing0.sys -- (WinRing0_1_2_0)
      DRV - [2009/07/13 22:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
      DRV - [2009/07/13 22:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
      DRV - [2009/07/13 22:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
      DRV - [2009/07/13 20:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
      DRV - [2009/07/13 20:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
      DRV - [2009/07/13 20:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
      DRV - [2009/07/13 19:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)


      ========== Standard Registry (SafeList) ==========


      ========== Internet Explorer ==========

      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
      IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://es.msn.com/?ocid=iehp
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 D2 07 06 C3 5E CD 01 [binary data]
      IE - HKCU\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
      IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

      ========== FireFox ==========

      FF - prefs.js..browser.search.defaultenginename: "v9"
      FF - prefs.js..browser.search.order.1: "v9"
      FF - prefs.js..browser.search.selectedEngine: "Google"
      FF - prefs.js..browser.search.useDBForOrder: true
      FF - prefs.js..browser.startup.homepage: "http://google.com"
      FF - prefs.js..keyword.URL: "http://google.com"


      FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
      FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
      FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
      FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
      FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
      FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
      FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
      FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
      FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
      FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/28 11:38:35 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

      [2012/07/10 15:56:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Facu\AppData\Roaming\mozilla\Extensions
      [2012/08/17 14:58:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Facu\AppData\Roaming\mozilla\Firefox\Profiles\b9t1bv01.default\extensions
      [2012/07/10 19:53:47 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\extensions
      [2012/07/18 00:21:39 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Archivos de programa\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
      [2012/07/28 11:38:35 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

      ========== Chrome ==========

      CHR - default_search_provider: Google (Enabled)
      CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
      CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
      CHR - homepage: http://www.google.com/
      CHR - Extension: No name found = C:\Users\Facu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
      CHR - Extension: No name found = C:\Users\Facu\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
      CHR - Extension: No name found = C:\Users\Facu\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.1.0.10441_0\
      CHR - Extension: No name found = C:\Users\Facu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

      O1 HOSTS File: ([2012/08/17 16:24:59 | 000,000,822 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
      O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
      O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
      O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
      O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
      O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
      O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
      O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
      O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
      O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Inc.)
      O13 - gopher Prefix: missing
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{31C687FA-D3EC-4841-B50A-B59D3885294B}: DhcpNameServer = 192.168.0.1
      O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Archivos de programa\Common Files\Skype\Skype4COM.dll (Skype Technologies)
      O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
      O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O32 - HKLM CDRom: AutoRun - 1
      O32 - AutoRun File - [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
      O32 - AutoRun File - [2010/09/08 04:26:33 | 000,000,075 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
      O33 - MountPoints2\{27865b3b-e814-11e1-9f36-00306730ca49}\Shell - "" = AutoRun
      O33 - MountPoints2\{27865b3b-e814-11e1-9f36-00306730ca49}\Shell\AutoRun\command - "" = F:\Setup.exe -- [2010/09/08 04:26:33 | 001,525,376 | R--- | M] (Frictional Games )
      O34 - HKLM BootExecute: (autocheck autochk *)
      O35 - HKLM\..comfile [open] -- "%1" %*
      O35 - HKLM\..exefile [open] -- "%1" %*
      O37 - HKLM\...com [@ = comfile] -- "%1" %*
      O37 - HKLM\...exe [@ = exefile] -- "%1" %*
      O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
      O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
      O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

      ========== Files/Folders - Created Within 30 Days ==========

      [2012/08/19 03:37:54 | 000,036,864 | ---- | C] (NirSoft) -- C:\Windows\nircmd.exe
      [2012/08/19 02:37:07 | 000,000,000 | ---D | C] -- C:\Users\Facu\AppData\Local\VS Revo Group
      [2012/08/19 02:37:02 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
      [2012/08/17 16:30:02 | 000,000,000 | ---D | C] -- C:\Program Files\v9Soft
      [2012/08/17 16:29:20 | 000,000,000 | ---D | C] -- C:\Program Files\Babylon Client Removal Tool
      [2012/08/17 15:13:24 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
      [2012/08/17 03:54:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amnesia - The Dark Descent
      [2012/08/17 03:51:04 | 000,000,000 | ---D | C] -- C:\Program Files\Amnesia - The Dark Descent
      [2012/08/17 03:30:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Pro
      [2012/08/17 03:29:52 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
      [2012/08/17 03:29:49 | 000,000,000 | ---D | C] -- C:\Users\Facu\AppData\Roaming\DAEMON Tools Pro
      [2012/08/17 03:29:45 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Pro
      [2012/08/17 03:28:34 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro
      [2012/08/17 00:12:45 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader
      [2012/08/16 14:55:11 | 000,000,000 | ---D | C] -- C:\Users\Facu\Desktop\The Binding of Isaac
      [2012/08/16 11:46:05 | 000,000,000 | ---D | C] -- C:\Users\Facu\Desktop\Slender v0.9.5
      [2012/08/09 01:50:28 | 000,000,000 | ---D | C] -- C:\Users\Facu\Desktop\D9CCA418-8501-487F-9B80-E9F29905BE9C
      [2012/07/30 22:24:51 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
      [2012/07/30 20:43:53 | 000,000,000 | ---D | C] -- C:\Users\Facu\Documents\Mount&Blade Warband Savegames
      [2012/07/30 20:41:25 | 000,000,000 | ---D | C] -- C:\Users\Facu\Documents\Mount&Blade Warband
      [2012/07/30 20:41:25 | 000,000,000 | ---D | C] -- C:\Users\Facu\AppData\Roaming\Mount&Blade Warband
      [2012/07/28 12:49:41 | 000,000,000 | ---D | C] -- C:\Users\Facu\.thumbnails
      [2012/07/28 12:11:59 | 000,000,000 | ---D | C] -- C:\Users\Facu\AppData\Local\fontconfig
      [2012/07/28 12:11:57 | 000,000,000 | ---D | C] -- C:\Users\Facu\AppData\Local\gegl-0.2
      [2012/07/28 12:11:57 | 000,000,000 | ---D | C] -- C:\Users\Facu\.gimp-2.8
      [2012/07/28 12:06:13 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
      [2012/07/28 11:38:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
      [2012/07/28 11:38:42 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
      [2012/07/25 18:43:53 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
      [2012/07/25 18:36:23 | 000,000,000 | ---D | C] -- C:\Users\Facu\AppData\Roaming\WinRAR
      [2012/07/25 18:36:23 | 000,000,000 | ---D | C] -- C:\Users\Facu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
      [2012/07/25 18:36:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
      [2012/07/25 18:36:04 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
      [2012/07/24 03:16:54 | 000,000,000 | ---D | C] -- C:\Users\Facu\Documents\Vuze Downloads
      [2012/07/24 03:04:21 | 000,000,000 | ---D | C] -- C:\Users\Facu\AppData\Roaming\Raptr
      [2012/07/24 03:02:11 | 000,000,000 | ---D | C] -- C:\Users\Facu\.swt
      [2012/07/24 03:02:03 | 000,000,000 | ---D | C] -- C:\Users\Facu\AppData\Roaming\Azureus
      [2012/07/24 03:01:34 | 000,000,000 | ---D | C] -- C:\Program Files\Vuze
      [2012/07/21 0712 | 000,000,000 | ---D | C] -- C:\Users\Facu\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
      [2012/07/21 07:09:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR

      ========== Files - Modified Within 30 Days ==========

      [2012/08/19 03:54:56 | 000,694,148 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
      [2012/08/19 03:54:56 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat
      [2012/08/19 03:54:56 | 000,134,242 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
      [2012/08/19 03:54:56 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat
      [2012/08/19 03:52:00 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
      [2012/08/19 03:50:34 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
      [2012/08/19 03:50:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
      [2012/08/19 03:50:18 | 1408,688,128 | -HS- | M] () -- C:\hiberfil.sys
      [2012/08/19 03:49:52 | 000,009,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      [2012/08/19 03:49:52 | 000,009,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      [2012/08/17 03:54:58 | 000,002,122 | ---- | M] () -- C:\Users\Facu\Desktop\Amnesia.lnk
      [2012/08/17 03:29:52 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
      [2012/08/16 02:30:46 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
      [2012/08/16 02:30:46 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
      [2012/08/14 14:02:31 | 000,072,143 | ---- | M] () -- C:\Users\Facu\AppData\Local\recently-used.xbel
      [2012/08/09 01:49:57 | 000,090,996 | ---- | M] () -- C:\Users\Facu\Desktop\Patients.archive
      [2012/07/31 20:21:00 | 000,007,172 | ---- | M] () -- C:\Users\Facu\Desktop\581310_10150881899210636_36318779_n.jpg
      [2012/07/25 18:43:49 | 000,000,112 | -H-- | M] () -- C:\A39DFD1894E5
      [2012/07/25 18:43:49 | 000,000,040 | -H-- | M] () -- C:\E57968835354

      ========== Files Created - No Company Name ==========

      [2012/08/19 03:37:54 | 000,069,660 | ---- | C] () -- C:\Windows\Fart.exe
      [2012/08/19 03:37:54 | 000,022,528 | ---- | C] () -- C:\Windows\AT-Uninstall.exe
      [2012/08/19 03:37:54 | 000,011,776 | ---- | C] () -- C:\Windows\Colous.exe
      [2012/08/17 03:54:58 | 000,002,122 | ---- | C] () -- C:\Users\Facu\Desktop\Amnesia.lnk
      [2012/08/17 00:13:25 | 000,001,947 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
      [2012/08/17 00:13:25 | 000,001,891 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Uninstaller.lnk
      [2012/08/17 00:13:25 | 000,001,870 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
      [2012/08/14 14:02:31 | 000,072,143 | ---- | C] () -- C:\Users\Facu\AppData\Local\recently-used.xbel
      [2012/08/09 01:49:56 | 000,090,996 | ---- | C] () -- C:\Users\Facu\Desktop\Patients.archive
      [2012/07/31 20:20:59 | 000,007,172 | ---- | C] () -- C:\Users\Facu\Desktop\581310_10150881899210636_36318779_n.jpg
      [2012/07/28 12:08:26 | 000,001,045 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
      [2012/07/25 18:43:49 | 000,000,112 | -H-- | C] () -- C:\A39DFD1894E5
      [2012/07/25 18:43:48 | 000,000,040 | -H-- | C] () -- C:\E57968835354
      [2012/07/24 03:01:45 | 000,001,794 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
      [2012/07/15 18:07:27 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
      [2012/07/12 01:03:33 | 000,293,889 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
      [2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe

      ========== Files - Unicode (All) ==========
      [2012/07/10 10:31:45 | 000,204,800 | ---- | C] ()(C:\Users\Facu\Documents\??-Nivel 1.doc) -- C:\Users\Facu\Documents\詞彙-Nivel 1.doc
      [2011/07/16 23:33:12 | 000,204,800 | ---- | M] ()(C:\Users\Facu\Documents\??-Nivel 1.doc) -- C:\Users\Facu\Documents\詞彙-Nivel 1.doc

      < End of report >

      I hope anyone will be able to help me out with this mess I'm in.

      Thank you in advance,
      Facundo

    2. #2
      FS-Admin
      Avatar de @MarceloRivero
      Registrado
      ene 2005
      Ubicación
      Miami
      Mensajes
      40.914

      Re: Search page V9 and Babylon Search engine

      Hola Dravian, te doy la bienvenida al Foro de InfoSpyware.

      Somos un foro en idioma español, por lo que si vives en Arg y tu sistema como dice OTL está en español, no hay necesidad de escribir en ingles

      Hemos actualizado recientemente nuestra herramienta AT-Destroyer a la versión 1.7 la cual te sugiero que descargues, ejecutes y nos dejes el reporte de este en este mismo post.


      Realiza lo siguiente:


      • Descarga AT-Destroyer (Adwares/Toolbars-Destroyer) by @Infospyware.
      • Desactiva temporalmente el Antivirus y/o Antispyware.
      • Ejecuta AT-Destroyer como administrador.
      • Aparecerá el Disclaimer, si estas de acuerdo, presiona SI para continuar.
      • Presiona sobre la opción 1 (Buscar y Destruir) para comenzar es escaneo.
      • AT-Destroyer desconectará el escritorio momentáneamente.
      • En caso de estar infectado, AT-Destroyer lo indicará con lineas rojas donde se haya encontrado la infección, sino, serán lineas verdes.
      • Una vez terminado el escaneo, podrás volver a ver el escritorio y se te abrirá un reporte, que deberás copiar en tu próxima respuesta comentando cómo funciona el sistema.
      • Si algún programa no inicia, reiniciar la PC.



      Salu2
      Marcelo Rivero
      Microsoft MVP Enterprise Security.



      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #3
      Usuario Avatar de Dravian
      Registrado
      ago 2012
      Ubicación
      Argentina
      Mensajes
      2

      Re: Search page V9 and Babylon Search engine

      Perdón!! Que dobolu, no se ni porque escribí en inglés.

      Acá esta el informe del A/T-Destroyer.
      El problema persiste luego del Buscar y destruir...

      Saludos y gracias!!
      Facundo


      #################################################### A/T-Destroyer by InfoSpyware ############

      A/T-Destroyer 1.0.7 By Infospyware
      www.infospyware.com
      Fecha iniciada en el analisis 29/08/2012
      Hora iniciada en el analisis 9:52:26,48
      Usuario Actual : [C:\Users\Facu]
      Sistema Operativo: Windows 7 Ultimate
      Arquitectura: Sistema operativo de 32 bits
      Versión Internet Explorer: 8.0.7600.16385
      Modo Actual: Modo Normal.
      Privilegios: [Facu-Administrador]
      Versión Google Chrome:
      Versión Mozilla Firefox: 14.0.1

      ====== Servicios Eliminados By A/T-Destroyer ======




      ====== Claves Eliminadas By A/T-Destroyer ======




      ====== Archivos/Carpetas Eliminados By A/T-Destroyer ======


      C:\Users\Facu\Appdata\Local\GDIPFONTCACHEV1.DAT


      ====== Información Extra ======


      -_-_-_-_-_-_-_-_ Configuraciones de internet Explorer -_-_-_-_-_-_-_-_
      "HKCU\Software\Microsoft\Internet Explorer\Main"
      Start Page == http://www.google.com
      Search Page == http://go.microsoft.com/fwlink/?LinkId=54896
      Local Page == C:\Windows\system32\blank.htm
      Default_Page_URL == about:blank

      "HKLM\Software\Microsoft\Internet Explorer\Main"
      Start Page == http://www.google.com
      Search Page == http://go.microsoft.com/fwlink/?LinkId=54896
      Local Page == C:\Windows\System32\blank.htm
      Default_Search_URL == http://go.microsoft.com/fwlink/?LinkId=54896
      Default_Page_URL == about:blank


      "HKEY_USERS\S-1-5-21-572274884-127824755-4284227292-1001\Software\Microsoft\Internet Explorer\Main"
      Start Page == http://www.google.com
      Search Page == http://go.microsoft.com/fwlink/?LinkId=54896
      Local Page == C:\Windows\system32\blank.htm
      Default_Page_URL == about:blank


      -_-_-_-_-_-_-_-_ Configuraciones de Google Chrome-_-_-_-_-_-_-_-_
      "homepage": "http://www.google.com/",
      "homepage_changed": true,
      "homepage_is_newtabpage": false,
      -_-_-_-_-_-_-_-_ Configuraciones de Google Chrome-_-_-_-_-_-_-_-_
      "homepage": "http://www.google.com/",
      "homepage_changed": true,
      "homepage_is_newtabpage": false,


      -_-_-_-_-_-_-_-_ Configuraciones de mozilla Firefox -_-_-_-_-_-_-_-_
      user_pref("browser.startup.homepage", "http://google.com");




      ======= EOF =======