• Registrarse
  • Iniciar sesión


  • Resultados 1 al 8 de 8

    Como quitar el Babylon?

    es muy molesto ya lo desinstale pero sigue ahi...

    1. #1
      Usuario Avatar de paty silva
      Registrado
      oct 2010
      Ubicación
      chihuahua mx.
      Mensajes
      67

      Como quitar el Babylon?

      es muy molesto ya lo desinstale pero sigue ahi

    2. #2
      Ex-Colaborador Avatar de Xtreme Hero
      Registrado
      dic 2010
      Ubicación
      España
      Mensajes
      9.014

      Re: como quitar el babylon ????

      Hola paty Silva

      Lo primero de todo, crea un punto de restauración: Como crear punto de restauración? (solucionado)

      -Descarga el nuevo AT-Destroyer que te pongo al final del post.
      -Sitúalo en el escritorio y lo ejecutas como Administrador.
      -Pulsas sobre el botón que pone "Buscar y Destruir".
      -Acto seguido, aceptas la ventana que saldrá y el escaneo empezará.
      -El escritorio desaparecerá hasta el final de la ejecución.
      -Aceptas el mensaje para reiniciar el pc y una vez iniciado, buscas el reporte en C:\AT-DestroyerX.txt.

      Salu2
      Lucha Hasta El Final

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #3
      Usuario Avatar de paty silva
      Registrado
      oct 2010
      Ubicación
      chihuahua mx.
      Mensajes
      67

      Re: como quitar el babylon ????

      podrias ponerme un link para descargar el at destroyer?
      gracias

    4. #4
      Moderador
      Avatar de @JFNoda
      Registrado
      sep 2008
      Ubicación
      Islas Canarias
      Mensajes
      5.876

      Re: como quitar el babylon ????

      Hola y con permiso Xtreme Hero

      El enlace de descarga es el siguiente paty silva:



      Ahora mismo la página está en mantenimiento y no podrás acceder pero en cuanto esté disponible podrás descargar el programa

      Slds. a [email protected]
      Libraman

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    5. #5
      Usuario Avatar de paty silva
      Registrado
      oct 2010
      Ubicación
      chihuahua mx.
      Mensajes
      67

      Re: Como quitar el Babylon?

      esto fue lo que encontro

      #################################################### A/T-Destroyer by InfoSpyware ############

      A/T-Destroyer 1.0.7 By Infospyware
      www.infospyware.com
      Fecha iniciada en el analisis 23/08/2012
      Hora iniciada en el analisis 8:05:25.21
      Usuario Actual : [C:\Users\Oscar]
      Sistema Operativo: Windows 7 Home Premium
      Service pack: Service Pack 1
      Arquitectura: Sistema operativo de 32 bits
      Versión Internet Explorer: 9.0.8112.16421
      Modo Actual: Modo Normal.
      Privilegios: [Oscar-Administrador]
      Versión Google Chrome:
      Versión Mozilla Firefox: 14.0.1

      ====== Servicios Eliminados By A/T-Destroyer ======




      ====== Claves Eliminadas By A/T-Destroyer ======


      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | ( {98889811-442D-49dd-99D7-DC866BE87DBC} )
      HKEY_CURRENT_USER\Software\DataMngr\Files
      HKEY_CURRENT_USER\Software\DataMngr\Files\ChromeHomepage
      HKEY_CURRENT_USER\Software\DataMngr\Files\Homepage
      HKEY_CURRENT_USER\Software\DataMngr\Files\SelectedSearch
      HKEY_CURRENT_USER\Software\DataMngr\Files\UrlbarSearch
      HKEY_CURRENT_USER\Software\DataMngr\List
      HKEY_CURRENT_USER\Software\DataMngr\List\Item1
      HKEY_CURRENT_USER\Software\DataMngr\List\Item2
      HKEY_CURRENT_USER\Software\DataMngr\List\Item3
      HKEY_CURRENT_USER\Software\DataMngr\Toolbar
      HKEY_CURRENT_USER\Software\DataMngr
      HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\List
      HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\List\Item1
      HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\List\Item2
      HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\List\Item3
      HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\YontooIEClient.DLL
      HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
      HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\InProcServer32
      HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
      HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}
      HKLM\SOFTWARE\Classes\CLSID\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
      HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\InprocServer32
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\ProgID
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\Programmable
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\TypeLib
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\VersionIndependentProgID
      HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\InprocServer32
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ProgID
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\Programmable
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\TypeLib
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\VersionIndependentProgID
      HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44b0-A826-84C829536E93}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44b0-A826-84C829536E93}\defaultEnableAppsList
      HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44b0-A826-84C829536E93}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\NumMethods
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\ProxyStubClsid
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\ProxyStubClsid32
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\TypeLib
      HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}\NumMethods
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}\ProxyStubClsid
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}\ProxyStubClsid32
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}\TypeLib
      HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0\0
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0\0\win32
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0\FLAGS
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0\HELPDIR
      HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Api
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Api\CLSID
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Api\CurVer
      HKLM\SOFTWARE\Classes\YontooIEClient.Api
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Api.1
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Api.1\CLSID
      HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Layers
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Layers\CLSID
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Layers\CurVer
      HKLM\SOFTWARE\Classes\YontooIEClient.Layers
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Layers.1
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Layers.1\CLSID
      HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
      HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
      HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
      HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Components
      HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Components\{1A975F48-2A3C-44FE-A91C-49D3C12ED0BC}
      HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Components\{8D8654CD-7FBC-4C7E-84E9-371BFA8DB04E}
      HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Components\{9307081B-7444-494C-8CF6-2FA7C0E92BFB}
      HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Components\{9D9785E5-3424-40B6-A287-BA143AD53109}
      HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Components\{A8F0AD53-1AEE-447E-89CD-71C325796F84}
      HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Components\{B6783DFA-B8C8-4CB6-AB9F-EF1A1F7F7AE8}
      HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Components\{BB1DCBF2-6F69-4FB5-BA9F-0B46B5F93395}
      HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Components\{F5F971A9-DBF8-4EEC-81E3-5F1660573E6C}
      HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Products
      HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Products\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
      HKLM\SOFTWARE\Tarma Installer


      ====== Archivos/Carpetas Eliminados By A/T-Destroyer ======


      C:\Users\Oscar\AppData\Roaming\Babylon\log_file.txt
      "C:\Users\Oscar\AppData\Roaming\Babylon"
      C:\ProgramData\Ask\APN-Stub
      "C:\ProgramData\Ask"
      C:\Program Files\Yontoo\YontooIEClient.dll
      "C:\Program Files\Yontoo"
      C:\Program Files\mozilla firefox\searchplugins\babylon.xml
      C:\user.js


      ====== Información Extra ======


      -_-_-_-_-_-_-_-_ Configuraciones de internet Explorer -_-_-_-_-_-_-_-_
      "HKCU\Software\Microsoft\Internet Explorer\Main"
      Start Page == http://www.google.com
      Search Page == http://go.microsoft.com/fwlink/?LinkId=54896
      Local Page == C:\Windows\system32\blank.htm

      "HKLM\Software\Microsoft\Internet Explorer\Main"
      Start Page == http://www.google.com
      Search Page == http://go.microsoft.com/fwlink/?LinkId=54896
      Local Page == C:\Windows\System32\blank.htm
      Default_Search_URL == http://go.microsoft.com/fwlink/?LinkId=54896
      Default_Page_URL == http://go.microsoft.com/fwlink/?LinkId=69157


      "HKEY_USERS\S-1-5-21-4218160023-2506577579-91676816-1001\Software\Microsoft\Internet Explorer\Main"
      Start Page == http://www.google.com
      Search Page == http://go.microsoft.com/fwlink/?LinkId=54896
      Local Page == C:\Windows\system32\blank.htm


      -_-_-_-_-_-_-_-_ Configuraciones de Google Chrome-_-_-_-_-_-_-_-_
      "homepage": "http://www.google.com/",
      "homepage_changed": true,
      "homepage_is_newtabpage": false,
      -_-_-_-_-_-_-_-_ Configuraciones de Google Chrome-_-_-_-_-_-_-_-_
      "homepage": "http://www.google.com/",
      "homepage_changed": true,
      "homepage_is_newtabpage": false,


      -_-_-_-_-_-_-_-_ Configuraciones de mozilla Firefox -_-_-_-_-_-_-_-_
      user_pref("browser.startup.homepage", "http://google.com");




      ======= EOF =======

      pero.... el babylon sigue ahi
      Última edición por Xtreme Hero fecha: 25/08/12 a las 09:14:41

    6. #6
      Ex-Colaborador Avatar de Xtreme Hero
      Registrado
      dic 2010
      Ubicación
      España
      Mensajes
      9.014

      Re: Como quitar el Babylon?

      Hola de nuevo,

      Bueno, no iba a mandar esa versión...

      Realiza lo siguiente:

      1.-Descargar OTL.exe By OldTimer a tu Escritorio.

      Cerrar todos las ventanas y programas abiertos que pudieren interferir en la ejecución de la herramienta.

      En el caso de no poder ejecutarlo, descargar su versión renombrada desde aquí:

      OTL.com

      OTL.scr

      2.- Hacer doble clic sobre OTL.exe para ejecutar la herramienta.

      3.- Tener en cuenta los siguientes datos de configuración antes de realizar el análisis, marcando los casilleros del siguiente modo:
      ° Procesos, Módulos, Servicios, Controladores, Registro Normal y Registro Adicional, deben estar marcados en Usar Listado Mínimo

      ° Marcar el casillero Analizar Todos

      ° Tipo de Análisis: Debe estar marcado el casillero Resultado completo

      ° Archivos Creados y Archivos Modificados: Deben estar marcados los casilleros Edad de Archivo

      4.- Copiar el siguiente texto (excluyendo la palabra Código):

      Código:
      netsvcs
      msconfig
      %systemroot%\System32\config\*.sav
      %SYSTEMDRIVE%\*.*
      %appdata%\*
      CREATERESTOREPOINT
      5.- Pegar el contenido sobre el apartado: Análisis Personalizados /Código de Reparación.


      6.- Presione el botón Analizar y espere a que el proceso finalice.
      Por último se van a generar 2 reportes:

      • OTL.txt ----> Este debe abrir, copiar y pegar en su próxima respuesta.
      • Extra.txt -----> Debe guardarlo en el Escritorio. Si es necesario, se le pedirá.
      Importante: No utilice esta herramienta a menos que le sea solicitada por un Miembro del Staff.
      Salu2
      Lucha Hasta El Final

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    7. #7
      Usuario Avatar de paty silva
      Registrado
      oct 2010
      Ubicación
      chihuahua mx.
      Mensajes
      67

      Re: Como quitar el Babylon?

      aqui esta el reporte




      OTL logfile created on: 28/09/2012 04:40:36 p.m. - Run 1
      OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Oscar\Downloads
      Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
      Internet Explorer (Version = 9.0.8112.16421)
      Locale: 0000080a | Country: México | Language: ESM | Date Format: dd/MM/yyyy

      2.97 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 64.61% Memory free
      5.93 Gb Paging File | 4.85 Gb Available in Paging File | 81.70% Paging File free
      Paging file location(s): ?:\pagefile.sys [binary data]

      %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
      Drive C: | 596.07 Gb Total Space | 530.84 Gb Free Space | 89.06% Space Free | Partition Type: NTFS

      Computer Name: OSCAR-PC | User Name: Oscar | Logged in as Administrator.
      Boot Mode: Normal | Scan Mode: All users
      Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

      ========== Processes (SafeList) ==========

      PRC - [2012/09/28 16:37:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Oscar\Downloads\OTL.exe
      PRC - [2012/09/21 07:27:36 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Archivos de programa\Mozilla Firefox\firefox.exe
      PRC - [2012/09/14 14:22:18 | 001,807,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
      PRC - [2012/09/14 07:19:03 | 001,701,400 | ---- | M] () -- C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
      PRC - [2012/08/21 03:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Archivos de programa\AVAST Software\Avast\AvastUI.exe
      PRC - [2012/08/21 03:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Archivos de programa\AVAST Software\Avast\AvastSvc.exe
      PRC - [2012/07/27 14:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Archivos de programa\Common Files\Adobe\ARM\1.0\armsvc.exe
      PRC - [2011/06/23 22:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
      PRC - [2011/03/28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Archivos de programa\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
      PRC - [2011/03/28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Archivos de programa\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
      PRC - [2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
      PRC - [2010/11/20 06:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Windows Media Player\wmpnetwk.exe
      PRC - [2010/11/20 06:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
      PRC - [2010/07/30 09:52:58 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Archivos de programa\TP-LINK\Common\RaRegistry.exe
      PRC - [2010/07/30 09:52:52 | 001,638,400 | ---- | M] (TP-LINK TECHNOLOGIES CO., LTD. ) -- C:\Archivos de programa\TP-LINK\Common\TWCU.exe
      PRC - [2009/07/13 19:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe
      PRC - [2009/02/26 18:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe
      PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Microsoft Office\Office12\ONENOTEM.EXE


      ========== Modules (No Company Name) ==========

      MOD - [2012/09/21 07:27:35 | 002,244,064 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\mozjs.dll
      MOD - [2012/09/14 14:22:18 | 009,813,704 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_265.dll
      MOD - [2012/09/14 07:19:03 | 002,098,200 | ---- | M] () -- c:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll
      MOD - [2012/09/14 07:19:03 | 001,701,400 | ---- | M] () -- C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
      MOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Archivos de programa\Common Files\Apple\Apple Application Support\zlib1.dll
      MOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Archivos de programa\Common Files\Apple\Apple Application Support\libxml2.dll
      MOD - [2010/07/30 09:52:52 | 000,918,816 | ---- | M] () -- C:\Archivos de programa\TP-LINK\Common\RaWLAPI.dll


      ========== Services (SafeList) ==========

      SRV - [2012/09/21 07:27:35 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Archivos de programa\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
      SRV - [2012/09/20 16:11:21 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
      SRV - [2012/09/14 07:19:03 | 001,701,400 | ---- | M] () [Auto | Running] -- C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe -- (Browser Manager)
      SRV - [2012/08/21 03:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Archivos de programa\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
      SRV - [2012/07/27 14:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Archivos de programa\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
      SRV - [2012/07/19 21:29:40 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
      SRV - [2011/07/20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
      SRV - [2011/03/28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Archivos de programa\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
      SRV - [2010/11/20 06:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Archivos de programa\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
      SRV - [2010/07/30 09:52:58 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Archivos de programa\TP-LINK\Common\RaRegistry.exe -- (RalinkRegistryWriter)
      SRV - [2009/07/13 19:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
      SRV - [2009/07/13 19:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Archivos de programa\Windows Defender\MpSvc.dll -- (WinDefend)
      SRV - [2009/02/26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
      SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)


      ========== Driver Services (SafeList) ==========

      DRV - [2012/08/21 03:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
      DRV - [2012/08/21 03:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
      DRV - [2012/08/21 03:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
      DRV - [2012/08/21 03:13:14 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
      DRV - [2012/08/21 03:13:14 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
      DRV - [2012/08/21 03:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
      DRV - [2010/11/20 04:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
      DRV - [2010/11/20 03:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
      DRV - [2010/05/27 04:29:42 | 000,856,928 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
      DRV - [2009/09/19 05:30:10 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
      DRV - [2009/09/19 05:30:10 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus)
      DRV - [2009/09/19 05:30:10 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl)
      DRV - [2009/07/13 17:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
      DRV - [2009/07/13 16:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AGERESoftModem)
      DRV - [2009/07/13 16:02:52 | 000,214,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress)


      ========== Standard Registry (SafeList) ==========


      ========== Internet Explorer ==========

      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
      IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
      IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
      IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


      IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

      IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



      IE - HKU\S-1-5-21-4218160023-2506577579-91676816-1001\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://www.google.com.mx/
      IE - HKU\S-1-5-21-4218160023-2506577579-91676816-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.mx/
      IE - HKU\S-1-5-21-4218160023-2506577579-91676816-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://prodigy.msn.com/?ocid=iehp
      IE - HKU\S-1-5-21-4218160023-2506577579-91676816-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es-mx
      IE - HKU\S-1-5-21-4218160023-2506577579-91676816-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 83 BE 53 8E 1C 5F CD 01 [binary data]
      IE - HKU\S-1-5-21-4218160023-2506577579-91676816-1001\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
      IE - HKU\S-1-5-21-4218160023-2506577579-91676816-1001\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
      IE - HKU\S-1-5-21-4218160023-2506577579-91676816-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
      IE - HKU\S-1-5-21-4218160023-2506577579-91676816-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110809&tt=140812_bandext_3312_2&babsrc=SP_ss&mntrId=fc41955600000000000090f6520be7d2
      IE - HKU\S-1-5-21-4218160023-2506577579-91676816-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7PRFB_esMX492
      IE - HKU\S-1-5-21-4218160023-2506577579-91676816-1001\..\SearchScopes\{D87BEFB2-BFE7-401B-9FCA-878268E95F38}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ATU2&o=14670&src=crm&q={searchTerms}&locale=&apn_ptnrs=T8&apn_dtid=YYYYYYYYMX&apn_uid=96b6f556-bdcf-4b82-bcaa-22b248bd4c7e&apn_sauid=BECCADA5-C940-48E0-94D1-788EB6336E9E
      IE - HKU\S-1-5-21-4218160023-2506577579-91676816-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
      IE - HKU\S-1-5-21-4218160023-2506577579-91676816-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

      ========== FireFox ==========

      FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
      FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
      FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
      FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?affID=110809&tt=140812_bandext_3312_2&babsrc=HP_ss&mntrId=fc41955600000000000090f6520be7d2"
      FF - prefs.js..extensions.enabledAddons: [email protected]:3.7.0
      FF - user.js - File not found

      FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
      FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
      FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
      FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/09/20 16:19:38 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/21 07:27:36 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
      FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012/09/14 07:19:03 | 000,000,000 | ---D | M]
      FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/21 07:27:36 | 000,000,000 | ---D | M]
      FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

      [2012/08/23 07:38:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oscar\AppData\Roaming\mozilla\Extensions
      [2012/09/26 19:01:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oscar\AppData\Roaming\mozilla\Firefox\Profiles\yc7ojb9u.default\Extensions
      [2012/09/17 18:32:57 | 000,000,000 | ---D | M] (Easy YouTube Video Downloader) -- C:\Users\Oscar\AppData\Roaming\mozilla\Firefox\Profiles\yc7ojb9u.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
      [2012/09/26 19:01:23 | 000,000,000 | ---D | M] ("Flash Video Downloader Youtube Downloader") -- C:\Users\Oscar\AppData\Roaming\mozilla\Firefox\Profiles\yc7ojb9u.default\Extensions\[email protected]
      [2012/09/26 17:24:54 | 000,213,554 | ---- | M] () (No name found) -- C:\Users\Oscar\AppData\Roaming\mozilla\firefox\profiles\yc7ojb9u.default\Extensions\[email protected]
      [2012/09/17 18:32:50 | 000,199,396 | ---- | M] () (No name found) -- C:\Users\Oscar\AppData\Roaming\mozilla\firefox\profiles\yc7ojb9u.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
      [2012/08/23 07:38:15 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\extensions
      [2012/09/21 07:27:36 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
      [2012/09/21 07:27:35 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
      [2012/07/13 19:56:05 | 000,002,456 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mercadolibre-mx.xml
      [2012/07/13 19:56:05 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-es.xml
      [2012/07/13 19:56:05 | 000,001,102 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-mx.xml

      ========== Chrome ==========

      CHR - homepage: http://www.google.com/
      CHR - homepage: http://www.google.com/
      CHR - Extension: No name found = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\
      CHR - Extension: No name found = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\

      O1 HOSTS File: ([2009/06/10 15:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
      O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found.
      O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
      O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Archivos de programa\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
      O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
      O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Archivos de programa\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
      O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Archivos de programa\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
      O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
      O3 - HKU\S-1-5-21-4218160023-2506577579-91676816-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
      O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
      O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
      O4 - HKU\S-1-5-21-4218160023-2506577579-91676816-1001..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
      O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
      O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
      O4 - Startup: C:\Users\Oscar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recorte de pantalla e Inicio rápido de OneNote 2007.lnk = C:\Archivos de programa\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
      O8 - Extra context menu item: E&xportar a Microsoft Excel - C:\Archivos de programa\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
      O9 - Extra Button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
      O9 - Extra 'Tools' menuitem : &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
      O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Archivos de programa\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
      O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Archivos de programa\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
      O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Archivos de programa\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
      O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Inc.)
      O13 - gopher Prefix: missing
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7218824F-1CFD-402D-93E8-7CB6D95AE42F}: DhcpNameServer = 192.168.1.254
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0D1B991-E362-4565-A9C5-B019E0F97CCB}: DhcpNameServer = 192.168.1.1
      O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Archivos de programa\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
      O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
      O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Archivos de programa\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
      O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
      O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Archivos de programa\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
      O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
      O20 - AppInit_DLLs: (c:\progra~2\browse~1\22643~1.41\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
      O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
      O32 - HKLM CDRom: AutoRun - 1
      O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
      O34 - HKLM BootExecute: (autocheck autochk *)
      O35 - HKLM\..comfile [open] -- "%1" %*
      O35 - HKLM\..exefile [open] -- "%1" %*
      O37 - HKLM\...com [@ = comfile] -- "%1" %*
      O37 - HKLM\...exe [@ = exefile] -- "%1" %*
      O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
      O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
      O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

      NetSvcs: FastUserSwitchingCompatibility - File not found
      NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
      NetSvcs: Nla - File not found
      NetSvcs: Ntmssvc - File not found
      NetSvcs: NWCWorkstation - File not found
      NetSvcs: Nwsapagent - File not found
      NetSvcs: SRService - File not found
      NetSvcs: WmdmPmSp - File not found
      NetSvcs: LogonHours - File not found
      NetSvcs: PCAudit - File not found
      NetSvcs: helpsvc - File not found
      NetSvcs: uploadmgr - File not found

      MsConfig - StartUpReg: Google Update - hkey= - key= - File not found
      MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

      CREATERESTOREPOINT
      Restore point Set: OTL Restore Point

      ========== Files/Folders - Created Within 30 Days ==========

      [2012/09/27 09:30:37 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\{5CE32835-6B5F-442B-B273-CE1576190BFB}
      [2012/09/26 17:32:21 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\{F7533D99-E752-466F-A327-8D31276AF796}
      [2012/09/24 22:02:35 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\{4BC93BDD-7608-4E46-9417-55C2E320572B}
      [2012/09/23 00:12:09 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\{8E60AD3E-2328-43E9-BC4F-36C210707105}
      [2012/09/22 09:59:46 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
      [2012/09/22 09:59:45 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
      [2012/09/22 09:59:45 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
      [2012/09/22 09:59:45 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
      [2012/09/22 09:59:45 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
      [2012/09/22 09:59:42 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
      [2012/09/22 09:59:42 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
      [2012/09/22 09:59:41 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
      [2012/09/21 16:35:44 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\{9D48BBEF-D0A9-4076-AE22-84352E562FD9}
      [2012/09/20 17:18:45 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\{319B2F22-A641-4BA2-80E5-0D04F554BDDC}
      [2012/09/20 17:08:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
      [2012/09/20 16:19:39 | 000,044,784 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
      [2012/09/19 23:04:47 | 000,000,000 | ---D | C] -- C:\Users\Oscar\Documents\Blocs de notas de OneNote
      [2012/09/18 09:02:53 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\{78D55FF7-8862-4963-9D06-270F14EA2FDC}
      [2012/09/15 10:22:50 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\{2E9485A4-F53A-479C-81C8-E45A7E5AEF6B}
      [2012/09/13 09:17:00 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\{4A246B8A-E7C8-4FA9-B8C7-9C4F69D5B723}
      [2012/09/12 16:21:39 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
      [2012/09/12 16:21:39 | 000,187,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
      [2012/09/04 12:54:49 | 000,000,000 | ---D | C] -- C:\Users\Oscar\Documents\noe

      ========== Files - Modified Within 30 Days ==========

      [2012/09/28 16:23:09 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
      [2012/09/28 16:20:33 | 000,703,602 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
      [2012/09/28 16:20:33 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
      [2012/09/28 16:20:33 | 000,137,600 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
      [2012/09/28 16:20:33 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
      [2012/09/28 16:19:01 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
      [2012/09/28 16:13:54 | 000,001,018 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
      [2012/09/28 16:13:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
      [2012/09/28 16:13:41 | 2388,529,152 | -HS- | M] () -- C:\hiberfil.sys
      [2012/09/28 15:13:40 | 000,010,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      [2012/09/28 15:13:40 | 000,010,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      [2012/09/28 15:11:00 | 000,000,838 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
      [2012/09/26 15:21:59 | 000,002,320 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
      [2012/09/20 16:19:38 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
      [2012/09/20 16:11:18 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
      [2012/09/20 16:11:18 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
      [2012/09/19 23:04:47 | 000,001,302 | ---- | M] () -- C:\Users\Oscar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recorte de pantalla e Inicio rápido de OneNote 2007.lnk

      ========== Files Created - No Company Name ==========

      [2012/09/20 17:08:27 | 000,002,320 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
      [2012/09/20 17:03:34 | 000,001,022 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
      [2012/09/20 17:03:32 | 000,001,018 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
      [2012/09/19 23:04:47 | 000,001,302 | ---- | C] () -- C:\Users\Oscar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recorte de pantalla e Inicio rápido de OneNote 2007.lnk
      [2012/08/23 08:05:12 | 000,069,660 | ---- | C] () -- C:\Windows\Fart.exe
      [2012/08/23 08:05:12 | 000,022,528 | ---- | C] () -- C:\Windows\AT-Uninstall.exe
      [2012/08/23 08:05:12 | 000,011,776 | ---- | C] () -- C:\Windows\Colous.exe
      [2012/07/19 17:38:33 | 000,014,051 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
      [2012/07/11 23:16:11 | 000,003,584 | ---- | C] () -- C:\Users\Oscar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

      ========== ZeroAccess Check ==========

      [2009/07/13 22:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

      [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

      [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
      "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
      "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 19:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both

      ========== LOP Check ==========

      [2012/08/16 00:22:11 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\SumatraPDF

      ========== Purity Check ==========



      ========== Custom Scans ==========

      < %systemroot%\System32\config\*.sav >

      < %SYSTEMDRIVE%\*.* >
      [2012/08/23 08:08:34 | 000,010,058 | ---- | M] () -- C:\AT-Destroyer.txt
      [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
      [2009/06/10 15:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
      [2012/09/28 16:13:41 | 2388,529,152 | -HS- | M] () -- C:\hiberfil.sys
      [2012/09/28 16:13:44 | 3184,709,632 | -HS- | M] () -- C:\pagefile.sys
      [2012/08/23 08:05:25 | 000,000,120 | ---- | M] () -- C:\prueba.txt

      < %appdata%\* >

      < End of report >

    8. #8
      Ex-Colaborador Avatar de Xtreme Hero
      Registrado
      dic 2010
      Ubicación
      España
      Mensajes
      9.014

      Re: Como quitar el Babylon?

      Hola de nuevo,

      Ejecuta OTL.exe


      1.- Copiar el siguiente texto (excluyendo la palabra Código):
      Código:
      :OTL
      IE - HKU\S-1-5-21-4218160023-2506577579-91676816-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110809&tt=140812_bandext_3312_2&babsrc=SP_ss&mntrId=fc41955600000000000090f6520be7d2
      IE - HKU\S-1-5-21-4218160023-2506577579-91676816-1001\..\SearchScopes\{D87BEFB2-BFE7-401B-9FCA-878268E95F38}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ATU2&o=14670&src=crm&q={sear chTerms}&locale=&apn_ptnrs=T8&apn_dtid=YYYYYYYYMX&apn_uid=96b6f556-bdcf-4b82-bcaa-22b248bd4c7e&apn_sauid=BECCADA5-C940-48E0-94D1-788EB6336E9E
      FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
      FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
      FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
      FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?affID=110809&tt=140812_bandext_3312_2&babsrc=HP_s s&mntrId=fc41955600000000000090f6520be7d2"
      FF - prefs.js..extensions.enabledAddons: [email protected]:3.7.0
      O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found.
      
      :Commands
      [PURITY] 
      [RESETHOSTS]
      [EMPTYFLASH]
      [EMPTYTEMP]
      [CREATERESTOREPOINT]
      2.- Pegar el contenido sobre el apartado: Análisis Personalizados /Código de Reparación.


      3.- Presionar el botón Reparar para comenzar el procedimiento. Presionar OK.


      OTL va a reiniciar el ordenador para completar el procedimiento.

      Guardar el nuevo reporte generado. Copiar y pegarlo en su próxima respuesta, comentando como funciona el Sistema.

      Salu2
      Lucha Hasta El Final

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.