• Registrarse
  • Iniciar sesión


  • Resultados 1 al 9 de 9

    B1.org - Improved Search. (Solucionado)

    Resumen del tema: B1.org - Improved Search. (Solucionado) - buen día a todos mi problema es algún malware que instala una extensión en mi explorador. La extensión es Improved Search versión 12. esta extensión modifica la nueva pestaña y en vez de la propia ...

      
    1. #1
      Usuario Avatar de juan1tovar
      Registrado
      nov 2011
      Ubicación
      Bogotá - Colombia
      Mensajes
      5

      Malware B1.org - Improved Search. (Solucionado)

      buen día a todos

      mi problema es algún malware que instala una extensión en mi explorador. La extensión es Improved Search versión 12. esta extensión modifica la nueva pestaña y en vez de la propia de chrome aparece una de B1.org (lo busqué en la web y dice que es un secuestrador de navegador) pantallaso

      le pase el malwarebytes, AT-Destroyer y ADwCleaner

      en el momento del pantallaso no tengo sincronizado el navegador con mi cuenta gmail. hubo un momento en el que inicie sesión para sincronizar el navegador, desinstalé la extensión y otra que apareció (que es google docs, solo me preocupa que yo no la instale) y no volvió a aparecer la tal extensión mientras se mantuvo sincronizado ¬¬. PERO cundo volví a correr el AT-Destroyer para asegurarme de que si se había corregido el problema, al abrir el chrome el navegador dejó de estar sincronizado y de nuevo apareció la tal extensión (pantallaso) que dice que fue instalada por una aplicación externa (supongo que el virus)

      por favor ayúdenme. me preocupa tener ese virus por ahí y que me haga perder información además no se como llegó (lo único que he descargado estos días es el 4 shared desktop y lo hice desde la página de 4shared). no se como será su forma preferida de transferirse y no quiero que contamine los ordenadores que frecuento.

      habitualmente uso teamviewer ¿será peligroso usarlo con este virus encima????

      gracias de antemano.

    2. #2
      Moderador
      Avatar de M@co
      Registrado
      dic 2007
      Ubicación
      America
      Mensajes
      15.628

      Re: B1.org ; Improved Search :CÓMO LO QUITO!!!!????

      Hola juan1tovar.


      Realiza lo siguiente:
      1. Descarga, actualiza y ejecuta Malwarebytes’ Anti-Malware.
        • En la pestaña Escáner,marcas "Realizar un Examen Completo".
        • Con la opción de "quitar lo seleccionado" lo mandas todo a la cuarentena y reinicia.
        • En la pestaña "Logs" o "Registros" en español, encontrarás el reporte del MBAM, lo copias y lo pones aquí para analizarlo.



      2. Descarga OTL a tu escritorio.
        • Cerrar todas las ventanas y programas abiertos antes de ejecutarlo.
        • Hacer doble click en el ícono OTL.exe para comenzar.
        • Cuando la interfaz aparezca, marcar las siguientes opciones: bajo de: "Tipo de Análisis" cambielo a Resultado Mínimo
        • Cambia a Todos donde dice Registro Normal
        • Marcar las opciones: Buscar LOP y Buscar Purity
        • Presione el boton Análizar
          Una vez termine, se abrirán dos (2) archivos, OTL.Txt y Extras.Txt.
          Por favor copiar y pegar el contenido de OTL.Txt en su siguiente Post
      Nota: Por favor No cambiar el resto de la configuración a menos que se le indique.

      Saludos.

      Blog | Antivirus Online | Eliminar Malwares | Antivirus Gratis


      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #3
      Usuario Avatar de juan1tovar
      Registrado
      nov 2011
      Ubicación
      Bogotá - Colombia
      Mensajes
      5

      Re: B1.org ; Improved Search :CÓMO LO QUITO!!!!????

      Malwarebytes Anti-Malware 1.70.0.1100
      Malwarebytes : Free anti-malware download

      Versión de la Base de Datos: v2013.02.19.07

      Windows 7 Service Pack 1 x86 NTFS
      Internet Explorer 9.0.8112.16421
      Cesar :: LAPCES [administrador]

      19/02/2013 08:34:19 p.m.
      mbam-log-2013-02-19 (20-34-19).txt

      Tipos de Análisis: Análisis Completo (C:\|X:\|)
      Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
      Opciones de análisis desactivados: P2P
      Objetos examinados: 491337
      Tiempo transcurrido: 1 hora(s), 45 minuto(s), 17 segundo(s)

      Procesos en Memoria Detectados: 0
      (No se han detectado elementos maliciosos)

      Módulos de Memoria Detectados: 0
      (No se han detectado elementos maliciosos)

      Claves del Registro Detectados: 0
      (No se han detectado elementos maliciosos)

      Valores del Registro Detectados: 0
      (No se han detectado elementos maliciosos)

      Elementos de Datos del Registro Detectados: 0
      (No se han detectado elementos maliciosos)

      Carpetas Detectadas: 0
      (No se han detectado elementos maliciosos)

      Archivos Detectados: 0
      (No se han detectado elementos maliciosos)

      fin)

      =====================================================================================

      OTL logfile created on: 20/02/2013 4:17:15 - Run 1
      OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Cesar\Desktop\intrucciones
      Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
      Internet Explorer (Version = 9.0.8112.16421)
      Locale: 00000c0a | Country: Colombia | Language: ESO | Date Format: dd/MM/yyyy

      1,87 Gb Total Physical Memory | 1,30 Gb Available Physical Memory | 69,45% Memory free
      3,75 Gb Paging File | 2,75 Gb Available in Paging File | 73,35% Paging File free
      Paging file location(s): ?:\pagefile.sys [binary data]

      %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
      Drive C: | 100,01 Gb Total Space | 56,41 Gb Free Space | 56,40% Space Free | Partition Type: NTFS
      Drive X: | 132,88 Gb Total Space | 9,92 Gb Free Space | 7,47% Space Free | Partition Type: NTFS

      Computer Name: LAPCES | User Name: Cesar | Logged in as Administrator.
      Boot Mode: Normal | Scan Mode: Current user
      Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

      ========== Processes (SafeList) ==========

      PRC - C:\Users\Cesar\Desktop\intrucciones\OTL.exe (OldTimer Tools)
      PRC - C:\Users\Cesar\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe (Google Inc.)
      PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
      PRC - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
      PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
      PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
      PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
      PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
      PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
      PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
      PRC - C:\Windows\explorer.exe (Microsoft Corporation)
      PRC - C:\ProgramData\DatacardService\HWDeviceService.exe ()
      PRC - C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.)
      PRC - C:\Program Files\Unlocker\UnlockerAssistant.exe ()
      PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
      PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe (IDT, Inc.)
      PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe (Andrea Electronics Corporation)


      ========== Modules (No Company Name) ==========

      MOD - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
      MOD - C:\Program Files\Unlocker\UnlockerHook.dll ()
      MOD - C:\Program Files\Unlocker\UnlockerAssistant.exe ()


      ========== Services (SafeList) ==========

      SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
      SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
      SRV - (TeamViewer8) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
      SRV - (HP Support Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company)
      SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
      SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
      SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
      SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
      SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
      SRV - (maconfservice) -- C:\Program Files\ma-config.com\maconfservice.exe (CybelSoft)
      SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
      SRV - (HWDeviceService.exe) -- C:\ProgramData\DatacardService\HWDeviceService.exe ()
      SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe (IDT, Inc.)
      SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
      SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
      SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
      SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
      SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe (Andrea Electronics Corporation)


      ========== Driver Services (SafeList) ==========

      DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
      DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
      DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
      DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
      DRV - (teamviewervpn) -- C:\Windows\System32\drivers\teamviewervpn.sys (TeamViewer GmbH)
      DRV - (driverhardwarev2) -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys (CybelSoft)
      DRV - (hpdskflt) -- C:\Windows\System32\drivers\hpdskflt.sys (Hewlett-Packard Company)
      DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Company)
      DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
      DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
      DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation)
      DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
      DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
      DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
      DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
      DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
      DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
      DRV - (huawei_cdcacm) -- C:\Windows\System32\drivers\ew_jucdcacm.sys (Huawei Technologies Co., Ltd.)
      DRV - (huawei_enumerator) -- C:\Windows\System32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
      DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
      DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
      DRV - (ew_hwusbdev) -- C:\Windows\System32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
      DRV - (UnlockerDriver5) -- C:\Program Files\Unlocker\UnlockerDriver5.sys ()
      DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
      DRV - (USBTINSP) -- C:\Windows\System32\drivers\tinspusb.sys (Texas Instruments)
      DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
      DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
      DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
      DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
      DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
      DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
      DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)


      ========== Standard Registry (All) ==========


      ========== Internet Explorer ==========

      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
      IE - HKLM\..\SearchScopes,DefaultScope =

      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN España: Hotmail, Messenger, Skype, Outlook y cuenta Microsoft
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Upgrade to Google Chrome
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page Before = Google
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = Hotmail, Messenger y más en MSN Colombia, canal RCN, lo último en noticias, farándula, juegos, deportes, y más.
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es-co
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 44 8D 8A BB 21 EF CC 01 [binary data]
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Upgrade to Google Chrome
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome
      IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
      IE - HKCU\..\SearchScopes,DefaultScope =
      IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
      IE - HKCU\..\SearchScopes\{33D48370-687D-4DA3-8E57-18CD2938058B}: "URL" = http://www.bing.com/search?q={searchTerms}&form=BIE9DF&pc=BIE9&src=IE-SearchBox
      IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
      IE - HKCU\..\SearchScopes\{9BB63E49-A608-422F-BF16-CE9694965180}: "URL" = http://www.google.com/search?hl=es&q={searchTerms}&lr=
      IE - HKCU\..\SearchScopes\{BB27E252-D555-40B5-A85D-894E52C927B9}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ATU2&o=14670&src=kw&q={searchTerms}&locale=&apn_ptnrs=T8&apn_dtid=zzz001YYCO&apn_uid=8575341f-0d2c-4b24-9245-d7e534c83a9f&apn_sauid=EF929CBA-6190-469F-A6CB-B8571CB047AC
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.unal.edu.co:8080
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://proxy.unal.edu.co:8080/

      ========== FireFox ==========

      FF - prefs.js..extensions.enabledAddons: {972ce4c6-7e08-4474-a285-3208198ce6fd}:16.0.2
      FF - prefs.js..network.proxy.autoconfig_url: "http://proxy.unal.edu.co:8080/"
      FF - prefs.js..network.proxy.type: 2
      FF - prefs.js..browser.startup.homepage: "http://google.com"
      FF - prefs.js..keyword.URL: "https://www.google.com/search?q="
      FF - prefs.js..browser.search.order.1: "(Google)"
      FF - prefs.js..browser.search.defaultenginename: "(Google)"
      FF - prefs.js..browser.search.selectedEngine: "Google"
      FF - prefs.js..browser.search.defaulturl: "www.Google.com"
      FF - user.js - File not found

      FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
      FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
      FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
      FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
      FF - HKLM\Software\MozillaPlugins\@ma-config.com/HardwareDetection: C:\Program Files\ma-config.com\nphardwaredetection.dll (Cybelsoft)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
      FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Cesar\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
      FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Cesar\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/08 14:45:32 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

      [2012/05/09 17:09:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cesar\AppData\Roaming\mozilla\Extensions
      [2013/02/13 06:08:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cesar\AppData\Roaming\mozilla\Firefox\Profiles\js25sufc.default\extensions
      [2013/01/23 06:54:52 | 000,005,958 | ---- | M] () (No name found) -- C:\Users\Cesar\AppData\Roaming\mozilla\firefox\profiles\js25sufc.default\extensions\4sharedCopyLinks.xpi
      [2013/02/14 20:54:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
      [2012/11/08 14:45:32 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
      [2012/11/08 14:45:32 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
      [2012/11/05 09:27:17 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
      [2012/06/01 12:20:00 | 000,004,081 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\drae.xml
      [2012/11/05 09:27:17 | 000,003,581 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
      [2012/06/01 12:20:00 | 000,002,440 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mercadolibre-cl.xml
      [2012/06/01 12:20:00 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-es.xml
      [2012/06/01 12:20:00 | 000,001,110 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-cl.xml

      ========== Chrome ==========

      CHR - homepage: Google
      CHR - default_search_provider: Google (Enabled)
      CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
      CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
      CHR - homepage: Google
      CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Cesar\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll
      CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
      CHR - plugin: Native Client (Enabled) = C:\Users\Cesar\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
      CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Cesar\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
      CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
      CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL
      CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL
      CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
      CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
      CHR - plugin: Ma-Config.com plugin (Enabled) = C:\Program Files\ma-config.com\nphardwaredetection.dll
      CHR - plugin: Google Update (Enabled) = C:\Users\Cesar\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
      CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll
      CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
      CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\system32\npDeployJava1.dll
      CHR - Extension: YouTube = C:\Users\Cesar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
      CHR - Extension: B\u00FAsqueda de Google = C:\Users\Cesar\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
      CHR - Extension: AdBlock = C:\Users\Cesar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.60_0\
      CHR - Extension: BugMeNot Lite = C:\Users\Cesar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lackfehpdclhclidcbbfcemcpolgdgnb\0.3.10_0\
      CHR - Extension: Google Dictionary (by Google) = C:\Users\Cesar\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.15_0\
      CHR - Extension: Gmail = C:\Users\Cesar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

      O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
      O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
      O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
      O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
      O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
      O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
      O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
      O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
      O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
      O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
      O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
      O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
      O4 - HKCU..\Run: [Google Update] C:\Users\Cesar\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
      O8 - Extra context menu item: &Download All using 4shared Desktop - res://C:\Program Files\4shared Desktop\Desktop.32/D_ALL_LINK File not found
      O8 - Extra context menu item: &Download using 4shared Desktop - res://C:\Program Files\4shared Desktop\Desktop.32/D_ONE_LINK File not found
      O8 - Extra context menu item: &Enviar a OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105 File not found
      O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
      O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 File not found
      O9 - Extra Button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
      O9 - Extra 'Tools' menuitem : &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
      O9 - Extra Button: Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
      O9 - Extra 'Tools' menuitem : Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
      O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
      O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
      O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
      O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
      O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O13 - gopher Prefix: missing
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 10.9.2)
      O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 10.9.2)
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 190.157.2.140 200.118.2.91
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{122F8E11-347F-4D57-AFE2-2B9D3AF099B4}: DhcpNameServer = 190.157.2.140 200.118.2.91
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A5328A7D-5806-4FE0-9904-7DFF99887C69}: NameServer = 200.75.51.132 200.75.51.133
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB5EEC18-FF32-4E85-B489-E9BF9A351FE8}: DhcpNameServer = 168.176.5.148 168.176.5.11 168.176.5.149 168.176.5.174
      O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
      O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
      O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
      O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
      O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
      O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
      O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
      O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
      O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
      O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
      O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
      O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
      O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
      O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
      O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
      O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
      O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
      O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
      O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
      O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
      O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
      O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
      O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
      O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
      O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
      O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
      O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
      O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
      O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
      O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
      O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
      O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
      O31 - SafeBoot: AlternateShell - cmd.exe
      O32 - HKLM CDRom: AutoRun - 1
      O32 - AutoRun File - [2010/10/26 08:20:09 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
      O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
      O32 - AutoRun File - [2012/05/02 06:26:06 | 000,000,000 | ---D | M] - X:\AutoCAD Sheet Sets -- [ NTFS ]
      O32 - AutoRun File - [2011/09/08 14:32:57 | 000,000,000 | ---D | M] - X:\Autodesk -- [ NTFS ]
      O33 - MountPoints2\{38267852-2b5e-11e2-90e3-0021cc3c8a53}\Shell - "" = AutoRun
      O33 - MountPoints2\{38267852-2b5e-11e2-90e3-0021cc3c8a53}\Shell\AutoRun\command - "" = D:\AutoRun.exe
      O33 - MountPoints2\{c7f8345d-5b13-11e1-8849-0021cc3c8a53}\Shell - "" = AutoRun
      O33 - MountPoints2\{c7f8345d-5b13-11e1-8849-0021cc3c8a53}\Shell\AutoRun\command - "" = E:\AutoRun.exe
      O33 - MountPoints2\{c7f83471-5b13-11e1-8849-0021cc3c8a53}\Shell - "" = AutoRun
      O33 - MountPoints2\{c7f83471-5b13-11e1-8849-0021cc3c8a53}\Shell\AutoRun\command - "" = E:\AutoRun.exe
      O33 - MountPoints2\D\Shell - "" = AutoRun
      O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\AutoRun.exe
      O34 - HKLM BootExecute: (autocheck autochk *)
      O35 - HKLM\..comfile [open] -- "%1" %*
      O35 - HKLM\..exefile [open] -- "%1" %*
      O37 - HKLM\...com [@ = comfile] -- "%1" %*
      O37 - HKLM\...exe [@ = exefile] -- "%1" %*
      O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
      O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
      O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

      ========== Files/Folders - Created Within 30 Days ==========

      [2013/02/19 14:21:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
      [2013/02/19 13:39:09 | 000,000,000 | ---D | C] -- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
      [2013/02/19 12:25:16 | 000,000,000 | ---D | C] -- C:\uncol2.5
      [2013/02/19 12:22:39 | 000,000,000 | ---D | C] -- C:\Users\Cesar\AppData\Local\DOSBox
      [2013/02/19 12:22:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74
      [2013/02/19 12:22:10 | 000,000,000 | ---D | C] -- C:\Program Files\DOSBox-0.74
      [2013/02/14 22:00:14 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
      [2013/02/14 22:00:14 | 000,000,000 | ---D | C] -- C:\Users\Cesar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
      [2013/02/14 20:30:18 | 000,000,000 | ---D | C] -- C:\_AT-Destroyer
      [2013/02/14 16:43:52 | 000,000,000 | ---D | C] -- C:\Users\Cesar\AppData\Roaming\Malwarebytes
      [2013/02/14 16:43:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
      [2013/02/14 16:43:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
      [2013/02/14 16:43:38 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
      [2013/02/14 16:43:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
      [2013/02/14 16:24:47 | 000,000,000 | ---D | C] -- C:\Users\Cesar\AppData\Local\Programs
      [2013/02/14 16:07:25 | 000,000,000 | ---D | C] -- C:\Users\Cesar\Desktop\intrucciones
      [2013/02/14 03:06:21 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
      [2013/02/14 03:06:19 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
      [2013/02/14 03:06:18 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
      [2013/02/14 03:06:18 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
      [2013/02/14 03:06:17 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
      [2013/02/14 03:06:15 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
      [2013/02/14 03:06:15 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
      [2013/02/14 03:06:12 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
      [2013/02/14 02:44:37 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
      [2013/02/14 02:44:23 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
      [2013/02/14 02:44:22 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
      [2013/02/14 02:44:20 | 000,187,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
      [2013/02/14 02:44:18 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
      [2013/02/13 06:08:57 | 000,000,000 | ---D | C] -- C:\Users\Cesar\AppData\Roaming\4shared Desktop
      [2013/02/13 06:08:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4shared Tools
      [2013/02/13 06:08:54 | 000,000,000 | ---D | C] -- C:\ProgramData\4shared Desktop
      [2013/02/13 06:08:38 | 000,000,000 | ---D | C] -- C:\Program Files\4shared Desktop
      [2013/02/13 06:01:55 | 000,000,000 | ---D | C] -- C:\Users\Cesar\AppData\Local\B1E
      [2013/02/13 06:01:39 | 000,000,000 | ---D | C] -- C:\Users\Cesar\AppData\Roaming\B1Toolbar
      [2013/02/10 21:13:04 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
      [2013/02/10 21:13:04 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\System32\fpb.rs
      [2013/02/10 21:13:04 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc-nz.rs
      [2013/02/10 21:13:04 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\System32\pegibbfc.rs
      [2013/02/10 21:13:04 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\System32\csrr.rs
      [2013/02/10 21:13:04 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\System32\cob-au.rs
      [2013/02/10 21:13:04 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\System32\usk.rs
      [2013/02/10 21:13:04 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\System32\grb.rs
      [2013/02/10 21:13:04 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-pt.rs
      [2013/02/10 21:13:04 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi.rs
      [2013/02/10 21:13:04 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\System32\djctq.rs
      [2013/02/10 21:13:03 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wpc.dll
      [2013/02/10 21:13:03 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\System32\cero.rs
      [2013/02/10 21:13:03 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\System32\esrb.rs
      [2013/02/10 21:13:03 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc.rs
      [2013/02/10 21:13:03 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-fi.rs
      [2013/02/10 21:12:33 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
      [2013/02/10 21:12:30 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
      [2013/02/10 21:06:51 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
      [2013/02/10 21:06:51 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
      [2013/02/10 21:06:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
      [2013/02/10 21:06:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
      [2013/02/10 21:06:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
      [2013/02/10 21:06:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
      [2013/02/10 21:06:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
      [2013/02/10 21:06:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
      [2013/02/10 21:06:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
      [2013/02/10 21:06:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
      [2013/02/10 21:06:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
      [2013/02/10 21:06:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
      [2013/02/10 21:06:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
      [2013/02/10 21:06:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
      [2013/02/10 21:06:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
      [2013/02/10 21:06:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
      [2013/02/10 21:06:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
      [2013/02/10 21:06:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
      [2013/02/10 21:06:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
      [2013/02/10 21:06:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
      [2013/02/10 21:06:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
      [2013/02/10 21:06:50 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
      [2013/02/10 21:06:50 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
      [2013/02/10 21:06:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
      [2013/02/10 21:06:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
      [2013/02/10 21:06:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
      [2013/02/10 21:06:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
      [2013/02/10 21:06:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
      [2013/02/10 21:06:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
      [2013/02/08 13:57:34 | 000,000,000 | R--D | C] -- C:\Users\Cesar\Desktop\Accesos Directos de Escritorio
      [2013/02/05 16:42:51 | 000,000,000 | ---D | C] -- C:\Windows\Album
      [2013/02/05 16:42:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMate
      [2013/02/05 16:42:50 | 000,000,000 | ---D | C] -- C:\Program Files\KYE
      [2013/02/05 15:38:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam
      [2013/02/05 15:37:46 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
      [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

      ========== Files - Modified Within 30 Days ==========

      [2013/02/20 04:01:55 | 000,704,074 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
      [2013/02/20 04:01:55 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat
      [2013/02/20 04:01:55 | 000,138,040 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
      [2013/02/20 04:01:55 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat
      [2013/02/20 04:00:59 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1460152084-3184190583-3532279455-1000UA.job
      [2013/02/20 04:00:43 | 000,000,838 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
      [2013/02/20 04:00:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
      [2013/02/19 20:37:44 | 000,031,104 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      [2013/02/19 20:37:44 | 000,031,104 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      [2013/02/19 20:28:38 | 1508,413,440 | -HS- | M] () -- C:\hiberfil.sys
      [2013/02/19 04:38:29 | 000,000,114 | ---- | M] () -- C:\Windows\System32\prsgrc.tgz
      [2013/02/19 04:38:29 | 000,000,100 | ---- | M] () -- C:\Windows\System32\prsgrc.dll
      [2013/02/19 04:38:28 | 000,000,086 | ---- | M] () -- C:\Windows\System32\ssprs.tgz
      [2013/02/19 02:15:28 | 000,000,994 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1460152084-3184190583-3532279455-1000Core.job
      [2013/02/15 22:37:29 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
      [2013/02/15 22:37:29 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
      [2013/02/14 22:00:15 | 000,001,226 | ---- | M] () -- C:\Users\Cesar\Desktop\Revo Uninstaller.lnk
      [2013/02/14 16:43:40 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
      [2013/02/14 16:29:12 | 000,587,671 | ---- | M] () -- C:\Users\Cesar\Desktop\AdwCleaner.exe
      [2013/02/14 09:33:26 | 000,494,344 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
      [2013/02/12 10:03:07 | 000,000,702 | ---- | M] () -- C:\Users\Cesar\Desktop\Bibliotecas.lnk
      [2013/02/08 14:01:42 | 000,001,624 | ---- | M] () -- C:\Users\Cesar\Desktop\Cosas Escritorio.lnk
      [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

      ========== Files Created - No Company Name ==========

      [2013/02/14 22:00:15 | 000,001,226 | ---- | C] () -- C:\Users\Cesar\Desktop\Revo Uninstaller.lnk
      [2013/02/14 16:43:40 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
      [2013/02/14 16:28:52 | 000,587,671 | ---- | C] () -- C:\Users\Cesar\Desktop\AdwCleaner.exe
      [2013/02/12 10:03:07 | 000,000,702 | ---- | C] () -- C:\Users\Cesar\Desktop\Bibliotecas.lnk
      [2013/02/10 21:20:50 | 000,001,136 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
      [2013/02/05 16:42:50 | 000,007,064 | ---- | C] () -- C:\Windows\System32\WMVCORE.lib
      [2012/10/23 10:24:07 | 000,007,627 | ---- | C] () -- C:\Users\Cesar\AppData\Local\Resmon.ResmonCfg
      [2012/05/22 09:35:31 | 000,000,286 | ---- | C] () -- C:\Windows\{AC59B86B-4E39-47C8-B79A-3EC33B86FB47}_WiseFW.ini
      [2012/05/15 22:39:17 | 000,005,632 | ---- | C] () -- C:\Users\Cesar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      [2012/04/12 10:31:39 | 000,001,898 | ---- | C] () -- C:\Users\Cesar\.java.policy
      [2012/04/12 10:31:39 | 000,000,078 | ---- | C] () -- C:\Users\Cesar\.appletmuisca
      [2012/02/20 18:45:31 | 000,001,024 | ---- | C] () -- C:\Windows\System32\zr7om2a.dll
      [2012/02/20 18:45:31 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth2.dll
      [2012/02/20 18:45:31 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth1.dll
      [2012/02/20 18:45:31 | 000,001,024 | ---- | C] () -- C:\Windows\System32\clauth2.dll
      [2012/02/20 18:45:31 | 000,001,024 | ---- | C] () -- C:\Windows\System32\clauth1.dll
      [2012/02/20 18:45:31 | 000,000,337 | ---- | C] () -- C:\Windows\System32\s8nzve9.dll
      [2012/02/20 18:45:31 | 000,000,100 | ---- | C] () -- C:\Windows\System32\prsgrc.dll
      [2012/02/20 18:45:31 | 000,000,072 | ---- | C] () -- C:\Windows\System32\ssprs.dll
      [2012/02/20 18:45:31 | 000,000,016 | -H-- | C] () -- C:\Windows\System32\xg865ij.dll
      [2012/02/20 18:45:31 | 000,000,016 | -H-- | C] () -- C:\Windows\System32\w4yzvjq.dll
      [2012/02/20 18:45:31 | 000,000,016 | -H-- | C] () -- C:\Windows\System32\vb0va0g.dll
      [2012/02/20 18:45:31 | 000,000,016 | -H-- | C] () -- C:\Windows\System32\qsfaqqr.dll
      [2012/02/20 18:45:31 | 000,000,016 | -H-- | C] () -- C:\Windows\System32\oro2h6n.dll
      [2012/02/20 18:45:31 | 000,000,016 | -H-- | C] () -- C:\Windows\System32\kg7i665.dll
      [2012/02/20 18:45:31 | 000,000,016 | -H-- | C] () -- C:\Windows\System32\je1pkjv.dll
      [2012/02/20 18:45:31 | 000,000,016 | -H-- | C] () -- C:\Windows\System32\iz9g894.dll
      [2012/02/20 18:45:31 | 000,000,016 | -H-- | C] () -- C:\Windows\System32\iz8rxkx.dll
      [2012/02/20 18:45:31 | 000,000,016 | -H-- | C] () -- C:\Windows\System32\iokz40o.dll
      [2012/02/20 18:45:31 | 000,000,016 | -H-- | C] () -- C:\Windows\System32\iobcfeo.dll
      [2012/02/20 18:45:31 | 000,000,016 | -H-- | C] () -- C:\Windows\System32\hnmobfd.dll
      [2012/02/20 18:45:31 | 000,000,016 | -H-- | C] () -- C:\Windows\System32\g0efyts.dll
      [2012/02/19 22:41:38 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
      [2012/02/19 03:18:12 | 000,017,920 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll
      [2012/02/19 03:16:31 | 000,017,920 | ---- | C] () -- C:\Windows\System32\rpcnetp.exe
      [2011/04/11 20:30:30 | 000,704,074 | ---- | C] () -- C:\Windows\System32\perfh00A.dat
      [2011/04/11 20:30:30 | 000,341,432 | ---- | C] () -- C:\Windows\System32\perfi00A.dat
      [2011/04/11 20:30:30 | 000,138,040 | ---- | C] () -- C:\Windows\System32\perfc00A.dat
      [2011/04/11 20:30:30 | 000,041,390 | ---- | C] () -- C:\Windows\System32\perfd00A.dat

      ========== ZeroAccess Check ==========

      [2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

      [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

      [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
      "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 16:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
      "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both

      ========== LOP Check ==========

      [2013/02/15 22:48:48 | 000,000,000 | ---D | M] -- C:\Users\Cesar\AppData\Roaming\4shared Desktop
      [2012/04/22 20:35:22 | 000,000,000 | ---D | M] -- C:\Users\Cesar\AppData\Roaming\Auslogics
      [2012/03/19 18:53:58 | 000,000,000 | ---D | M] -- C:\Users\Cesar\AppData\Roaming\Autodesk
      [2013/02/13 06:01:39 | 000,000,000 | ---D | M] -- C:\Users\Cesar\AppData\Roaming\B1Toolbar
      [2012/08/18 09:09:00 | 000,000,000 | ---D | M] -- C:\Users\Cesar\AppData\Roaming\Dropbox
      [2012/06/17 20:22:53 | 000,000,000 | ---D | M] -- C:\Users\Cesar\AppData\Roaming\GiD
      [2012/03/24 05:38:01 | 000,000,000 | ---D | M] -- C:\Users\Cesar\AppData\Roaming\Mobile Partner
      [2013/02/05 15:14:50 | 000,000,000 | ---D | M] -- C:\Users\Cesar\AppData\Roaming\Systweak
      [2012/04/13 07:34:01 | 000,000,000 | ---D | M] -- C:\Users\Cesar\AppData\Roaming\TeamViewer
      [2012/05/22 09:47:19 | 000,000,000 | ---D | M] -- C:\Users\Cesar\AppData\Roaming\Texas Instruments
      [2012/05/12 13:30:49 | 000,000,000 | ---D | M] -- C:\Users\Cesar\AppData\Roaming\WinBatch

      ========== Purity Check ==========



      ========== Alternate Data Streams ==========

      @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1

      < End of report >

    4. #4
      Moderador
      Avatar de M@co
      Registrado
      dic 2007
      Ubicación
      America
      Mensajes
      15.628

      Re: B1.org ; Improved Search :CÓMO LO QUITO!!!!????

      Hola.



      Realice lo siguiente:

      1. Sombree el contenido del siguiente recuadro (excepto la palabra código), luego haga clic derecho con el ratón > Copiar.
        Código:
        :OTL
        IE - HKCU\..\SearchScopes\{BB27E252-D555-40B5-A85D-894E52C927B9}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ATU2&o=14670&src=kw&q={searchTerms}&locale=&apn_ptnrs=T8&apn_dtid=zzz001YYCO&apn_uid=8575341f-0d2c-4b24-9245-d7e534c83a9f&apn_sauid=EF929CBA-6190-469F-A6CB-B8571CB047AC
        O33 - MountPoints2\{38267852-2b5e-11e2-90e3-0021cc3c8a53}\Shell - "" = AutoRun
        O33 - MountPoints2\{38267852-2b5e-11e2-90e3-0021cc3c8a53}\Shell\AutoRun\command - "" = D:\AutoRun.exe
        O33 - MountPoints2\{c7f8345d-5b13-11e1-8849-0021cc3c8a53}\Shell - "" = AutoRun
        O33 - MountPoints2\{c7f8345d-5b13-11e1-8849-0021cc3c8a53}\Shell\AutoRun\command - "" = E:\AutoRun.exe
        O33 - MountPoints2\{c7f83471-5b13-11e1-8849-0021cc3c8a53}\Shell - "" = AutoRun
        O33 - MountPoints2\{c7f83471-5b13-11e1-8849-0021cc3c8a53}\Shell\AutoRun\command - "" = E:\AutoRun.exe
        O33 - MountPoints2\D\Shell - "" = AutoRun
        O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\AutoRun.exe
        [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
        
        
        
        :services
        
        
        :reg
        
        
        
        :files
        ipconfig /flushdns /c
        C:\Users\Cesar\AppData\Roaming\B1Toolbar /d
        C:\Users\Cesar\AppData\Local\B1E /d
        @C:\ProgramData\TEMP:D1B5B4F1
        
        :commands
        [resethosts]
        [emptytemp]
        [createrestorepoint]
      2. Ejecutar OTL.exe
        • Clic derecho con el ratón bajo la casilla Análisis Personalizados/Código de Reparación > Pegar.
        • Luego haga clic en el botón Reparar ubicado en la parte superior.
        • Deje que el programa se ejecute sin trabas, reinicie cuando lo pida hacer.
        • Al reiniciar se creará un reporte por defecto en C:\_OTL\MovedFiles, copie y pegue ese log en la próxima respuesta.


      3. Descarga UsbFix a tu escritorio y lo ejecutas de este modo:
        1. Conecte todos sus dispositivos extraibles, Pendrive\Micro SD, etc.
        2. Haga doble Click sobre USBFix
        3. Pulse sobre la opción Supresión
        4. Aparecera una advertencia para que conecte sus USB, pulse en Aceptar y proceso de desinfección/vacunación se iniciará.
        5. Durante el análisis el escritorio puede desaparecer, esto es normal, si USBFix le pide reiniciar el sistema acepte y reinicie su equipo.
        6. Al finalizar, USBFix genera un reporte, el cual se encuentra generalmente en C:\USBFix.txt debe pegar su contenido en el próximo mensaje


      Nos comentas los resultados.

      Salu2!.

      Blog | Antivirus Online | Eliminar Malwares | Antivirus Gratis


      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    5. #5
      Usuario Avatar de juan1tovar
      Registrado
      nov 2011
      Ubicación
      Bogotá - Colombia
      Mensajes
      5

      Re: B1.org ; Improved Search :CÓMO LO QUITO!!!!????

      una duda: el usbfix lo ejecuto en modo seguro o en modo normal.

      mientras tanto el reporte del otl:

      All processes killed
      ========== OTL ==========
      Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB27E252-D555-40B5-A85D-894E52C927B9}\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB27E252-D555-40B5-A85D-894E52C927B9}\ not found.
      Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{38267852-2b5e-11e2-90e3-0021cc3c8a53}\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{38267852-2b5e-11e2-90e3-0021cc3c8a53}\ not found.
      Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{38267852-2b5e-11e2-90e3-0021cc3c8a53}\ not found.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{38267852-2b5e-11e2-90e3-0021cc3c8a53}\ not found.
      File D:\AutoRun.exe not found.
      Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7f8345d-5b13-11e1-8849-0021cc3c8a53}\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c7f8345d-5b13-11e1-8849-0021cc3c8a53}\ not found.
      Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7f8345d-5b13-11e1-8849-0021cc3c8a53}\ not found.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c7f8345d-5b13-11e1-8849-0021cc3c8a53}\ not found.
      File E:\AutoRun.exe not found.
      Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7f83471-5b13-11e1-8849-0021cc3c8a53}\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c7f83471-5b13-11e1-8849-0021cc3c8a53}\ not found.
      Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7f83471-5b13-11e1-8849-0021cc3c8a53}\ not found.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c7f83471-5b13-11e1-8849-0021cc3c8a53}\ not found.
      File E:\AutoRun.exe not found.
      Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ deleted successfully.
      Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.
      File D:\AutoRun.exe not found.
      C:\Windows\msdownld.tmp folder deleted successfully.
      ========== SERVICES/DRIVERS ==========
      ========== REGISTRY ==========
      ========== FILES ==========
      < ipconfig /flushdns /c >
      Configuraci¢n IP de Windows
      Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.
      C:\Users\Cesar\Desktop\intrucciones\cmd.bat deleted successfully.
      C:\Users\Cesar\Desktop\intrucciones\cmd.txt deleted successfully.
      C:\Users\Cesar\AppData\Roaming\B1Toolbar\hpet.exe deleted successfully.
      C:\Users\Cesar\AppData\Roaming\B1Toolbar folder deleted successfully.
      C:\Users\Cesar\AppData\Local\B1E\B1Tool.crx deleted successfully.
      C:\Users\Cesar\AppData\Local\B1E folder deleted successfully.
      ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully.
      ========== COMMANDS ==========
      File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
      Error: Unble to create default HOSTS file!

      [EMPTYTEMP]

      User: acceso
      ->Temp folder emptied: 50908 bytes
      ->Temporary Internet Files folder emptied: 32898 bytes

      User: All Users

      User: Cesar
      ->Temp folder emptied: 106494758 bytes
      ->Temporary Internet Files folder emptied: 10002343 bytes
      ->Java cache emptied: 335408 bytes
      ->FireFox cache emptied: 39719072 bytes
      ->Google Chrome cache emptied: 244932432 bytes
      ->Flash cache emptied: 515 bytes

      User: Default
      ->Temp folder emptied: 0 bytes
      ->Temporary Internet Files folder emptied: 0 bytes

      User: Default User
      ->Temp folder emptied: 0 bytes
      ->Temporary Internet Files folder emptied: 0 bytes

      User: Public

      %systemdrive% .tmp files removed: 0 bytes
      %systemroot% .tmp files removed: 0 bytes
      %systemroot%\System32 .tmp files removed: 0 bytes
      %systemroot%\System32\drivers .tmp files removed: 0 bytes
      Windows Temp folder emptied: 26927774 bytes
      RecycleBin emptied: 70620114 bytes

      Total Files Cleaned = 476,00 mb

      Restore point Set: OTL Restore Point

      OTL by OldTimer - Version 3.2.69.0 log created on 02202013_210220

      Files\Folders moved on Reboot...
      File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

      PendingFileRenameOperations files...

      Registry entries deleted on Reboot...

    6. #6
      Moderador
      Avatar de M@co
      Registrado
      dic 2007
      Ubicación
      America
      Mensajes
      15.628

      Re: B1.org ; Improved Search :CÓMO LO QUITO!!!!????

      En modo normal y si no se puede ejecutar de ese modo lo haces en modo seguro.

      Blog | Antivirus Online | Eliminar Malwares | Antivirus Gratis


      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    7. #7
      Usuario Avatar de juan1tovar
      Registrado
      nov 2011
      Ubicación
      Bogotá - Colombia
      Mensajes
      5

      Re: B1.org ; Improved Search :CÓMO LO QUITO!!!!????

      ############################## | UsbFix V 7.108 | [Supresión]

      Usuario: Cesar (Administrador) # LAPCES
      Actualizado el 20/02/2013 por El Desaparecido
      Comenzó a 12:47:27 | 21/02/2013

      Sitio web: SosVirus &bull; Page d
      Contacto: [email protected]

      PC: Hewlett-Packard (HP Pavilion dv2 Notebook PC) (X86-based PC)
      CPU: AMD Athlon(tm) Neo Processor MV-40 (1600)
      RAM -> [Total : 1918 | Free : 1432]
      BIOS: Ver 1.00PARTTBL
      BOOT: Normal boot

      OS: Microsoft Windows 7 Professional (6.1.7601 32-Bit) # Service Pack 1
      WB: Windows Internet Explorer 9.0.8112.16421

      SC: Security Center Service [Enabled]
      WU: Windows Update Service [Enabled]
      AV: Avira Desktop [(!) Disabled | Updated]
      FW: Windows FireWall Service [Enabled]

      C:\ (%systemdrive%) -> Disco fijo # 100 Gb (57 Mb libre(s) - 57%) [] # NTFS
      D:\ -> Disco extraíble # 4 Gb (1 Mb libre(s) - 39%) [JiTov] # NTFS
      X:\ -> Disco fijo # 133 Gb (10 Mb libre(s) - 7%) [Datos] # NTFS

      ################## | Procesos Parados |

      Parado! C:\Windows\system32\Ati2evxx.exe (832)
      Parado! C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe (1080)
      Parado! C:\Windows\system32\Hpservice.exe (1400)
      Parado! C:\Windows\System32\spoolsv.exe (1760)
      Parado! C:\Windows\system32\taskhost.exe (1788)
      Parado! C:\Windows\system32\Ati2evxx.exe (1808)
      Parado! C:\Program Files\Avira\AntiVir Desktop\sched.exe (1936)
      Parado! C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (232)
      Parado! C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe (316)
      Parado! C:\Program Files\Avira\AntiVir Desktop\avguard.exe (360)
      Parado! C:\ProgramData\DatacardService\HWDeviceService.exe (848)
      Parado! C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (1372)
      Parado! C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (2652)
      Parado! C:\Windows\system32\conhost.exe (2660)
      Parado! C:\ProgramData\DatacardService\DCSHelper.exe (3292)
      Parado! C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (3428)
      Parado! C:\Program Files\Apoint2K\Apoint.exe (3444)
      Parado! C:\Program Files\Common Files\Java\Java Update\jusched.exe (3452)
      Parado! C:\Program Files\IDT\WDM\sttray.exe (3468)
      Parado! C:\Program Files\Unlocker\UnlockerAssistant.exe (3480)
      Parado! C:\Users\Cesar\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe (3704)
      Parado! C:\Windows\system32\SearchIndexer.exe (3828)
      Parado! C:\Program Files\Apoint2K\ApMsgFwd.exe (1724)
      Parado! C:\Program Files\Apoint2K\Apntex.exe (2472)
      Parado! C:\Windows\system32\conhost.exe (2496)
      Parado! C:\Program Files\Windows Media Player\wmpnetwk.exe (1972)
      Parado! C:\Windows\system32\SearchProtocolHost.exe (4032)
      Parado! C:\Windows\System32\WUDFHost.exe (5956)
      Parado! c:\program files\windows defender\MpCmdRun.exe (1740)
      Parado! C:\Windows\system32\SearchFilterHost.exe (4376)

      ################## | Archivos # Carpetas infectadas |

      Suprimido ! X:\ApnStub.exe
      Suprimido ! X:\PCToolssetup.exe

      (!) Archivos temporales suprimido.

      ################## | Registro |


      ################## | Mountpoints2 |


      ################## | Listing |

      [19/02/2012 - 09:49:33 | SHD ] C:\$Recycle.Bin
      [14/02/2013 - 20:54:32 | N | 4391] C:\AdwCleaner[S1].txt
      [28/03/2012 - 22:23:07 | D ] C:\Archivos de progrma
      [05/07/2012 - 18:49:49 | N | 249] C:\AT-Cuarentena
      [14/02/2013 - 22:38:05 | N | 14925] C:\AT-Destroyer.txt
      [21/10/2010 - 22:28:19 | D ] C:\ATI
      [26/10/2010 - 08:20:09 | D ] C:\Autodesk
      [10/06/2009 - 16:42:20 | N | 24] C:\autoexec.bat
      [21/10/2010 - 17:13:47 | N | 86] C:\bcmwl5.log
      [19/02/2012 - 03:15:08 | SHD ] C:\Boot
      [24/01/2012 - 17:40:32 | N | 211] C:\Boot.BAK
      [19/02/2012 - 03:15:08 | N | 355] C:\Boot.ini.saved
      [02/03/2006 - 07:00:00 | N | 4952] C:\Bootfont.bin
      [20/11/2010 - 16:29:06 | RASH | 383786] C:\bootmgr
      [19/02/2012 - 03:15:11 | N | 8192] C:\BOOTSECT.BAK
      [26/05/2012 - 18:36:56 | D ] C:\Color tango
      [19/02/2013 - 14:22:19 | D ] C:\Config.Msi
      [10/06/2009 - 16:42:20 | N | 10] C:\config.sys
      [26/05/2012 - 18:29:10 | D ] C:\De Angelis
      [26/05/2012 - 18:34:48 | D ] C:\Di sarli milongas
      [13/07/2009 - 23:53:55 | SHD ] C:\Documents and Settings
      [21/02/2013 - 06:21:43 | ASH | 1508413440] C:\hiberfil.sys
      [12/05/2012 - 13:39:13 | D ] C:\hp
      [21/10/2010 - 15:20:07 | N | 0] C:\IO.SYS
      [14/06/2012 - 10:14:10 | D ] C:\Leidy
      [21/10/2010 - 15:20:07 | N | 0] C:\MSDOS.SYS
      [25/10/2010 - 22:04:10 | RHD ] C:\MSOCache
      [02/03/2006 - 07:00:00 | N | 47564] C:\NTDETECT.COM
      [21/10/2010 - 21:47:45 | N | 251168] C:\ntldr
      [21/02/2013 - 06:21:44 | ASH | 2011217920] C:\pagefile.sys
      [13/07/2009 - 21:37:05 | D ] C:\PerfLogs
      [19/02/2013 - 12:22:10 | D ] C:\Program Files
      [19/02/2013 - 13:39:09 | HD ] C:\ProgramData
      [19/02/2012 - 09:48:57 | SHD ] C:\Recovery
      [22/10/2010 - 08:35:04 | SHD ] C:\RECYCLER
      [21/10/2010 - 17:37:33 | N | 184] C:\setup.log
      [19/02/2013 - 13:00:08 | D ] C:\swsetup
      [20/02/2013 - 21:03:41 | SHD ] C:\System Volume Information
      [26/05/2012 - 18:31:00 | D ] C:\Troilo
      [19/02/2013 - 12:25:17 | D ] C:\uncol2.5
      [21/02/2013 - 12:52:02 | D ] C:\UsbFix
      [21/02/2013 - 12:52:20 | A | 5163] C:\UsbFix [Clean 1] LAPCES.txt
      [24/03/2012 - 05:37:45 | D ] C:\Users
      [04/02/2012 - 10:36:39 | D ] C:\VIAS
      [20/02/2013 - 21:02:22 | D ] C:\Windows
      [14/02/2013 - 22:36:48 | D ] C:\_AT-Destroyer
      [20/02/2013 - 21:02:20 | D ] C:\_OTL
      [20/02/2013 - 13:18:03 | D ] D:\Archivos
      [19/11/2012 - 16:45:41 | D ] D:\IMRIMIR
      [23/03/2012 - 12:54:40 | SHD ] X:\$RECYCLE.BIN
      [25/10/2010 - 23:39:19 | D ] X:\Adobe
      [22/05/2011 - 19:54:18 | N | 1289221] X:\ANDRES DIEGO LEYDI.pptx
      [02/05/2012 - 06:26:06 | D ] X:\AutoCAD Sheet Sets
      [08/09/2011 - 14:32:57 | D ] X:\Autodesk
      [20/04/2011 - 19:52:46 | N | 35964] X:\BIOGRAFIA Y PRYECTOS.docx
      [08/09/2011 - 14:32:58 | D ] X:\Blocs de notas de OneNote
      [08/09/2011 - 14:50:45 | D ] X:\Buenos aires
      [08/09/2011 - 14:54:25 | D ] X:\Cajas fuertes de McAfee
      [30/10/2012 - 09:40:47 | N | 9520] X:\cantidades.xlsx
      [19/02/2012 - 09:58:23 | N | 92578] X:\cc_20120219_095730.reg
      [06/12/2011 - 19:07:29 | D ] X:\Corel
      [08/02/2013 - 14:03:17 | D ] X:\Cosas Escritorio
      [08/09/2011 - 14:31:00 | D ] X:\Default User
      [23/03/2012 - 19:09:38 | N | 2046] X:\Default.rdp
      [24/08/2012 - 17:28:46 | N | 949853] X:\DEFINITIVOS[1].pdf
      [11/07/2012 - 11:26:49 | ASH | 554] X:\desktop.ini
      [21/02/2013 - 12:34:56 | D ] X:\Downloads
      [05/02/2013 - 13:56:24 | D ] X:\driverswin7
      [19/02/2013 - 20:02:11 | D ] X:\juan
      [15/10/2012 - 09:43:22 | D ] X:\LAPCES
      [19/02/2012 - 11:15:35 | N | 528] X:\MediaID.bin
      [26/11/2012 - 10:30:16 | D ] X:\Mi música
      [26/11/2012 - 08:16:48 | D ] X:\Mis archivos de origen de datos
      [21/10/2012 - 00:50:18 | D ] X:\Mis imágenes
      [08/09/2011 - 14:09:08 | D ] X:\Mis paletas
      [24/12/2012 - 21:27:03 | D ] X:\Mis vídeos
      [22/01/2012 - 15:58:01 | D ] X:\My Digital Editions
      [26/08/2011 - 16:04:49 | D ] X:\My EverNote Files
      [03/02/2011 - 15:05:08 | D ] X:\Nero 8.1.1.4 Portable
      [25/10/2010 - 23:34:37 | D ] X:\Office 2003
      [23/05/2011 - 22:59:24 | D ] X:\PFiles
      [03/03/2012 - 12:02:26 | D ] X:\programas
      [28/09/2012 - 09:37:02 | D ] X:\Puentes
      [26/10/2010 - 10:16:01 | SHD ] X:\RECYCLER
      [14/02/2013 - 16:12:53 | D ] X:\registros
      [22/05/2012 - 09:47:27 | D ] X:\SafeNet Sentinel
      [06/03/2012 - 23:09:06 | N | 3184241] X:\sintesis proyecto.pptx
      [26/08/2011 - 16:04:49 | D ] X:\Sony PMB
      [26/08/2011 - 16:04:49 | D ] X:\SpaceTime 4.0
      [27/09/2011 - 18:49:19 | SHD ] X:\System Volume Information
      [16/01/2012 - 19:24:07 | ASH | 8704] X:\Thumbs.db
      [22/05/2012 - 10:53:28 | D ] X:\TI-Nspire
      [10/08/2012 - 12:38:56 | D ] X:\UN 2011-2
      [07/11/2012 - 07:34:08 | D ] X:\UN 2012-2
      [26/08/2011 - 16:04:49 | D ] X:\Visual Studio 2008
      [26/06/2012 - 09:11:30 | D ] X:\win7
      [05/02/2013 - 15:07:31 | D ] X:\Youcam

      ################## | Vaccin |

    8. #8
      Usuario Avatar de juan1tovar
      Registrado
      nov 2011
      Ubicación
      Bogotá - Colombia
      Mensajes
      5

      Re: B1.org ; Improved Search :CÓMO LO QUITO!!!!????

      ok, ya se fue gracias M@co

      una pregunta: ¿será qeu si se bajó con el 4shared o proviene de otro lado?
      y si no es mucha molestia me podría comentar donde se escondió esa cosa... por cierto ¿de qué clase es este malware?

      muchísimas gracias

      espero no volverme a encontrar con cosas raras (para mi) como estas, ya me habían salvado ayudandome a quitar el malware que me desactivaba el Avira. de nuevo muchas gracias

    9. #9
      Moderador
      Avatar de M@co
      Registrado
      dic 2007
      Ubicación
      America
      Mensajes
      15.628

      Re: B1.org ; Improved Search :CÓMO LO QUITO!!!!????

      Hola.

      Se trataba de un hijacker o secuestrador y vino incluido en el paquete de 4shared desktop.

      Dale doble clic a USBFix.exe y lo desinstalas.

      Dale doble clic a OTL.exe y le das a LIMPIAR.

      Saludos.

      Blog | Antivirus Online | Eliminar Malwares | Antivirus Gratis


      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.