• Registrarse
  • Iniciar sesión


  • Resultados 1 al 2 de 2

    Malware Otshot

    OTL logfile created on: 16/11/2012 05:00:27 p.m. - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrador\Mis documentos\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = ...

    1. #1
      Usuario Avatar de ROOT14
      Registrado
      nov 2012
      Ubicación
      Mexico D.F.
      Mensajes
      2

      Malware Otshot

      OTL logfile created on: 16/11/2012 05:00:27 p.m. - Run 1
      OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrador\Mis documentos\Downloads
      Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
      Internet Explorer (Version = 8.0.6001.18702)
      Locale: 0000080A | Country: México | Language: ESM | Date Format: dd/MM/yyyy

      3.22 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 71.22% Memory free
      5.06 Gb Paging File | 4.24 Gb Available in Paging File | 83.85% Paging File free
      Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

      %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
      Drive C: | 111.78 Gb Total Space | 94.44 Gb Free Space | 84.49% Space Free | Partition Type: NTFS

      Computer Name: BA-54FE11DFCC6B | User Name: Administrador | Logged in as Administrator.
      Boot Mode: Normal | Scan Mode: All users | Quick Scan
      Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

      ========== Processes (SafeList) ==========

      PRC - [2012/11/16 16:58:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Mis documentos\Downloads\OTL.com
      PRC - [2012/11/01 23:01:26 | 000,527,216 | ---- | M] (AnchorFree Inc.) -- C:\Archivos de programa\Hotspot Shield\bin\openvpnas.exe
      PRC - [2012/11/01 12:13:10 | 000,418,672 | ---- | M] (AnchorFree Inc.) -- C:\Archivos de programa\Hotspot Shield\HssWPR\hsssrv.exe
      PRC - [2012/11/01 12:12:16 | 000,389,488 | ---- | M] () -- C:\Archivos de programa\Hotspot Shield\bin\hsswd.exe
      PRC - [2012/11/01 12:04:46 | 001,270,640 | ---- | M] (AnchorFree Inc.) -- C:\Archivos de programa\Hotspot Shield\bin\openvpntray.exe
      PRC - [2012/10/31 16:15:08 | 001,242,136 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
      PRC - [2012/10/18 07:27:06 | 004,386,816 | ---- | M] () -- C:\program files\HotShot\otshot.exe
      PRC - [2012/08/28 14:00:07 | 003,681,176 | ---- | M] () -- C:\Archivos de programa\Pando Networks\Media Booster\PMB.exe
      PRC - [2012/08/21 03:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Archivos de programa\Alwil Software\Avast5\AvastUI.exe
      PRC - [2012/08/21 03:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Archivos de programa\Alwil Software\Avast5\AvastSvc.exe
      PRC - [2012/05/29 15:50:04 | 000,115,032 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Archivos de programa\SweetIM\Messenger\SweetIM.exe
      PRC - [2012/05/24 12:28:56 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\AppleMobileDeviceService.exe
      PRC - [2012/02/16 12:40:20 | 000,197,112 | ---- | M] (PC Utilities Pro) -- C:\Archivos de programa\Optimizer Pro\OptProSmartScan.exe
      PRC - [2012/01/12 13:25:42 | 000,218,104 | ---- | M] (PC Utilities Pro) -- C:\Archivos de programa\Optimizer Pro\OptProReminder.exe
      PRC - [2011/10/21 05:25:10 | 000,446,464 | ---- | M] (Lee-Soft.com, Lee Matthew Chantrey) -- C:\Archivos de programa\ViGlance\ViGlance.exe
      PRC - [2010/01/08 14:19:40 | 000,966,656 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Archivos de programa\REALTEK\RTL8185 Wireless LAN Utility\RtWLan.exe
      PRC - [2008/04/13 20:18:58 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


      ========== Modules (No Company Name) ==========

      MOD - [2012/11/16 05:16:38 | 001,834,496 | ---- | M] () -- C:\Archivos de programa\Alwil Software\Avast5\defs\12111600\algo.dll
      MOD - [2012/11/01 23:00:58 | 000,703,344 | ---- | M] () -- C:\Archivos de programa\Hotspot Shield\bin\af_proxy.dll
      MOD - [2012/11/01 12:12:16 | 000,389,488 | ---- | M] () -- C:\Archivos de programa\Hotspot Shield\bin\hsswd.exe
      MOD - [2012/10/31 16:15:05 | 000,460,312 | ---- | M] () -- C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\Application\23.0.1271.64\ppgooglenaclpluginchrome.dll
      MOD - [2012/10/31 16:15:04 | 012,455,448 | ---- | M] () -- C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll
      MOD - [2012/10/31 16:15:02 | 004,007,448 | ---- | M] () -- C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\Application\23.0.1271.64\pdf.dll
      MOD - [2012/10/31 16:13:47 | 000,587,288 | ---- | M] () -- C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\Application\23.0.1271.64\libglesv2.dll
      MOD - [2012/10/31 16:13:46 | 000,123,928 | ---- | M] () -- C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\Application\23.0.1271.64\libegl.dll
      MOD - [2012/10/31 16:13:35 | 000,156,712 | ---- | M] () -- C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\Application\23.0.1271.64\avutil-51.dll
      MOD - [2012/10/31 16:13:34 | 000,274,984 | ---- | M] () -- C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\Application\23.0.1271.64\avformat-54.dll
      MOD - [2012/10/31 16:13:32 | 002,168,360 | ---- | M] () -- C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\Application\23.0.1271.64\avcodec-54.dll
      MOD - [2012/10/18 07:27:06 | 004,386,816 | ---- | M] () -- C:\program files\HotShot\otshot.exe
      MOD - [2012/08/28 14:00:07 | 003,681,176 | ---- | M] () -- C:\Archivos de programa\Pando Networks\Media Booster\PMB.exe
      MOD - [2012/05/30 19:06:48 | 000,087,912 | ---- | M] () -- C:\Archivos de programa\Archivos comunes\Apple\Apple Application Support\zlib1.dll
      MOD - [2012/05/30 19:06:30 | 001,242,512 | ---- | M] () -- C:\Archivos de programa\Archivos comunes\Apple\Apple Application Support\libxml2.dll
      MOD - [2009/12/09 21:20:06 | 000,126,976 | ---- | M] () -- C:\Archivos de programa\REALTEK\RTL8185 Wireless LAN Utility\EnumDevLib.dll
      MOD - [2008/04/13 20:18:26 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
      MOD - [2007/07/12 11:11:54 | 001,163,264 | ---- | M] () -- C:\Archivos de programa\REALTEK\RTL8185 Wireless LAN Utility\acAuth.dll


      ========== Services (SafeList) ==========

      SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
      SRV - [2012/11/01 23:01:26 | 000,527,216 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Archivos de programa\Hotspot Shield\bin\openvpnas.exe -- (hshld)
      SRV - [2012/11/01 12:35:02 | 000,078,072 | ---- | M] () [On_Demand | Stopped] -- C:\Archivos de programa\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
      SRV - [2012/11/01 12:13:10 | 000,418,672 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Archivos de programa\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
      SRV - [2012/11/01 12:12:16 | 000,389,488 | ---- | M] () [Auto | Running] -- C:\Archivos de programa\Hotspot Shield\bin\hsswd.exe -- (HssWd)
      SRV - [2012/08/21 03:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Archivos de programa\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
      SRV - [2012/05/24 12:28:56 | 000,055,184 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
      SRV - [2006/10/26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
      SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


      ========== Driver Services (SafeList) ==========

      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva401.sys -- (XDva401)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva400.sys -- (XDva400)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva399.sys -- (XDva399)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva397.sys -- (XDva397)
      DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
      DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
      DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
      DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
      DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
      DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
      DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
      DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
      DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
      DRV - [2012/08/21 03:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
      DRV - [2012/08/21 03:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
      DRV - [2012/08/21 03:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
      DRV - [2012/08/21 03:13:14 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
      DRV - [2012/08/21 03:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
      DRV - [2012/08/21 03:13:13 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
      DRV - [2012/08/21 03:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
      DRV - [2010/11/08 12:45:06 | 000,062,576 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
      DRV - [2009/11/12 15:42:16 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
      DRV - [2008/04/17 08:33:26 | 004,707,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)


      ========== Standard Registry (SafeList) ==========


      ========== Internet Explorer ==========

      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000.10012&barid={A1F0E63B-2B74-11E2-8981-50E54947619B}
      IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
      IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
      IE - HKLM\..\SearchScopes\{A7D47C69-95DE-40A7-A6EB-F5E4879E7286}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
      IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10012&barid={A1F0E63B-2B74-11E2-8981-50E54947619B}


      IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
      IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

      IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
      IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

      IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google

      IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google

      IE - HKU\S-1-5-21-602162358-1770027372-1801674531-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = KAYBO
      IE - HKU\S-1-5-21-602162358-1770027372-1801674531-500\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Archivos de programa\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
      IE - HKU\S-1-5-21-602162358-1770027372-1801674531-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE - HKU\S-1-5-21-602162358-1770027372-1801674531-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
      IE - HKU\S-1-5-21-602162358-1770027372-1801674531-500\..\SearchScopes\{A7D47C69-95DE-40A7-A6EB-F5E4879E7286}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
      IE - HKU\S-1-5-21-602162358-1770027372-1801674531-500\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10012&barid={A1F0E63B-2B74-11E2-8981-50E54947619B}
      IE - HKU\S-1-5-21-602162358-1770027372-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
      IE - HKU\S-1-5-21-602162358-1770027372-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


      ========== FireFox ==========

      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Archivos de programa\iTunes\Mozilla Plugins\npitunes.dll ()
      FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Archivos de programa\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
      FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Archivos de programa\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
      FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Archivos de programa\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
      FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
      FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
      FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
      FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Archivos de programa\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)



      ========== Chrome ==========

      CHR - homepage: http://home.sweetim.com/?crg=3.1010000.10012&barid={A1F0E63B-2B74-11E2-8981-50E54947619B}
      CHR - default_search_provider: Google (Enabled)
      CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
      CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
      CHR - homepage: http://home.sweetim.com/?crg=3.1010000.10012&barid={A1F0E63B-2B74-11E2-8981-50E54947619B}
      CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
      CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Administrador\Configuraci\u00F3n local\Datos de programa\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
      CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Administrador\Configuraci\u00F3n local\Datos de programa\Google\Chrome\Application\23.0.1271.64\pdf.dll
      CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Administrador\Configuraci\u00F3n local\Datos de programa\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
      CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Archivos de programa\Windows Media Player\npdrmv2.dll
      CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Archivos de programa\Windows Media Player\npwmsdrm.dll
      CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Archivos de programa\Windows Media Player\npdsplay.dll
      CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Administrador\Configuraci\u00F3n local\Datos de programa\Google\Update\1.3.21.111\npGoogleUpdate3.dll
      CHR - Extension: YouTube = C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
      CHR - Extension: B\u00FAsqueda de Google = C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
      CHR - Extension: avast! WebRep = C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
      CHR - Extension: Gmail = C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
      CHR - Extension: YouTube = C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
      CHR - Extension: B\u00FAsqueda de Google = C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
      CHR - Extension: avast! WebRep = C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
      CHR - Extension: Gmail = C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

      O1 HOSTS File: ([2001/08/24 05:00:00 | 000,000,792 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
      O1 - Hosts: 127.0.0.1 localhost
      O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Archivos de programa\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
      O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
      O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Archivos de programa\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
      O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Archivos de programa\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.)
      O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Archivos de programa\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
      O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Archivos de programa\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
      O3 - HKU\S-1-5-21-602162358-1770027372-1801674531-500\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Archivos de programa\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
      O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
      O4 - HKLM..\Run: [APSDaemon] C:\Archivos de programa\Archivos comunes\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
      O4 - HKLM..\Run: [avast5] C:\Archivos de programa\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
      O4 - HKLM..\Run: [HotShot] c:\program files\HotShot\otshot.exe ()
      O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
      O4 - HKLM..\Run: [SweetIM] C:\Archivos de programa\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
      O4 - HKU\S-1-5-21-602162358-1770027372-1801674531-500..\Run: [Optimizer Pro] C:\Archivos de programa\Optimizer Pro\OptProLauncher.exe (PC Utilities Pro)
      O4 - HKU\S-1-5-21-602162358-1770027372-1801674531-500..\Run: [Pando Media Booster] C:\Archivos de programa\Pando Networks\Media Booster\PMB.exe ()
      O4 - HKU\S-1-5-21-602162358-1770027372-1801674531-500..\Run: [ViGlance] C:\Archivos de programa\ViGlance\ViGlance.exe (Lee-Soft.com, Lee Matthew Chantrey)
      O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
      O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
      O4 - HKU\S-1-5-19..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
      O4 - HKU\S-1-5-20..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
      O4 - Startup: C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\REALTEK RTL8185 Wireless LAN Utility.lnk = C:\Archivos de programa\REALTEK\RTL8185 Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)
      O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
      O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
      O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
      O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
      O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
      O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
      O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
      O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
      O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
      O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
      O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
      O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
      O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
      O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
      O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
      O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
      O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
      O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
      O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
      O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
      O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
      O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
      O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
      O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
      O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
      O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
      O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
      O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
      O7 - HKU\S-1-5-21-602162358-1770027372-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
      O7 - HKU\S-1-5-21-602162358-1770027372-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
      O7 - HKU\S-1-5-21-602162358-1770027372-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
      O7 - HKU\S-1-5-21-602162358-1770027372-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
      O7 - HKU\S-1-5-21-602162358-1770027372-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
      O7 - HKU\S-1-5-21-602162358-1770027372-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
      O7 - HKU\S-1-5-21-602162358-1770027372-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
      O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Inc.)
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9F381A32-39C0-49CE-8D9F-ACABAEECE4F5}: DhcpNameServer = 192.168.1.254
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA8B214D-6C2E-4B40-830A-008137D77B25}: DhcpNameServer = 192.168.1.254
      O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
      O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
      O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
      O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home
      O24 - Desktop WallPaper: C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
      O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
      O32 - HKLM CDRom: AutoRun - 1
      O32 - AutoRun File - [2011/01/01 01:43:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
      O34 - HKLM BootExecute: (autocheck autochk *)
      O35 - HKLM\..comfile [open] -- "%1" %*
      O35 - HKLM\..exefile [open] -- "%1" %*
      O37 - HKLM\...com [@ = comfile] -- "%1" %*
      O37 - HKLM\...exe [@ = exefile] -- "%1" %*
      O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
      O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)


      CREATERESTOREPOINT
      Restore point Set: OTL Restore Point

      ========== Files/Folders - Created Within 30 Days ==========

      [2012/11/13 17:14:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\WinRAR
      [2012/11/13 17:14:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Menú Inicio\Programas\WinRAR
      [2012/11/13 17:14:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Mis documentos\winrar
      [2012/11/12 18:02:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
      [2012/11/10 14:29:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Datos de programa\Optimizer Pro
      [2012/11/10 14:25:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Optimizer Pro
      [2012/11/10 14:24:58 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Optimizer Pro
      [2012/11/10 14:24:50 | 000,000,000 | ---D | C] -- C:\program files
      [2012/11/10 14:24:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\SweetIM
      [2012/11/10 14:24:30 | 000,000,000 | ---D | C] -- C:\Archivos de programa\SweetIM
      [2012/11/10 14:22:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\ZalmanInstaller_otshot
      [2012/11/08 22:24:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Hotspot Shield
      [2012/11/08 14:00:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Menú Inicio\Programas\Kaybo
      [2012/11/08 13:56:57 | 000,000,000 | ---D | C] -- C:\Kaybo
      [2012/11/07 19:40:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Hotspot Shield
      [2012/11/07 19:40:22 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Hotspot Shield
      [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
      [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

      ========== Files - Modified Within 30 Days ==========

      [2012/11/16 17:01:00 | 000,001,052 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
      [2012/11/16 16:50:26 | 000,490,058 | ---- | M] () -- C:\WINDOWS\System32\perfh00A.dat
      [2012/11/16 16:50:26 | 000,428,122 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
      [2012/11/16 16:50:26 | 000,083,858 | ---- | M] () -- C:\WINDOWS\System32\perfc00A.dat
      [2012/11/16 16:50:26 | 000,066,086 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
      [2012/11/16 16:49:09 | 000,000,504 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B03F6836-F386-4491-863E-19276F3A4691}.job
      [2012/11/16 16:46:14 | 000,000,380 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
      [2012/11/16 16:45:58 | 000,001,048 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
      [2012/11/16 16:45:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
      [2012/11/16 14:40:00 | 000,001,160 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1770027372-1801674531-500UA.job
      [2012/11/16 12:40:00 | 000,001,108 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1770027372-1801674531-500Core.job
      [2012/11/13 17:14:15 | 001,609,863 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\wrar420es.exe
      [2012/11/13 17:07:01 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
      [2012/11/13 16:45:22 | 000,144,147 | ---- | M] () -- C:\Documents and Settings\Administrador\history.htt
      [2012/11/10 20:28:05 | 000,003,072 | ---- | M] () -- C:\Documents and Settings\Administrador\hotshot.db
      [2012/11/10 20:28:05 | 000,003,072 | ---- | M] () -- C:\Documents and Settings\Administrador\files.db
      [2012/11/10 14:25:01 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\Optimizer Pro.lnk
      [2012/11/09 12:38:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
      [2012/11/08 14:00:13 | 000,001,539 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\Operation7Launcher.lnk
      [2012/11/08 14:00:13 | 000,001,347 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\Operation7Site.lnk
      [2012/11/08 14:00:13 | 000,001,283 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\Kaybo.lnk
      [2012/11/07 19:40:31 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\cd.dat
      [2012/11/07 19:40:23 | 000,000,848 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Hotspot Shield Launch.lnk
      [2012/11/07 18:42:44 | 000,002,398 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\Google Chrome.lnk
      [2012/11/02 17:54:06 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\Administrador\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      [2012/11/01 12:22:30 | 000,040,200 | ---- | M] (AnchorFree Inc.) -- C:\WINDOWS\System32\drivers\hssdrv.sys
      [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
      [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

      ========== Files Created - No Company Name ==========

      [2012/11/13 17:14:02 | 001,609,863 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\wrar420es.exe
      [2012/11/10 20:28:22 | 000,144,147 | ---- | C] () -- C:\Documents and Settings\Administrador\history.htt
      [2012/11/10 20:28:05 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\Administrador\hotshot.db
      [2012/11/10 20:28:05 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\Administrador\files.db
      [2012/11/10 14:25:01 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\Optimizer Pro.lnk
      [2012/11/10 14:24:52 | 000,000,665 | ---- | C] () -- C:\Documents and Settings\Administrador\Menú Inicio\Programas\HotShot.lnk
      [2012/11/08 14:00:13 | 000,001,347 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\Operation7Site.lnk
      [2012/11/08 14:00:13 | 000,001,283 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\Kaybo.lnk
      [2012/11/08 14:00:12 | 000,001,539 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\Operation7Launcher.lnk
      [2012/11/07 19:40:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cd.dat
      [2012/11/07 19:40:23 | 000,000,848 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Hotspot Shield Launch.lnk
      [2012/10/10 12:47:55 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
      [2012/09/25 00:01:57 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Administrador\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      [2012/09/05 23:22:36 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
      [2012/09/05 23:22:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
      [2012/07/29 13:23:29 | 000,051,612 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
      [2011/01/01 05:58:27 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
      [2011/01/01 0519 | 000,769,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Configuración local\Datos de programa\FontCache3.0.0.0.dat
      [2011/01/01 04:16:17 | 000,982,240 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
      [2011/01/01 04:16:17 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
      [2011/01/01 04:16:15 | 000,439,308 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
      [2011/01/01 04:16:15 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
      [2011/01/01 02:17:20 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
      [2011/01/01 02:16:36 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe
      [2011/01/01 01:44:58 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
      [2011/01/01 01:42:10 | 000,021,900 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
      [2010/12/31 18:36:35 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
      [2010/12/31 18:28:18 | 000,262,232 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

      ========== ZeroAccess Check ==========

      [2011/01/01 03:49:03 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

      [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

      [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:18:38 | 001,499,648 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
      "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2008/04/13 20:18:22 | 000,472,064 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
      "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 20:18:48 | 000,273,920 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both

      ========== LOP Check ==========

      [2011/01/01 03:53:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Datos de programa\Easeware
      [2012/11/10 14:29:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Datos de programa\Optimizer Pro
      [2012/07/27 17:44:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Datos de programa\systweak
      [2012/10/08 19:38:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Datos de programa\TS3Client
      [2012/07/28 1436 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Datos de programa\ViGlance
      [2012/07/27 17:51:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Datos de programa\ViStart
      [2011/01/01 02:34:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Alwil Software
      [2012/11/08 22:24:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Hotspot Shield
      [2012/07/27 17:47:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Isso Project
      [2012/08/28 14:00:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\PMB Files
      [2012/09/05 23:22:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\PopCap Games
      [2012/11/12 18:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\SweetIM
      [2012/11/10 14:24:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\ZalmanInstaller_otshot
      [2012/07/29 12:56:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

      ========== Purity Check ==========



      ========== Custom Scans ==========

      < %SYSTEMDRIVE%\*.* >
      [2011/01/01 01:43:53 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
      [2011/01/01 01:40:25 | 000,000,211 | -HS- | M] () -- C:\boot.ini
      [2001/08/24 05:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
      [2012/06/28 05:55:34 | 001,194,104 | ---- | M] () -- C:\Browser_Helper_Companion.exe
      [2011/01/01 01:43:53 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
      [2011/01/01 01:43:53 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
      [2011/01/01 01:43:53 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
      [2008/04/13 10:43:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
      [2008/04/13 12:31:52 | 000,251,168 | RHS- | M] () -- C:\ntldr
      [2012/11/16 16:45:51 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys

      < %PROGRAMFILES%\*.* >

      < %systemroot%\windows\*.exe >

      < End of report >

    2. #2
      Moderador
      Avatar de @Maxfernandez
      Registrado
      dic 2007
      Ubicación
      Venezuela
      Mensajes
      16.076

      Re: Malware Otshot

      Hola ROOT14


      Tenias que abrir un tema nuevo para que se te pueda brindar ayuda personalizada.

      Importante:
      _____________

      Realice lo siguiente:

      1. Sombree el contenido del siguiente recuadro (excepto la palabra código), luego haga clic derecho con el ratón > Copiar.
        Código:
        :OTL
        PRC - [2012/10/18 07:27:06 | 004,386,816 | ---- | M] () -- C:\program files\HotShot\otshot.exe
        MOD - [2012/10/18 07:27:06 | 004,386,816 | ---- | M] () -- C:\program files\HotShot\otshot.exe
        IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10012&barid={A1F0E63B-2B74-11E2-8981-50E54947619B}
        IE - HKU\S-1-5-21-602162358-1770027372-1801674531-500\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Archivos de programa\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
        IE - HKU\S-1-5-21-602162358-1770027372-1801674531-500\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10012&barid={A1F0E63B-2B74-11E2-8981-50E54947619B}
        CHR - homepage: http://home.sweetim.com/?crg=3.1010000.10012&barid={A1F0E63B-2B74-11E2-8981-50E54947619B}
        O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Archivos de programa\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
        O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Archivos de programa\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.)
        O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Archivos de programa\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
        O3 - HKU\S-1-5-21-602162358-1770027372-1801674531-500\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Archivos de programa\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
        O4 - HKLM..\Run: [HotShot] c:\program files\HotShot\otshot.exe ()
        [2012/11/10 14:22:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\ZalmanInstaller_otshot
        [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
        [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
        [2012/11/10 20:28:05 | 000,003,072 | ---- | M] () -- C:\Documents and Settings\Administrador\hotshot.db
        [2012/11/10 14:24:52 | 000,000,665 | ---- | C] () -- C:\Documents and Settings\Administrador\Menú Inicio\Programas\HotShot.lnk
        [2012/11/10 14:24:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\ZalmanInstaller_otshot
        
        :commands
        [emptytemp]
        [createrestorepoint]
      2. Ejecutar OTL.exe
        • Clic derecho con el ratón bajo la casilla Análisis Personalizados/Código de Reparación > Pegar.
        • Luego haga clic en el botón Reparar ubicado en la parte superior.
        • Deje que el programa se ejecute sin trabas, reinicie cuando lo pida hacer.
        • Al reiniciar se creará un reporte por defecto en C:\_OTL\MovedFiles, copie y pegue ese log en la próxima respuesta.



      Nos comenta los resultados.

      Saludos.
      [email protected]


      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.