• Registrarse
  • Iniciar sesión


  • Resultados 1 al 2 de 2

    VIRUS Ramsonware Policia Nacional

    Hola. Tengo un virus en el ordenador tipo ramsonware que me pide una multa de 100 euros en nombre de la policía nacional. No he podido eliminarlo con las instrucciones a otros usuarios. Gracias si ...

    1. #1
      Usuario Avatar de joan sola
      Registrado
      nov 2012
      Ubicación
      españa
      Mensajes
      1

      VIRUS Ramsonware Policia Nacional

      Hola.
      Tengo un virus en el ordenador tipo ramsonware que me pide una multa de 100 euros en nombre de la policía nacional. No he podido eliminarlo con las instrucciones a otros usuarios.
      Gracias si podeis ayudarme
      Adjunto el log de OTL que he pasado por mi ordenador:

      OTL logfile created on: 23/11/2012 20:25:57 - Run 2
      OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\falgas\Desktop
      Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
      Internet Explorer (Version = 8.0.6001.19088)
      Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy

      1,99 Gb Total Physical Memory | 1,16 Gb Available Physical Memory | 58,38% Memory free
      4,23 Gb Paging File | 3,57 Gb Available in Paging File | 84,49% Paging File free
      Paging file location(s): ?:\pagefile.sys [binary data]

      %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
      Drive C: | 142,42 Gb Total Space | 82,08 Gb Free Space | 57,63% Space Free | Partition Type: NTFS
      Drive D: | 6,63 Gb Total Space | 2,59 Gb Free Space | 39,05% Space Free | Partition Type: NTFS
      Drive E: | 931,28 Gb Total Space | 365,16 Gb Free Space | 39,21% Space Free | Partition Type: FAT32

      Computer Name: FALGAS1 | User Name: falgas | Logged in as Administrator.
      Boot Mode: SafeMode with Networking | Scan Mode: Current user
      Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

      ========== Processes (SafeList) ==========

      PRC - [2012/11/22 18:28:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\falgas\Desktop\OTL.exe
      PRC - [2011/05/28 07:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Internet Explorer\iexplore.exe
      PRC - [2009/01/19 12:08:06 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


      ========== Modules (No Company Name) ==========


      ========== Services (SafeList) ==========

      SRV - File not found [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Programador de LiveUpdate automático)
      SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
      SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
      SRV - [2012/05/28 17:33:44 | 000,935,480 | ---- | M] () [Auto | Stopped] -- C:\Archivos de programa\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe -- (vToolbarUpdater11.1.0)
      SRV - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Archivos de programa\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
      SRV - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Archivos de programa\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
      SRV - [2011/07/20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
      SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Archivos de programa\Windows Defender\MpSvc.dll -- (WinDefend)
      SRV - [2008/01/19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
      SRV - [2007/03/05 09:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Archivos de programa\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
      SRV - [2006/10/26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)


      ========== Driver Services (SafeList) ==========

      DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
      DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
      DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
      DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
      DRV - [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mbam.sys -- (MBAMProtector)
      DRV - [2009/01/19 09:39:34 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\rmcast.sys -- (RMCAST)
      DRV - [2008/03/03 11:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
      DRV - [2007/05/04 15:11:32 | 002,219,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw4v32.sys -- (NETw4v32)
      DRV - [2007/04/30 20:59:30 | 000,160,768 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CHDART.sys -- (HdAudAddService)
      DRV - [2007/04/23 22:51:08 | 000,050,176 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
      DRV - [2007/01/29 23:23:30 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
      DRV - [2006/11/30 10:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\eabfiltr.sys -- (eabfiltr)
      DRV - [2006/11/17 13:19:30 | 000,143,872 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Apfiltr.sys -- (ApfiltrService)
      DRV - [2006/11/02 08:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nvm60x32.sys -- (NVENETFD)
      DRV - [2006/11/02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw3v32.sys -- (NETw3v32)
      DRV - [2006/06/28 09:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CPQBttn.sys -- (HBtnKey)


      ========== Standard Registry (SafeList) ==========


      ========== Internet Explorer ==========

      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=ES_ES&c=73&bd=PRESARIO&pf=laptop
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=ES_ES&c=73&bd=PRESARIO&pf=laptop
      IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
      IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
      IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
      IE - HKLM\..\SearchScopes\{99EA4E84-9515-4F4B-BA4F-1F72509A81BE}: "URL" = http://es.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06

      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=ES_ES&c=73&bd=PRESARIO&pf=laptop
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.es/ [binary data]
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={702C0CFB-8CE1-444D-A347-021DC4D5B465}&mid=e7772b409ee147d0b138d1527e6b4e4e-621fe7e91efa7f98550edb79c3f841fd04ecdc69&lang=es&ds=cv011&pr=sa&d=2012-05-28 18:33:48&v=11.1.0.7&sap=hp
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
      IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
      IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?FORM=IEFM1&q={searchTerms}
      IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=
      IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={702C0CFB-8CE1-444D-A347-021DC4D5B465}&mid=e7772b409ee147d0b138d1527e6b4e4e-621fe7e91efa7f98550edb79c3f841fd04ecdc69&lang=es&ds=cv011&pr=sa&d=2012-05-28 18:33:48&v=11.1.0.7&sap=dsp&q={searchTerms}
      IE - HKCU\..\SearchScopes\{99EA4E84-9515-4F4B-BA4F-1F72509A81BE}: "URL" = http://es.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

      ========== FireFox ==========

      FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
      FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
      FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
      FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
      FF - prefs.js..keyword.URL: "http://www.google.com/search?sourceid=navclient&hl=ca&q="
      FF - user.js - File not found

      FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll ()
      FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
      FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
      FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
      FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\falgas\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
      FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\falgas\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\11.1.0.7\ [2012/05/28 17:33:55 | 000,000,000 | ---D | M]

      [2009/06/13 13:01:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\falgas\AppData\Roaming\mozilla\Extensions
      [2012/06/16 19:23:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\falgas\AppData\Roaming\mozilla\Firefox\Profiles\d72hbg7p.default\extensions
      [2010/05/08 12:48:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\falgas\AppData\Roaming\mozilla\Firefox\Profiles\d72hbg7p.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
      [2011/02/19 18:48:40 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\falgas\AppData\Roaming\mozilla\Firefox\Profiles\d72hbg7p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
      [2012/06/17 09:13:31 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\extensions
      [2011/10/31 13:58:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
      [2011/10/31 13:58:44 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
      [2012/05/28 17:33:41 | 000,003,749 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml

      ========== Chrome ==========

      CHR - homepage: http://isearch.avg.com/?cid={702C0CFB-8CE1-444D-A347-021DC4D5B465}&mid=e7772b409ee147d0b138d1527e6b4e4e-621fe7e91efa7f98550edb79c3f841fd04ecdc69&lang=es&ds=cv011&pr=sa&d=2012-05-28 18:33:48&v=11.1.0.7&sap=hp
      CHR - default_search_provider: Google (Enabled)
      CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
      CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
      CHR - homepage: http://isearch.avg.com/?cid={702C0CFB-8CE1-444D-A347-021DC4D5B465}&mid=e7772b409ee147d0b138d1527e6b4e4e-621fe7e91efa7f98550edb79c3f841fd04ecdc69&lang=es&ds=cv011&pr=sa&d=2012-05-28 18:33:48&v=11.1.0.7&sap=hp
      CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\falgas\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll
      CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\falgas\AppData\Local\Google\Chrome\Application\23.0.1271.64\gears.dll
      CHR - plugin: Shockwave Flash (Enabled) = C:\Users\falgas\AppData\Local\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
      CHR - plugin: Java Deployment Toolkit 6.0.140.8 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
      CHR - plugin: Java(TM) Platform SE 6 U14 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
      CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
      CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
      CHR - plugin: Google Update (Enabled) = C:\Users\falgas\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
      CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll
      CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
      CHR - plugin: Default Plug-in (Enabled) = default_plugin
      CHR - Extension: YouTube = C:\Users\falgas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
      CHR - Extension: YouTube = C:\Users\falgas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
      CHR - Extension: B\u00FAsqueda de Google = C:\Users\falgas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
      CHR - Extension: B\u00FAsqueda de Google = C:\Users\falgas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
      CHR - Extension: Gmail = C:\Users\falgas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
      CHR - Extension: Gmail = C:\Users\falgas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

      O1 HOSTS File: ([2012/11/22 19:16:26 | 000,000,098 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\Hosts
      O1 - Hosts: 127.0.0.1 localhost
      O1 - Hosts: ::1 localhost
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
      O2 - BHO: (Windows Live Aplicación auxiliar de inicio de sesión) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
      O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Archivos de programa\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()
      O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
      O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
      O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Archivos de programa\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
      O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
      O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
      O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
      O3 - HKLM\..\Toolbar: (&Save Flash) - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Archivos de programa\Save Flash\SaveFlash.dll (TODO: <Company name>)
      O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
      O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Archivos de programa\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()
      O3 - HKCU\..\Toolbar\WebBrowser: (&Save Flash) - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Archivos de programa\Save Flash\SaveFlash.dll (TODO: <Company name>)
      O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
      O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Archivos de programa\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
      O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
      O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
      O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
      O4 - HKCU..\Run: [Update] C:\Users\falgas\AppData\Roaming\wlsidten.exe ()
      O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
      O4 - HKCU..\Run: [WMPNSCFG] C:\Archivos de programa\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
      O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
      O4 - Startup: C:\Users\falgas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recorte de pantalla e Inicio rápido de OneNote 2007.lnk = C:\Archivos de programa\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
      O8 - Extra context menu item: E&xportar a Microsoft Excel - C:\Archivos de programa\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
      O9 - Extra Button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
      O9 - Extra 'Tools' menuitem : &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
      O9 - Extra Button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
      O9 - Extra 'Tools' menuitem : &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
      O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Archivos de programa\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
      O13 - gopher Prefix: missing
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1)
      O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
      O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1)
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E39D4F5B-E0A8-4781-A45B-99A59BC9CD5B}: DhcpNameServer = 192.168.2.1
      O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
      O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Archivos de programa\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
      O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
      O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Archivos de programa\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll ()
      O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Archivos de programa\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
      O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
      O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Archivos de programa\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
      O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
      O24 - Desktop WallPaper:
      O24 - Desktop BackupWallPaper:
      O32 - HKLM CDRom: AutoRun - 1
      O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
      O32 - AutoRun File - [2005/09/11 16:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
      O34 - HKLM BootExecute: (autocheck autochk *)
      O35 - HKLM\..comfile [open] -- "%1" %*
      O35 - HKLM\..exefile [open] -- "%1" %*
      O37 - HKLM\...com [@ = comfile] -- "%1" %*
      O37 - HKLM\...exe [@ = exefile] -- "%1" %*
      O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
      O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

      ========== Files/Folders - Created Within 30 Days ==========

      [2012/11/22 18:47:59 | 000,000,000 | ---D | C] -- C:\_OTL
      [2012/11/22 18:28:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\falgas\Desktop\OTL.exe
      [2012/11/22 17:36:41 | 000,000,000 | ---D | C] -- C:\Users\falgas\AppData\Roaming\Malwarebytes
      [2012/11/22 17:36:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
      [2012/11/22 17:36:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
      [2012/11/22 17:36:37 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
      [2012/11/22 17:36:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

      ========== Files - Modified Within 30 Days ==========

      [2012/11/23 16:03:22 | 000,010,752 | ---- | M] () -- C:\Users\falgas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      [2012/11/22 19:25:24 | 000,672,836 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
      [2012/11/22 19:25:24 | 000,595,386 | ---- | M] () -- C:\Windows\System32\perfh009.dat
      [2012/11/22 19:25:24 | 000,131,326 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
      [2012/11/22 19:25:24 | 000,103,460 | ---- | M] () -- C:\Windows\System32\perfc009.dat
      [2012/11/22 19:19:57 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
      [2012/11/22 19:18:29 | 000,000,150 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
      [2012/11/22 19:18:18 | 000,308,888 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
      [2012/11/22 19:17:50 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
      [2012/11/22 19:17:50 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
      [2012/11/22 19:16:26 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
      [2012/11/22 18:28:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\falgas\Desktop\OTL.exe
      [2012/11/22 17:50:26 | 000,000,446 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{42B05578-6772-4A25-82A2-1A5A8677A381}.job
      [2012/11/22 17:36:39 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
      [2012/11/22 17:26:59 | 000,000,680 | ---- | M] () -- C:\Users\falgas\AppData\Local\d3d9caps.dat
      [2012/11/22 16:17:52 | 000,167,424 | ---- | M] () -- C:\Users\falgas\AppData\Roaming\wlsidten.exe
      [2012/11/22 15:54:01 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1790170313-2942051230-1639354733-1000UA.job
      [2012/11/16 18:54:04 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1790170313-2942051230-1639354733-1000Core.job
      [2012/11/11 17:59:11 | 000,002,047 | ---- | M] () -- C:\Users\falgas\Desktop\Google Chrome.lnk

      ========== Files Created - No Company Name ==========

      [2012/11/22 17:36:39 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
      [2012/11/22 16:18:06 | 000,167,424 | ---- | C] () -- C:\Users\falgas\AppData\Roaming\wlsidten.exe
      [2012/06/26 12:00:45 | 000,010,752 | ---- | C] () -- C:\Users\falgas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      [2012/06/17 11:03:46 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
      [2011/12/10 00:07:42 | 000,000,680 | ---- | C] () -- C:\Users\falgas\AppData\Local\d3d9caps.dat
      [2010/05/08 12:36:02 | 000,031,007 | ---- | C] () -- C:\Users\falgas\AppData\Roaming\UserTile.png

      ========== ZeroAccess Check ==========

      [2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

      [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

      [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 16:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
      "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/03/03 05:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
      "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/01/19 08:36:49 | 000,347,648 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both

      ========== Alternate Data Streams ==========

      @Alternate Data Stream - 769 bytes -> C:\Users\falgas\Documents\[Fwd_ RV_ Audrey Hepburn].eml:OECustomProperty

      < End of report >

    2. #2
      Ex-Colaborador Avatar de Anleg_30
      Registrado
      dic 2007
      Ubicación
      Bna-Venezuela
      Mensajes
      10.545

      Re: VIRUS Ramsonware Policia Nacional

      Buenas,

      • Abre OTL.exe porfavor, y solo realiza lo siguiente tal cual:
      • Copia y pega el siguiente código en su marco en blanco (debajo de Código de Reparación)


      Código:
      :OTL
      O4 - HKCU..\Run: [Update] C:\Users\falgas\AppData\Roaming\wlsidten.exe ()
      [2012/11/22 17:26:59 | 000,000,680 | ---- | M] () -- C:\Users\falgas\AppData\Local\d3d9caps.dat
      :Commands
      [emptytemp]
      • Seguidamente pulsa sobre el botón Reparar



      Deja que se ejecute y luego del reinicio me copias el reporte que genere comentandome si va todo normal o no.



      Blog | Antivirus Online | Eliminar Malwares | Antivirus Gratis

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.