• Registrarse
  • Iniciar sesión


  • Resultados 1 al 2 de 2

    Archivos Encriptados con extension .ZEPTO

    Estimados compañero: Quisiera solicitar su ayuda ya que tengo una carpeta en la cual tenía documentos en PDF muy importantes para mi trabajo, dicha carpeta estaba compartida en la Red de mi trabajo y uno ...

    1. #1
      Usuario Avatar de l2oNnY
      Registrado
      jun 2006
      Ubicación
      Peru
      Mensajes
      58

      Archivos Encriptados con extension .ZEPTO

      Estimados compañero:

      Quisiera solicitar su ayuda ya que tengo una carpeta en la cual tenía documentos en PDF muy importantes para mi trabajo, dicha carpeta estaba compartida en la Red de mi trabajo y uno de los usuarios que accedió a ella los ha infectado. He leido un tema anterior e hice las indicaciones que se mencionaban alli, por lo cual dejaré los informes para ver si me pueden ayudar a desencriptar estos archivos.

      Gracias.

      Malwarebytes Anti-Malware
      www.malwarebytes.org

      Fecha del análisis: 05/08/2016
      Hora del análisis: 02:45 a.m.
      Archivo de registro: Analizar Registro 1.txt
      Administrador: Sí

      Versión: 2.2.1.1043
      Base de datos de malwares: v2016.08.05.02
      Base de datos de rootkits: v2016.05.27.01
      Licencia: Prueba
      Protección contra el malware: Activado
      Protección contra sitios web maliciosos: Activado
      Autoprotección: Desactivado

      SO: Windows 7 Service Pack 1
      CPU: x64
      Sistema de archivos: NTFS
      Usuario: estalin

      Tipo de análisis: Análisis de amenazas
      Resultado: Completado
      Objetos analizados: 281558
      Tiempo transcurrido: 7 min, 49 seg

      Memoria: Activado
      Inicio: Activado
      Sistema de archivos: Activado
      Archivo: Activado
      Rootkits: Desactivado
      Heurística: Activado
      PUP: Activado
      PUM: Activado

      Procesos: 0
      (No hay elementos maliciosos detectados)

      Módulos: 0
      (No hay elementos maliciosos detectados)

      Claves del registro: 0
      (No hay elementos maliciosos detectados)

      Valores del registro: 0
      (No hay elementos maliciosos detectados)

      Datos del registro: 0
      (No hay elementos maliciosos detectados)

      Carpetas: 0
      (No hay elementos maliciosos detectados)

      Archivos: 0
      (No hay elementos maliciosos detectados)

      Sectores físicos: 0
      (No hay elementos maliciosos detectados)


      (end)

      Malwarebytes Anti-Malware
      www.malwarebytes.org

      Fecha del análisis: 04/08/2016
      Hora del análisis: 05:57 p.m.
      Archivo de registro: Analizar Registro 2.txt
      Administrador: Sí

      Versión: 2.2.1.1043
      Base de datos de malwares: v2016.08.04.14
      Base de datos de rootkits: v2016.05.27.01
      Licencia: Prueba
      Protección contra el malware: Activado
      Protección contra sitios web maliciosos: Activado
      Autoprotección: Desactivado

      SO: Windows 7 Service Pack 1
      CPU: x64
      Sistema de archivos: NTFS
      Usuario: estalin

      Tipo de análisis: Análisis de amenazas
      Resultado: Completado
      Objetos analizados: 314193
      Tiempo transcurrido: 8 min, 42 seg

      Memoria: Activado
      Inicio: Activado
      Sistema de archivos: Activado
      Archivo: Activado
      Rootkits: Desactivado
      Heurística: Activado
      PUP: Activado
      PUM: Activado

      Procesos: 0
      (No hay elementos maliciosos detectados)

      Módulos: 0
      (No hay elementos maliciosos detectados)

      Claves del registro: 13
      PUP.Optional.SearchManager, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, En cuarentena, [f12df35481198fa76e75de1c956ee11f],
      PUP.Optional.Yelloader, HKLM\SOFTWARE\MICROSOFT\TRACING\updssn_RASAPI32, En cuarentena, [52cc6dda1981db5b375b12c3c3406a96],
      PUP.Optional.Yelloader, HKLM\SOFTWARE\MICROSOFT\TRACING\updssn_RASMANCS, En cuarentena, [9f7f60e7386246f0dfb3e7eebf44748c],
      PUP.Optional.AmiUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\amiupdaterExd, En cuarentena, [59c507404d4dfd393af1fa9da261f30d],
      PUP.Optional.AmiUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\amiupdaterExi, En cuarentena, [1c0285c27426a1955dce702750b3fe02],
      PUP.Optional.SearchManager, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, En cuarentena, [42dc0542e9b10f27855e1bdf867da65a],
      PUP.Optional.Yelloader, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\ssn_RASAPI32, En cuarentena, [8a94371053471e187036bf0590732cd4],
      PUP.Optional.Yelloader, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\ssn_RASMANCS, En cuarentena, [56c85dea0991ac8a277fc8fcb64d669a],
      PUP.Optional.Cinema, HKU\S-1-5-21-1671539933-3593444078-1064940419-1000\SOFTWARE\CinemaP-1.9cV24.10-nv-ie, En cuarentena, [908e311694069b9b70bb702b04ffa25e],
      PUP.Optional.InstallCore, HKU\S-1-5-21-1671539933-3593444078-1064940419-1000\SOFTWARE\csastats, En cuarentena, [b16d5aed5b3fc670b72765950bf81ce4],
      PUP.Optional.SearchManager, HKU\S-1-5-21-1671539933-3593444078-1064940419-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, En cuarentena, [b6686ed92575a78f15caa02b2cd6a858],
      PUP.Optional.DeskCut, HKU\S-1-5-21-1671539933-3593444078-1064940419-1000\SOFTWARE\MOZILLA\EXTENDS, En cuarentena, [9b832d1a504a95a1dc46d3cd90738c74],
      PUP.Optional.ProductSetup, HKU\S-1-5-21-1671539933-3593444078-1064940419-1000\SOFTWARE\PRODUCTSETUP, En cuarentena, [2df13017c6d4a88e0ef75b56ac5737c9],

      Valores del registro: 6
      Trojan.Agent.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS|C:\PROGRAM FILES (X86)\PROYECTO1\PROYECTO1.EXE, 1, En cuarentena, [170783c47426fa3cbb5f7ccba061728e]
      PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, https://pe.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_fremkfs_16_29&param1=1&param2=f[908ed374792153e334196459f50fd62a]D1%26b[908ed374792153e334196459f50fd62a]DIE%26cc[908ed374792153e334196459f50fd62a]Dpe%26pa[908ed374792153e334196459f50fd62a]DWincy%26cd[908ed374792153e334196459f50fd62a]D2XzuyEtN2Y1L1Qzu0F0C0A0AtCyE0CyEyC0F0D0AyC0CtAyEtN0D0Tzu0StCyCyCtBtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1BtCtDtN1L1G1B1V1N2Y1L1Qzu2SyCtD0EyDyE0F0BzztGyCzzzytCtGyE0Dzz0FtGyE0BtBtBtGtBtCtAyCyDtBzztAtDtBtCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0A0CyB0EyDtCzytG0E0C0FzztGyEyB0F0FtGzz0FzyyEtG0C0AzyyE0AtB0DzyyB0B0FtA2QtN0A0LzuyE%26cr[908ed374792153e334196459f50fd62a]D1991022302%26a[908ed374792153e334196459f50fd62a]Dwncy_fremkfs_16_29%26os_ver[908ed374792153e334196459f50fd62a]D6.1%26os[908ed374792153e334196459f50fd62a]DWindowsEn cuarentenaB7En cuarentenaBUltimate, %4, %5
      PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, https://pe.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_fremkfs_16_29&param1=1&param2=f[819d96b17f1b75c105488538d62e728e]D1%26b[819d96b17f1b75c105488538d62e728e]DIE%26cc[819d96b17f1b75c105488538d62e728e]Dpe%26pa[819d96b17f1b75c105488538d62e728e]DWincy%26cd[819d96b17f1b75c105488538d62e728e]D2XzuyEtN2Y1L1Qzu0F0C0A0AtCyE0CyEyC0F0D0AyC0CtAyEtN0D0Tzu0StCyCyCtBtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1BtCtDtN1L1G1B1V1N2Y1L1Qzu2SyCtD0EyDyE0F0BzztGyCzzzytCtGyE0Dzz0FtGyE0BtBtBtGtBtCtAyCyDtBzztAtDtBtCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0A0CyB0EyDtCzytG0E0C0FzztGyEyB0F0FtGzz0FzyyEtG0C0AzyyE0AtB0DzyyB0B0FtA2QtN0A0LzuyE%26cr[819d96b17f1b75c105488538d62e728e]D1991022302%26a[819d96b17f1b75c105488538d62e728e]Dwncy_fremkfs_16_29%26os_ver[819d96b17f1b75c105488538d62e728e]D6.1%26os[819d96b17f1b75c105488538d62e728e]DWindowsEn cuarentenaB7En cuarentenaBUltimate, %4, %5
      PUP.Optional.DeskCut, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|[email protected], C:\Users\estalin\AppData\Roaming\Mozilla\Firefox\Profiles\i3bcv07e.default\extensions\[email protected], En cuarentena, [a27c8fb85149a19573b06b359370e917]
      PUP.Optional.DeskCut, HKU\S-1-5-21-1671539933-3593444078-1064940419-1000\SOFTWARE\MOZILLA\EXTENDS|appid, [email protected], En cuarentena, [9b832d1a504a95a1dc46d3cd90738c74]
      PUP.Optional.ProductSetup, HKU\S-1-5-21-1671539933-3593444078-1064940419-1000\SOFTWARE\PRODUCTSETUP|tb, 0X1F1T1V1G1G, En cuarentena, [2df13017c6d4a88e0ef75b56ac5737c9]

      Datos del registro: 9
      PUP.Optional.OurSurfing.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://www.oursurfing.com/web/?type=ds&ts=1445734008&z=2bd9bbd564fc156e331d02agbz2z1w7m2c6zcefe1b&from=amt&uid=wdcxwd10ezex-00bn5a0_wd-wcc3f4fsp0d1sp0d1&q={searchTerms}, Bueno: (www.google.com), Malo: (http://www.oursurfing.com/web/?type=ds&ts=1445734008&z=2bd9bbd564fc156e331d02agbz2z1w7m2c6zcefe1b&from=amt&uid=wdcxwd10ezex-00bn5a0_wd-wcc3f4fsp0d1sp0d1&q={searchTerms}),Sustituido,[59c55bec34669e98efe8c8aff90b9769]
      PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, https://pe.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_fremkfs_16_29&param1=1&param2=fMalo: (https://pe.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_fremkfs_16_29&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dpe%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0C0A0AtCyE0CyEyC0F0D0AyC0CtAyEtN0D0Tzu0StCyCyCtBtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1BtCtDtN1L1G1B1V1N2Y1L1Qzu2SyCtD0EyDyE0F0BzztGyCzzzytCtGyE0Dzz0FtGyE0BtBtBtGtBtCtAyCyDtBzztAtDtBtCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0A0CyB0EyDtCzytG0E0C0FzztGyEyB0F0FtGzz0FzyyEtG0C0AzyyE0AtB0DzyyB0B0FtA2QtN0A0LzuyE%26cr%3D1991022302%26a%3Dwncy_fremkfs_16_29%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate),Sustituido,[0717b88f4e4c2d09f3096711e61e60a0]D1%26bMalo: (https://pe.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_fremkfs_16_29&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dpe%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0C0A0AtCyE0CyEyC0F0D0AyC0CtAyEtN0D0Tzu0StCyCyCtBtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1BtCtDtN1L1G1B1V1N2Y1L1Qzu2SyCtD0EyDyE0F0BzztGyCzzzytCtGyE0Dzz0FtGyE0BtBtBtGtBtCtAyCyDtBzztAtDtBtCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0A0CyB0EyDtCzytG0E0C0FzztGyEyB0F0FtGzz0FzyyEtG0C0AzyyE0AtB0DzyyB0B0FtA2QtN0A0LzuyE%26cr%3D1991022302%26a%3Dwncy_fremkfs_16_29%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate),Sustituido,[0717b88f4e4c2d09f3096711e61e60a0]DIE%26ccMalo: (https://pe.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_fremkfs_16_29&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dpe%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0C0A0AtCyE0CyEyC0F0D0AyC0CtAyEtN0D0Tzu0StCyCyCtBtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1BtCtDtN1L1G1B1V1N2Y1L1Qzu2SyCtD0EyDyE0F0BzztGyCzzzytCtGyE0Dzz0FtGyE0BtBtBtGtBtCtAyCyDtBzztAtDtBtCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0A0CyB0EyDtCzytG0E0C0FzztGyEyB0F0FtGzz0FzyyEtG0C0AzyyE0AtB0DzyyB0B0FtA2QtN0A0LzuyE%26cr%3D1991022302%26a%3Dwncy_fremkfs_16_29%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate),Sustituido,[0717b88f4e4c2d09f3096711e61e60a0]Dpe%26paMalo: (https://pe.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_fremkfs_16_29&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dpe%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0C0A0AtCyE0CyEyC0F0D0AyC0CtAyEtN0D0Tzu0StCyCyCtBtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1BtCtDtN1L1G1B1V1N2Y1L1Qzu2SyCtD0EyDyE0F0BzztGyCzzzytCtGyE0Dzz0FtGyE0BtBtBtGtBtCtAyCyDtBzztAtDtBtCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0A0CyB0EyDtCzytG0E0C0FzztGyEyB0F0FtGzz0FzyyEtG0C0AzyyE0AtB0DzyyB0B0FtA2QtN0A0LzuyE%26cr%3D1991022302%26a%3Dwncy_fremkfs_16_29%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate),Sustituido,[0717b88f4e4c2d09f3096711e61e60a0]DWincy%26cdMalo: (https://pe.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_fremkfs_16_29&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dpe%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0C0A0AtCyE0CyEyC0F0D0AyC0CtAyEtN0D0Tzu0StCyCyCtBtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1BtCtDtN1L1G1B1V1N2Y1L1Qzu2SyCtD0EyDyE0F0BzztGyCzzzytCtGyE0Dzz0FtGyE0BtBtBtGtBtCtAyCyDtBzztAtDtBtCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0A0CyB0EyDtCzytG0E0C0FzztGyEyB0F0FtGzz0FzyyEtG0C0AzyyE0AtB0DzyyB0B0FtA2QtN0A0LzuyE%26cr%3D1991022302%26a%3Dwncy_fremkfs_16_29%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate),Sustituido,[0717b88f4e4c2d09f3096711e61e60a0]D2XzuyEtN2Y1L1Qzu0F0C0A0AtCyE0CyEyC0F0D0AyC0CtAyEtN0D0Tzu0StCyCyCtBtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1BtCtDtN1L1G1B1V1N2Y1L1Qzu2SyCtD0EyDyE0F0BzztGyCzzzytCtGyE0Dzz0FtGyE0BtBtBtGtBtCtAyCyDtBzztAtDtBtCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0A0CyB0EyDtCzytG0E0C0FzztGyEyB0F0FtGzz0FzyyEtG0C0AzyyE0AtB0DzyyB0B0FtA2QtN0A0LzuyE%26crMalo: (https://pe.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_fremkfs_16_29&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dpe%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0C0A0AtCyE0CyEyC0F0D0AyC0CtAyEtN0D0Tzu0StCyCyCtBtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1BtCtDtN1L1G1B1V1N2Y1L1Qzu2SyCtD0EyDyE0F0BzztGyCzzzytCtGyE0Dzz0FtGyE0BtBtBtGtBtCtAyCyDtBzztAtDtBtCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0A0CyB0EyDtCzytG0E0C0FzztGyEyB0F0FtGzz0FzyyEtG0C0AzyyE0AtB0DzyyB0B0FtA2QtN0A0LzuyE%26cr%3D1991022302%26a%3Dwncy_fremkfs_16_29%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate),Sustituido,[0717b88f4e4c2d09f3096711e61e60a0]D1991022302%26aMalo: (https://pe.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_fremkfs_16_29&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dpe%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0C0A0AtCyE0CyEyC0F0D0AyC0CtAyEtN0D0Tzu0StCyCyCtBtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1BtCtDtN1L1G1B1V1N2Y1L1Qzu2SyCtD0EyDyE0F0BzztGyCzzzytCtGyE0Dzz0FtGyE0BtBtBtGtBtCtAyCyDtBzztAtDtBtCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0A0CyB0EyDtCzytG0E0C0FzztGyEyB0F0FtGzz0FzyyEtG0C0AzyyE0AtB0DzyyB0B0FtA2QtN0A0LzuyE%26cr%3D1991022302%26a%3Dwncy_fremkfs_16_29%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate),Sustituido,[0717b88f4e4c2d09f3096711e61e60a0]Dwncy_fremkfs_16_29%26os_verMalo: (https://pe.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_fremkfs_16_29&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dpe%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0C0A0AtCyE0CyEyC0F0D0AyC0CtAyEtN0D0Tzu0StCyCyCtBtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1BtCtDtN1L1G1B1V1N2Y1L1Qzu2SyCtD0EyDyE0F0BzztGyCzzzytCtGyE0Dzz0FtGyE0BtBtBtGtBtCtAyCyDtBzztAtDtBtCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0A0CyB0EyDtCzytG0E0C0FzztGyEyB0F0FtGzz0FzyyEtG0C0AzyyE0AtB0DzyyB0B0FtA2QtN0A0LzuyE%26cr%3D1991022302%26a%3Dwncy_fremkfs_16_29%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate),Sustituido,[0717b88f4e4c2d09f3096711e61e60a0]D6.1%26osMalo: (https://pe.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_fremkfs_16_29&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dpe%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0C0A0AtCyE0CyEyC0F0D0AyC0CtAyEtN0D0Tzu0StCyCyCtBtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1BtCtDtN1L1G1B1V1N2Y1L1Qzu2SyCtD0EyDyE0F0BzztGyCzzzytCtGyE0Dzz0FtGyE0BtBtBtGtBtCtAyCyDtBzztAtDtBtCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0A0CyB0EyDtCzytG0E0C0FzztGyEyB0F0FtGzz0FzyyEtG0C0AzyyE0AtB0DzyyB0B0FtA2QtN0A0LzuyE%26cr%3D1991022302%26a%3Dwncy_fremkfs_16_29%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate),Sustituido,[0717b88f4e4c2d09f3096711e61e60a0]DWindowsBueno: (www.google.com)B7Bueno: (www.google.com)BUltimate, %4, %5
      PUP.Optional.OurSurfing.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://www.oursurfing.com/web/?type=ds&ts=1445734008&z=2bd9bbd564fc156e331d02agbz2z1w7m2c6zcefe1b&from=amt&uid=wdcxwd10ezex-00bn5a0_wd-wcc3f4fsp0d1sp0d1&q={searchTerms}, Bueno: (www.google.com), Malo: (http://www.oursurfing.com/web/?type=ds&ts=1445734008&z=2bd9bbd564fc156e331d02agbz2z1w7m2c6zcefe1b&from=amt&uid=wdcxwd10ezex-00bn5a0_wd-wcc3f4fsp0d1sp0d1&q={searchTerms}),Sustituido,[ca548fb8d0caf14586510f685aaa1ae6]
      PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Bueno: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Malo: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Sustituido,[1fff4106207a69cd6ec0146329db59a7]
      PUP.Optional.OurSurfing.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://www.oursurfing.com/web/?type=ds&ts=1445734008&z=2bd9bbd564fc156e331d02agbz2z1w7m2c6zcefe1b&from=amt&uid=wdcxwd10ezex-00bn5a0_wd-wcc3f4fsp0d1sp0d1&q={searchTerms}, Bueno: (www.google.com), Malo: (http://www.oursurfing.com/web/?type=ds&ts=1445734008&z=2bd9bbd564fc156e331d02agbz2z1w7m2c6zcefe1b&from=amt&uid=wdcxwd10ezex-00bn5a0_wd-wcc3f4fsp0d1sp0d1&q={searchTerms}),Sustituido,[fd21b1967822d5610dca7601d430768a]
      PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, https://pe.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_fremkfs_16_29&param1=1&param2=fMalo: (https://pe.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_fremkfs_16_29&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dpe%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0C0A0AtCyE0CyEyC0F0D0AyC0CtAyEtN0D0Tzu0StCyCyCtBtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1BtCtDtN1L1G1B1V1N2Y1L1Qzu2SyCtD0EyDyE0F0BzztGyCzzzytCtGyE0Dzz0FtGyE0BtBtBtGtBtCtAyCyDtBzztAtDtBtCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0A0CyB0EyDtCzytG0E0C0FzztGyEyB0F0FtGzz0FzyyEtG0C0AzyyE0AtB0DzyyB0B0FtA2QtN0A0LzuyE%26cr%3D1991022302%26a%3Dwncy_fremkfs_16_29%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate),Sustituido,[45d953f4306ab4821edef28645bf12ee]D1%26bMalo: (https://pe.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_fremkfs_16_29&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dpe%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0C0A0AtCyE0CyEyC0F0D0AyC0CtAyEtN0D0Tzu0StCyCyCtBtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1BtCtDtN1L1G1B1V1N2Y1L1Qzu2SyCtD0EyDyE0F0BzztGyCzzzytCtGyE0Dzz0FtGyE0BtBtBtGtBtCtAyCyDtBzztAtDtBtCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0A0CyB0EyDtCzytG0E0C0FzztGyEyB0F0FtGzz0FzyyEtG0C0AzyyE0AtB0DzyyB0B0FtA2QtN0A0LzuyE%26cr%3D1991022302%26a%3Dwncy_fremkfs_16_29%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate),Sustituido,[45d953f4306ab4821edef28645bf12ee]DIE%26ccMalo: (https://pe.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_fremkfs_16_29&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dpe%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0C0A0AtCyE0CyEyC0F0D0AyC0CtAyEtN0D0Tzu0StCyCyCtBtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1BtCtDtN1L1G1B1V1N2Y1L1Qzu2SyCtD0EyDyE0F0BzztGyCzzzytCtGyE0Dzz0FtGyE0BtBtBtGtBtCtAyCyDtBzztAtDtBtCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0A0CyB0EyDtCzytG0E0C0FzztGyEyB0F0FtGzz0FzyyEtG0C0AzyyE0AtB0DzyyB0B0FtA2QtN0A0LzuyE%26cr%3D1991022302%26a%3Dwncy_fremkfs_16_29%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate),Sustituido,[45d953f4306ab4821edef28645bf12ee]Dpe%26paMalo: (https://pe.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_fremkfs_16_29&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dpe%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0C0A0AtCyE0CyEyC0F0D0AyC0CtAyEtN0D0Tzu0StCyCyCtBtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1BtCtDtN1L1G1B1V1N2Y1L1Qzu2SyCtD0EyDyE0F0BzztGyCzzzytCtGyE0Dzz0FtGyE0BtBtBtGtBtCtAyCyDtBzztAtDtBtCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0A0CyB0EyDtCzytG0E0C0FzztGyEyB0F0FtGzz0FzyyEtG0C0AzyyE0AtB0DzyyB0B0FtA2QtN0A0LzuyE%26cr%3D1991022302%26a%3Dwncy_fremkfs_16_29%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate),Sustituido,[45d953f4306ab4821edef28645bf12ee]DWincy%26cdMalo: (https://pe.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_fremkfs_16_29&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dpe%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0C0A0AtCyE0CyEyC0F0D0AyC0CtAyEtN0D0Tzu0StCyCyCtBtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1BtCtDtN1L1G1B1V1N2Y1L1Qzu2SyCtD0EyDyE0F0BzztGyCzzzytCtGyE0Dzz0FtGyE0BtBtBtGtBtCtAyCyDtBzztAtDtBtCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0A0CyB0EyDtCzytG0E0C0FzztGyEyB0F0FtGzz0FzyyEtG0C0AzyyE0AtB0DzyyB0B0FtA2QtN0A0LzuyE%26cr%3D1991022302%26a%3Dwncy_fremkfs_16_29%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate),Sustituido,[45d953f4306ab4821edef28645bf12ee]D2XzuyEtN2Y1L1Qzu0F0C0A0AtCyE0CyEyC0F0D0AyC0CtAyEtN0D0Tzu0StCyCyCtBtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1BtCtDtN1L1G1B1V1N2Y1L1Qzu2SyCtD0EyDyE0F0BzztGyCzzzytCtGyE0Dzz0FtGyE0BtBtBtGtBtCtAyCyDtBzztAtDtBtCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0A0CyB0EyDtCzytG0E0C0FzztGyEyB0F0FtGzz0FzyyEtG0C0AzyyE0AtB0DzyyB0B0FtA2QtN0A0LzuyE%26crMalo: (https://pe.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_fremkfs_16_29&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dpe%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0C0A0AtCyE0CyEyC0F0D0AyC0CtAyEtN0D0Tzu0StCyCyCtBtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1BtCtDtN1L1G1B1V1N2Y1L1Qzu2SyCtD0EyDyE0F0BzztGyCzzzytCtGyE0Dzz0FtGyE0BtBtBtGtBtCtAyCyDtBzztAtDtBtCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0A0CyB0EyDtCzytG0E0C0FzztGyEyB0F0FtGzz0FzyyEtG0C0AzyyE0AtB0DzyyB0B0FtA2QtN0A0LzuyE%26cr%3D1991022302%26a%3Dwncy_fremkfs_16_29%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate),Sustituido,[45d953f4306ab4821edef28645bf12ee]D1991022302%26aMalo: (https://pe.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_fremkfs_16_29&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dpe%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0C0A0AtCyE0CyEyC0F0D0AyC0CtAyEtN0D0Tzu0StCyCyCtBtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1BtCtDtN1L1G1B1V1N2Y1L1Qzu2SyCtD0EyDyE0F0BzztGyCzzzytCtGyE0Dzz0FtGyE0BtBtBtGtBtCtAyCyDtBzztAtDtBtCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0A0CyB0EyDtCzytG0E0C0FzztGyEyB0F0FtGzz0FzyyEtG0C0AzyyE0AtB0DzyyB0B0FtA2QtN0A0LzuyE%26cr%3D1991022302%26a%3Dwncy_fremkfs_16_29%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate),Sustituido,[45d953f4306ab4821edef28645bf12ee]Dwncy_fremkfs_16_29%26os_verMalo: (https://pe.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_fremkfs_16_29&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dpe%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0C0A0AtCyE0CyEyC0F0D0AyC0CtAyEtN0D0Tzu0StCyCyCtBtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1BtCtDtN1L1G1B1V1N2Y1L1Qzu2SyCtD0EyDyE0F0BzztGyCzzzytCtGyE0Dzz0FtGyE0BtBtBtGtBtCtAyCyDtBzztAtDtBtCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0A0CyB0EyDtCzytG0E0C0FzztGyEyB0F0FtGzz0FzyyEtG0C0AzyyE0AtB0DzyyB0B0FtA2QtN0A0LzuyE%26cr%3D1991022302%26a%3Dwncy_fremkfs_16_29%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate),Sustituido,[45d953f4306ab4821edef28645bf12ee]D6.1%26osMalo: (https://pe.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_fremkfs_16_29&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dpe%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0C0A0AtCyE0CyEyC0F0D0AyC0CtAyEtN0D0Tzu0StCyCyCtBtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1BtCtDtN1L1G1B1V1N2Y1L1Qzu2SyCtD0EyDyE0F0BzztGyCzzzytCtGyE0Dzz0FtGyE0BtBtBtGtBtCtAyCyDtBzztAtDtBtCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0A0CyB0EyDtCzytG0E0C0FzztGyEyB0F0FtGzz0FzyyEtG0C0AzyyE0AtB0DzyyB0B0FtA2QtN0A0LzuyE%26cr%3D1991022302%26a%3Dwncy_fremkfs_16_29%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate),Sustituido,[45d953f4306ab4821edef28645bf12ee]DWindowsBueno: (www.google.com)B7Bueno: (www.google.com)BUltimate, %4, %5
      PUP.Optional.OurSurfing.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://www.oursurfing.com/web/?type=ds&ts=1445734008&z=2bd9bbd564fc156e331d02agbz2z1w7m2c6zcefe1b&from=amt&uid=wdcxwd10ezex-00bn5a0_wd-wcc3f4fsp0d1sp0d1&q={searchTerms}, Bueno: (www.google.com), Malo: (http://www.oursurfing.com/web/?type=ds&ts=1445734008&z=2bd9bbd564fc156e331d02agbz2z1w7m2c6zcefe1b&from=amt&uid=wdcxwd10ezex-00bn5a0_wd-wcc3f4fsp0d1sp0d1&q={searchTerms}),Sustituido,[b16da3a41d7d0b2b40974730877de61a]
      PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Bueno: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Malo: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Sustituido,[061864e3c0da75c13cf2601755af9868]
      PUP.Optional.OurSurfing.ShrtCln, HKU\S-1-5-21-1671539933-3593444078-1064940419-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.oursurfing.com/?type=hp&ts=1445734008&z=2bd9bbd564fc156e331d02agbz2z1w7m2c6zcefe1b&from=amt&uid=wdcxwd10ezex-00bn5a0_wd-wcc3f4fsp0d1sp0d1, Bueno: (www.google.com), Malo: (http://www.oursurfing.com/?type=hp&ts=1445734008&z=2bd9bbd564fc156e331d02agbz2z1w7m2c6zcefe1b&from=amt&uid=wdcxwd10ezex-00bn5a0_wd-wcc3f4fsp0d1sp0d1),Sustituido,[56c8a2a5e7b35ed84d8487f0e42003fd]

      Carpetas: 1
      PUP.Optional.GlobalUpdate, C:\Users\estalin\AppData\Local\Temp\comh.30906, En cuarentena, [cf4f76d121791026607e892bd32f946c],

      Archivos: 8
      Trojan.Agent.Generic, C:\Program Files (x86)\Proyecto1\Proyecto1.exe, En cuarentena, [170783c47426fa3cbb5f7ccba061728e],
      Trojan.MalPack, C:\Program Files (x86)\sXe Injected\sXe.dll, En cuarentena, [bf5f8dba88123105320f1995629ffc04],
      PUP.Optional.ModGoog, C:\Users\estalin\AppData\Local\Temp\comh.30906\globalupdateBroker.exe, En cuarentena, [3ee05aedb4e664d21edf04f83ec2f010],
      PUP.Optional.ModGoog, C:\Users\estalin\AppData\Local\Temp\comh.30906\globalupdateOnDemand.exe, En cuarentena, [ae7066e1fd9d3ff7e11c2ad22dd30af6],
      PUP.Optional.OurSurfing.ShrtCln, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\oursurfing.xml, En cuarentena, [b9657fc86436ab8bbbaabdd3e22120e0],
      PUP.Optional.GlobalUpdate, C:\Users\estalin\AppData\Local\Temp\comh.30906\globalupdateHelper.msi, En cuarentena, [cf4f76d121791026607e892bd32f946c],
      PUP.Optional.WinYahoo, C:\Users\estalin\AppData\Roaming\Mozilla\Firefox\Profiles\i3bcv07e.default\prefs.js, Bueno: (user_pref("browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/), Malo: (user_pref("browser.startup.homepage", "https://pe.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy), Sustituido,[c65898af0d8d3ef84cab029de71d0df3]
      PUP.Optional.WinYahoo, C:\Users\estalin\AppData\Roaming\Mozilla\Firefox\Profiles\i3bcv07e.default\searchplugins\yahoo! powered.xml, En cuarentena, [ef2f2423198180b63ee31a82ab59ab55],

      Sectores físicos: 0
      (No hay elementos maliciosos detectados)


      (end)

      Malwarebytes Anti-Malware
      www.malwarebytes.org


      Update, 05/08/2016 12:40 a.m., SYSTEM, RONNY, Scheduler, Malware Database, 2016.8.5.1, 2016.8.5.2,
      Protection, 05/08/2016 12:40 a.m., SYSTEM, RONNY, Protection, Refresh, Starting,
      Protection, 05/08/2016 12:40 a.m., SYSTEM, RONNY, Protection, Malicious Website Protection, Stopping,
      Protection, 05/08/2016 12:40 a.m., SYSTEM, RONNY, Protection, Malicious Website Protection, Stopped,
      Protection, 05/08/2016 12:40 a.m., SYSTEM, RONNY, Protection, Refresh, Success,
      Protection, 05/08/2016 12:40 a.m., SYSTEM, RONNY, Protection, Malicious Website Protection, Starting,
      Protection, 05/08/2016 12:40 a.m., SYSTEM, RONNY, Protection, Malicious Website Protection, Started,
      Error, 05/08/2016 02:25 a.m., SYSTEM, RONNY, Scheduler, 0,
      Update, 05/08/2016 02:25 a.m., SYSTEM, RONNY, Scheduler, Malware Database, Failed, Unable to access update server, 2016.8.5.2, 2016.8.5.3,
      Scan, 05/08/2016 02:53 a.m., SYSTEM, RONNY, Context, Inicio:05/08/2016 02:45 a.m., Duración:7 min, 49 seg, Análisis de amenazas, Completado, Detecciones de malware de 0, Detecciones de códigos no de malware de 0,
      Update, 05/08/2016 03:29 a.m., SYSTEM, RONNY, Scheduler, Malware Database, 2016.8.5.2, 2016.8.5.3,
      Protection, 05/08/2016 03:29 a.m., SYSTEM, RONNY, Protection, Refresh, Starting,
      Protection, 05/08/2016 03:29 a.m., SYSTEM, RONNY, Protection, Malicious Website Protection, Stopping,
      Protection, 05/08/2016 03:29 a.m., SYSTEM, RONNY, Protection, Malicious Website Protection, Stopped,
      Protection, 05/08/2016 03:29 a.m., SYSTEM, RONNY, Protection, Refresh, Success,
      Protection, 05/08/2016 03:29 a.m., SYSTEM, RONNY, Protection, Malicious Website Protection, Starting,
      Protection, 05/08/2016 03:29 a.m., SYSTEM, RONNY, Protection, Malicious Website Protection, Started,
      Update, 05/08/2016 04:28 a.m., SYSTEM, RONNY, Scheduler, Malware Database, 2016.8.5.3, 2016.8.5.4,
      Protection, 05/08/2016 04:28 a.m., SYSTEM, RONNY, Protection, Refresh, Starting,
      Protection, 05/08/2016 04:28 a.m., SYSTEM, RONNY, Protection, Malicious Website Protection, Stopping,
      Protection, 05/08/2016 04:28 a.m., SYSTEM, RONNY, Protection, Malicious Website Protection, Stopped,
      Protection, 05/08/2016 04:28 a.m., SYSTEM, RONNY, Protection, Refresh, Success,
      Protection, 05/08/2016 04:28 a.m., SYSTEM, RONNY, Protection, Malicious Website Protection, Starting,
      Protection, 05/08/2016 04:28 a.m., SYSTEM, RONNY, Protection, Malicious Website Protection, Started,

      (end)


      Malwarebytes Anti-Malware
      www.malwarebytes.org


      Protection, 04/08/2016 05:52 p.m., SYSTEM, RONNY, Protection, Malware Protection, Starting,
      Protection, 04/08/2016 05:52 p.m., SYSTEM, RONNY, Protection, Malware Protection, Started,
      Protection, 04/08/2016 05:52 p.m., SYSTEM, RONNY, Protection, Malicious Website Protection, Starting,
      Protection, 04/08/2016 05:52 p.m., SYSTEM, RONNY, Protection, Malicious Website Protection, Started,
      Update, 04/08/2016 05:57 p.m., SYSTEM, RONNY, Manual, Rootkit Database, 2016.2.8.1, 2016.5.27.1,
      Update, 04/08/2016 05:57 p.m., SYSTEM, RONNY, Manual, IP Database, 2016.2.8.1, 2016.8.4.1,
      Update, 04/08/2016 05:57 p.m., SYSTEM, RONNY, Manual, Malware Database, 2016.2.16.6, 2016.8.4.14,
      Error, 04/08/2016 05:57 p.m., SYSTEM, RONNY, Manual, 0,
      Update, 04/08/2016 05:57 p.m., SYSTEM, RONNY, Manual, Remediation Database, Failed, Unable to access update server, 2016.2.12.1, 2016.8.3.1,
      Protection, 04/08/2016 05:57 p.m., SYSTEM, RONNY, Protection, Refresh, Starting,
      Protection, 04/08/2016 05:57 p.m., SYSTEM, RONNY, Protection, Malicious Website Protection, Stopping,
      Protection, 04/08/2016 05:57 p.m., SYSTEM, RONNY, Protection, Malicious Website Protection, Stopped,
      Protection, 04/08/2016 05:57 p.m., SYSTEM, RONNY, Protection, Refresh, Success,
      Protection, 04/08/2016 05:57 p.m., SYSTEM, RONNY, Protection, Malicious Website Protection, Starting,
      Protection, 04/08/2016 05:57 p.m., SYSTEM, RONNY, Protection, Malicious Website Protection, Started,
      Scan, 04/08/2016 06:09 p.m., SYSTEM, RONNY, Manual, Inicio:04/08/2016 05:57 p.m., Duración:8 min, 42 seg, Análisis de amenazas, Completado, Detecciones de malware de 3, Detecciones de códigos no de malware de 34,
      Protection, 04/08/2016 06:10 p.m., SYSTEM, RONNY, Protection, Malware Protection, Starting,
      Protection, 04/08/2016 06:10 p.m., SYSTEM, RONNY, Protection, Malware Protection, Started,
      Protection, 04/08/2016 06:10 p.m., SYSTEM, RONNY, Protection, Malicious Website Protection, Starting,
      Protection, 04/08/2016 06:10 p.m., SYSTEM, RONNY, Protection, Malicious Website Protection, Started,
      Update, 04/08/2016 06:21 p.m., SYSTEM, RONNY, Manual, Remediation Database, 2016.2.12.1, 2016.8.3.1,
      Protection, 04/08/2016 06:21 p.m., SYSTEM, RONNY, Protection, Refresh, Starting,
      Protection, 04/08/2016 06:21 p.m., SYSTEM, RONNY, Protection, Malicious Website Protection, Stopping,
      Protection, 04/08/2016 06:21 p.m., SYSTEM, RONNY, Protection, Malicious Website Protection, Stopped,
      Protection, 04/08/2016 06:21 p.m., SYSTEM, RONNY, Protection, Refresh, Success,
      Protection, 04/08/2016 06:21 p.m., SYSTEM, RONNY, Protection, Malicious Website Protection, Starting,
      Protection, 04/08/2016 06:21 p.m., SYSTEM, RONNY, Protection, Malicious Website Protection, Started,
      Error, 04/08/2016 06:27 p.m., SYSTEM, RONNY, Scheduler, 0,
      Update, 04/08/2016 06:27 p.m., SYSTEM, RONNY, Scheduler, Domain Database, Failed, Unable to access update server, 2016.2.16.8, 2016.8.4.11,
      Update, 04/08/2016 06:37 p.m., SYSTEM, RONNY, Scheduler, Domain Database, 2016.2.16.8, 2016.8.4.11,
      Protection, 04/08/2016 06:37 p.m., SYSTEM, RONNY, Protection, Refresh, Starting,
      Protection, 04/08/2016 06:37 p.m., SYSTEM, RONNY, Protection, Malicious Website Protection, Stopping,
      Protection, 04/08/2016 06:37 p.m., SYSTEM, RONNY, Protection, Malicious Website Protection, Stopped,
      Protection, 04/08/2016 06:37 p.m., SYSTEM, RONNY, Protection, Refresh, Success,
      Protection, 04/08/2016 06:37 p.m., SYSTEM, RONNY, Protection, Malicious Website Protection, Starting,
      Protection, 04/08/2016 06:37 p.m., SYSTEM, RONNY, Protection, Malicious Website Protection, Started,
      Update, 04/08/2016 07:40 p.m., SYSTEM, RONNY, Scheduler, Malware Database, 2016.8.4.14, 2016.8.5.1,
      Protection, 04/08/2016 07:40 p.m., SYSTEM, RONNY, Protection, Refresh, Starting,
      Protection, 04/08/2016 07:40 p.m., SYSTEM, RONNY, Protection, Malicious Website Protection, Stopping,
      Protection, 04/08/2016 07:40 p.m., SYSTEM, RONNY, Protection, Malicious Website Protection, Stopped,
      Protection, 04/08/2016 07:40 p.m., SYSTEM, RONNY, Protection, Refresh, Success,
      Protection, 04/08/2016 07:40 p.m., SYSTEM, RONNY, Protection, Malicious Website Protection, Starting,
      Protection, 04/08/2016 07:40 p.m., SYSTEM, RONNY, Protection, Malicious Website Protection, Started,

      (end)


      C:\Users\estalin\Downloads\cd72ceb304pdfcreaetor-171setup.exe Win32/InstallMonetizer.AQ aplicación potencialmente indeseable eliminado
      C:\Users\estalin\Downloads\PDFCreator-2_1_2-setup.exe Win32/InstallMonetizer.AQ aplicación potencialmente indeseable eliminado
      C:\Users\estalin\Downloads\rcsetup152.exe Win32/Bundled.Toolbar.Google.D aplicación potencialmente peligrosa eliminado
      C:\Users\estalin\Downloads\Aplicaciones\AO13.rar una variante de MSIL/HackTool.IdleKMS.A aplicación potencialmente peligrosa eliminado
      C:\Users\estalin\Downloads\Aplicaciones\mtmrx2.5.1.rar una variante de MSIL/HackKMS.G aplicación potencialmente peligrosa eliminado
      C:\Users\estalin\Downloads\Aplicaciones\winzip180es-64.msi una variante de Win32/Systweak.L aplicación potencialmente indeseable eliminado
      C:\Users\estalin\Downloads\Aplicaciones\KMSpico.v8.4-heldigard\KMSpico Install\KMSpico_Install_v8.4.exe una variante de MSIL/HackTool.IdleKMS.B aplicación potencialmente peligrosa eliminado
      C:\Users\estalin\Downloads\Aplicaciones\KMSpico.v8.4-heldigard\KMSpico Install\KMSpico_Install_v8.4.rar una variante de MSIL/HackTool.IdleKMS.B aplicación potencialmente peligrosa eliminado
      C:\Users\estalin\Downloads\Aplicaciones\KMSpico.v8.4-heldigard\KMSpico OEM\$OEM$\$$\Setup\Scripts\KMSpico.exe una variante de MSIL/HackTool.IdleKMS.B aplicación potencialmente peligrosa eliminado
      D:\Archivos\cs7\disable_activation.cmd BAT/HostsChanger.A aplicación potencialmente peligrosa no se ha podido desinfectar - archivo eliminado
      D:\Archivos\office 2013\KMSpico Install\KMSpico_Install_v8.7.exe una variante de MSIL/HackTool.IdleKMS.B aplicación potencialmente peligrosa eliminado
      F:\Información Contable\AO13.rar una variante de MSIL/HackTool.IdleKMS.A aplicación potencialmente peligrosa eliminado
      F:\Información Contable\mtmrx2.5.1.rar una variante de MSIL/HackKMS.G aplicación potencialmente peligrosa eliminado

    2. #2
      Warrior Avatar de @JoseAsuncion
      Registrado
      sep 2012
      Ubicación
      Lima
      Mensajes
      11.695

      Re: Archivos Encriptados con extension .ZEPTO

      No creo que se pueda desencriptar ya que es una variante de locky, te dejo un link referente al tema.

      Campaña de spam distribuye el ransomware Zepto una variante de Locky.

      Sin embargo, puedes probar con ID RANSOMWARE a ver si hay un desencriptador disponible.

      saludos.
      Woaxxx
      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.