Amenaza con origen cuenta propia

Eliminar Malwares
10

Hola @akirache

Ejecutaste FRST desde un lugar incorrecto:

  • Running from C:\Users\akira\Downloads\ AntiVirus

No debe estar dentro de una carpeta, corta el ejecutable y pegalo en tu escritorio <<< Esto es Muy Importante.

Sigue estos pasos:

1.- Muy Importante >>> Realizar una copia de Seguridad de su Registro.

  • Descarga DelFix en el escritorio de Windows.
  • Clic Derecho, “Ejecutar como Administrador”.
  • En la ventana principal, marca solamente la casilla “Create Registry Backup”.
  • Clic en Run.

Al terminar se abrirá un reporte llamado DelFix.txt, guárdelo por si fuera necesario y cierre la herramienta…

2.- Desactiva Temporalmente tu antivirus.

3.- Abre un nuevo archivo Notepad/Bloc de Notas y copia y pega este contenido:


Start
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-358205242-1294261426-4112239854-1001\...\MountPoints2: {c06a33d8-5602-11e8-af7c-74dfbf3cf8c0} - "G:\Setup.exe" 
Task: {8EDFE1CB-137B-46A6-845D-04FBD5582BA3} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1873288 2019-09-19] (AVAST Software s.r.o. -> AVAST Software)
C:\Program Files\Common Files\AVAST Software
Task: {BF199348-6B80-4B5D-BBF6-38749FBDE599} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
HKU\S-1-5-21-358205242-1294261426-4112239854-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
HKU\S-1-5-21-358205242-1294261426-4112239854-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
SearchScopes: HKU\S-1-5-21-358205242-1294261426-4112239854-1001 -> DefaultScope {4248C069-DD0D-4609-B144-969CCBDF28B6} URL = 
SearchScopes: HKU\S-1-5-21-358205242-1294261426-4112239854-1001 -> {4248C069-DD0D-4609-B144-969CCBDF28B6} URL 
U3 aswbdisk; no ImagePath
U3 aswblog; no ImagePath
2019-09-21 19:05 - 2019-10-05 08:41 - 000000000 ____D C:\ProgramData\McInstTemp0132271569107133
2019-02-07 20:49 - 2019-02-07 20:49 - 000046405 _____ () C:\Users\akira\AppData\Roaming\001513689ec547768f3f1107a7ecab8f
2019-02-07 20:49 - 2019-02-07 20:49 - 000013647 _____ () C:\Users\akira\AppData\Roaming\001513689ec547768f3f1107a7ecab8fthumb
2019-02-07 20:49 - 2019-02-07 20:49 - 000046405 _____ () C:\Users\akira\AppData\Roaming\0a0b0446afc64c8dab853892278e6e6e
2019-02-07 20:49 - 2019-02-07 20:49 - 000013647 _____ () C:\Users\akira\AppData\Roaming\0a0b0446afc64c8dab853892278e6e6ethumb
2019-02-07 20:49 - 2019-02-07 20:49 - 000046405 _____ () C:\Users\akira\AppData\Roaming\0a88199185ce437f8c400e8bb3790010
2019-02-07 20:49 - 2019-02-07 20:49 - 000013647 _____ () C:\Users\akira\AppData\Roaming\0a88199185ce437f8c400e8bb3790010thumb
2019-02-07 20:49 - 2019-02-07 20:49 - 000046405 _____ () C:\Users\akira\AppData\Roaming\0bc13edb5cb7488ebe7ebfebcc2d92e2
2019-02-07 20:49 - 2019-02-07 20:49 - 000013647 _____ () C:\Users\akira\AppData\Roaming\0bc13edb5cb7488ebe7ebfebcc2d92e2thumb
2019-02-07 20:49 - 2019-02-07 20:49 - 000046405 _____ () C:\Users\akira\AppData\Roaming\21c26c228075461eb93b094cf3bfd2a4
2019-02-07 20:49 - 2019-02-07 20:49 - 000013647 _____ () C:\Users\akira\AppData\Roaming\21c26c228075461eb93b094cf3bfd2a4thumb
2019-02-07 20:49 - 2019-02-07 20:49 - 000046405 _____ () C:\Users\akira\AppData\Roaming\38a0bbddcf1644b192d4c7d03494cf33
2019-02-07 20:49 - 2019-02-07 20:49 - 000013647 _____ () C:\Users\akira\AppData\Roaming\38a0bbddcf1644b192d4c7d03494cf33thumb
2019-02-07 20:49 - 2019-02-07 20:49 - 000046405 _____ () C:\Users\akira\AppData\Roaming\3eb59f2def084ec3806899fab38dbda6
2019-02-07 20:49 - 2019-02-07 20:49 - 000013647 _____ () C:\Users\akira\AppData\Roaming\3eb59f2def084ec3806899fab38dbda6thumb
2019-02-07 20:49 - 2019-02-07 20:49 - 000046405 _____ () C:\Users\akira\AppData\Roaming\52b09522cfb94e499e9027c1994f00b6
2019-02-07 20:49 - 2019-02-07 20:49 - 000013647 _____ () C:\Users\akira\AppData\Roaming\52b09522cfb94e499e9027c1994f00b6thumb
2019-02-07 20:49 - 2019-02-07 20:49 - 000046405 _____ () C:\Users\akira\AppData\Roaming\614901c6124045a28f509cbcfeae79c6
2019-02-07 20:49 - 2019-02-07 20:49 - 000013647 _____ () C:\Users\akira\AppData\Roaming\614901c6124045a28f509cbcfeae79c6thumb
2019-02-07 20:49 - 2019-02-07 20:49 - 000046405 _____ () C:\Users\akira\AppData\Roaming\68f35b55dc8245d681ea802d731b4fb7
2019-02-07 20:49 - 2019-02-07 20:49 - 000013647 _____ () C:\Users\akira\AppData\Roaming\68f35b55dc8245d681ea802d731b4fb7thumb
2019-02-07 20:49 - 2019-02-07 20:49 - 000046405 _____ () C:\Users\akira\AppData\Roaming\951385a688bf4ddebeaaeecb3d6c66f2
2019-02-07 20:49 - 2019-02-07 20:49 - 000013647 _____ () C:\Users\akira\AppData\Roaming\951385a688bf4ddebeaaeecb3d6c66f2thumb
2019-02-07 20:49 - 2019-02-07 20:49 - 000046405 _____ () C:\Users\akira\AppData\Roaming\a2af369034924618b01bd73b852fa03f
2019-02-07 20:49 - 2019-02-07 20:49 - 000013647 _____ () C:\Users\akira\AppData\Roaming\a2af369034924618b01bd73b852fa03fthumb
2019-02-07 20:49 - 2019-02-07 20:49 - 000046405 _____ () C:\Users\akira\AppData\Roaming\afb0d8ae14724a988301a50da0f55541
2019-02-07 20:49 - 2019-02-07 20:49 - 000013647 _____ () C:\Users\akira\AppData\Roaming\afb0d8ae14724a988301a50da0f55541thumb
2019-02-07 20:49 - 2019-02-07 20:49 - 000046405 _____ () C:\Users\akira\AppData\Roaming\b3492c47bd1749d5a9a337498d6614f0
2019-02-07 20:49 - 2019-02-07 20:49 - 000013647 _____ () C:\Users\akira\AppData\Roaming\b3492c47bd1749d5a9a337498d6614f0thumb
2019-02-07 20:49 - 2019-02-07 20:49 - 000046405 _____ () C:\Users\akira\AppData\Roaming\d5fd40b9ef81487aa96444620c8e1e49
2019-02-07 20:49 - 2019-02-07 20:49 - 000013647 _____ () C:\Users\akira\AppData\Roaming\d5fd40b9ef81487aa96444620c8e1e49thumb
2019-02-07 20:49 - 2019-02-07 20:49 - 000046405 _____ () C:\Users\akira\AppData\Roaming\dc08e181d8004a53adf7cdb7112c4da2
2019-02-07 20:49 - 2019-02-07 20:49 - 000013647 _____ () C:\Users\akira\AppData\Roaming\dc08e181d8004a53adf7cdb7112c4da2thumb
2019-02-07 20:49 - 2019-02-07 20:49 - 000046405 _____ () C:\Users\akira\AppData\Roaming\e4d25a0867de4fb9926cd6ad1c925316
2019-02-07 20:49 - 2019-02-07 20:49 - 000013647 _____ () C:\Users\akira\AppData\Roaming\e4d25a0867de4fb9926cd6ad1c925316thumb
2019-02-07 20:49 - 2019-02-07 20:49 - 000046405 _____ () C:\Users\akira\AppData\Roaming\f1355af0dc0740b899928b31255c6591
2019-02-07 20:49 - 2019-02-07 20:49 - 000013647 _____ () C:\Users\akira\AppData\Roaming\f1355af0dc0740b899928b31255c6591thumb
2019-02-07 20:49 - 2019-02-07 20:49 - 000046405 _____ () C:\Users\akira\AppData\Roaming\f2f88d16ff7d4acfb18bf005e6bd7bc3
2019-02-07 20:49 - 2019-02-07 20:49 - 000013647 _____ () C:\Users\akira\AppData\Roaming\f2f88d16ff7d4acfb18bf005e6bd7bc3thumb
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
HKLM\...\Drivers32: [VIDC.X264] => C:\WINDOWS\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\WINDOWS\system32\lagarith.dll [148992 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\WINDOWS\system32\xvidvfw.dll [311296 2018-01-28] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\WINDOWS\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [284672 2018-01-28] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] () [File not signed]

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
  • Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.

Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.

  • Ejecutas Frst.exe.
  • Presionas el botón Fix y aguardas a que termine.
  • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
  • Lo pegas en tu próxima respuesta.

Nos comentas .

Salu2.