Ayuda! virus aparece en cada reinicio

Bien… y ahora sigue estos pasos, MUY Importante ~ Realiza una copia de seguridad del registro :

  • Para hacerlo descarga Delfix en tu escritorio.

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona "Ejecutar como Administrador.")

  • Atención, ahora marca/selecciona únicamente la casilla "Create registry backup", las demás NO

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.


En el equipo con los demas programas cerrados:

Inicio >>> Ejecutar >>>Escribes notepad.exe.

Ahora copia y pega estos archivos dentro del Notepad:


Start
CreateRestorePoint:
CloseProcesses:

HKU\S-1-5-21-75123176-3579032652-732502155-1000\...\MountPoints2: {09f80a3b-ccad-11e8-9dc9-94de809cc76f} - "I:\setup.exe" 
HKU\S-1-5-21-75123176-3579032652-732502155-1000\...\MountPoints2: {f834082a-431b-11e5-aa6c-94de809cc76f} - "J:\setup.exe" 
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
GroupPolicyScripts: Restriction <==== ATTENTION
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-75123176-3579032652-732502155-1000 -> {ADE6B23D-230D-4506-8144-7760124FDD10} URL = 
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
CHR HKU\S-1-5-21-75123176-3579032652-732502155-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
S3 --; C:\Users\PC\AppData\Local\Temp\6838203\ic-0.526940dde2ef64.exe /wl 1 [X] <==== ATTENTION
C:\Users\PC\AppData\Local\Temp\6838203
U4 aspnet_state; no ImagePath
S1 SRepairDrv; \??\C:\WINDOWS\GJFix\SRepairDrv [X]
2018-12-01 11:18 - 2018-12-03 18:55 - 000000000 ____D C:\Users\PC\AppData\Roaming\jcecn
2018-09-27 17:39 - 2018-09-27 17:39 - 000000000 _____ () C:\Users\PC\AppData\Local\oobelibMkey.log
2016-03-05 07:47 - 2016-03-05 07:47 - 000041472 _____ () C:\Users\PC\AppData\Local\Saodom.dat
2016-03-05 07:47 - 2016-03-05 07:47 - 000000187 _____ () C:\Users\PC\AppData\Local\Saodom.exe.config
2018-12-02 16:54 - 2018-04-12 00:35 - 000607840 _____ (Microsoft Corporation) C:\Users\PC\AppData\Local\Temp\kernel32.dll
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
Task: {06D66318-3289-4794-8541-3AAF4671B4F8} - no filepath
Task: {2AA774CA-DE0B-4909-A21D-A2AF67DC5E6A} - no filepath
Task: {2EE6DF3B-5402-44A2-A595-DB8FDDA2A8F4} - no filepath
Task: {3CF7C428-829E-4463-B314-A4FFDDE4A28E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {4F6CE7F9-5E12-4C5A-A893-2CA16C398A6B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {521BA3EA-1B10-4922-A6A2-854A50417077} - no filepath
Task: {64FA3BFF-EF5F-4C47-B9F7-59AC03293324} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {655E5004-039B-4611-815F-124669AB4005} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {6813EC10-AE10-49B0-A0D3-3AE329B779FE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {744CDBCF-9D84-4A38-B750-116E4C247FE9} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {8AFFA6A3-C9F5-43D0-BC1F-1AFE74D7EEF1} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {8C6CBB51-1AB9-4F76-B934-0D1C5EA1EF2F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {8F53CE92-2B4C-4605-B178-6D6AB6248EDE} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {A0F4C4B0-A789-4CFF-9A84-69F82A9D3C85} - no filepath
Task: {AA311D30-0A30-42D1-AF43-48F3C1150106} - no filepath
Task: {D4121542-3AA6-410A-AA1E-B5857725E51B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {DF4DDCB1-E333-4785-B784-39C34990AE35} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {EAA35BBB-AB35-4709-8E8E-AE3BE85BB400} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {FEDA4702-4238-4BAE-84E0-6E0730BE1F5F} - no filepath
ShortcutWithArgument: C:\Users\PC\Desktop\chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->                                                                                                                                                   
ShortcutWithArgument: C:\Users\PC\Desktop\Gmail.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=kmhopmchchfpfdcdjodmpfaaphdclmlj
ShortcutWithArgument: C:\Users\PC\Desktop\YouTube (1).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=blpcfgokakmgnkcojhhkbfbldkacnbeo
ShortcutWithArgument: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\Escritorio Remoto de Chrome (1).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
ShortcutWithArgument: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\Escritorio remoto de Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->                                                                                                                                                   
ShortcutWithArgument: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\Gmail.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=kmhopmchchfpfdcdjodmpfaaphdclmlj
ShortcutWithArgument: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\quiero poner el icono de gmail en el .._.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=ijiheagmnahbjiokinlcclhcpfodegpb
AlternateDataStreams: C:\ProgramData\PACE:92EF415E47B2EEEA [217]
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879 [118]
AlternateDataStreams: C:\Users\PC\Configuración local:BJzP9hLc0KVv1nPhoOs3ljrMd [2562]
AlternateDataStreams: C:\Users\PC\AppData\Local:BJzP9hLc0KVv1nPhoOs3ljrMd [2562]
AlternateDataStreams: C:\Users\PC\AppData\Local\Datos de programa:BJzP9hLc0KVv1nPhoOs3ljrMd [2562]
AlternateDataStreams: C:\Users\PC\AppData\Local\Temp:3w2Q227EP525EtGmZA [2448]
AlternateDataStreams: C:\Users\PC\AppData\Local\Temp:7Td97mwhPln9wgZuD3Jg3 [2526]
AlternateDataStreams: C:\Users\PC\Documents\Adobe_Audition.jpg:SummaryInformation [0]
AlternateDataStreams: C:\Users\PC\Documents\Adobe_Audition.jpg:Updt_SummaryInformation [151]
AlternateDataStreams: C:\Users\PC\Documents\Adobe_Audition.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\PC\Documents\manolo-lina.jpg:SummaryInformation [0]
AlternateDataStreams: C:\Users\PC\Documents\manolo-lina.jpg:Updt_SummaryInformation [151]
AlternateDataStreams: C:\Users\PC\Documents\manolo-lina.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.<<

Nota: Es importante que la Hta Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no no trabajara.

  • Y ahora usa esta Faq de Windows ¿Cómo iniciar Windows en Modo Seguro (Aplicable a Windows 10)?, para trabajar desde ese modo de windows. (Usa el Metodo 1 y si no puedes, usa el Metodo 2)

  • Ejecutas Frst.exe.

  • Presionas el botón Fix y aguardas a que termine.

  • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).

Lo pegas en tu próxima respuesta, comentado como va el problema