Eliminar snorlers

Banword · 10 Febrero, 2020 09:29

Me sigue iniciando el google chrome con ventanas nada mas encender el ordenador con la web thegoodcaster o algo asi y muchos procesos .exe


Resultados de la corrección de Farbar Recovery Scan Tool (x64) Versión: 27-01-2020
Ejecutado por MrEidrian (10-02-2020 10:20:38) Run:2
Ejecutado desde C:\Users\MrEidrian\Desktop
Perfiles cargados: MrEidrian (Perfiles disponibles: MrEidrian & Noelia)
Modo de Inicio: Safe Mode (minimal)
==============================================

fixlist contenido:
*****************
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle America, Inc. -> Oracle Corporation)
HKLM\...\RunOnce: [1nzirzyvrg3] => C:\Program Files (x86)\Yhanj\679940659.exe [485888 2019-08-31] (FlyStreets) [File not signed]
HKLM\...\RunOnce: [vw5wpldbi0c] => C:\Program Files (x86)\Yhanj\25388233.exe [485888 2019-08-31] (FlyStreets) [File not signed]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3862230028-3041123482-801023079-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3862230028-3041123482-801023079-1000\...\Run: [UM] => C:\Users\MrEidrian\AppData\Local\Temp\~wt42D9.tmp.exe [1620224 2017-05-08] (GMGP, LLC -> ) [File not signed] <==== ATTENTION
HKU\S-1-5-21-3862230028-3041123482-801023079-1000\...\Run: [HolyFeather] => C:\Windows\rss\csrss.exe [4110848 2019-09-01] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-3862230028-3041123482-801023079-1000\...\Run: [6945495] => C:\Users\MrEidrian\AppData\Local\Temp\is-I1N5O.tmp\SubSurface.exe [975932 2019-08-30] ( ) [File not signed] <==== ATTENTION
HKU\S-1-5-21-3862230028-3041123482-801023079-1000\...\Run: [9439892] => C:\Users\MrEidrian\AppData\Roaming\k50j3s3jucs\p5ev1tztqfo.exe [975932 2019-09-01] ( ) [File not signed]
HKU\S-1-5-21-3862230028-3041123482-801023079-1000\...\Run: [4ILMHV5EZ2V3JE9] => "C:\Program Files\F0MXGHZ02Y\F0MXGHZ02.exe"
HKU\S-1-5-21-3862230028-3041123482-801023079-1000\...\Run: [7217898] => C:\Users\MrEidrian\AppData\Local\Temp\is-MERL1.tmp\SubSurface.exe [975932 2019-08-30] ( ) [File not signed] <==== ATTENTION
HKU\S-1-5-21-3862230028-3041123482-801023079-1000\...\Run: [O125LGFOY3G6T31] => "C:\Program Files\I97ZWYY3EF\I97ZWYY3E.exe"
HKU\S-1-5-21-3862230028-3041123482-801023079-1000\...\Run: [4743452] => C:\Users\MrEidrian\AppData\Roaming\1nbkkrpf1rp\qfmx3cmi3ih.exe [975932 2019-09-01] ( ) [File not signed]
HKU\S-1-5-21-3862230028-3041123482-801023079-1000\...\Run: [clakem] => C:\Users\MrEidrian\AppData\Local\clakem.dll [16896 2019-09-01] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-3862230028-3041123482-801023079-1000\...\Run: [2142673] => C:\Users\MrEidrian\AppData\Roaming\20dlcgoxqtd\ivw5mp0s30m.exe [975932 2019-09-01] ( ) [File not signed]
HKU\S-1-5-21-3862230028-3041123482-801023079-1000\...\Run: [2086881] => C:\Users\MrEidrian\AppData\Roaming\nuuesycacej\ayqg1aamqpn.exe [975932 2019-09-01] ( ) [File not signed]
HKU\S-1-5-21-3862230028-3041123482-801023079-1000\...\Run: [XMQCG00FHTCRTFT] => "C:\Program Files\Y6WMEPIUSU\TLDU6T8DN.exe"
HKU\S-1-5-21-3862230028-3041123482-801023079-1000\...\Run: [CVT2BE4AKKPQDC4] => "C:\Program Files\5AK9ESEEM9\0O1G6W4XH.exe"
HKU\S-1-5-21-3862230028-3041123482-801023079-1000\...\Run: [4182939] => C:\Users\MrEidrian\AppData\Roaming\wt14qozdpuk\qwnay0btejc.exe [975932 2019-09-01] ( ) [File not signed]
HKU\S-1-5-21-3862230028-3041123482-801023079-1000\...\Run: [1924984] => C:\Users\MrEidrian\AppData\Roaming\xlms1jgbaxg\1nw2ett4lkb.exe [975932 2019-09-01] ( ) [File not signed]
HKU\S-1-5-21-3862230028-3041123482-801023079-1000\...\Run: [EG72O69XGR2NRI3] => "C:\Program Files\FPS3CWAAGI\SEYILWGBG.exe"
HKU\S-1-5-21-3862230028-3041123482-801023079-1000\...\Run: [VQ3JCBJ32B3IDR3] => "C:\Program Files\NV6887IMQU\NV6887IMQ.exe"
HKU\S-1-5-21-3862230028-3041123482-801023079-1000\...\Run: [7321231] => C:\Users\MrEidrian\AppData\Roaming\gm4bq44ahcr\4dvv12kuxq3.exe [975932 2019-09-01] ( ) [File not signed]
HKU\S-1-5-21-3862230028-3041123482-801023079-1000\...\Run: [9740042] => C:\Users\MrEidrian\AppData\Roaming\3xazufz2y4k\4vrehfm0aoc.exe [975932 2019-09-01] ( ) [File not signed]
HKU\S-1-5-21-3862230028-3041123482-801023079-1000\...\Run: [FT2B7Y4X2D4BTIN] => "C:\Program Files\F62HX9AXGE\F62HX9AXG.exe"
HKU\S-1-5-21-3862230028-3041123482-801023079-1000\...\Run: [OHM9UGYB0NI0O8G] => "C:\Program Files\4BDF1E44L3\4BDF1E44L.exe"
HKU\S-1-5-21-3862230028-3041123482-801023079-1000\...\Run: [U1H8A5MXG7UKM4N] => "C:\Program Files\FDHCVOQ991\FDHCVOQ99.exe"
HKU\S-1-5-21-3862230028-3041123482-801023079-1000\...\Run: [1707178] => C:\Users\MrEidrian\AppData\Roaming\fmxx3sek4uo\p2mstxqpzmv.exe [975932 2019-09-01] ( ) [File not signed]
HKU\S-1-5-21-3862230028-3041123482-801023079-1000\...\Run: [8727207] => C:\Users\MrEidrian\AppData\Roaming\nhoccyj3cu3\z21djuxtpah.exe [975932 2019-09-01] ( ) [File not signed]
HKU\S-1-5-21-3862230028-3041123482-801023079-1000\...\Run: [N4V1FFCWTT3R47M] => "C:\Program Files\PI73AD7QWA\PI73AD7QW.exe"
HKU\S-1-5-21-3862230028-3041123482-801023079-1000\...\Run: [6836345] => C:\Users\MrEidrian\AppData\Roaming\4ts415injby\muaqqm5jd4g.exe [975932 2019-09-01] ( ) [File not signed]
HKU\S-1-5-21-3862230028-3041123482-801023079-1000\...\Run: [6780553] => C:\Users\MrEidrian\AppData\Roaming\fie55wruabi\h32b1t0rf2m.exe [975932 2019-09-01] ( ) [File not signed]
HKU\S-1-5-21-3862230028-3041123482-801023079-1000\...\Run: [1VDIM44SM0XTGBH] => "C:\Program Files\VFS9DXY4DZ\VFS9DXY4D.exe"
HKU\S-1-5-21-3862230028-3041123482-801023079-1000\...\Run: [5K8RSKT0FRWD1U1] => "C:\Program Files\KD8OOK3PXU\FRQVGOT8R.exe"
HKU\S-1-5-21-3862230028-3041123482-801023079-1000\...\Run: [8013299] => C:\Users\MrEidrian\AppData\Roaming\bq0w0v4ehgl\dneqojihonk.exe [975932 2019-09-01] ( ) [File not signed]
HKU\S-1-5-21-3862230028-3041123482-801023079-1000\...\Run: [2CDZK6WEL344Q5F] => "C:\Program Files\IXA6R4G9ZL\IXA6R4G9Z.exe"
HKU\S-1-5-21-3862230028-3041123482-801023079-1000\...\Run: [5098959] => C:\Users\MrEidrian\AppData\Roaming\pd3l2ezyqrz\lhnvmugbnee.exe [975932 2019-09-01] ( ) [File not signed]
HKU\S-1-5-21-3862230028-3041123482-801023079-1000\...\Run: [D1RO0EW4268PN6X] => "C:\Program Files\79WHBWGJII\79WHBWGJI.exe"
HKU\S-1-5-21-3862230028-3041123482-801023079-1000\...\Run: [492184] => "C:\Users\MrEidrian\AppData\Roaming\3jbnls3gby3\2fjvnacax2i.exe" /VERYSILENT
HKU\S-1-5-21-3862230028-3041123482-801023079-1000\...\Run: [2963468] => "C:\Users\MrEidrian\AppData\Roaming\fn13p1breks\vnlvulezyz5.exe" /VERYSILENT
HKU\S-1-5-21-3862230028-3041123482-801023079-1000\...\Run: [SZ3KV9NIQILVXI1] => "C:\Program Files\8QTX5BB3DR\8QTX5BB3D.exe"
HKU\S-1-5-21-3862230028-3041123482-801023079-1000\...\Run: [HFMCGA4XKVDRDXC] => "C:\Program Files\8QTX5BB3DR\25A5XF0L8.exe"
HKU\S-1-5-21-3862230028-3041123482-801023079-1000\...\Run: [4803132] => "C:\Users\MrEidrian\AppData\Roaming\gesvmajhlfg\ynuzo1duzmd.exe" /VERYSILENT
HKU\S-1-5-21-3862230028-3041123482-801023079-1000\...\Run: [2384361] => "C:\Users\MrEidrian\AppData\Roaming\0detggqes1g\qsfbixptrvg.exe" /VERYSILENT
HKU\S-1-5-21-3862230028-3041123482-801023079-1000\...\Run: [7G878VHBN6DN0JZ] => "C:\Program Files\SYKN90SQV7\SYKN90SQV.exe"
HKU\S-1-5-21-3862230028-3041123482-801023079-1000\...\Run: [PRC3JU63KR51Q0K] => "C:\Program Files\ZLBV4QGTBO\ZLBV4QGTB.exe"
HKU\S-1-5-21-3862230028-3041123482-801023079-1000\...\Run: [U1ZFNNPAKOAKRTK] => C:\Program Files\V96MUHOC2O\V96MUHOC2.exe [1241600 2019-09-14] (3TD8MEEK5) [File not signed]
HKU\S-1-5-21-3862230028-3041123482-801023079-1000\...\Run: [ETUGVQRVE0X929G] => "C:\Program Files\PONTMLEVX8\PONTMLEVX.exe"
HKU\S-1-5-21-3862230028-3041123482-801023079-1000\...\Run: [1139294] => "C:\Users\MrEidrian\AppData\Roaming\oqxiyvagkqg\ihxpu3f52tt.exe" /VERYSILENT
HKU\S-1-5-21-3862230028-3041123482-801023079-1000\...\Run: [8215114] => "C:\Users\MrEidrian\AppData\Roaming\ec1hfdjbtxq\ljnddtb4hhv.exe" /VERYSILENT
HKU\S-1-5-21-3862230028-3041123482-801023079-1000\...\Run: [CloudNet] => C:\Users\MrEidrian\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe [683008 2019-10-18] (EpicNet Inc.) [File not signed] <==== ATTENTION
HKU\S-1-5-21-3862230028-3041123482-801023079-1000\...\MountPoints2: {200c15f6-214d-11e9-92c2-6cf049e1b2f6} - H:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3862230028-3041123482-801023079-1000\...\MountPoints2: {a8264345-284c-11e9-ae89-6cf049e1b2f6} - I:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3862230028-3041123482-801023079-1000\...\MountPoints2: {ab69be00-e5c1-11e7-86a6-6cf049e1b2f6} - H:\HiSuiteDownLoader.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {0C18376E-CF1F-4DE5-9AB1-9A4AF3883FC0} - System32\Tasks\{33340A00-BC3E-4879-A6B1-0F8A69F911ED} => C:\Windows\system32\pcalua.exe -a "C:\Users\MrEidrian\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe" -c /uninstall
Task: {84178B8E-D6FB-482F-8DB2-1BDCC2FB6E82} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {8F2ECB93-F014-417C-BDE5-9EFA963D7E95} - System32\Tasks\Microsoft\Windows\Time Synchronization\ViewUtcTime => C:\Users\MrEidrian\AppData\Roaming\\utctimer\\utc.exe
Task: {B5B8BC8D-597D-4885-A111-5B0AC028AD21} - System32\Tasks\csrss => C:\Windows\rss\csrss.exe [4110848 2019-09-01] () [File not signed] <==== ATTENTION
Task: {D4B51A00-104D-48BC-9D4B-CF83A25366E5} - System32\Tasks\{2E3D2332-F591-4AC3-8C22-7B2CA38E767A} => C:\Windows\system32\pcalua.exe -a "C:\Users\MrEidrian\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe" -c /uninstall
SearchScopes: HKLM-x32 -> DefaultScope value is missing
Toolbar: HKU\S-1-5-21-3862230028-3041123482-801023079-1000 -> No Name - {DB131C55-60C8-4ADC-84DC-9E76AB06E2DC} -  No File
Toolbar: HKU\S-1-5-21-3862230028-3041123482-801023079-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
FF Homepage: Mozilla\Firefox\Profiles\0uh69wgl.default-1567320513344 -> hxxp://www.bing.com/?pc=COS2&ptag=D090119-N0300A5089E7D110BC46F293F&form=CONMHP&conlogo=CT3331990
FF NewTab: Mozilla\Firefox\Profiles\0uh69wgl.default-1567320513344 -> hxxp://www.bing.com/?pc=COS2&ptag=D090119-N0300A5089E7D110BC46F293F&form=CONMHP&conlogo=CT3331990
FF Extension: (Mozilla Official) - C:\Users\MrEidrian\AppData\Roaming\Mozilla\Firefox\Profiles\0uh69wgl.default-1567320513344\Extensions\{14553439-2741-4e9d-b474-784f336f58c9} [2019-09-14] [not signed]
FF SearchPlugin: C:\Users\MrEidrian\AppData\Roaming\Mozilla\Firefox\Profiles\0uh69wgl.default-1567320513344\searchplugins\bing-lavasoft-ff59.xml [2019-09-01]
CHR Extension: (book_helper) - C:\Users\MrEidrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihbhonnpblfklefmifmdampkldmloog [2019-09-01]
CHR Extension: (Chrome Media Router) - C:\Users\MrEidrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-09-01]
CHR HKU\S-1-5-21-3862230028-3041123482-801023079-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [npiecjlhkngdinoeekmccdbjdgclmnbk] - C:\Users\MrEidrian\AppData\Local\CRE\npiecjlhkngdinoeekmccdbjdgclmnbk.crx [2012-08-26]
OPR Extension: (book_helper) - C:\Users\MrEidrian\AppData\Roaming\Opera Software\Opera Stable\Extensions\mihbhonnpblfklefmifmdampkldmloog [2019-09-01]
OPR Extension: (SaveFrom.net helper) - C:\Users\MrEidrian\AppData\Roaming\Opera Software\Opera Stable\Extensions\npdpplbicnmpoigidfdjadamgfkilaak [2019-09-01]
U2 YandexBrowserService; C:\Program Files (x86)\Yandex\YandexBrowser\19.7.2.455\service_update.exe [1596408 2019-08-01] (YANDEX LLC -> YANDEX LLC)
R1 ab6af3c5e932269c; C:\Windows\system32\drivers\ab6af3c5e932269c.sys [33984 2019-09-01] (BlockChain Advances Ltd -> FsFilter Network)
R3 Winmon; C:\Windows\System32\drivers\Winmon.sys [0 0000-00-00] () <==== ATTENTION (zero byte File/Folder)
R3 WinmonFS; C:\Windows\System32\drivers\WinmonFS.sys [0 0000-00-00] (Windows (R) Win 7 DDK provider) <==== ATTENTION (zero byte File/Folder)
U3 MBAMService; no ImagePath
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
R1 WinmonProcessMonitor; \??\C:\Windows\System32\drivers\WinmonProcessMonitor.sys [X]
2019-10-18 11:59 - 2019-10-18 11:59 - 000000000 ____D C:\Users\MrEidrian\AppData\Roaming\EpicNet Inc
2019-10-18 11:39 - 2019-10-18 11:39 - 000003192 _____ C:\Windows\system32\Tasks\csrss
AlternateDataStreams: C:\Windows:nlsPreferences [898]
AlternateDataStreams: C:\ProgramData\Microsoft:fJFUreezaO2K2ZYH3ywW6T3Dvbx [2608]
AlternateDataStreams: C:\ProgramData\Microsoft:IMOG7FwadszVkLuwNcFnh [2380]
AlternateDataStreams: C:\ProgramData\Microsoft:O0QN96UemdV4kzQFhIX [2430]
AlternateDataStreams: C:\ProgramData\TEMP:054203E4 [290]
AlternateDataStreams: C:\ProgramData\TEMP:1AAB2E68 [183]
AlternateDataStreams: C:\ProgramData\TEMP:4BF2F6B5 [388]
AlternateDataStreams: C:\Users\MrEidrian\AppData\Local\Archivos temporales de Internet:atSLiHJlFjQbclYyr5KCL0i [2340]
AlternateDataStreams: C:\Users\MrEidrian\AppData\Local\desktop.ini:3a96398c0f384e4adf5faa1736aeaf96 [802]
AlternateDataStreams: C:\Users\Public\.DS_Store:AFP_AfpInfo [122]
FirewallRules: [{6588581F-D0E5-45F4-AB84-B96E33632494}] => (Allow) C:\Users\MrEidrian\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (YANDEX LLC -> YANDEX LLC)
FirewallRules: [{20B9F341-EE09-4598-8EF0-78107FD8A1CB}] => (Allow) C:\Windows\rss\csrss.exe () [File not signed]
FirewallRules: [{D474C89E-0BBC-49AB-8D44-BDC288633E71}] => (Allow) C:\Users\MrEidrian\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe (EpicNet Inc.) [File not signed]

HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END
*****************

Error: El punto de restauración solamente puede ser creado en modo normal.
Procesos cerrados correctamente.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => no encontrado
"HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\1nzirzyvrg3" => no encontrado
"HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\vw5wpldbi0c" => no encontrado
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => no encontrado
"HKU\S-1-5-21-3862230028-3041123482-801023079-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge" => no encontrado
"HKU\S-1-5-21-3862230028-3041123482-801023079-1000\Software\Microsoft\Windows\CurrentVersion\Run\\UM" => no encontrado
"HKU\S-1-5-21-3862230028-3041123482-801023079-1000\Software\Microsoft\Windows\CurrentVersion\Run\\HolyFeather" => no encontrado
"HKU\S-1-5-21-3862230028-3041123482-801023079-1000\Software\Microsoft\Windows\CurrentVersion\Run\\6945495" => no encontrado
"HKU\S-1-5-21-3862230028-3041123482-801023079-1000\Software\Microsoft\Windows\CurrentVersion\Run\\9439892" => no encontrado
"HKU\S-1-5-21-3862230028-3041123482-801023079-1000\Software\Microsoft\Windows\CurrentVersion\Run\\4ILMHV5EZ2V3JE9" => no encontrado
"HKU\S-1-5-21-3862230028-3041123482-801023079-1000\Software\Microsoft\Windows\CurrentVersion\Run\\7217898" => no encontrado
"HKU\S-1-5-21-3862230028-3041123482-801023079-1000\Software\Microsoft\Windows\CurrentVersion\Run\\O125LGFOY3G6T31" => no encontrado
"HKU\S-1-5-21-3862230028-3041123482-801023079-1000\Software\Microsoft\Windows\CurrentVersion\Run\\4743452" => no encontrado
"HKU\S-1-5-21-3862230028-3041123482-801023079-1000\Software\Microsoft\Windows\CurrentVersion\Run\\clakem" => no encontrado
"HKU\S-1-5-21-3862230028-3041123482-801023079-1000\Software\Microsoft\Windows\CurrentVersion\Run\\2142673" => no encontrado
"HKU\S-1-5-21-3862230028-3041123482-801023079-1000\Software\Microsoft\Windows\CurrentVersion\Run\\2086881" => no encontrado
"HKU\S-1-5-21-3862230028-3041123482-801023079-1000\Software\Microsoft\Windows\CurrentVersion\Run\\XMQCG00FHTCRTFT" => no encontrado
"HKU\S-1-5-21-3862230028-3041123482-801023079-1000\Software\Microsoft\Windows\CurrentVersion\Run\\CVT2BE4AKKPQDC4" => no encontrado
"HKU\S-1-5-21-3862230028-3041123482-801023079-1000\Software\Microsoft\Windows\CurrentVersion\Run\\4182939" => no encontrado
"HKU\S-1-5-21-3862230028-3041123482-801023079-1000\Software\Microsoft\Windows\CurrentVersion\Run\\1924984" => no encontrado
"HKU\S-1-5-21-3862230028-3041123482-801023079-1000\Software\Microsoft\Windows\CurrentVersion\Run\\EG72O69XGR2NRI3" => no encontrado
"HKU\S-1-5-21-3862230028-3041123482-801023079-1000\Software\Microsoft\Windows\CurrentVersion\Run\\VQ3JCBJ32B3IDR3" => no encontrado
"HKU\S-1-5-21-3862230028-3041123482-801023079-1000\Software\Microsoft\Windows\CurrentVersion\Run\\7321231" => no encontrado
"HKU\S-1-5-21-3862230028-3041123482-801023079-1000\Software\Microsoft\Windows\CurrentVersion\Run\\9740042" => no encontrado
"HKU\S-1-5-21-3862230028-3041123482-801023079-1000\Software\Microsoft\Windows\CurrentVersion\Run\\FT2B7Y4X2D4BTIN" => no encontrado
"HKU\S-1-5-21-3862230028-3041123482-801023079-1000\Software\Microsoft\Windows\CurrentVersion\Run\\OHM9UGYB0NI0O8G" => no encontrado
"HKU\S-1-5-21-3862230028-3041123482-801023079-1000\Software\Microsoft\Windows\CurrentVersion\Run\\U1H8A5MXG7UKM4N" => no encontrado
"HKU\S-1-5-21-3862230028-3041123482-801023079-1000\Software\Microsoft\Windows\CurrentVersion\Run\\1707178" => no encontrado
"HKU\S-1-5-21-3862230028-3041123482-801023079-1000\Software\Microsoft\Windows\CurrentVersion\Run\\8727207" => no encontrado
"HKU\S-1-5-21-3862230028-3041123482-801023079-1000\Software\Microsoft\Windows\CurrentVersion\Run\\N4V1FFCWTT3R47M" => no encontrado
"HKU\S-1-5-21-3862230028-3041123482-801023079-1000\Software\Microsoft\Windows\CurrentVersion\Run\\6836345" => no encontrado
"HKU\S-1-5-21-3862230028-3041123482-801023079-1000\Software\Microsoft\Windows\CurrentVersion\Run\\6780553" => no encontrado
"HKU\S-1-5-21-3862230028-3041123482-801023079-1000\Software\Microsoft\Windows\CurrentVersion\Run\\1VDIM44SM0XTGBH" => no encontrado
"HKU\S-1-5-21-3862230028-3041123482-801023079-1000\Software\Microsoft\Windows\CurrentVersion\Run\\5K8RSKT0FRWD1U1" => no encontrado
"HKU\S-1-5-21-3862230028-3041123482-801023079-1000\Software\Microsoft\Windows\CurrentVersion\Run\\8013299" => no encontrado
"HKU\S-1-5-21-3862230028-3041123482-801023079-1000\Software\Microsoft\Windows\CurrentVersion\Run\\2CDZK6WEL344Q5F" => no encontrado
"HKU\S-1-5-21-3862230028-3041123482-801023079-1000\Software\Microsoft\Windows\CurrentVersion\Run\\5098959" => no encontrado
"HKU\S-1-5-21-3862230028-3041123482-801023079-1000\Software\Microsoft\Windows\CurrentVersion\Run\\D1RO0EW4268PN6X" => no encontrado
"HKU\S-1-5-21-3862230028-3041123482-801023079-1000\Software\Microsoft\Windows\CurrentVersion\Run\\492184" => no encontrado
"HKU\S-1-5-21-3862230028-3041123482-801023079-1000\Software\Microsoft\Windows\CurrentVersion\Run\\2963468" => no encontrado
"HKU\S-1-5-21-3862230028-3041123482-801023079-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SZ3KV9NIQILVXI1" => no encontrado
"HKU\S-1-5-21-3862230028-3041123482-801023079-1000\Software\Microsoft\Windows\CurrentVersion\Run\\HFMCGA4XKVDRDXC" => no encontrado
"HKU\S-1-5-21-3862230028-3041123482-801023079-1000\Software\Microsoft\Windows\CurrentVersion\Run\\4803132" => no encontrado
"HKU\S-1-5-21-3862230028-3041123482-801023079-1000\Software\Microsoft\Windows\CurrentVersion\Run\\2384361" => no encontrado
"HKU\S-1-5-21-3862230028-3041123482-801023079-1000\Software\Microsoft\Windows\CurrentVersion\Run\\7G878VHBN6DN0JZ" => no encontrado
"HKU\S-1-5-21-3862230028-3041123482-801023079-1000\Software\Microsoft\Windows\CurrentVersion\Run\\PRC3JU63KR51Q0K" => no encontrado
"HKU\S-1-5-21-3862230028-3041123482-801023079-1000\Software\Microsoft\Windows\CurrentVersion\Run\\U1ZFNNPAKOAKRTK" => no encontrado
"HKU\S-1-5-21-3862230028-3041123482-801023079-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ETUGVQRVE0X929G" => no encontrado
"HKU\S-1-5-21-3862230028-3041123482-801023079-1000\Software\Microsoft\Windows\CurrentVersion\Run\\1139294" => no encontrado
"HKU\S-1-5-21-3862230028-3041123482-801023079-1000\Software\Microsoft\Windows\CurrentVersion\Run\\8215114" => no encontrado
"HKU\S-1-5-21-3862230028-3041123482-801023079-1000\Software\Microsoft\Windows\CurrentVersion\Run\\CloudNet" => no encontrado
HKU\S-1-5-21-3862230028-3041123482-801023079-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{200c15f6-214d-11e9-92c2-6cf049e1b2f6} => no encontrado
HKU\S-1-5-21-3862230028-3041123482-801023079-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a8264345-284c-11e9-ae89-6cf049e1b2f6} => no encontrado
HKU\S-1-5-21-3862230028-3041123482-801023079-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ab69be00-e5c1-11e7-86a6-6cf049e1b2f6} => no encontrado
HKLM\SOFTWARE\Policies\Google => no encontrado
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C18376E-CF1F-4DE5-9AB1-9A4AF3883FC0}" => no encontrado
"C:\Windows\System32\Tasks\{33340A00-BC3E-4879-A6B1-0F8A69F911ED}" => no encontrado
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{33340A00-BC3E-4879-A6B1-0F8A69F911ED}" => no encontrado
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84178B8E-D6FB-482F-8DB2-1BDCC2FB6E82}" => no encontrado
"C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task" => no encontrado
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task" => no encontrado
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F2ECB93-F014-417C-BDE5-9EFA963D7E95}" => no encontrado
"C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization\ViewUtcTime" => no encontrado
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Time Synchronization\ViewUtcTime" => no encontrado
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B5B8BC8D-597D-4885-A111-5B0AC028AD21}" => no encontrado
"C:\Windows\System32\Tasks\csrss" => no encontrado
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\csrss" => no encontrado
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4B51A00-104D-48BC-9D4B-CF83A25366E5}" => no encontrado
"C:\Windows\System32\Tasks\{2E3D2332-F591-4AC3-8C22-7B2CA38E767A}" => no encontrado
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2E3D2332-F591-4AC3-8C22-7B2CA38E767A}" => no encontrado
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => valor restaurado correctamente
"HKU\S-1-5-21-3862230028-3041123482-801023079-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DB131C55-60C8-4ADC-84DC-9E76AB06E2DC}" => no encontrado
"HKU\S-1-5-21-3862230028-3041123482-801023079-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93}" => no encontrado
"FF Homepage: Mozilla\Firefox\Profiles\0uh69wgl.default-1567320513344 -> hxxp://www.bing.com/?pc=COS2&ptag=D090119-N0300A5089E7D110BC46F293F&form=CONMHP&conlogo=CT3331990" => no encontrado
"FF NewTab: Mozilla\Firefox\Profiles\0uh69wgl.default-1567320513344 -> hxxp://www.bing.com/?pc=COS2&ptag=D090119-N0300A5089E7D110BC46F293F&form=CONMHP&conlogo=CT3331990" => no encontrado
"C:\Users\MrEidrian\AppData\Roaming\Mozilla\Firefox\Profiles\0uh69wgl.default-1567320513344\Extensions\{14553439-2741-4e9d-b474-784f336f58c9}" => no encontrado
"C:\Users\MrEidrian\AppData\Roaming\Mozilla\Firefox\Profiles\0uh69wgl.default-1567320513344\searchplugins\bing-lavasoft-ff59.xml" => no encontrado
CHR Extension: (book_helper) - C:\Users\MrEidrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihbhonnpblfklefmifmdampkldmloog [2019-09-01] => Error: Ninguna corrección automática encontrada para esta entrada.
CHR Extension: (Chrome Media Router) - C:\Users\MrEidrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-09-01] => Error: Ninguna corrección automática encontrada para esta entrada.
HKU\S-1-5-21-3862230028-3041123482-801023079-1000\SOFTWARE\Google\Chrome\Extensions\npiecjlhkngdinoeekmccdbjdgclmnbk => eliminado correctamente
"C:\Users\MrEidrian\AppData\Local\CRE\npiecjlhkngdinoeekmccdbjdgclmnbk.crx" => no encontrado
OPR Extension: (book_helper) - C:\Users\MrEidrian\AppData\Roaming\Opera Software\Opera Stable\Extensions\mihbhonnpblfklefmifmdampkldmloog [2019-09-01] => Error: Ninguna corrección automática encontrada para esta entrada.
OPR Extension: (SaveFrom.net helper) - C:\Users\MrEidrian\AppData\Roaming\Opera Software\Opera Stable\Extensions\npdpplbicnmpoigidfdjadamgfkilaak [2019-09-01] => Error: Ninguna corrección automática encontrada para esta entrada.
YandexBrowserService => servicio no encontrado.
HKLM\System\CurrentControlSet\Services\ab6af3c5e932269c => eliminado correctamente
ab6af3c5e932269c => servicio eliminado correctamente
Winmon => servicio no encontrado.
WinmonFS => servicio no encontrado.
MBAMService => servicio no encontrado.
Synth3dVsc => servicio no encontrado.
tsusbhub => servicio no encontrado.
VGPU => servicio no encontrado.
WinmonProcessMonitor => servicio no encontrado.
"C:\Users\MrEidrian\AppData\Roaming\EpicNet Inc" => no encontrado
"C:\Windows\system32\Tasks\csrss" => no encontrado
"C:\Windows" => ":nlsPreferences" ADS no encontrado.
"C:\ProgramData\Microsoft" => ":fJFUreezaO2K2ZYH3ywW6T3Dvbx" ADS no encontrado.
"C:\ProgramData\Microsoft" => ":IMOG7FwadszVkLuwNcFnh" ADS no encontrado.
"C:\ProgramData\Microsoft" => ":O0QN96UemdV4kzQFhIX" ADS no encontrado.
"C:\ProgramData\TEMP" => ":054203E4" ADS no encontrado.
"C:\ProgramData\TEMP" => ":1AAB2E68" ADS no encontrado.
"C:\ProgramData\TEMP" => ":4BF2F6B5" ADS no encontrado.
"C:\Users\MrEidrian\AppData\Local\Archivos temporales de Internet" => ":atSLiHJlFjQbclYyr5KCL0i" ADS no encontrado.
"C:\Users\MrEidrian\AppData\Local\desktop.ini" => ":3a96398c0f384e4adf5faa1736aeaf96" ADS no encontrado.
"C:\Users\Public\.DS_Store" => ":AFP_AfpInfo" ADS no encontrado.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6588581F-D0E5-45F4-AB84-B96E33632494}" => no encontrado
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{20B9F341-EE09-4598-8EF0-78107FD8A1CB}" => no encontrado
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D474C89E-0BBC-49AB-8D44-BDC288633E71}" => no encontrado
C:\Windows\System32\Drivers\etc\hosts => movido correctamente
Hosts restaurado correctamente.

========= RemoveProxy: =========

"HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\" => eliminado correctamente
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => eliminado correctamente
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => eliminado correctamente
"HKU\S-1-5-21-3862230028-3041123482-801023079-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable" => eliminado correctamente
"HKU\S-1-5-21-3862230028-3041123482-801023079-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer" => eliminado correctamente
"HKU\S-1-5-21-3862230028-3041123482-801023079-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => eliminado correctamente
"HKU\S-1-5-21-3862230028-3041123482-801023079-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => eliminado correctamente


========= Final 1 RemoveProxy: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= Final 1 CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows


========= Final 1 CMD: =========


========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

No se puede vaciar la cach‚ de resoluci¢n de DNS: Error de una funci¢n durante la ejecuci¢n.


========= Final 1 CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to connect to BITS - 0x8007042c
No se puede iniciar el servicio o grupo de dependencia.



========= Final 1 CMD: =========


========= netsh advfirewall reset =========


Error al intentar ponerse en contacto con el servicio Firewall de Windows. Aseg£rese de que el servicio se est  ejecutando e intente la solicitud de nuevo.


========= Final 1 CMD: =========


========= netsh advfirewall set allprofiles state ON =========


Error al intentar ponerse en contacto con el servicio Firewall de Windows. Aseg£rese de que el servicio se est  ejecutando e intente la solicitud de nuevo.


========= Final 1 CMD: =========


========= netsh int ipv4 reset =========

No hay valores configurados por el usuario para restablecer.


========= Final 1 CMD: =========


========= netsh int ipv6 reset =========

No hay valores configurados por el usuario para restablecer.


========= Final 1 CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8391936 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 2810012 B
Edge => 0 B
Chrome => 93375026 B
Firefox => 25445020 B
Opera => 6081722 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 82612 B
systemprofile32 => 148840 B
LocalService => 215068 B
NetworkService => 215068 B
MrEidrian => 288736839 B
BaNwOrD => 288736839 B
Noelia => 288986461 B

RecycleBin => 0 B
EmptyTemp: => 964.8 MB datos temporales eliminados.

================================


El sistema necesita reiniciarse.

==== Final 1 Fixlog 10:20:51 ====

Banword · 10 Febrero, 2020 09:33

Tengo 2 discos duros un SSD de arranque y el normal. Si existe alguna manera de guardar las fotos y demás sin contagio. Hago eso y formateo todo pq esto no se arregla.

Daniela · 10 Febrero, 2020 09:48

Hola

Si, podrías guardar todos los archivos que te interese y formatear, pero primero podríamos realizar lo siguiente para ver si hay más infecciones:

Análisis del PC con Eset Online Scaner : Manual de Uso lee las instrucciones para salvar el reporte.

Análisis del PC con Kasperky Virus Removal Tool: Manual de Uso

Este no da reporte cuando te encuentres al finalizar, si es que lo hace con alguna infección, tomas una imagen y la subes.

Como subir imágenes al Foro ?

Comenta como sigue el problema.

Un saludo

Banword · 10 Febrero, 2020 10:09

Si, el reporte es el último haciendo lo que me pusiste. Más infecciones? Si sigo infectado no se quito aparentemente nada. No?

Gracias por la ayuda

Daniela · 11 Febrero, 2020 00:48

Hola

El que detecten infecciones no quiere que no se eliminara nada con otros programas, cada uno puede detectar entradas que otros no lo hacen.

cuando tengas los reportes los pones y comentas como sigue el problema,

Un saludo

Banword · 11 Febrero, 2020 08:19

Antes de pasar los antivirus que estoy ahora con eso. Salen miles de ventanas, varias intentando instalar aplicaciones etc.

esto nada mas arrancar esta instalado a dia de hoy

voy a ver si termina esto de escanear

Banword · 11 Febrero, 2020 10:43

Después de pasar los 2 antivirus parece que no sale nada. Y arranca Chrome solo ni nada. Mañana haré otros escaneos de los 2 y mando reportes.

Banword · 13 Febrero, 2020 11:15

En principio ya pasando las 2 no sale nada. Estoy ya limpio o puede pasar algo? Muchas gracias de verdad, era un quebradero de cabeza.

13/02/2020 12:13:33
Archivos explorados: 455421
Archivos infectados: 0
Amenazas eliminadas: 0
Tiempo total de exploración: 01:54:07
Estado de la exploración: Finalizado

Daniela · 13 Febrero, 2020 23:11

Hola

Si los programas no detectan nada y el problema se resolvió no habría más que hacer.

Confirmanos si sigue todo bien.

Un saludo