PC infectada - Windows 10

Eliminar Malwares
14

Bien… y ahora sigue estos pasos, :arrow_forward: MUY Importante :arrow_backward: Realiza una copia de seguridad del registro :

  • Para hacerlo descarga :arrow_forward: DelFix.exe(en tu escritorio).

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona -Ejecutar como Administrador-).

  • Atención, ahora marca/selecciona únicamente la casilla :white_check_mark: Create registry backup, las demás casillas NO. :face_with_monocle:

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

:warning: Con los demás programas cerrados ve a :arrow_forward: Inicio :arrow_forward: Ejecutar :arrow_forward: y escribe Notepad.exe.

  • Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
HKLM\ DisallowedCertificates: 18AA37360A0698E6A1F54A9E8268FB127B70E189 (AVG Netherlands B.V) <==== ATTENTION
HKLM\ DisallowedCertificates: 1F25DF887B158E34E2FCB13171924610C8F6BA2F (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 2CC344E13934A69AA993E80C8E20FF0ACCB33F1E (Qihu 360 Software Co. Limited) <==== ATTENTION
HKLM\ DisallowedCertificates: 2F56FF8F95EE69A27C05DBB35924F847C86A66B4 (SurfRight B.V.) <==== ATTENTION
HKLM\ DisallowedCertificates: 31F5EE85DA34AD374D43776B54F6686E7E922737 (SurfRight B.V.) <==== ATTENTION
HKLM\ DisallowedCertificates: 42A8984E8B9C51F6B7274866F8726CA1E9057FAA (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: 5ACE40BD51EE148F299D37527AE1AD744CDE8EBB (U)
HKLM\ DisallowedCertificates: 5CA5F811E011742B05D014D03F85848D81F41A63 (Zemana) <==== ATTENTION
HKLM\ DisallowedCertificates: 622271AF668F99BD94AC12E5EBF86E48FD50AECB (Qihu 360 Software Co. Limited) <==== ATTENTION
HKLM\ DisallowedCertificates: 6CD253D636A7B4D0E0981431BC064061A9853ED9 (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 76FBABF1EADED3B91DD7A76A6678301F1F87AA97 (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 84C08B7A367422AF5FEF8D353B36191ECE9DBAF7 (Check Point Software Technologies Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9900CFAABC45B4247F9D78EE7E12B102D25EA325 (Avira Operations GmbH & Co. KG) <==== ATTENTION
HKLM\ DisallowedCertificates: 9C2479D4BEF807FEFE3CE2B6B2D7FC4C71E0EBA5 (Sophos Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: BEBFAE20957D4DE689A8B962AEE358EFE39F195F (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: BFA87DC996BD6BCB02B6F530D2C646A0B5A0D5A9 (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: E64232B7757A335C032414C6888633CC498E7CD6 (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: F74407DCA8D49D42D72D88863C17AB905EB94D1C (U)
HKU\S-1-5-21-4276149515-3343185494-2045537785-1002\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [27775672 2020-05-01] (Piriform Software Ltd -> Piriform Software Ltd)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.138\Installer\chrmstp.exe [2020-05-07] (Google LLC -> Google LLC)
Task: {1F99EC9B-BEC4-4EE3-A802-66DA5D787CFF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-05-07] (Google LLC -> Google LLC)
Task: {F6C28378-AE4F-4BEB-86CF-FB7B8B1B376D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-05-07] (Google LLC -> Google LLC)
S2 Microsoft Hyper Integrations Services; C:\Windows\servicing\cf.exe [17920 2020-03-18] () [File not signed]
HKLM\ DisallowedCertificates: 18AA37360A0698E6A1F54A9E8268FB127B70E189 (AVG Netherlands B.V) <==== ATTENTION
HKLM\ DisallowedCertificates: 1F25DF887B158E34E2FCB13171924610C8F6BA2F (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 2CC344E13934A69AA993E80C8E20FF0ACCB33F1E (Qihu 360 Software Co. Limited) <==== ATTENTION
HKLM\ DisallowedCertificates: 2F56FF8F95EE69A27C05DBB35924F847C86A66B4 (SurfRight B.V.) <==== ATTENTION
HKLM\ DisallowedCertificates: 31F5EE85DA34AD374D43776B54F6686E7E922737 (SurfRight B.V.) <==== ATTENTION
HKLM\ DisallowedCertificates: 42A8984E8B9C51F6B7274866F8726CA1E9057FAA (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: 5ACE40BD51EE148F299D37527AE1AD744CDE8EBB (U)
HKLM\ DisallowedCertificates: 5CA5F811E011742B05D014D03F85848D81F41A63 (Zemana) <==== ATTENTION
HKLM\ DisallowedCertificates: 622271AF668F99BD94AC12E5EBF86E48FD50AECB (Qihu 360 Software Co. Limited) <==== ATTENTION
HKLM\ DisallowedCertificates: 6CD253D636A7B4D0E0981431BC064061A9853ED9 (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 76FBABF1EADED3B91DD7A76A6678301F1F87AA97 (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 84C08B7A367422AF5FEF8D353B36191ECE9DBAF7 (Check Point Software Technologies Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9900CFAABC45B4247F9D78EE7E12B102D25EA325 (Avira Operations GmbH & Co. KG) <==== ATTENTION
HKLM\ DisallowedCertificates: 9C2479D4BEF807FEFE3CE2B6B2D7FC4C71E0EBA5 (Sophos Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: BEBFAE20957D4DE689A8B962AEE358EFE39F195F (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: BFA87DC996BD6BCB02B6F530D2C646A0B5A0D5A9 (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: E64232B7757A335C032414C6888633CC498E7CD6 (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: F74407DCA8D49D42D72D88863C17AB905EB94D1C (U)
HKU\S-1-5-21-4276149515-3343185494-2045537785-1002\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [27775672 2020-05-01] (Piriform Software Ltd -> Piriform Software Ltd)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.138\Installer\chrmstp.exe [2020-05-07] (Google LLC -> Google LLC)
Task: {1F99EC9B-BEC4-4EE3-A802-66DA5D787CFF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-05-07] (Google LLC -> Google LLC)
Task: {F6C28378-AE4F-4BEB-86CF-FB7B8B1B376D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-05-07] (Google LLC -> Google LLC)
S2 Microsoft Hyper Integrations Services; C:\Windows\servicing\cf.exe [17920 2020-03-18] () [File not signed]
2020-05-08 00:04 - 2020-05-08 00:04 - 000000000 ____D C:\Users\Cristian\AppData\Local\Google
2020-05-07 23:58 - 2020-05-07 23:58 - 000002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-05-07 23:58 - 2020-05-07 23:58 - 000002258 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-05-07 23:58 - 2020-05-07 23:58 - 000002258 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-05-07 23:56 - 2020-05-08 00:02 - 000003558 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2020-05-07 23:56 - 2020-05-08 00:02 - 000003434 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2020-05-07 23:56 - 2020-05-07 23:58 - 000000000 ____D C:\Program Files (x86)\Google
2020-05-07 12:15 - 2020-05-07 12:15 - 000000000 ____D C:\Users\Cristian\AppData\Local\mbamtray
2020-05-07 12:15 - 2020-05-07 12:15 - 000000000 ____D C:\Users\Cristian\AppData\Local\mbam
2020-05-07 12:14 - 2020-05-08 11:53 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-05-05 08:27 - 2020-05-05 08:27 - 000000000 ____D C:\ProgramData\Trend Micro Installer
2020-05-05 08:27 - 2020-05-05 08:27 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2020-05-05 08:27 - 2020-05-05 08:27 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2020-05-05 08:27 - 2020-05-05 08:27 - 000000000 ____D C:\Program Files\Malwarebytes
2020-05-05 08:27 - 2020-05-05 08:27 - 000000000 ____D C:\Program Files\ESET
2020-05-05 08:27 - 2020-05-05 08:27 - 000000000 ____D C:\Program Files\Common Files\adaware
2020-05-05 08:27 - 2020-05-05 08:27 - 000000000 ____D C:\Program Files\BullGuard Ltd
2020-05-05 08:27 - 2020-05-05 08:27 - 000000000 ____D C:\Program Files\Bitdefender Agent
2020-05-05 08:27 - 2020-05-05 08:27 - 000000000 ____D C:\Program Files\AVAST Software
2020-05-05 08:27 - 2020-05-05 08:27 - 000000000 ____D C:\Program Files (x86)\Panda Security
2020-05-05 08:27 - 2020-05-05 08:27 - 000000000 ____D C:\Program Files (x86)\G DATA
2020-05-05 08:27 - 2020-05-05 08:27 - 000000000 ____D C:\Program Files (x86)\CheckPoint
2020-05-05 08:27 - 2020-05-05 08:27 - 000000000 ____D C:\Program Files (x86)\Baidu Security
2020-05-05 08:27 - 2020-05-05 08:27 - 000000000 ____D C:\Program Files (x86)\Avira
2020-05-05 08:27 - 2020-05-05 08:27 - 000000000 ____D C:\Program Files (x86)\AVG
2020-05-05 08:27 - 2020-05-05 08:27 - 000000000 ____D C:\Program Files (x86)\360
2020-05-02 16:18 - 2020-05-02 16:18 - 014932720 _____ (Alejandro Cortés) C:\Program Files (x86)\Common Files\InjectedSetup.exe
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Guárdalo bajo el nombre de FIXLIST.TXT en el escritorio :arrow_backward: Esto es muy importante.

:o: Nota :o: Es importante que la herramienta FRST.exe(Farbar Recovery Scanner Tool) y FIXLIST.TXT se encuentren en la misma ubicación (escritorio) o si no, no trabajara.

Y ahora usa el 2º MÉTODO: de esta Faq de Windows 8(aplicable a Windows 10) :arrow_forward: ¿Cómo iniciar Windows 8/8.1 en Modo Seguro?, para trabajar desde ese modo de windows.

  • Ejecuta FRST.exe.(Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas -Ejecutar como Administrador-).

  • Presionar el botón FIX/Corregir y aguardar a que termine.

  • La Herramienta guardara el reporte de reparación en el escritorio (FIXLOG.TXT).

Pegar el contenido de este fichero en tu próxima respuesta. :+1:

Des-instalar Google Chrome desde el panel de programas de Windows.

Reiniciar el equipo y comprobar su funcionamiento en relación al problema planteado y comentarlo.

Saludos.