Posible virus espía que monitorea todo lo que hago

Eliminar Malwares
13

Hola

:arrow_forward: MUY Importante :arrow_backward: Realiza una copia de seguridad del registro :

  • Para hacerlo descarga :arrow_forward: DelFix.exe( en tu escritorio).

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona -Ejecutar como Administrador-).

  • Atención, ahora marca/selecciona únicamente la casilla "Create registry backup", las demás NO.

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

A continuación :warning: con los demás programas cerrados ve a :arrow_forward: Inicio :arrow_forward: Ejecutar :arrow_forward: y escribe Notepad.exe.

  • Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle America, Inc. -> Oracle Corporation)
GroupPolicyScripts: Restriction <==== ATTENTION
Task: {18DB4B31-BB4A-4BF6-95FB-0A533C9B9C72} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {199B5CAD-3549-4E35-89C8-FA3286ACE92E} - \WPD\SqmUpload_S-1-5-21-3568817562-1715426090-130718979-1001 -> No File <==== ATTENTION
Task: {1CD56F8A-134E-4862-8B11-8A50C3B3FE8E} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {1CDA4AA3-7B49-440D-9624-53EF5F3E9305} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {1F64AB04-80C1-48D7-A9D9-82729C52CE0E} - no filepath
Task: {2FCEC8E9-0B39-471D-AB16-205F539F076C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {33DB2B2B-3D36-4936-BCA7-C78FAF0DA8FF} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {4DC68755-5C14-4D73-92FE-42B248C45B5E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {5831EDA4-B28D-4C22-9513-3A42FBE11007} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {7DDB55CF-DE8D-4286-A74D-BF6FE3702196} - System32\Tasks\Uninstaller_SkipUac_jorge => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [5286672 2019-05-29] (IObit Information Technology -> IObit)
Task: {8E31506E-D768-42FF-A174-8E72D1092A89} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {9DFEAC00-EC48-4BC7-8BED-E07312CF655C} - no filepath
Task: {B4C00C9C-EEA0-458B-80DF-6B52C0917D09} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {C46DD237-27E4-4130-A407-DDDF145405E6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {CE20D781-83C9-4575-B437-8542450529C8} - \Microsoft\Office\OfficeTelemetryAgentLogOn -> No File <==== ATTENTION
Task: {CEFED091-5B0B-4F78-9331-622A939E15E2} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {D9BA1E63-2B51-482B-9D6D-C8EA15D03539} - \Microsoft\Office\OfficeTelemetryAgentFallBack -> No File <==== ATTENTION
Task: {DC69856F-A450-4C5B-910E-3A9B3C9613C4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {EA8A913F-F92F-4212-A433-BDB1B3DDC828} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {F36655FD-0769-4F26-919B-0E54A59F7D6E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {FBBA93B2-5FF8-49CB-A54D-07C12B53D295} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
SearchScopes: HKU\S-1-5-21-3568817562-1715426090-130718979-1001 -> {ACEED78C-2A4D-458D-A899-EAF193BD62A4} URL = 
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2018-07-19] (IObit Information Technology -> IObit)
FF Plugin HKU\S-1-5-21-3568817562-1715426090-130718979-1001: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll [No File]
FF Plugin HKU\S-1-5-21-3568817562-1715426090-130718979-1001: intel.com/AppUpx64 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll [No File]
CHR NewTab: Default ->  Active:"chrome-extension://mgmiemnjjchgkmgbeljfocdjjnpjnmcg/ntp.html"
CHR Extension: (Until AM Web App) - C:\Users\jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\kodigjkcpaoeodlnmcnekemakpnmegnk [2016-04-26]
CHR Extension: (Awesome New Tab Page) - C:\Users\jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgmiemnjjchgkmgbeljfocdjjnpjnmcg [2019-12-03]
CHR Extension: (Apple Shooter) - C:\Users\jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhfnlipcinfjmjplgegncjlmpnihecg [2018-07-19]
CHR Extension: (Chrome Media Router) - C:\Users\jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-12-16]
S2 PEGAGFN; \??\C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [X]
2019-12-10 16:01 - 2019-12-10 16:01 - 000000000 __HDC C:\ProgramData\{3A20D009-047D-496D-9874-DF40CA126D3C}
2019-12-10 15:59 - 2019-12-10 15:59 - 000000000 __HDC C:\ProgramData\{C0AE4A98-3E1D-45FB-8465-ECCCB391E633}
2019-12-10 15:58 - 2019-12-10 15:58 - 000000000 __HDC C:\ProgramData\{FD1615C0-ED4A-4CEB-94C3-1850BF1BAA6A}
2019-12-10 15:58 - 2019-12-10 15:58 - 000000000 __HDC C:\ProgramData\{E70386C6-507F-4906-86C2-96C1066BA097}
2019-12-10 15:57 - 2019-12-10 15:57 - 000000000 __HDC C:\ProgramData\{98529CCC-D431-4B85-965E-E98139A4FACD}
2019-12-03 17:41 - 2019-12-03 17:41 - 000000000 ____D C:\testintel2
2019-12-03 16:36 - 2019-12-03 16:36 - 000000000 _____ C:\Users\jorge\AppData\Local\{72996215-0A9F-48FE-A503-B8062B4D63AB}
2019-11-22 13:34 - 2019-11-22 13:35 - 000000000 ____D C:\testintel
2019-12-03 22:10 - 2019-06-19 20:38 - 000000000 ____D C:\Users\jorge\AppData\Roaming\IObit
2018-05-16 21:27 - 2018-05-16 21:27 - 000000000 _____ () C:\Users\jorge\AppData\Local\{436C9E25-0BFC-4C32-AA3C-17FEACFD38A5}
2019-12-03 16:36 - 2019-12-03 16:36 - 000000000 _____ () C:\Users\jorge\AppData\Local\{72996215-0A9F-48FE-A503-B8062B4D63AB}
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File

HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Guárdalo bajo el nombre de FIXLIST.TXT en el escritorio :arrow_backward: Esto es muy importante.

:o: Nota :o: Es importante que la herramienta FRST.exe (Farbar Recovery Scanner Tool) y FIXLIST.TXT se encuentren en la misma ubicación (escritorio) o si no, no trabajara.


Y ahora usa el 2º MÉTODO: de esta Faq de Windows 8(aplicable a Windows 10) :arrow_forward: ¿Cómo iniciar Windows 8/8.1 en Modo Seguro?, para trabajar desde ese modo de windows.

  • Ejecuta FRST.exe.(Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas -Ejecutar como Administrador-).
  • Presionar el botón FIX y aguardar a que termine.
  • La Herramienta guardara el reporte de reparación en el escritorio (FIXLOG.TXT).

Pega el contenido de este fichero en tu próxima respuesta.

Reiniciar el equipo y comprobar su funcionamiento en relación al problema planteado y comentarlo.

Un saludo