Sospecho tener algun malware oculto en mi pc pero no tengo ni idea de que se trata

Eliminar Malwares
14

Hola @Ismael_Longat_Marrer

Sigue estos pasos:

1.- Muy Importante >>> Realizar una copia de Seguridad de su Registro.

  • Descarga DelFix en el escritorio de Windows.
  • Clic Derecho, “Ejecutar como Administrador”.
  • En la ventana principal, marca solamente la casilla “Create Registry Backup”.
  • Clic en Run.

Al terminar se abrirá un reporte llamado DelFix.txt, guárdelo por si fuera necesario y cierre la herramienta…

2.- Inicie su ordenador en >>> Modo Seguro

Luego vaya a::

Inicio >>> Ejecutar >>> Escribe notepad.exe o abra un nuevo archivo Notepad y copie y pegue lo siguiente:

Start
CloseProcesses:
HKU\S-1-5-21-2375054329-1883842248-1515162951-1001\...\Policies\Explorer: [] 
HKU\S-1-5-21-2375054329-1883842248-1515162951-1001\...\MountPoints2: {0504b5ae-1728-11e8-9974-9061ae195865} - "F:\setup.exe" 
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (No File)
Tcpip\Parameters: [DhcpNameServer] 10.1.192.12 10.1.192.13
Tcpip\..\Interfaces\{418f0085-aa9e-4264-aea3-f9094eea0174}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{a5ddb8c8-1853-41cc-9985-13fc5eee4526}: [DhcpNameServer] 10.1.192.12 10.1.192.13
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2018-07-19] (IObit)
FF NewTab: Mozilla\Firefox\Profiles\9lh2kwu8.default-1528310702060 -> hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10440__181116
CHR HKLM\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd
CHR HKLM-x32\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jkfpchpiljkaemlpmpebnglgkomamfeo] - hxxps://clients2.google.com/service/update2/crx
3 AvastWscReporter; "C:\Program Files\AVAST Software\Avast\wsc_proxy.exe" 
Task: {95061D0D-0185-410E-A4F6-0B1E8F94F970} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe
/runassvc [X]
C:\Program Files\Common Files\AVAST Software
AlternateDataStreams: C:\Users\Public\AppData:CSM [486]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [482]
FirewallRules: [UDP Query User{D0447D86-FB04-4AD7-8146-4569E2BAB5C6}C:\users\ismael\downloads\subnautica\subnautica - toplayandrew\subnautica.exe] => (Allow) C:\users\ismael\downloads\subnautica\subnautica - toplayandrew\subnautica.exe No File
FirewallRules: [TCP Query User{97A764D0-40F7-4326-B9EC-35CE4170B742}C:\users\ismael\downloads\subnautica\subnautica - toplayandrew\subnautica.exe] => (Allow) C:\users\ismael\downloads\subnautica\subnautica - toplayandrew\subnautica.exe No File
FirewallRules: [TCP Query User{F9A0E788-B6B0-45CE-8A5A-EEDF60F6B37A}C:\program files\epic games\unrealtournament\windowsserver\engine\binaries\win64\ue4server-win64-shipping.exe] => (Allow) C:\program files\epic games\unrealtournament\windowsserver\engine\binaries\win64\ue4server-win64-shipping.exe No File
FirewallRules: [UDP Query User{E21E4EB2-A460-44F6-926B-378F219A8C8E}C:\program files\epic games\unrealtournament\windowsserver\engine\binaries\win64\ue4server-win64-shipping.exe] => (Allow) C:\program files\epic games\unrealtournament\windowsserver\engine\binaries\win64\ue4server-win64-shipping.exe No File
FirewallRules: [{9CA6DFED-0EC7-4D7A-8491-67B39ABFA131}] => (Block) C:\program files\epic games\unrealtournament\windowsserver\engine\binaries\win64\ue4server-win64-shipping.exe No File
FirewallRules: [{1577DC14-2413-428D-BF26-8A6CA5977F1D}] => (Block) C:\program files\epic games\unrealtournament\windowsserver\engine\binaries\win64\ue4server-win64-shipping.exe No File
FirewallRules: [{1A32FC51-9108-4146-B533-E9DF14F23832}] => (Allow) C:\Users\Ismael\AppData\Local\Warframe\Downloaded\Public\Warframe.exe No File
FirewallRules: [{D3419582-6C5B-4A72-BC91-804DBED3F37D}] => (Allow) C:\Users\Ismael\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe No File
FirewallRules: [{777E144E-FF8A-4A09-BD0D-8BE8A6C46603}] => (Allow) C:\Users\Ismael\AppData\Local\Warframe\Downloaded\Public\Warframe.exe No File
FirewallRules: [{020C61F2-BC88-4623-91B2-8A5FF14DA02A}] => (Allow) C:\Users\Ismael\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe No File
FirewallRules: [{8FC1CAC9-D877-4030-B142-15FBD9622ECD}] => (Allow) C:\Users\Ismael\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe No File
FirewallRules: [{27DFE163-5C0B-48E6-A5AD-62DE9051D721}] => (Allow) C:\Users\Ismael\AppData\Local\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe No File
FirewallRules: [{F9DB3E39-A975-4A4E-BD58-CD778584234E}] => (Allow) C:\Users\Ismael\AppData\Local\Warframe\Downloaded\Public\Warframe.exe No File
FirewallRules: [{E5D2EAF1-1068-4FE5-A505-9CFEE4EB3644}] => (Allow) C:\Users\Ismael\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe No File
FirewallRules: [{57AEAD98-441F-45C9-9CA7-09A393BCEADC}] => (Allow) C:\Users\Ismael\AppData\Local\Warframe\Downloaded\Public\Warframe.exe No File
FirewallRules: [{085E69F1-536B-44F5-8215-27D2CAD683C4}] => (Allow) C:\Users\Ismael\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe No File
FirewallRules: [{564592A8-336F-42BC-9E89-C77396532BD8}] => (Allow) C:\Users\Ismael\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe No File
FirewallRules: [{735919F9-6BA6-4897-865C-3F897D435857}] => (Allow) C:\Users\Ismael\AppData\Local\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe No File
FirewallRules: [{6E0224E8-382A-41C8-90B8-AC111B640E74}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe No File
FirewallRules: [{C8F1AB71-7859-4E74-93BB-E4C7E56D889C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe No File
FirewallRules: [{8841C8BA-EFF4-4319-8789-D360AAB2A33E}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe No File
FirewallRules: [{5967BEF8-F956-4283-90AB-A2A5A7B43752}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe No File
C:\Program Files\AVAST Software\Avast
U3 aswbdisk; no ImagePath
2019-01-02 22:49 - 2019-01-02 22:49 - 000000000 ___HD C:\ProgramData\temp
2019-01-02 22:45 - 2018-11-15 21:36 - 000000000 ____D C:\Users\Ismael\AppData\Roaming\Lavasoft
2019-01-02 22:45 - 2018-11-15 21:36 - 000000000 ____D C:\Program Files (x86)\Lavasoft
2019-01-02 22:21 - 2018-11-15 21:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2019-01-02 13:47 - 2018-11-15 22:44 - 000000000 ____D C:\Users\Ismael\AppData\Local\AVAST Software
2019-01-02 13:47 - 2018-11-15 21:40 - 000000000 ____D C:\ProgramData\AVAST Software
C:\ProgramData\AVAST Software
2019-01-02 13:46 - 2018-11-15 22:19 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2019-01-02 13:31 - 2018-11-15 22:20 - 000004264 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Task: {5887BCAB-8E08-4EB8-915C-F1E04E1C6CC6} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
  • Lo guarda bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.

Nota: Es necesario que el ejecutable Frst.exe/Frst64.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajará.

  • Ejecute Frst.exe o Frst64.exe. según el caso.
  • Presione el botón Fix y aguarde a que termine.
  • La Herramienta guardará el reporte en su escritorio (Fixlog.txt).
  • Reinicia y lo pega en su próxima respuesta.

Nos comentas…

Salu2