Virus invisible

Eliminar Malwares
11

Desinstalas:

  • Spybot
  • Panda

Ejecutas las herramientas de limpieza de Panda y Avast:

Bien… y ahora sigue estos pasos, MUY Importante ~ Realiza una copia de seguridad del registro :

  • Para hacerlo descarga Delfix en tu escritorio.

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona "Ejecutar como Administrador.")

  • Atención, ahora marca/selecciona únicamente la casilla "Create registry backup", las demás NO

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.


En el equipo con los demas programas cerrados:

Inicio >>> Ejecutar >>>Escribes notepad.exe.

Ahora copia y pega estos archivos dentro del Notepad:


Start
CreateRestorePoint:
CloseProcesses:

HKLM-x32\...\RunOnce: [PsNAvInstaller] => C:\WINDOWS\TEMP\Panda DomeDA88.tmp\setup.exe [1189336 2019-08-05] (Panda Security S.L. -> Panda Security, S.L.) <==== ATTENTION
HKU\S-1-5-21-2419783374-26214240-1524307561-1001\...\MountPoints2: {bd372f91-637b-11e8-a015-68f7284e136e} - "I:\setup.exe" 
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {368A69FE-48B8-4B66-886C-EDD6B6A86123} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\yuyub\AppData\Local\Temp\scoped_dir12260_1181962117\esetonlinescanner_esn.exe [8162616 2019-11-03] (ESET, spol. s r.o. -> ESET spol. s r.o.) <==== ATTENTION
Task: {E4BC5607-A82A-4B1D-9698-AE1E63319544} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\yuyub\AppData\Local\Temp\scoped_dir12260_1181962117\esetonlinescanner_esn.exe [8162616 2019-11-03] (ESET, spol. s r.o. -> ESET spol. s r.o.) <==== ATTENTION
SearchScopes: HKU\S-1-5-21-2419783374-26214240-1524307561-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [looohgelibjoplmkhecmalapkgadkfcc] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hcjdanpjacpeeppdjkppebobilhaglfo] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lecopdllcadfbliodgfpfbhgoaohmlfe] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [looohgelibjoplmkhecmalapkgadkfcc] - hxxps://clients2.google.com/service/update2/crx
2019-11-01 15:24 - 2019-11-01 23:33 - 000000000 ____D C:\Users\yuyub\AppData\Roaming\l4fgv4haylw
2019-11-01 15:23 - 2019-11-01 23:36 - 000000000 ____D C:\Users\yuyub\AppData\Roaming\ntldpwlgwo3
2019-11-01 15:14 - 2019-11-01 23:37 - 000000000 ____D C:\Program Files\F0FKB13TJP
2019-11-01 15:14 - 2019-11-01 23:36 - 000000000 ____D C:\Users\yuyub\AppData\Roaming\iz0qiywr2ym
2019-11-01 15:13 - 2019-11-01 23:37 - 000000000 ____D C:\Program Files\8OKJJNUSMW
2019-11-01 15:13 - 2019-11-01 23:36 - 000000000 ____D C:\Users\yuyub\AppData\Roaming\r24pzjh5flk
2019-11-01 15:04 - 2019-11-01 23:36 - 000000000 ____D C:\Users\yuyub\AppData\Roaming\vrcljz5xen0
2019-11-01 15:02 - 2019-11-01 23:36 - 000000000 ____D C:\Users\yuyub\AppData\Roaming\f2bihhcmvf0
2019-11-01 14:53 - 2019-11-01 23:36 - 000000000 ____D C:\Users\yuyub\AppData\Roaming\uxof1elgtuj
2019-11-01 14:52 - 2019-11-01 23:36 - 000000000 ____D C:\Users\yuyub\AppData\Roaming\ua5ynea4vto
2019-11-01 14:51 - 2019-11-03 13:26 - 000000000 ____D C:\Users\yuyub\AppData\Local\GoogleChromeUserData
2019-11-01 14:43 - 2019-11-01 23:36 - 000000000 ____D C:\Users\yuyub\AppData\Roaming\zyxcpeelmp0
2019-11-01 14:42 - 2019-11-01 23:37 - 000000000 ____D C:\Users\yuyub\AppData\Roaming\czkz4vjgcms
2019-11-01 14:42 - 2019-11-01 23:37 - 000000000 ____D C:\Program Files\0NIUXOOFNU
2019-11-01 14:33 - 2019-11-01 23:37 - 000000000 ____D C:\Users\yuyub\AppData\Roaming\253b31usbai
2019-11-01 14:33 - 2019-11-01 23:37 - 000000000 ____D C:\Program Files\ECV04XHOM8
2019-11-01 14:32 - 2019-11-01 23:36 - 000000000 ____D C:\Users\yuyub\AppData\Roaming\53omlxwz1kl
2019-11-01 01:06 - 2019-11-01 01:06 - 000000000 ____D C:\ProgramData\Lamia
2019-11-01 01:06 - 2019-11-01 01:06 - 000000000 ____D C:\ProgramData\hVVxek6q
2019-11-01 01:04 - 2019-11-01 01:04 - 001246160 _____ (Mozilla Foundation) C:\ProgramData\nss3.dll
2019-11-01 01:04 - 2019-11-01 01:04 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll
2019-11-01 01:02 - 2019-11-01 23:37 - 000000000 ____D C:\Users\yuyub\AppData\Roaming\v4gep5jkdro
2019-11-01 01:02 - 2019-11-01 01:05 - 000000000 ____D C:\ProgramData\EVVKWFOOXDQHD1YFE03ADD6SB
2019-11-01 00:58 - 2019-11-03 13:04 - 000000000 ____D C:\ProgramData\winnmgr
2019-11-01 00:57 - 2019-11-02 16:08 - 000000000 ____D C:\ProgramData\NtvHost
2019-11-01 00:55 - 2019-11-01 01:10 - 000000000 ____D C:\ProgramData\EventSvc
2019-11-01 00:53 - 2019-11-01 23:37 - 000000000 ____D C:\Users\yuyub\AppData\Roaming\suuy3ysrvxj
2019-11-01 00:53 - 2019-11-01 23:37 - 000000000 ____D C:\Program Files\RDPDQCE7XY
2019-11-01 00:52 - 2019-11-01 23:37 - 000000000 ____D C:\Program Files\3485FLQS0D
2019-10-31 15:21 - 2019-10-31 15:21 - 000000000 ____D C:\ProgramData\{9AD68BB1-B31A-721B-62AE-98FE6249C1AF}
2019-10-31 15:21 - 2019-10-31 15:21 - 000000000 ____D C:\ProgramData\{018D7543-4DE8-E940-9050-C36590B79A34}
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} =>  -> No File
ContextMenuHandlers1: [SDECon32] -> [CC]{44176360-2BBF-4EC1-93CE-384B8681A0BC} =>  -> No File
ContextMenuHandlers1: [SDECon64] -> [CC]{44176360-2BBF-4EC1-93CE-384B8681A0BC} =>  -> No File
ContextMenuHandlers2: [QuickFinderMenu] -> [CC]{0c5824b1-555e-4799-b8be-97b08362623b} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers4: [QuickFinderMenu] -> [CC]{0c5824b1-555e-4799-b8be-97b08362623b} =>  -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
FF SearchPlugin: C:\Users\yuyub\AppData\Roaming\Mozilla\Firefox\Profiles\lnkyzc8a.default-1533742726210\searchplugins\bing-lavasoft-ff59.xml [2019-11-01]
2019-11-01 00:03 - 2019-11-01 15:25 - 000000000 ____D C:\Users\yuyub\AppData\Roaming\Lavasoft
2019-11-01 00:03 - 2019-11-01 15:25 - 000000000 ____D C:\Users\yuyub\AppData\Local\Lavasoft
2019-11-01 00:03 - 2019-11-01 15:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2019-11-01 00:02 - 2019-11-01 15:25 - 000000000 ____D C:\ProgramData\Lavasoft
2019-11-01 00:02 - 2019-11-01 15:25 - 000000000 ____D C:\Program Files (x86)\Lavasoft
2019-10-31 23:49 - 2018-11-16 12:18 - 000000000 ____D C:\ProgramData\AVAST Software
2019-10-31 23:26 - 2018-11-16 12:36 - 000000000 ____D C:\Users\yuyub\AppData\Local\AVAST Software
FF Extension: (Avast Online Security) - C:\Users\yuyub\AppData\Roaming\Mozilla\Firefox\Profiles\lnkyzc8a.default-1533742726210\Extensions\[email protected] [2019-10-31]
CHR Extension: (Avast Online Security) - C:\Users\yuyub\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-11-03]


HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.<<

Nota: Es importante que la Hta Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no no trabajara.

  • Y ahora usa esta Faq de Windows ¿Cómo iniciar Windows en Modo Seguro (Aplicable a Windows 10)?, para trabajar desde ese modo de windows. (Usa el Metodo 1 y si no puedes, usa el Metodo 2)

  • Ejecutas Frst.exe.

  • Presionas el botón Fix y aguardas a que termine.

  • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).

Lo pegas en tu próxima respuesta, comentado como va el problema

1 me gusta