Window4.vbs y procesos desconocidos

Eliminar Malwares
11

Hola Krysthel

:arrow_forward: MUY Importante :arrow_backward: Realiza una copia de seguridad del registro :

  • Para hacerlo descarga :arrow_forward: DelFix.exe( en tu escritorio).

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona -Ejecutar como Administrador-).

  • Atención, ahora marca/selecciona únicamente la casilla "Create registry backup", las demás NO.

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

A continuación inicia tu equipo desde el Modo Seguro de Windows sin función de red

:warning: Con los demás programas cerrados ve a :arrow_forward: Inicio :arrow_forward: Ejecutar :arrow_forward: y escribe Notepad.exe.

  • Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-11-01] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-05] (Autodesk, Inc -> Autodesk, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [4426560 2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132019114444383\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132019114444547\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-3341360882-1119944086-3876861630-1001\...\Run: [Adobe Flash PlayerHTML5] => C:\backupsys\window3.vbs [91 2018-11-14] () [File not signed]
HKU\S-1-5-21-3341360882-1119944086-3876861630-1001\...\Run: [Google Chrome64bits] => C:\backupsys\window4.vbs [90 2018-11-14] () [File not signed]
HKU\S-1-5-21-3341360882-1119944086-3876861630-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22515488 2019-04-04] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-3341360882-1119944086-3876861630-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [35183504 2019-04-12] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-3341360882-1119944086-3876861630-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132019114444770\...\Run: [Adobe Flash PlayerHTML5] => C:\backupsys\window3.vbs [91 2018-11-14] () [File not signed]
HKU\S-1-5-21-3341360882-1119944086-3876861630-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132019114444770\...\Run: [Google Chrome64bits] => C:\backupsys\window4.vbs [90 2018-11-14] () [File not signed]
HKU\S-1-5-21-3341360882-1119944086-3876861630-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132019114444770\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22515488 2019-04-04] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-3341360882-1119944086-3876861630-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132019114444770\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [35183504 2019-04-12] (Epic Games Inc. -> Epic Games, Inc.)
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) [File not signed]
ShortcutTarget: Servidor de OPUS.lnk -> C:\OPUSCMS\server\s4server.exe (No File)
GroupPolicy: Restriction ? <==== ATTENTION
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
CHR DefaultSearchURL: Default -> hxxps://search.avira.com/#web/result?source=omnibar&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Avira
CHR DefaultSuggestURL: Default -> hxxps://search.avira.com/suggestions?q={searchTerms}&li=ff&hl=es
CHR Extension: (SpiderMan 2 Free Games) - C:\Users\Krysthel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeckkagoklkjfgglnhmgeecfiobmkjab [2017-09-24]
2019-04-12 16:20 - 2017-06-03 19:39 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
ShellIconOverlayIdentifiers: [     !AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.4.0.608\ASUSWSShellExt64.dll [2017-04-20] (ASUS Cloud Corporation.) [File not signed]
ShellIconOverlayIdentifiers: [     !AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.4.0.608\ASUSWSShellExt64.dll [2017-04-20] (ASUS Cloud Corporation.) [File not signed]
ShellIconOverlayIdentifiers: [     !AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.4.0.608\ASUSWSShellExt64.dll [2017-04-20] (ASUS Cloud Corporation.) [File not signed]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [BtSendToMenuEx] -> {CF24E6B8-F148-4BCB-9108-ADF313966E80} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {466C2752-C3FD-4072-953E-77D5CC2E72C5} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {4A71FA97-F3CE-49BD-A190-B79E921FE4AD} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.)
"C:\Windows\System32\Tasks\McAfee\McAfee Idle Detection Task" was unlocked. <==== ATTENTION
Task: {5121BAD9-E656-448A-BA43-418D7CCA9135} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) [File not signed]
Task: {66992CBA-6C78-4381-94D3-BDDA90A960F9} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {F7DCA37F-F514-411C-AEAB-A0D3D89E4344} - System32\Tasks\Google Chrome32 => C:\backupsys\window3.vbs () [File not signed] <==== ATTENTION
ShortcutWithArgument: C:\Users\Krysthel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\13c0b30ab866affd\SpiderMan 2 Free Games.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=aeckkagoklkjfgglnhmgeecfiobmkjab
2019-04-12 14:52 - 2019-04-12 14:52 - 000547840 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\chrome_elf.dll
AlternateDataStreams: C:\ProgramData\Temp:A1EDB939 [114]
FirewallRules: [UDP Query User{5AFF18CE-A549-424A-B5E6-61BF1678B455}C:\program files (x86)\age of empires ii the conquerors\age2_x1.exe] => (Allow) C:\program files (x86)\age of empires ii the conquerors\age2_x1.exe (Microsoft Corporation) [File not signed]
FirewallRules: [TCP Query User{BA9B32DC-299B-40F0-899A-7F806A9C19EA}C:\program files (x86)\age of empires ii the conquerors\age2_x1.exe] => (Allow) C:\program files (x86)\age of empires ii the conquerors\age2_x1.exe (Microsoft Corporation) [File not signed]
FirewallRules: [UDP Query User{35B29E10-9866-4DE2-A9B5-79720C3AF6EB}C:\program files (x86)\age of empires ii the conquerors\age2_x1.exe] => (Block) C:\program files (x86)\age of empires ii the conquerors\age2_x1.exe (Microsoft Corporation) [File not signed]
FirewallRules: [TCP Query User{4A41837C-FC3A-4DD0-AB60-6144D38553DF}C:\program files (x86)\age of empires ii the conquerors\age2_x1.exe] => (Block) C:\program files (x86)\age of empires ii the conquerors\age2_x1.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{12EB08E5-67FA-428B-BAD4-E2844E47E8C6}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe (RemoteMouse.net) [File not signed]
FirewallRules: [{ACA412DA-545D-42F3-A13A-CE0E4F485D8A}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe (RemoteMouse.net) [File not signed]
FirewallRules: [{D464A9CA-B6DC-482E-8172-668F95067031}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe (RemoteMouse.net) [File not signed]
FirewallRules: [{FB4945F7-C321-4E7C-A0F6-9B0976FDA782}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe (RemoteMouse.net) [File not signed]
FirewallRules: [{252BF391-7757-4C03-81FD-6DE0020075BA}] => (Allow) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe (SafeNet, Inc.) [File not signed]
FirewallRules: [{2EE3E327-759D-4B62-A4B9-7478752E3352}] => (Allow) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe (SafeNet, Inc.) [File not signed]

HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Guárdalo bajo el nombre de FIXLIST.TXT en el escritorio :arrow_backward: Esto es muy importante.

:o: Nota :o: Es importante que la herramienta FRST.exe (Farbar Recovery Scanner Tool) y FIXLIST.TXT se encuentren en la misma ubicación (escritorio) o si no, no trabajara.


  • Ejecuta FRST.exe.(Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas -Ejecutar como Administrador-).
  • Presionar el botón FIX y aguardar a que termine.
  • La Herramienta guardara el reporte de reparación en el escritorio (FIXLOG.TXT).

Pega el contenido de este fichero en tu próxima respuesta.

Reiniciar el equipo y comprobar su funcionamiento en relación al problema planteado y comentarlo.

Un saludo