Acceso directo en usb o msiexec no se elimina


#1

buenas… tengo un problema con mi computadora la cual tiene instalado windows XP y cada vez que coloco una usb o una tarjeta o memorias… se crea un acceso directo de ese dispositivo. ya he intentado de todo… y me he dado cuenta que siempre sale este programa o lo q sea de “msiexec” no se que puedo hacer … necesito ayuda para eliminarlo de mi computadora repito esta con windows XP y no tiene internet… ayudenme porfavor comunidad … de antemano muchas gracias


#2

Hola

Necesitas descargar el programa que te voy a poner, desde otro dispositivo, y luego lo ejecutas como indique

Realizas un Full Analisis y me pones log, comentado como va todo ( realizado con tus Usbs conectados al Pc)


#3

buenos dias… gracias por tu respuiesta… aqui adjunto el archivo q me dejo el programa de usbfix…

# ----------------------------------------------------
# UsbFix Antivirus Free
# ----------------------------------------------------
# Versión : 11.002
# Base de datos : 24-07-2018 
# Contacto : https://www.usb-antivirus.com/es/contacto
# ----------------------------------------------------
# Tipo de escaneo : Full
# Usuario : Administrador (Administrador)
# Comenzó : 25/11/2018 10:33:59
# ----------------------------------------------------

------------ | Discos analizados |

C:\	NTFS	(79GB/115GB)	[Fixed] 
D:\	NTFS	(42GB/118GB)	[Fixed] 
G:\	FAT32	(15GB/15GB)	[Removable] 

------------ | Elemento(s) infectado(s) |

G:\NAN (16GB).lnk -> G:\ \{E8C3A970-13B4-4669-9D0A-6AB375E5298A}.{B64BCB74-7595-40EF-8673-7E59EE8F2565}
Restorado! G:\ 
No suprimido ! ... Tentative au redémarrage ... HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|543640315
Borrado! G:\ \{E8C3A970-13B4-4669-9D0A-6AB375E5298A}.{B64BCB74-7595-40EF-8673-7E59EE8F2565}
Borrado! G:\NAN (16GB).lnk

------------ | Run |

F2 - HKLM\..\Winlogon : [Shell] Explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] C:\WINDOWS\system32\userinit.exe,
04 - HKCU\..\Run : [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Archivos de programa\Archivos comunes\Ahead\Lib\NMBgMonitor.exe"
04 - HKCU\..\Run : [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
04 - HKCU\..\Run : [CCleaner Smart Cleaning] "C:\Archivos de programa\CCleaner\CCleaner.exe" /MONITOR
04 - HKLM\..\Run : [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
04 - HKLM\..\Run : [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
04 - HKLM\..\Run : [Persistence] C:\WINDOWS\system32\igfxpers.exe
04 - HKLM\..\Run : [RTHDCPL] RTHDCPL.EXE
04 - HKLM\..\Run : [NeroFilterCheck] C:\Archivos de programa\Archivos comunes\Ahead\Lib\NeroCheck.exe
04 - HKLM\..\Run : [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
04 - HKLM\..\Run : [Adobe Reader Speed Launcher] "C:\Archivos de programa\Adobe\Reader 9.0\Reader\Reader_sl.exe"
04 - HKLM\..\Run : [ISUSScheduler] "C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\issch.exe" -start
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe"
04 - HKLM\..\Policies\Explorer\run : [543640315] "C:\Documents and Settings\All Users\msogrtnte.exe"
04 - HKU\S-1-5-19\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
04 - HKU\S-1-5-20\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
04 - HKU\S-1-5-21-1801674531-2025429265-839522115-500\..\Run : [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Archivos de programa\Archivos comunes\Ahead\Lib\NMBgMonitor.exe"
04 - HKU\S-1-5-21-1801674531-2025429265-839522115-500\..\Run : [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
04 - HKU\S-1-5-21-1801674531-2025429265-839522115-500\..\Run : [CCleaner Smart Cleaning] "C:\Archivos de programa\CCleaner\CCleaner.exe" /MONITOR
04 - HKU\S-1-5-18\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE

------------ | C:\ %SystemDrive% - Disco fijo (NTFS) |

[20/07/2012 - 07:58:15 | A | 0 Ko] - ches.txt
[20/07/2012 - 07:58:19 | A | 0 Ko] - chesx.txt
[13/10/2010 - 06:01:16 | A | 0 Ko] - CONFIG.SYS
[13/10/2010 - 06:01:16 | RASH | 0 Ko] - MSDOS.SYS
[13/10/2010 - 06:01:16 | RASH | 0 Ko] - IO.SYS
[25/11/2018 - 10:32:04 | ASH | 1560576 Ko] - pagefile.sys
[18/06/2016 - 18:13:00 | A | 13 Ko] - PDOXUSRS.NET
[22/11/2018 - 19:56:42 | SHD] - Config.Msi
[13/10/2010 - 06:10:30 | A | 2 Ko] - RHDSetup.log
[05/09/2016 - 13:24:50 | SH | 0 Ko] - boot.ini
[22/11/2018 - 20:15:22 | RASHD] - autorun.inf
[07/01/2014 - 22:51:01 | A | 900 Ko] - PA7302.DAT
[03/08/2004 - 22:38:34 | A | 46 Ko] - NTDETECT.COM
[24/08/2001 - 05:00:00 | RASH | 5 Ko] - Bootfont.bin
[13/10/2010 - 06:01:16 | A | 0 Ko] - AUTOEXEC.BAT
[13/10/2010 - 06:07:47 | D] - Intel
[13/10/2010 - 06:23:09 | RASH | 245 Ko] - ntldr
[13/10/2010 - 08:42:06 | SHD] - RECYCLER
[29/10/2010 - 09:21:42 | RHD] - MSOCache
[29/10/2010 - 12:43:29 | D] - CoView
[13/04/2011 - 10:37:25 | D] - !KillBox
[05/05/2011 - 00:44:04 | D] - 17007b37cc6a6f45e28918e783d33cd6
[05/05/2011 - 00:47:00 | D] - 4f1e556f14e9f95577dd2838e343a324
[18/06/2011 - 23:06:58 | D] - Documents and Settings
[24/06/2014 - 18:36:10 | D] - update
[16/07/2016 - 22:56:51 | D] - WiNdowSALFA
[23/08/2018 - 14:59:25 | D] - SNES
[22/11/2018 - 18:01:34 | D] - AdwCleaner
[22/11/2018 - 19:58:50 | D] - WINDOWS
[25/11/2018 - 10:33:42 | RD] - Archivos de programa

------------ | D:\ - Disco fijo (NTFS) |

[31/07/2017 - 21:26:20 | A | 33 Ko] - VirtualDJ Local Database v6.xml
[22/11/2018 - 16:27:15 | A | 181 Ko] - VirtualDJ Local Database v5.xml
[06/07/2016 - 16:45:15 | A | 36202 Ko] - K-Lite_Codec_Pack By iMb_1090_.rar
[16/03/2017 - 13:46:52 | A | 126574 Ko] - PDF-XChng dtr Pls 6.0.317.1 por YouTutosJeff.rar
[24/04/2018 - 06:55:55 | A | 287 Ko] - signos de alarma.pdf
[18/08/2009 - 11:10:01 | ASH | 0 Ko] - desktop.ini
[22/11/2018 - 20:15:22 | RASHD] - autorun.inf
[06/07/2007 - 23:36:38 | D] - SWISHMAX
[03/06/2009 - 10:35:00 | RHD] - MSOCache
[20/11/2009 - 14:28:01 | SD] - Mis formas
[29/10/2010 - 12:00:58 | SHD] - RECYCLER
[25/01/2012 - 18:18:03 | RD] - Mis vídeos
[11/04/2012 - 10:02:49 | RD] - Mis imágenes
[30/04/2012 - 17:13:22 | D] - Photo Impact 11
[08/07/2013 - 20:29:16 | D] - NORA
[14/05/2018 - 21:59:43 | RD] - BAD BOY
[31/07/2018 - 16:20:23 | D] - Anestesiologia
[31/07/2018 - 16:20:42 | D] - CEACCES
[31/07/2018 - 16:21:43 | D] - Cirugia
[31/07/2018 - 16:22:33 | D] - CLINICA
[31/07/2018 - 16:28:09 | D] - Ginecologia
[31/07/2018 - 19:21:50 | D] - Neumologia
[31/07/2018 - 19:22:35 | D] - DATMED
[31/07/2018 - 19:22:38 | D] - dermatologia
[31/07/2018 - 19:22:43 | D] - EVOLUCIONES
[31/07/2018 - 19:22:47 | D] - exposciones
[31/07/2018 - 19:23:51 | D] - hospi
[31/07/2018 - 19:25:34 | D] - INTERNADO CLINICA
[31/07/2018 - 20:23:42 | D] - MIR
[31/07/2018 - 20:25:15 | D] - Oftalmologia
[31/07/2018 - 20:25:38 | D] - Otorrinolaringologia
[31/07/2018 - 20:25:48 | D] - Otorrinologia
[31/07/2018 - 20:25:51 | D] - Parasitologia
[31/07/2018 - 20:26:24 | D] - Pediatria 2
[31/07/2018 - 20:27:18 | D] - Traumatologia
[31/07/2018 - 20:29:02 | D] - Urologia
[31/07/2018 - 20:29:23 | D] - wp
[31/07/2018 - 20:35:42 | D] - doc
[31/07/2018 - 21:41:44 | D] - imagenes y videos
[31/07/2018 - 22:37:38 | D] - descargas
[01/08/2018 - 09:08:53 | D] - importante
[12/08/2018 - 21:34:10 | D] - MED
[12/08/2018 - 21:34:35 | D] - USB NAN
[09/09/2018 - 20:02:09 | D] - IMAG
[18/09/2018 - 19:05:59 | D] - fotos inter
[14/10/2018 - 23:11:21 | D] - hlfm
[15/10/2018 - 10:59:33 | D] - DOC1
[15/10/2018 - 11:05:55 | D] - libros2
[16/10/2018 - 18:10:08 | D] - Comunitario
[16/10/2018 - 18:10:55 | D] - Nueva carpeta
[17/10/2018 - 12:22:01 | D] - pediatria2
[17/10/2018 - 12:30:41 | D] - LIBROS
[17/10/2018 - 12:37:36 | D] - Pediatria
[17/10/2018 - 12:38:25 | D] - datos
[22/11/2018 - 15:28:52 | D] - musica hernan
[22/11/2018 - 18:51:00 | RD] - Mi música

------------ | G:\ - Disco extraíble (FAT32) |

[25/11/2018 - 10:33:08 | A | 1 Ko] - NAN (16GB).lnk
[25/11/2018 - 10:32:58 | SHD] -  

Elemento(s) infectado(s) : 4
Elementos analizados : 251025 en 00h 00m 56s

# UsbFix-Report-01.txt [7258B]

------------ | E.O.F  |

#4

Como va el problema planteado?


#5

buenas… pues aun se sigue generando el acceso directo una vez q conecto alguna memoria o una microusb


#6

Como dices que en ese pc no tienes conexion a internet, te voy a mandar dos programas que se pueden usar sin ella:

Para usar Dr Web, recuerda tener conectados los Usbs


  • Desactiva Temporalmente tu antivirus y cualquier programa de seguridad.

  • Descarga a Tu Escritorio >> Esto es muy importante<<.,Fabar Recovery Scan Tool, considerando la versión adecuada para tu equipo. (32 o 64 bits) :arrow_forward: ¿Cómo saber si mi Windows es de 32 o 64 bits?

  • Doble clic para ejecutar Frst.exe. En la ventana del Disclaimer, presiona Yes.

  • En la nueva ventana que se abre, presiona el botón Scan y espera a que concluya el análisis.

  • Se abrirán dos (2) archivos (Logs), Frst.txt y Addition.txt, que estarán grabados en Tu escritorio.

En Tu próxima respuesta, copias y pegas los dos reportes Frst.txt y Addition.txt de FRST

Nota: Si el/los reportes solicitados no entraran en una sola respuesta porque superan la cantidad de caracteres permitidos, puedes utilizar dos o mas respuestas para pegarlos completamente.


#7
Total 131625760448 bytes in 114935 files scanned (274739 objects)
Total 114914 files (274678 objects) are clean
Total 5 files (7 objects) are infected
Total 52 files are raised error condition
Scan time is 02:01:08.922

-----------------------------------------------------------------------------
Start curing
-----------------------------------------------------------------------------

C:\documents and settings\all users\msogrtnte.exe - quarantined, reboot required
C:\Documents and Settings\Administrador\Configuración local\Temp\~nsuA.tmp\Un_A.exe - quarantined
C:\System Volume Information\_restore{FFA82DF6-8E9F-4D79-9D9E-A70EA8D41CC5}\RP983\A0531434.exe - quarantined
C:\System Volume Information\_restore{FFA82DF6-8E9F-4D79-9D9E-A70EA8D41CC5}\RP985\A0531469.exe - quarantined
G:\ \{A09F1530-6E1E-40CA-BA4E-C9AD38D2D805}.{A3D73EA6-E980-4AF7-A5B2-972BF0233C97} - quarantined

Total 131625760448 bytes in 114935 files scanned (274739 objects)
Total 114914 files (274678 objects) are clean
Total 5 files (7 objects) are infected
Total 5 files are neutralized
Total 52 files are raised error condition
Scan time is 02:01:08.922

Addition.txt (43,3 KB) FRST.txt (21,9 KB) listo estos son los q me dejaron los dos programas… ejecute primero el dr web y luwgo el otro…


#8

Bien… y ahora sigue estos pasos, MUY Importante ~ Realiza una copia de seguridad del registro :

  • Para hacerlo descarga Delfix en tu escritorio.

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona "Ejecutar como Administrador.")

  • Atención, ahora marca/selecciona únicamente la casilla "Create registry backup", las demás NO

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.


En el equipo con los demas programas cerrados:

Inicio >>> Ejecutar >>>Escribes notepad.exe.

Ahora copia y pega estos archivos dentro del Notepad:


Start
CreateRestorePoint:
CloseProcesses:

Winlogon\Notify\!SASWinLogon: C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.DLL [X]
HKU\S-1-5-21-1801674531-2025429265-839522115-500\...\MountPoints2: {26ab4b02-ee2e-11e0-a0b4-00e04d917897} - G:\AutoRun.exe
HKU\S-1-5-21-1801674531-2025429265-839522115-500\...\MountPoints2: {2f131a81-9ac9-11e0-a007-00e04d917897} - G:\AutoRun.exe
HKU\S-1-5-21-1801674531-2025429265-839522115-500\...\MountPoints2: {4385b2a0-aa61-11e0-a038-00e04d917897} - G:\AutoRun.exe
HKU\S-1-5-21-1801674531-2025429265-839522115-500\...\MountPoints2: {79abbba4-a5d4-11e0-a025-00e04d917897} - G:\AutoRun.exe
HKU\S-1-5-21-1801674531-2025429265-839522115-500\...\MountPoints2: {8350af28-d76d-11e0-a076-00e04d917897} - G:\AutoRun.exe
HKU\S-1-5-21-1801674531-2025429265-839522115-500\...\MountPoints2: {b41343a4-abfd-11e1-a1cf-b98e3f72e29a} - E:\AutoRun.exe
HKU\S-1-5-21-1801674531-2025429265-839522115-500\...\MountPoints2: {b41343aa-abfd-11e1-a1cf-f2708756a6cd} - E:\AutoRun.exe
HKU\S-1-5-21-1801674531-2025429265-839522115-500\...\MountPoints2: {b8759478-dcd8-11e0-a07b-00e04d917897} - G:\AutoRun.exe
HKU\S-1-5-21-1801674531-2025429265-839522115-500\...\MountPoints2: {b96b3cf2-7756-11e1-a195-ed8c861c7000} - G:\AutoRun.exe
HKU\S-1-5-21-1801674531-2025429265-839522115-500\...\MountPoints2: {b96b3cf4-7756-11e1-a195-ed8c861c7000} - G:\AutoRun.exe
HKU\S-1-5-21-1801674531-2025429265-839522115-500\...\MountPoints2: {e86270df-4f6a-11e1-a132-00e04d917897} - G:\AutoRun.exe
HKU\S-1-5-21-1801674531-2025429265-839522115-500\...\MountPoints2: {ec06156c-67c4-11e0-9f88-00e04d917897} - G:\AutoRun.exe
HKU\S-1-5-21-1801674531-2025429265-839522115-500\...\MountPoints2: {f716f258-64cd-11e1-a159-b69b172686b5} - G:\AutoRun.exe
HKU\S-1-5-21-1801674531-2025429265-839522115-500\...\MountPoints2: {fc5e0438-4f6d-11e1-a133-80f663d6c828} - G:\AutoRun.exe
ShellExecuteHooks: No Name - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} -  -> No File
SearchScopes: HKLM -> DefaultScope value is missing
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Archivos de programa\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 Huawei; system32\DRIVERS\ewdcsc.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S4 IntelIde; no ImagePath
S3 massfilter; system32\drivers\massfilter.sys [X]
U1 WS2IFSL; no ImagePath
2018-10-14 22:55 - 2008-04-14 00:48 - 002091520 _____ (Microsoft Corporation) C:\Documents and Settings\Administrador\Configuración local\Temp\cdo1639322225.dll
2011-06-18 23:07 - 2006-09-13 04:18 - 000049152 ____C (Nero AG) C:\Documents and Settings\Invitado\Configuración local\Temp\NeroSearchTrayHook_{8EEBD1C9-132F-458D-A450-9C33047140E2}.dll
C:\Windows\System32\nsprs.dll
C:\Windows\System32\serauth1.dll
C:\Windows\System32\serauth2.dll
C:\Windows\System32\ssprs.dll
WMI:subscription\__FilterToConsumerBinding->\\.\root\subscription:MSFT_UCScenarioControl.Name=\"Microsoft WMI Updating Consumer Scenario Control\"",Filter="\\.\root\subscription:__EventFilter.Name=\"Microsoft WMI Updating Consumer Scenario Control\":
WMI:subscription\__EventFilter->Microsoft WMI Updating Consumer Scenario Control:
Shortcut: C:\Documents and Settings\Administrador\Menú Inicio\Programas\Virtual DJ\Online Help.lnk -> hxxp://www.virtualdj.com/support
Shortcut: C:\Documents and Settings\Administrador\Menú Inicio\Programas\Virtual DJ\www.virtualdj.com.lnk -> hxxp://www.virtualdj.com
Shortcut: C:\Documents and Settings\Administrador\Entorno de red\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co
AlternateDataStreams: C:\Documents and Settings\All Users\Datos de programa\TEMP:F35A93AD [214]


HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
END

Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.<<

Nota: Es importante que la Hta Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no no trabajara.

  • Y ahora usa esta Faq de Windows ¿Cómo iniciar Windows en Modo Seguro?, para trabajar desde ese modo de windows.

  • Ejecutas Frst.exe.

  • Presionas el botón Fix y aguardas a que termine.

  • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).

Lo pegas en tu próxima respuesta, comentado como va el problema


#10

perdona ya me di cuenta del programa que era… bueno aqui esta el reporte que me dejo luego de realizar los pasos.

Fix result of Farbar Recovery Scan Tool (x86) Version: 21.11.2018
Ran by Administrador (26-11-2018 10:26:36) Run:1
Running from C:\Documents and Settings\Administrador\Escritorio
Loaded Profiles: Administrador (Available Profiles: Administrador & Invitado)
Boot Mode: Safe Mode (minimal)

==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:

Winlogon\Notify\!SASWinLogon: C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.DLL [X]
HKU\S-1-5-21-1801674531-2025429265-839522115-500\...\MountPoints2: {26ab4b02-ee2e-11e0-a0b4-00e04d917897} - G:\AutoRun.exe
HKU\S-1-5-21-1801674531-2025429265-839522115-500\...\MountPoints2: {2f131a81-9ac9-11e0-a007-00e04d917897} - G:\AutoRun.exe
HKU\S-1-5-21-1801674531-2025429265-839522115-500\...\MountPoints2: {4385b2a0-aa61-11e0-a038-00e04d917897} - G:\AutoRun.exe
HKU\S-1-5-21-1801674531-2025429265-839522115-500\...\MountPoints2: {79abbba4-a5d4-11e0-a025-00e04d917897} - G:\AutoRun.exe
HKU\S-1-5-21-1801674531-2025429265-839522115-500\...\MountPoints2: {8350af28-d76d-11e0-a076-00e04d917897} - G:\AutoRun.exe
HKU\S-1-5-21-1801674531-2025429265-839522115-500\...\MountPoints2: {b41343a4-abfd-11e1-a1cf-b98e3f72e29a} - E:\AutoRun.exe
HKU\S-1-5-21-1801674531-2025429265-839522115-500\...\MountPoints2: {b41343aa-abfd-11e1-a1cf-f2708756a6cd} - E:\AutoRun.exe
HKU\S-1-5-21-1801674531-2025429265-839522115-500\...\MountPoints2: {b8759478-dcd8-11e0-a07b-00e04d917897} - G:\AutoRun.exe
HKU\S-1-5-21-1801674531-2025429265-839522115-500\...\MountPoints2: {b96b3cf2-7756-11e1-a195-ed8c861c7000} - G:\AutoRun.exe
HKU\S-1-5-21-1801674531-2025429265-839522115-500\...\MountPoints2: {b96b3cf4-7756-11e1-a195-ed8c861c7000} - G:\AutoRun.exe
HKU\S-1-5-21-1801674531-2025429265-839522115-500\...\MountPoints2: {e86270df-4f6a-11e1-a132-00e04d917897} - G:\AutoRun.exe
HKU\S-1-5-21-1801674531-2025429265-839522115-500\...\MountPoints2: {ec06156c-67c4-11e0-9f88-00e04d917897} - G:\AutoRun.exe
HKU\S-1-5-21-1801674531-2025429265-839522115-500\...\MountPoints2: {f716f258-64cd-11e1-a159-b69b172686b5} - G:\AutoRun.exe
HKU\S-1-5-21-1801674531-2025429265-839522115-500\...\MountPoints2: {fc5e0438-4f6d-11e1-a133-80f663d6c828} - G:\AutoRun.exe
ShellExecuteHooks: No Name - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} -  -> No File
SearchScopes: HKLM -> DefaultScope value is missing
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Archivos de programa\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 Huawei; system32\DRIVERS\ewdcsc.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S4 IntelIde; no ImagePath
S3 massfilter; system32\drivers\massfilter.sys [X]
U1 WS2IFSL; no ImagePath
2018-10-14 22:55 - 2008-04-14 00:48 - 002091520 _____ (Microsoft Corporation) C:\Documents and Settings\Administrador\Configuracin local\Temp\cdo1639322225.dll
2011-06-18 23:07 - 2006-09-13 04:18 - 000049152 ____C (Nero AG) C:\Documents and Settings\Invitado\Configuracin local\Temp\NeroSearchTrayHook_{8EEBD1C9-132F-458D-A450-9C33047140E2}.dll
C:\Windows\System32\nsprs.dll
C:\Windows\System32\serauth1.dll
C:\Windows\System32\serauth2.dll
C:\Windows\System32\ssprs.dll
WMI:subscription\__FilterToConsumerBinding->\\.\root\subscription:MSFT_UCScenarioControl.Name=\"Microsoft WMI Updating Consumer Scenario Control\"",Filter="\\.\root\subscription:__EventFilter.Name=\"Microsoft WMI Updating Consumer Scenario Control\":
WMI:subscription\__EventFilter->Microsoft WMI Updating Consumer Scenario Control:
Shortcut: C:\Documents and Settings\Administrador\Men Inicio\Programas\Virtual DJ\Online Help.lnk -> hxxp://www.virtualdj.com/support
Shortcut: C:\Documents and Settings\Administrador\Men Inicio\Programas\Virtual DJ\www.virtualdj.com.lnk -> hxxp://www.virtualdj.com
Shortcut: C:\Documents and Settings\Administrador\Entorno de red\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co
AlternateDataStreams: C:\Documents and Settings\All Users\Datos de programa\TEMP:F35A93AD [214]


HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
END
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon => removed successfully.
HKU\S-1-5-21-1801674531-2025429265-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26ab4b02-ee2e-11e0-a0b4-00e04d917897} => removed successfully.
HKLM\Software\Classes\CLSID\{26ab4b02-ee2e-11e0-a0b4-00e04d917897} => not found
HKU\S-1-5-21-1801674531-2025429265-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f131a81-9ac9-11e0-a007-00e04d917897} => removed successfully.
HKLM\Software\Classes\CLSID\{2f131a81-9ac9-11e0-a007-00e04d917897} => not found
HKU\S-1-5-21-1801674531-2025429265-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4385b2a0-aa61-11e0-a038-00e04d917897} => removed successfully.
HKLM\Software\Classes\CLSID\{4385b2a0-aa61-11e0-a038-00e04d917897} => not found
HKU\S-1-5-21-1801674531-2025429265-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79abbba4-a5d4-11e0-a025-00e04d917897} => removed successfully.
HKLM\Software\Classes\CLSID\{79abbba4-a5d4-11e0-a025-00e04d917897} => not found
HKU\S-1-5-21-1801674531-2025429265-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8350af28-d76d-11e0-a076-00e04d917897} => removed successfully.
HKLM\Software\Classes\CLSID\{8350af28-d76d-11e0-a076-00e04d917897} => not found
HKU\S-1-5-21-1801674531-2025429265-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b41343a4-abfd-11e1-a1cf-b98e3f72e29a} => removed successfully.
HKLM\Software\Classes\CLSID\{b41343a4-abfd-11e1-a1cf-b98e3f72e29a} => not found
HKU\S-1-5-21-1801674531-2025429265-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b41343aa-abfd-11e1-a1cf-f2708756a6cd} => removed successfully.
HKLM\Software\Classes\CLSID\{b41343aa-abfd-11e1-a1cf-f2708756a6cd} => not found
HKU\S-1-5-21-1801674531-2025429265-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b8759478-dcd8-11e0-a07b-00e04d917897} => removed successfully.
HKLM\Software\Classes\CLSID\{b8759478-dcd8-11e0-a07b-00e04d917897} => not found
HKU\S-1-5-21-1801674531-2025429265-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b96b3cf2-7756-11e1-a195-ed8c861c7000} => removed successfully.
HKLM\Software\Classes\CLSID\{b96b3cf2-7756-11e1-a195-ed8c861c7000} => not found
HKU\S-1-5-21-1801674531-2025429265-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b96b3cf4-7756-11e1-a195-ed8c861c7000} => removed successfully.
HKLM\Software\Classes\CLSID\{b96b3cf4-7756-11e1-a195-ed8c861c7000} => not found
HKU\S-1-5-21-1801674531-2025429265-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e86270df-4f6a-11e1-a132-00e04d917897} => removed successfully.
HKLM\Software\Classes\CLSID\{e86270df-4f6a-11e1-a132-00e04d917897} => not found
HKU\S-1-5-21-1801674531-2025429265-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ec06156c-67c4-11e0-9f88-00e04d917897} => removed successfully.
HKLM\Software\Classes\CLSID\{ec06156c-67c4-11e0-9f88-00e04d917897} => not found
HKU\S-1-5-21-1801674531-2025429265-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f716f258-64cd-11e1-a159-b69b172686b5} => removed successfully.
HKLM\Software\Classes\CLSID\{f716f258-64cd-11e1-a159-b69b172686b5} => not found
HKU\S-1-5-21-1801674531-2025429265-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc5e0438-4f6d-11e1-a133-80f663d6c828} => removed successfully.
HKLM\Software\Classes\CLSID\{fc5e0438-4f6d-11e1-a133-80f663d6c828} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" => removed successfully.
HKLM\Software\Classes\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} => not found
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\Software\Mozilla\Thunderbird\Extensions\\[email protected]" => removed successfully.
HKLM\System\CurrentControlSet\Services\ewusbnet => removed successfully.
ewusbnet => service removed successfully.
HKLM\System\CurrentControlSet\Services\Huawei => removed successfully.
Huawei => service removed successfully.
HKLM\System\CurrentControlSet\Services\hwdatacard => removed successfully.
hwdatacard => service removed successfully.
HKLM\System\CurrentControlSet\Services\hwusbdev => removed successfully.
hwusbdev => service removed successfully.
HKLM\System\CurrentControlSet\Services\IntelIde => removed successfully.
IntelIde => service removed successfully.
HKLM\System\CurrentControlSet\Services\massfilter => removed successfully.
massfilter => service removed successfully.
HKLM\System\CurrentControlSet\Services\WS2IFSL => removed successfully.
WS2IFSL => service removed successfully.
"C:\Documents and Settings\Administrador\Configuracin local\Temp\cdo1639322225.dll" => not found
"C:\Documents and Settings\Invitado\Configuracin local\Temp\NeroSearchTrayHook_{8EEBD1C9-132F-458D-A450-9C33047140E2}.dll" => not found
C:\Windows\System32\nsprs.dll => moved successfully
C:\Windows\System32\serauth1.dll => moved successfully
C:\Windows\System32\serauth2.dll => moved successfully
C:\Windows\System32\ssprs.dll => moved successfully
WMI:subscription\__FilterToConsumerBinding->\\.\root\subscription:MSFT_UCScenarioControl.Name=\"Microsoft WMI Updating Consumer Scenario Control\"",Filter="\\.\root\subscription:__EventFilter.Name=\"Microsoft WMI Updating Consumer Scenario Control\": => Error deleting product . Error: -2147352567
"WMI:subscription\__EventFilter->Microsoft WMI Updating Consumer Scenario Control:" => removed successfully.
C:\Documents and Settings\Administrador\Men Inicio\Programas\Virtual DJ\Online Help.lnk => not found.
C:\Documents and Settings\Administrador\Men Inicio\Programas\Virtual DJ\www.virtualdj.com.lnk => not found.
C:\Documents and Settings\Administrador\Entorno de red\My Web Sites on MSN\target.lnk => moved successfully
C:\Documents and Settings\All Users\Datos de programa\TEMP => ":F35A93AD" ADS removed successfully.
Hosts restored successfully.

========= RemoveProxy: =========

HKU\S-1-5-21-1801674531-2025429265-839522115-500\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully.
"HKU\S-1-5-21-1801674531-2025429265-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully.
"HKU\S-1-5-21-1801674531-2025429265-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully.


========= End of RemoveProxy: =========


========= netsh winsock reset =========


Restablecer satisfactoriamente el cat logo Winsock.
Debe reiniciar el equipo para finalizar el restablecimiento.


========= End of CMD: =========


========= ipconfig /renew =========



Configuración IP de Windows



Error interno: Solicitud no compatible.

 

Póngase en contacto con los servicios de soporte técnico de Microsoft para

obtener ayuda.



Información adicional: no se puede encontrar el nombre de host.


========= End of CMD: =========


========= ipconfig /flushdns =========



Configuración IP de Windows



Error interno: Solicitud no compatible.

 

Póngase en contacto con los servicios de soporte técnico de Microsoft para

obtener ayuda.



Información adicional: no se puede encontrar el nombre de host.


========= End of CMD: =========


========= bitsadmin /reset /allusers =========

"bitsadmin" no se reconoce como un comando interno o externo,
programa o archivo por lotes ejecutable.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache => 49277 B
Java, Flash, Steam htmlcache => 494 B
Windows/system/dllcache/drivers => 82368 B
Edge => 0 B
Chrome => 0 B
Firefox => 97908414 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Documents and Settings => 0 B
Default User => 66164 B
All Users => 0 B
systemprofile => 739633326 B
LocalService => 65896 B
NetworkService => 66164 B
Administrador => 3515746 B
Invitado => 774449 B

RecycleBin => 0 B
EmptyTemp: => 803.1 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 10:28:00 ====

#11

Ahora comprueba como va el problema planteado


#12

pues si excelente resultado ya que no se ejecuta de nuevo eseproblema y al introducir la memoria o diferentes usb ya no se ponen en accesos directo… muchisimas gracias por su ayduda…


#13

Para eliminar las herramientas usadas en la desinfección, realizas:

  • Descargas y Ejecutas >> Delfix, en tu escritorio.

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7 /8 /10,presiona clic derecho y selecciona >>;Ejecutar como Administrador.)

  • Marca solamente la casilla Remove disinfection tools

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

Si queda alguna herramienta, la desinstalas desde panel de Windows y aquellas que no estén listadas, se eliminan directamente.


Me alegro de haberte podido ayudar! :+1:


TEMA SOLUCIONADO


#14

muchisimas gracias… solo una cosa mas… que antivirus me recomendarias para instalarlo… y que no se vuelva ainfectar de esos mi virus mi computadora con windows xp


#15

Para Xp apenas quedan antivirus de calidad y compatibles, pero todavía son compatibles:

Panda Free y Avast, pero dices que en ese pc no tienes internet, cierto??

Si es asi, no te van a servir un antivirus de este tipo.

Lo que puedes es Vacunar con UsbFix tus Usbs y tu pc ( ver manual)


#16

Este tema se cerró automáticamente 2 días después del último post. No se permiten nuevas respuestas.