Acceso directo en usb o msiexec no se elimina

Eliminar Malwares
10

perdona ya me di cuenta del programa que era… bueno aqui esta el reporte que me dejo luego de realizar los pasos.

Fix result of Farbar Recovery Scan Tool (x86) Version: 21.11.2018
Ran by Administrador (26-11-2018 10:26:36) Run:1
Running from C:\Documents and Settings\Administrador\Escritorio
Loaded Profiles: Administrador (Available Profiles: Administrador & Invitado)
Boot Mode: Safe Mode (minimal)

==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:

Winlogon\Notify\!SASWinLogon: C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.DLL [X]
HKU\S-1-5-21-1801674531-2025429265-839522115-500\...\MountPoints2: {26ab4b02-ee2e-11e0-a0b4-00e04d917897} - G:\AutoRun.exe
HKU\S-1-5-21-1801674531-2025429265-839522115-500\...\MountPoints2: {2f131a81-9ac9-11e0-a007-00e04d917897} - G:\AutoRun.exe
HKU\S-1-5-21-1801674531-2025429265-839522115-500\...\MountPoints2: {4385b2a0-aa61-11e0-a038-00e04d917897} - G:\AutoRun.exe
HKU\S-1-5-21-1801674531-2025429265-839522115-500\...\MountPoints2: {79abbba4-a5d4-11e0-a025-00e04d917897} - G:\AutoRun.exe
HKU\S-1-5-21-1801674531-2025429265-839522115-500\...\MountPoints2: {8350af28-d76d-11e0-a076-00e04d917897} - G:\AutoRun.exe
HKU\S-1-5-21-1801674531-2025429265-839522115-500\...\MountPoints2: {b41343a4-abfd-11e1-a1cf-b98e3f72e29a} - E:\AutoRun.exe
HKU\S-1-5-21-1801674531-2025429265-839522115-500\...\MountPoints2: {b41343aa-abfd-11e1-a1cf-f2708756a6cd} - E:\AutoRun.exe
HKU\S-1-5-21-1801674531-2025429265-839522115-500\...\MountPoints2: {b8759478-dcd8-11e0-a07b-00e04d917897} - G:\AutoRun.exe
HKU\S-1-5-21-1801674531-2025429265-839522115-500\...\MountPoints2: {b96b3cf2-7756-11e1-a195-ed8c861c7000} - G:\AutoRun.exe
HKU\S-1-5-21-1801674531-2025429265-839522115-500\...\MountPoints2: {b96b3cf4-7756-11e1-a195-ed8c861c7000} - G:\AutoRun.exe
HKU\S-1-5-21-1801674531-2025429265-839522115-500\...\MountPoints2: {e86270df-4f6a-11e1-a132-00e04d917897} - G:\AutoRun.exe
HKU\S-1-5-21-1801674531-2025429265-839522115-500\...\MountPoints2: {ec06156c-67c4-11e0-9f88-00e04d917897} - G:\AutoRun.exe
HKU\S-1-5-21-1801674531-2025429265-839522115-500\...\MountPoints2: {f716f258-64cd-11e1-a159-b69b172686b5} - G:\AutoRun.exe
HKU\S-1-5-21-1801674531-2025429265-839522115-500\...\MountPoints2: {fc5e0438-4f6d-11e1-a133-80f663d6c828} - G:\AutoRun.exe
ShellExecuteHooks: No Name - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} -  -> No File
SearchScopes: HKLM -> DefaultScope value is missing
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Archivos de programa\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 Huawei; system32\DRIVERS\ewdcsc.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S4 IntelIde; no ImagePath
S3 massfilter; system32\drivers\massfilter.sys [X]
U1 WS2IFSL; no ImagePath
2018-10-14 22:55 - 2008-04-14 00:48 - 002091520 _____ (Microsoft Corporation) C:\Documents and Settings\Administrador\Configuracin local\Temp\cdo1639322225.dll
2011-06-18 23:07 - 2006-09-13 04:18 - 000049152 ____C (Nero AG) C:\Documents and Settings\Invitado\Configuracin local\Temp\NeroSearchTrayHook_{8EEBD1C9-132F-458D-A450-9C33047140E2}.dll
C:\Windows\System32\nsprs.dll
C:\Windows\System32\serauth1.dll
C:\Windows\System32\serauth2.dll
C:\Windows\System32\ssprs.dll
WMI:subscription\__FilterToConsumerBinding->\\.\root\subscription:MSFT_UCScenarioControl.Name=\"Microsoft WMI Updating Consumer Scenario Control\"",Filter="\\.\root\subscription:__EventFilter.Name=\"Microsoft WMI Updating Consumer Scenario Control\":
WMI:subscription\__EventFilter->Microsoft WMI Updating Consumer Scenario Control:
Shortcut: C:\Documents and Settings\Administrador\Men Inicio\Programas\Virtual DJ\Online Help.lnk -> hxxp://www.virtualdj.com/support
Shortcut: C:\Documents and Settings\Administrador\Men Inicio\Programas\Virtual DJ\www.virtualdj.com.lnk -> hxxp://www.virtualdj.com
Shortcut: C:\Documents and Settings\Administrador\Entorno de red\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co
AlternateDataStreams: C:\Documents and Settings\All Users\Datos de programa\TEMP:F35A93AD [214]


HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
END
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon => removed successfully.
HKU\S-1-5-21-1801674531-2025429265-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26ab4b02-ee2e-11e0-a0b4-00e04d917897} => removed successfully.
HKLM\Software\Classes\CLSID\{26ab4b02-ee2e-11e0-a0b4-00e04d917897} => not found
HKU\S-1-5-21-1801674531-2025429265-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f131a81-9ac9-11e0-a007-00e04d917897} => removed successfully.
HKLM\Software\Classes\CLSID\{2f131a81-9ac9-11e0-a007-00e04d917897} => not found
HKU\S-1-5-21-1801674531-2025429265-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4385b2a0-aa61-11e0-a038-00e04d917897} => removed successfully.
HKLM\Software\Classes\CLSID\{4385b2a0-aa61-11e0-a038-00e04d917897} => not found
HKU\S-1-5-21-1801674531-2025429265-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79abbba4-a5d4-11e0-a025-00e04d917897} => removed successfully.
HKLM\Software\Classes\CLSID\{79abbba4-a5d4-11e0-a025-00e04d917897} => not found
HKU\S-1-5-21-1801674531-2025429265-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8350af28-d76d-11e0-a076-00e04d917897} => removed successfully.
HKLM\Software\Classes\CLSID\{8350af28-d76d-11e0-a076-00e04d917897} => not found
HKU\S-1-5-21-1801674531-2025429265-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b41343a4-abfd-11e1-a1cf-b98e3f72e29a} => removed successfully.
HKLM\Software\Classes\CLSID\{b41343a4-abfd-11e1-a1cf-b98e3f72e29a} => not found
HKU\S-1-5-21-1801674531-2025429265-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b41343aa-abfd-11e1-a1cf-f2708756a6cd} => removed successfully.
HKLM\Software\Classes\CLSID\{b41343aa-abfd-11e1-a1cf-f2708756a6cd} => not found
HKU\S-1-5-21-1801674531-2025429265-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b8759478-dcd8-11e0-a07b-00e04d917897} => removed successfully.
HKLM\Software\Classes\CLSID\{b8759478-dcd8-11e0-a07b-00e04d917897} => not found
HKU\S-1-5-21-1801674531-2025429265-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b96b3cf2-7756-11e1-a195-ed8c861c7000} => removed successfully.
HKLM\Software\Classes\CLSID\{b96b3cf2-7756-11e1-a195-ed8c861c7000} => not found
HKU\S-1-5-21-1801674531-2025429265-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b96b3cf4-7756-11e1-a195-ed8c861c7000} => removed successfully.
HKLM\Software\Classes\CLSID\{b96b3cf4-7756-11e1-a195-ed8c861c7000} => not found
HKU\S-1-5-21-1801674531-2025429265-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e86270df-4f6a-11e1-a132-00e04d917897} => removed successfully.
HKLM\Software\Classes\CLSID\{e86270df-4f6a-11e1-a132-00e04d917897} => not found
HKU\S-1-5-21-1801674531-2025429265-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ec06156c-67c4-11e0-9f88-00e04d917897} => removed successfully.
HKLM\Software\Classes\CLSID\{ec06156c-67c4-11e0-9f88-00e04d917897} => not found
HKU\S-1-5-21-1801674531-2025429265-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f716f258-64cd-11e1-a159-b69b172686b5} => removed successfully.
HKLM\Software\Classes\CLSID\{f716f258-64cd-11e1-a159-b69b172686b5} => not found
HKU\S-1-5-21-1801674531-2025429265-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc5e0438-4f6d-11e1-a133-80f663d6c828} => removed successfully.
HKLM\Software\Classes\CLSID\{fc5e0438-4f6d-11e1-a133-80f663d6c828} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" => removed successfully.
HKLM\Software\Classes\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} => not found
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\Software\Mozilla\Thunderbird\Extensions\\[email protected]" => removed successfully.
HKLM\System\CurrentControlSet\Services\ewusbnet => removed successfully.
ewusbnet => service removed successfully.
HKLM\System\CurrentControlSet\Services\Huawei => removed successfully.
Huawei => service removed successfully.
HKLM\System\CurrentControlSet\Services\hwdatacard => removed successfully.
hwdatacard => service removed successfully.
HKLM\System\CurrentControlSet\Services\hwusbdev => removed successfully.
hwusbdev => service removed successfully.
HKLM\System\CurrentControlSet\Services\IntelIde => removed successfully.
IntelIde => service removed successfully.
HKLM\System\CurrentControlSet\Services\massfilter => removed successfully.
massfilter => service removed successfully.
HKLM\System\CurrentControlSet\Services\WS2IFSL => removed successfully.
WS2IFSL => service removed successfully.
"C:\Documents and Settings\Administrador\Configuracin local\Temp\cdo1639322225.dll" => not found
"C:\Documents and Settings\Invitado\Configuracin local\Temp\NeroSearchTrayHook_{8EEBD1C9-132F-458D-A450-9C33047140E2}.dll" => not found
C:\Windows\System32\nsprs.dll => moved successfully
C:\Windows\System32\serauth1.dll => moved successfully
C:\Windows\System32\serauth2.dll => moved successfully
C:\Windows\System32\ssprs.dll => moved successfully
WMI:subscription\__FilterToConsumerBinding->\\.\root\subscription:MSFT_UCScenarioControl.Name=\"Microsoft WMI Updating Consumer Scenario Control\"",Filter="\\.\root\subscription:__EventFilter.Name=\"Microsoft WMI Updating Consumer Scenario Control\": => Error deleting product . Error: -2147352567
"WMI:subscription\__EventFilter->Microsoft WMI Updating Consumer Scenario Control:" => removed successfully.
C:\Documents and Settings\Administrador\Men Inicio\Programas\Virtual DJ\Online Help.lnk => not found.
C:\Documents and Settings\Administrador\Men Inicio\Programas\Virtual DJ\www.virtualdj.com.lnk => not found.
C:\Documents and Settings\Administrador\Entorno de red\My Web Sites on MSN\target.lnk => moved successfully
C:\Documents and Settings\All Users\Datos de programa\TEMP => ":F35A93AD" ADS removed successfully.
Hosts restored successfully.

========= RemoveProxy: =========

HKU\S-1-5-21-1801674531-2025429265-839522115-500\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully.
"HKU\S-1-5-21-1801674531-2025429265-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully.
"HKU\S-1-5-21-1801674531-2025429265-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully.


========= End of RemoveProxy: =========


========= netsh winsock reset =========


Restablecer satisfactoriamente el cat logo Winsock.
Debe reiniciar el equipo para finalizar el restablecimiento.


========= End of CMD: =========


========= ipconfig /renew =========



Configuración IP de Windows



Error interno: Solicitud no compatible.

 

Póngase en contacto con los servicios de soporte técnico de Microsoft para

obtener ayuda.



Información adicional: no se puede encontrar el nombre de host.


========= End of CMD: =========


========= ipconfig /flushdns =========



Configuración IP de Windows



Error interno: Solicitud no compatible.

 

Póngase en contacto con los servicios de soporte técnico de Microsoft para

obtener ayuda.



Información adicional: no se puede encontrar el nombre de host.


========= End of CMD: =========


========= bitsadmin /reset /allusers =========

"bitsadmin" no se reconoce como un comando interno o externo,
programa o archivo por lotes ejecutable.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache => 49277 B
Java, Flash, Steam htmlcache => 494 B
Windows/system/dllcache/drivers => 82368 B
Edge => 0 B
Chrome => 0 B
Firefox => 97908414 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Documents and Settings => 0 B
Default User => 66164 B
All Users => 0 B
systemprofile => 739633326 B
LocalService => 65896 B
NetworkService => 66164 B
Administrador => 3515746 B
Invitado => 774449 B

RecycleBin => 0 B
EmptyTemp: => 803.1 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 10:28:00 ====