AnitUsbShortCut

Tienes el pc echo un desastre de infecciones, por lo que ya puedes mirar lo que haces con el

Bien… y ahora sigue estos pasos, MUY Importante ~ Realiza una copia de seguridad del registro :

  • Para hacerlo descarga Delfix en tu escritorio.

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona "Ejecutar como Administrador.")

  • Atención, ahora marca/selecciona únicamente la casilla "Create registry backup", las demás NO

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.


En el equipo con los demas programas cerrados:

Inicio >>> Ejecutar >>>Escribes notepad.exe.

Ahora copia y pega estos archivos dentro del Notepad:


Start
CreateRestorePoint:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3317693104-3463003405-3107741733-1000\...\MountPoints2: E - E:\SISetup.exe
HKU\S-1-5-21-3317693104-3463003405-3107741733-1000\...\MountPoints2: {0a7ecb36-6124-11e4-8eba-101f74cd2a34} - E:\AutoRun.exe
HKU\S-1-5-21-3317693104-3463003405-3107741733-1000\...\MountPoints2: {0a7ecb46-6124-11e4-8eba-101f74cd2a34} - E:\LGAutoRun.exe
HKU\S-1-5-21-3317693104-3463003405-3107741733-1000\...\MountPoints2: {198a96c4-c4bd-11e2-afc0-101f74cd2a34} - E:\AutoRun.exe
HKU\S-1-5-21-3317693104-3463003405-3107741733-1000\...\MountPoints2: {2cd704dc-021f-11e4-8c73-101f74cd2a34} - E:\AutoRun.exe
HKU\S-1-5-21-3317693104-3463003405-3107741733-1000\...\MountPoints2: {2cd70980-021f-11e4-8c73-101f74cd2a34} - E:\AutoRun.exe
HKU\S-1-5-21-3317693104-3463003405-3107741733-1000\...\MountPoints2: {4dd03c4d-b9af-11e2-b341-101f74cd2a34} - F:\AutoRun.exe
HKU\S-1-5-21-3317693104-3463003405-3107741733-1000\...\MountPoints2: {8920cf80-f0a7-11e3-9004-101f74cd2a34} - E:\SISetup.exe
HKU\S-1-5-21-3317693104-3463003405-3107741733-1000\...\MountPoints2: {8b33d1d5-796b-11e4-be6c-101f74cd2a34} - E:\AutoRun.exe
HKU\S-1-5-21-3317693104-3463003405-3107741733-1000\...\MountPoints2: {971d6ac3-3420-11e3-92e2-101f74cd2a34} - F:\AutoRun.exe
HKU\S-1-5-21-3317693104-3463003405-3107741733-1000\...\MountPoints2: {9947ed22-14a2-11e3-8b0b-101f74cd2a34} - E:\AutoRun.exe
HKU\S-1-5-21-3317693104-3463003405-3107741733-1000\...\MountPoints2: {a0bf5f76-6604-11e4-8b9c-101f74cd2a34} - E:\AutoRun.exe
HKU\S-1-5-21-3317693104-3463003405-3107741733-1000\...\MountPoints2: {a5621601-0e98-11e4-afda-101f74cd2a34} - E:\LGAutoRun.exe
HKU\S-1-5-21-3317693104-3463003405-3107741733-1000\...\MountPoints2: {afc718cd-0629-11e4-be65-101f74cd2a34} - E:\AutoRun.exe
HKU\S-1-5-21-3317693104-3463003405-3107741733-1000\...\MountPoints2: {afc718d8-0629-11e4-be65-101f74cd2a34} - E:\AutoRun.exe
HKU\S-1-5-21-3317693104-3463003405-3107741733-1000\...\MountPoints2: {cd522ec3-a455-11e4-97f2-101f74cd2a34} - E:\AutoRun.exe
HKU\S-1-5-21-3317693104-3463003405-3107741733-1000\...\MountPoints2: {cec3e748-067b-11e6-8e35-101f74cd2a34} - E:\AutoRun.exe
HKU\S-1-5-21-3317693104-3463003405-3107741733-1000\...\MountPoints2: {fb1e79a9-a4e2-11e4-a267-101f74cd2a34} - E:\AutoRun.exe
HKU\S-1-5-21-3317693104-3463003405-3107741733-1000\...\MountPoints2: {fb9255ba-dfb8-11e5-99a6-101f74cd2a34} - E:\AutoRun.exe
ShortcutTarget: AntiShortCutUpdate.lnk -> C:\Windows\System32\cmd.exe (Microsoft Windows -> Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AntiUsbShortCutUpdate.lnk [2019-02-13]
ShortcutTarget: AntiUsbShortCutUpdate.lnk -> C:\AntiShortCut\AntiUsb.exe (AutoIt Team) [File not signed]
C:\AntiShortCut
GroupPolicy: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = 
SearchScopes: HKU\S-1-5-21-3317693104-3463003405-3107741733-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = 
Toolbar: HKU\S-1-5-21-3317693104-3463003405-3107741733-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
CHR StartupUrls: Default -> "hxxp://www.buenosearch.com/?babsrc=HP_ss&mntrId=143A60D81965D2A0&affID=128235&tsp=5214","hxxp://www.google.com.pe/","hxxp://pe.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_ir_15_33&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dpe%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyCtD0DzztCzyyCyD0DtB0AtDyCyByByEtN0D0Tzu0StCtAtCzztN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyEyCyCtDzz0CtB0DtGtAzyyEyCtGtByC0CtBtGtC0DtAtBtGzzyDtB0BtBzztDyByEzy0D0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtBtDyB0EzyyD0DtGtByE0EzytGyEzyyCyBtG0AyDtBtAtGyC0BtCtB0E0E0BtCyDyDtD0E2QtN0A0LzuyE%26cr%3D1997258894%26a%3Dwncy_ir_15_33%26os%3DWindows%2B7%2BUltimate","hxxp://pe.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_ir_15_33&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dpe%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyCtD0DzztCzyyCyD0DtB0AtDyCyByByEtN0D0Tzu0StCtAtCzztN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StBzz0FtDtA0BtA0FtGyD0F0DtDtG0FzzyDtDtGyB0FyD0EtG0ByD0FtCtCtBtA0AyDyD0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtBtDyB0EzyyD0DtGtByE0EzytGyEzyyCyBtG0AyDtBtAtGyC0BtCtB0E0E0BtCyDyDtD0E2QtN0A0LzuyE%26cr%3D780167650%26a%3Dwncy_ir_15_33%26os%3DWindows%2B7%2BUltimate","hxxp://www.oursurfing.com/?type=hp&ts=1443583406&z=946affca9cdb778fb0c7265g7z8zdc4w2b7c5z0e4q&from=amt&uid=wdcxwd5000bpvt-60hxzt3_wd-wxh1a61w8672w8672","hxxps://www.google.com.pe/"
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 Huawei; system32\DRIVERS\ewdcsc.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2019-02-13 12:54 - 2019-02-19 11:54 - 000000000 _RSHD C:\AntiUsbShortCut
2019-02-13 12:51 - 2019-02-19 11:54 - 000000000 _RSHD C:\AntiShortCut
2019-02-18 23:27 - 2015-06-10 06:20 - 000000000 ____D C:\73712decdae59042e3ad5990
2019-02-18 23:25 - 2018-09-12 13:29 - 000000000 ____D C:\972db6410836087b29476ada3d545fdb
2015-02-20 17:15 - 2015-02-20 17:15 - 000427001 _____ () C:\Users\Invitado\AppData\Local\Temp\{48416259-16DF-4FD2-9F1C-C576A4BF429C}-40.0.2214.115_40.0.2214.111_chrome_updater.exe
ContextMenuHandlers1_S-1-5-21-3317693104-3463003405-3107741733-1000: [SysMenuExt] -> {020B1D4B-5738-4C77-9E19-4F173DD9B486} =>  -> No File
Shortcut: C:\Users\SAHUA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 10\Image-Line website.lnk -> hxxp://www.image-line.com
Shortcut: C:\Users\SAHUA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 10\Advanced\Diagnostic.lnk -> hxxp://www.image-line.com/diagnosti
Shortcut: C:\Users\SAHUA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 10\Additional\Download Deckadance.lnk -> hxxp://www.deckadance.com
Shortcut: C:\Users\SAHUA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 10\Additional\SynthMaker website.lnk -> hxxp://www.synthmaker.co.uk
ShortcutWithArgument: C:\Users\SAHUA\Desktop\Menú de aplicaciones de Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
ShortcutWithArgument: C:\Users\SAHUA\AppData\Local\Google\Chrome\User Data\Menú de aplicaciones de Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
ShortcutWithArgument: C:\Users\SAHUA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Menú de aplicaciones de Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
ShortcutWithArgument: C:\Users\SAHUA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\Escritorio Remoto de Chrome (1).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
ShortcutWithArgument: C:\Users\SAHUA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\Escritorio remoto de Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  
ShortcutWithArgument: C:\Users\SAHUA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Menú de aplicaciones de Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
AlternateDataStreams: C:\ProgramData\Microsoft:KQDnIekKyX2mJlADGWzsOpA [2336]
AlternateDataStreams: C:\ProgramData\Microsoft:kXXOrgYQlhPKts7vcxSoHiuvJ [2320]
AlternateDataStreams: C:\ProgramData\Microsoft:LXqHgz38uqWAMnRoL7GnjQfK59 [1996]
AlternateDataStreams: C:\ProgramData\Microsoft:OHjbESuYgCjsWObDHLPKHnuxA4 [1958]
AlternateDataStreams: C:\ProgramData\Microsoft:UFAmfwdPnej4VtseNAlBGLfqp [1856]
AlternateDataStreams: C:\Users\SAHUA\Configuración local:37zERzuizmGXZQ5Z2yC5mujL937XOn [1998]
AlternateDataStreams: C:\Users\SAHUA\Configuración local:YXy5MUUObnCyGwHN014Nu6k [2040]
AlternateDataStreams: C:\Users\SAHUA\Cookies:7KQS71PBg8WQtshYtFypR1Vz8x [552]
AlternateDataStreams: C:\Users\SAHUA\Cookies:hyOHsJVUcyc4haeCmXR0pZwRn [2002]
AlternateDataStreams: C:\Users\SAHUA\AppData\Local:37zERzuizmGXZQ5Z2yC5mujL937XOn [1998]
AlternateDataStreams: C:\Users\SAHUA\AppData\Local:YXy5MUUObnCyGwHN014Nu6k [2040]
AlternateDataStreams: C:\Users\SAHUA\AppData\Local\1N7kyIRjd:zDIvFc3Lbk3Q9pIOkLpde [2016]
AlternateDataStreams: C:\Users\SAHUA\AppData\Local\Datos de programa:37zERzuizmGXZQ5Z2yC5mujL937XOn [1998]
AlternateDataStreams: C:\Users\SAHUA\AppData\Local\Datos de programa:YXy5MUUObnCyGwHN014Nu6k [2040]


HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.<<

Nota: Es importante que la Hta Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no no trabajara.

  • Y ahora usa esta Faq de Windows ¿Cómo iniciar Windows en Modo Seguro?, para trabajar desde ese modo de windows.

  • Ejecutas Frst.exe.

  • Presionas el botón Fix y aguardas a que termine.

  • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).

Lo pegas en tu próxima respuesta, comentado como va el pc

1 me gusta