Aplicacion desconocida, cpu 100%

Hola @albert

Como lo hiciste esta perfecto.


Ejecutaste FRST desde un lugar incorrecto:

  • Running from C:\Users\alber\OneDrive\Escritorio

No debe estar en Onedrive, Corta el ejecutable y pegalo en tu escritorio de C:\ <<< Esto es Muy Importante.


Desinstala con Revo Uninstaller en su Modo Avanzado:

  • GridinSoft Anti-Malware (Si se encontrara), Babylon Pro NG

Manual de Revo Uninstaller.

Ademas de recomendarte desinstales todos los programas de Iobit, hace tiempo que no son muy confiables.


Aun hay restos de la infección ademas de algunas entradas obsoletas, por lo cual realiza lo siguiente:

1.- Muy Importante >>> Realizar una copia de Seguridad de su Registro.

  • Descarga DelFix en el escritorio de Windows.
  • Clic Derecho, “Ejecutar como Administrador”.
  • En la ventana principal, marca solamente la casilla “Create Registry Backup”.
  • Clic en Run.

Al terminar se abrirá un reporte llamado DelFix.txt, guárdelo por si fuera necesario y cierre la herramienta…

2.- Desactiva Temporalmente tu antivirus.

3.- Abre un nuevo archivo Notepad/Bloc de Notas y copia y pega este contenido:


Start
CloseProcesses:
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-4044603304-3046036407-3438730854-1001\...\MountPoints2: {f89fbfcf-e894-11e9-9c2d-2c56dc7ad19f} - "F:\setup_vmb_lite.exe" /checkApplicationPresence
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {4A3CF116-B173-40A8-A086-D63E1D1E9A37} - System32\Tasks\GridinSoft Anti-Malware => C:\Program Files\GridinSoft Anti-Malware\gsam.exe
C:\Program Files\GridinSoft Anti-Malware
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
FF Extension: (No Name) - C:\Program Files\Mozilla Firefox\browser\features\{97745D00-02AA-4FE4-9F1E-2AD41FCD3B49}.xpi [2019-06-01] [not signed]
FF Plugin: @java.com/DTPlugin,version=11.221.2 -> C:\Program Files\Java\jre1.8.0_221\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin: @java.com/JavaPlugin,version=11.221.2 -> C:\Program Files\Java\jre1.8.0_221\bin\plugin2\npjp2.dll [No File]
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
S3 GridinSoftInetSecurityDriver; C:\WINDOWS\system32\DRIVERS\gsInetSecurity.sys [107784 2019-09-19] (GridinSoft, LLC -> GridinSoft LLC)
S3 TrojanKillerDriver; C:\WINDOWS\System32\DRIVERS\gtkdrv.sys [38216 2019-09-19] (GridinSoft, LLC -> GridinSoft LLC)
S3 csravrcp; \SystemRoot\System32\drivers\csravrcp.sys [X]
S3 CsrBthAudioHF; \SystemRoot\System32\drivers\CsrBthAudioHF.sys [X]
S3 CsrBtPort; \SystemRoot\system32\DRIVERS\CsrBtPort.sys [X]
S3 csrhfgcc; \SystemRoot\System32\drivers\csrhfgcc.sys [X]
S3 csrpan; \SystemRoot\System32\drivers\csrpan.sys [X]
S3 csrserial; \SystemRoot\system32\DRIVERS\csrserial.sys [X]
S3 csrusb; \SystemRoot\System32\Drivers\csrusb.sys [X]
S3 csr_bthav; \SystemRoot\system32\drivers\csrbthav.sys [X]
2019-09-24 19:53 - 2019-09-24 19:53 - 000000000 ____D C:\ProgramData\mail.ru
2019-09-24 19:30 - 2019-10-18 12:46 - 000000000 ____D C:\ProgramData\Babylon
2019-09-24 19:30 - 2019-09-24 19:30 - 000000000 ____D C:\Program Files (x86)\Babylon
2019-09-24 19:29 - 2019-09-24 19:30 - 000000000 ____D C:\Users\alber\AppData\Roaming\Babylon Software
2019-09-24 17:02 - 2019-09-24 20:02 - 000003324 _____ C:\WINDOWS\system32\Tasks\GridinSoft Anti-Malware
2019-09-24 16:51 - 2019-09-24 20:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Anti-Malware
2019-09-24 16:51 - 2019-09-24 16:51 - 000000000 ____D C:\ProgramData\GridinSoft
2019-10-18 05:44 - 2019-07-15 20:46 - 000000000 ____D C:\Users\alber\AppData\Local\Lavasoft
2019-10-18 05:44 - 2019-07-15 20:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2019-09-24 19:30 - 2019-05-16 19:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon
2019-09-19 11:56 - 2019-03-02 14:14 - 000107784 _____ (GridinSoft LLC) C:\WINDOWS\system32\Drivers\gsInetSecurity.sys
2019-09-19 11:56 - 2019-03-02 14:14 - 000038216 _____ (GridinSoft LLC) C:\WINDOWS\system32\Drivers\gtkdrv.sys
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Babylon\Babylon-Pro\Plugins\[email protected]
FF Extension: (Babylon Translation Activation) - C:\Program Files (x86)\Babylon\Babylon-Pro\Plugins\[email protected] [2019-09-24] [Legacy] [not signed]
ShellIconOverlayIdentifiers: [OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers: [OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers-x32: [OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ContextMenuHandlers1: [BabylonDocTrans] -> {947217BD-E967-400A-B14A-BA851A8EDCBB} =>  -> No File
ContextMenuHandlers1: [GridinSoft Anti-Malware] -> {F77F27A6-89F3-471A-AFA8-3B280940A10C} =>  -> No File
ContextMenuHandlers2: [GridinSoft Anti-Malware] -> {F77F27A6-89F3-471A-AFA8-3B280940A10C} =>  -> No File
ContextMenuHandlers4: [GridinSoft Anti-Malware] -> {F77F27A6-89F3-471A-AFA8-3B280940A10C} =>  -> No File
ContextMenuHandlers6: [GridinSoft Anti-Malware] -> {F77F27A6-89F3-471A-AFA8-3B280940A10C} =>  -> No File
HKLM\...\Drivers32: [VIDC.RTV1] => C:\WINDOWS\system32\rtvcvfw64.dll [246272 2012-09-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.FPS1] => C:\WINDOWS\system32\frapsv64.dll [71680 2013-02-26] (Beepa P/L) [File not signed]
HKLM\...\Drivers32: [VIDC.FICV] => C:\WINDOWS\system32\ficvdec_x64.dll [652288 2018-05-16] () [File not signed]
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [65536 2013-02-26] (Beepa P/L) [File not signed]
HKLM\...\Drivers32: [vidc.tscc] => C:\Windows\SysWOW64\tsccvid.dll [107864 2009-08-19] (TechSmith Corporation -> TechSmith Corporation)
HKLM\...\Drivers32: [VIDC.FICV] => C:\Windows\SysWOW64\ficvdec_x86.dll [641024 2018-05-16] () [File not signed]
FirewallRules: [TCP Query User{2670B3AF-F196-426E-B9BD-CE008058DF55}C:\program files (x86)\java\jre1.8.0_221\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_221\bin\javaw.exe No File
FirewallRules: [UDP Query User{031D78C1-2AEF-4B0A-A8C8-0B5EEF210883}C:\program files (x86)\java\jre1.8.0_221\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_221\bin\javaw.exe No File
Folder: C:\ProgramData\Intel\Wireless\3c19083

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
  • Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.

Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.

  • Ejecutas Frst.exe.
  • Presionas el botón Fix y aguardas a que termine.
  • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
  • Lo pegas en tu próxima respuesta.

Nos comentas .

Salu2.