Ya tenemos el log de FRST analizado.
1.- Muy Importante >>> Realizar una copia de Seguridad de su Registro.
- Descarga DelFix en el escritorio de Windows.
- Clic Derecho, “Ejecutar como Administrador”.
- En la ventana principal, marca solamente la casilla “Create Registry Backup”.
- Clic en Run.
Al terminar se abrirá un reporte llamado DelFix.txt, guárdelo por si fuera necesario y cierre la herramienta…
2.- Desactiva Temporalmente tu antivirus.
3.- Abre un nuevo archivo Notepad/Bloc de Notas y copia y pega este contenido:
Start
CloseProcesses:
CreateRestorePoint:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-2524779702-1519077474-4215319357-1003\...\Run: [649237e4] => C:\ProgramData\Intel\Wireless\0a35612\gdhabbc.exe [943784 2019-10-19] (AutoIt Consulting Ltd -> AutoIt Team)
HKU\S-1-5-21-2524779702-1519077474-4215319357-1003\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-2524779702-1519077474-4215319357-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10212019170002146\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-2524779702-1519077474-4215319357-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10212019170002146\...\Run: [649237e4] => C:\ProgramData\Intel\Wireless\0a35612\gdhabbc.exe [943784 2019-10-19] (AutoIt Consulting Ltd -> AutoIt Team)
C:\ProgramData\Intel\Wireless\0a35612
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {1011AC19-0B7C-487F-B465-0A888947E7EE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {1C3C037E-A06F-4670-ADC4-2C96C951867C} - System32\Tasks\{D9EACE0E-8E16-426C-830C-62B67F4B413B} => C:\WINDOWS\system32\pcalua.exe -a "C:\Users\Administrador 1\AppData\Roaming\0V1L2Z2Z1T1I1L1T\Microsoft Excel Packages\uninstaller.exe" -c /Uninst /NM="Microsoft Excel Packages" /AN="0V1L2Z2Z1T1I1L1T" /MBN="Microsoft Excel Packages" /mnl
Task: {2F3034B1-C4A7-48BE-ABE1-F662989713CD} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {2F4ABDE0-2EA7-4A7C-A403-F1AD28F3657C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {364019A7-0B16-4E22-B9C1-CA8E48EFB9C7} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {381692CF-4F38-4BD0-B988-B87B295E84C5} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {3ABFE87E-85FA-4F96-94D2-F0FAD15C2944} - System32\Tasks\Uninstaller_SkipUac_Administrador_1 => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: {76A6FB2F-B4A1-43C0-8BE7-1795D60EE623} - System32\Tasks\{B5FAC7D3-DE3F-401B-BE1E-91980B604138} => C:\WINDOWS\system32\pcalua.exe -a "C:\Users\Administrador 1\AppData\Local\{BAA98CF5-9E01-E04D-F399-C5A5D7F1393D}\uninstall.exe" -c /Uninstall /s /noun /DelSelfDir
Task: {7E6A94E1-A645-4E7E-90CE-1C59C9E7844A} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {89DCB1FD-9CE8-4079-AB46-4D05188D1C83} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {95825F6A-5E16-40DA-9B06-D5D9CB7F7320} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {AAB791BB-AB30-4097-B79E-0D46F19BAD14} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {C1983F91-6E1F-4D9C-A90B-EB295DCD8BF0} - \Lenovo\Lenovo Service Bridge\S-1-5-21-2524779702-1519077474-4215319357-1003 -> No File <==== ATTENTION
Task: {C2B6BE0A-6E0F-4B63-A1E0-BE9528AFF629} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C7B9F1F7-634E-4274-8F31-D4C0AD9C5CF3} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {D5547A88-C5A6-4CE2-8607-246856C2BA78} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {F21BDB35-F3D4-4042-8B49-C3632DEBB88F} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
HKU\S-1-5-21-2524779702-1519077474-4215319357-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2524779702-1519077474-4215319357-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-2524779702-1519077474-4215319357-1003\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-2524779702-1519077474-4215319357-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://home.microsoft.com/search/search.asp
HKU\S-1-5-21-2524779702-1519077474-4215319357-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10212019170002146\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2524779702-1519077474-4215319357-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10212019170002146\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-2524779702-1519077474-4215319357-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10212019170002146\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-2524779702-1519077474-4215319357-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10212019170002146\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://home.microsoft.com/search/search.asp
SearchScopes: HKLM -> DefaultScope {9A2BC87B-860E-4B39-99C2-5417EC29E037} URL =
SearchScopes: HKLM-x32 -> DefaultScope {9A2BC87B-860E-4B39-99C2-5417EC29E037} URL =
SearchScopes: HKU\S-1-5-21-2524779702-1519077474-4215319357-1003 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKU\S-1-5-21-2524779702-1519077474-4215319357-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10212019170002146 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
FF Homepage: Mozilla\Firefox\Profiles\vlok0ro3.default -> hxxps://www.msn.com/?pc=SK216&ocid=SK216DHP&osmkt=es-es|hxxps://www.google.es/
FF Extension: (Bing Search) - C:\Users\Administrador 1\AppData\Roaming\Mozilla\Firefox\Profiles\vlok0ro3.default\Extensions\[email protected] [2018-05-06] [Legacy]
FF SearchPlugin: C:\Users\Administrador 1\AppData\Roaming\Mozilla\Firefox\Profiles\vlok0ro3.default\searchplugins\bing-.xml [2018-05-06]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.302\npGoogleUpdate3.dll [2019-10-07] (Google Inc -> Google LLC)
CHR Extension: (Chrome Media Router) - C:\Users\Administrador 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-09-12]
CHR HKU\S-1-5-21-2524779702-1519077474-4215319357-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2524779702-1519077474-4215319357-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10212019170002146\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
2019-10-19 21:00 - 2019-10-19 21:00 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-10-07 22:54 - 2019-10-11 23:46 - 000000000 ____D C:\Program Files (x86)\Glary Utilities
2019-10-07 22:50 - 2019-10-12 07:46 - 000000000 ____D C:\Program Files (x86)\Chromium
2019-10-07 22:49 - 2019-10-07 22:49 - 000000000 ____D C:\ProgramData\{56F76ACB-7EDF-12B3-2687-3A9BCE6FE243}
2019-10-14 09:12 - 2017-03-10 22:24 - 000000000 ____D C:\ProgramData\IObit
2019-10-14 08:40 - 2017-03-10 22:26 - 000000000 ____D C:\Users\Administrador 1\AppData\LocalLow\IObit
2019-10-14 08:40 - 2017-03-10 22:25 - 000000000 ____D C:\Users\Administrador 1\AppData\Roaming\IObit
2019-10-07 23:03 - 2015-12-24 21:26 - 000000000 ____D C:\Users\Administrador 1\AppData\Roaming\GlarySoft
2019-10-20 23:30 - 2018-07-22 17:00 - 000002548 _____ C:\WINDOWS\system32\Tasks\{D9EACE0E-8E16-426C-830C-62B67F4B413B}
2019-10-20 23:30 - 2018-07-22 17:00 - 000002400 _____ C:\WINDOWS\system32\Tasks\{B5FAC7D3-DE3F-401B-BE1E-91980B604138}
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers1_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers5_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
AlternateDataStreams: C:\Windows:nlsPreferences [386]
FirewallRules: [{61138917-0F14-4045-A16F-8334AE757CA7}] => (Allow) %systemroot%\system32\alg.exe No File
FirewallRules: [{2C8FABB2-3162-428D-A61E-E84002A799EC}] => (Allow) %systemroot%\system32\alg.exe No File
FirewallRules: [{46249026-BB67-478E-BDC2-A3A9FF13F00F}] => (Allow) %systemroot%\system32\alg.exe No File
CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
- Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.
Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.
Y ahora usa esta Faq de Windows ¿Cómo iniciar Windows en Modo Seguro (Aplicable a Windows 10)?, para trabajar desde el modo Seguro de Windows. (Usa el Metodo 1 y si no puedes, usa el Metodo 2 ).
- Ejecutas Frst.exe.
- Presionas el botón Fix y aguardas a que termine.
- La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
- Lo pegas en tu próxima respuesta.
Y una última cosa más. ¿Usas la extensión de Firefox Avast Safeprice? Si no es así entonces se instaló en su navegador sin previo aviso. Puedes eliminarla si lo deseas.