Error del Sistema Microtask y falta node.dll

Gerson · 9 Octubre, 2018 18:33

Buenas tardeas, Primero que nada felicidades por el Nuevo Foro tiene una imagen increíble, segundo coloco este tema para que puedan ayudarme con este problema.

Ayer se me infecto la computadora con un virus que hacia que el Firefox abriera ventanas de paginas sin que yo lo iniciara, le pase mi antivirus mas los 9 Pasos que mencionan en esta pagina para eliminar malwares, ya no tengo problemas con el Firefox pero siempre que enciendo la PC me sale un anuncio que es “Microtask.exe- Error del Sistema” y que falta el “node.dll” , no se si esto es un virus o el virus que tuve me daño algo en el sistema, subiré en este tema las imagen del anuncio que me sale y los reportes del Rkill y AdCleaber el Malwarebytes no encontró nada por eso no hay reporte.

Estare esperando de su preciada ayuda y muchas gracias por leer el tema.

AdwCleaner[C00].txt (2,7 KB)

Rkill.txt (2,0 KB)

imagen del Error

Miguelgrado · 9 Octubre, 2018 18:47

Hola y bienvenido al nuevo Forospyrware

Has ejecutado un analisis con Malwarebytes en tu equipo??

Si es asi, pegame o sube el log y si no me dices

Gerson · 9 Octubre, 2018 19:17

@Miguelgrado, Muchas Gracias por tu respuesta.

Adjunto el Log del Malwarebytes, no me encontró nada por eso no lo subi pero el Problema al iniciar siempre la PC persiste que es Eror Sistema Microtask y que falta la node.dll.

malwarebytes.txt (1,5 KB)

Esperare tus comentarios

Miguelgrado · 9 Octubre, 2018 19:59

Desactiva Temporalmente tu antivirus y cualquier programa de seguridad.
Descarga a Tu Escritorio >> Esto es muy importante<<.,Fabar Recovery Scan Tool, considerando la versión adecuada para tu equipo. (32 o 64 bits) ¿Cómo saber si mi Windows es de 32 o 64 bits?
Doble clic para ejecutar Frst.exe. En la ventana del Disclaimer, presiona Yes.
En la nueva ventana que se abre, presiona el botón Scan y espera a que concluya el análisis.
Se abrirán dos (2) archivos (Logs), Frst.txt y Addition.txt, que estarán grabados en Tu escritorio.

En Tu próxima respuesta, copias y pegas los dos reportes Frst.txt y Addition.txt de FRST

Nota: Si el/los reportes solicitados no entraran en una sola respuesta porque superan la cantidad de caracteres permitidos, puedes utilizar dos o mas respuestas para pegarlos completamente.

Intenta pegarlos directamente en las respuestas:

Gerson · 9 Octubre, 2018 21:12

@Miguelgrado, te adjunto los 2 logs no los pude pegar directo al mensaje me salía que superaba los caracteres permitidos, aquí te los adjunto espero que de esta forma los puedas ver

FRST.txt (215,5 KB)

Addition.txt (35,9 KB)

Esperare tus comentarios y gracias por tu ayuda

Miguelgrado · 9 Octubre, 2018 21:28

Ya reviso y te doy respuesta.

Lo de superar caracteres, para eso se indica que se usen las respuesta necesarias para pegarlos, por lo que si es necesario, los divides, los pegas y añades las etiquetas en cada respuesta.

Ahora déjalos asi, están bien y ademas ya he visto el problema, pero como es tarde, mañana te pongo solución

Saludos

Gerson · 9 Octubre, 2018 21:45

@Miguelgrado, Muchas gracias por revisar el tema y esperare tu respuesta para solucionar el problema.

Miguelgrado · 10 Octubre, 2018 13:11

Tienes una buena colección de infecciones

Bien… y ahora sigue estos pasos, MUY Importante ~ Realiza una copia de seguridad del registro :

Para hacerlo descarga Delfix en tu escritorio.
Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona "Ejecutar como Administrador.")
Atención, ahora marca/selecciona únicamente la casilla "Create registry backup", las demás NO
Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

En el equipo con los demas programas cerrados:

Inicio >>> Ejecutar >>>Escribes notepad.exe.

Ahora copia y pega estos archivos dentro del Notepad:


Start
CreateRestorePoint:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-4092908975-4099347736-315434978-1000\...\Run: [electron.app.Microtask] => C:\Program Files\Microtask\Microtask.exe [67918336 2018-10-06] (Microtask)
C:\Program Files\Microtask
GroupPolicy: Restriction - Windows Defender <==== ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
U3 SwitchBoard; no ImagePath
S3 WacHidRouter; system32\DRIVERS\wachidrouter.sys [X]
S3 WacHidRouterPro; system32\DRIVERS\wachidrouter.sys [X]
S3 wacomrouterfilter; system32\DRIVERS\wacomrouterfilter.sys [X]
2018-10-08 15:01 - 2018-10-08 15:01 - 000000000 ____D C:\Users\Gerson\AppData\Roaming\QFqPR
2018-10-08 15:00 - 2018-10-08 18:00 - 000000000 ____D C:\Users\Gerson\AppData\Roaming\2frgt0q3v0b
2018-10-08 15:00 - 2018-10-08 15:00 - 000003058 _____ C:\Windows\System32\Tasks\GItHvXoKUgtwAW
2018-10-08 15:00 - 2018-10-08 15:00 - 000002850 _____ C:\Windows\System32\Tasks\RzmVfSQvlkpVqKr2
2018-10-08 14:59 - 2018-10-08 18:00 - 000000000 ____D C:\Users\Gerson\AppData\Roaming\yi4eq0ol1q1
2018-10-08 14:58 - 2018-10-08 15:17 - 000000000 ____D C:\Program Files (x86)\eStaff
2018-10-08 14:57 - 2018-10-09 11:50 - 000000000 ____D C:\ProgramData\Microtask
2018-10-08 14:57 - 2018-10-08 15:09 - 000000000 ____D C:\Users\Gerson\AppData\Roaming\Microtask
2018-10-08 14:57 - 2018-10-08 15:09 - 000000000 ____D C:\Program Files\Microtask
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ContextMenuHandlers1: [FT360] -> {F2196025-497B-4A61-AEA7-27325149132A} =>  -> No File
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers4: [FT360] -> {F2196025-497B-4A61-AEA7-27325149132A} =>  -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers6: [FT360] -> {F2196025-497B-4A61-AEA7-27325149132A} =>  -> No File
Task: {64DC7A6D-3AC5-4CA0-91DA-8E1EB3EF06CE} - \NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> No File <==== ATTENTION
Task: {83152D87-E946-4912-A90C-9409357ABD48} - System32\Tasks\RzmVfSQvlkpVqKr2 => rundll32 "C:\Program Files (x86)\deoRkBcMU\oJFXfa.dll",#1
C:\Program Files (x86)\deoRkBcMU
Task: {9D0D6B06-3E5C-4F08-AAA3-6069F18AF81C} - System32\Tasks\GItHvXoKUgtwAW => rundll32 "C:\Program Files (x86)\pObWEjsjndqU2\hoIJJFsXLfoad.dll",#1
C:\Program Files (x86)\pObWEjsjndqU2
Task: {A04D6E4C-5F8D-4819-B5F6-DFBB43F52AA5} - \{FEAA4C2F-EB28-4B64-8B01-EACA56C3D861} -> No File <==== ATTENTION
Task: {AA87FC66-D0AF-4DDE-A05C-70C5779C4A65} - \{FD7A9FEC-7BE0-4C2D-AD08-6BA010E39391} -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]


HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
END

Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.<<

Nota: Es importante que la Hta Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no no trabajara.

Y ahora usa esta Faq de Windows ¿Cómo iniciar Windows en Modo Seguro?, para trabajar desde ese modo de windows.
Ejecutas Frst.exe.
Presionas el botón Fix y aguardas a que termine.
La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).

Lo pegas en tu próxima respuesta, comentado como va el problema y ya te doy algun paso mas para terminar de desinfectar el pc

Gerson · 10 Octubre, 2018 19:35

@Miguelgrado, ya hice lo que mencionaste en el tema, te comento que reinicie la PC y ya no me salio el anuncion, pero te adjunto el Log que me dejo el programa por si falta hacer algún paso mas.

Esperare tus comentarios

Fix result of Farbar Recovery Scan Tool (x64) Version: 06.10.2018
Ran by Gerson (10-10-2018 13:25:55) Run:1
Running from C:\Users\Gerson\Desktop
Loaded Profiles: Gerson (Available Profiles: Gerson)
Boot Mode: Safe Mode (minimal)
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-4092908975-4099347736-315434978-1000\...\Run: [electron.app.Microtask] => C:\Program Files\Microtask\Microtask.exe [67918336 2018-10-06] (Microtask)
C:\Program Files\Microtask
GroupPolicy: Restriction - Windows Defender <==== ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
U3 SwitchBoard; no ImagePath
S3 WacHidRouter; system32\DRIVERS\wachidrouter.sys [X]
S3 WacHidRouterPro; system32\DRIVERS\wachidrouter.sys [X]
S3 wacomrouterfilter; system32\DRIVERS\wacomrouterfilter.sys [X]
2018-10-08 15:01 - 2018-10-08 15:01 - 000000000 ____D C:\Users\Gerson\AppData\Roaming\QFqPR
2018-10-08 15:00 - 2018-10-08 18:00 - 000000000 ____D C:\Users\Gerson\AppData\Roaming\2frgt0q3v0b
2018-10-08 15:00 - 2018-10-08 15:00 - 000003058 _____ C:\Windows\System32\Tasks\GItHvXoKUgtwAW
2018-10-08 15:00 - 2018-10-08 15:00 - 000002850 _____ C:\Windows\System32\Tasks\RzmVfSQvlkpVqKr2
2018-10-08 14:59 - 2018-10-08 18:00 - 000000000 ____D C:\Users\Gerson\AppData\Roaming\yi4eq0ol1q1
2018-10-08 14:58 - 2018-10-08 15:17 - 000000000 ____D C:\Program Files (x86)\eStaff
2018-10-08 14:57 - 2018-10-09 11:50 - 000000000 ____D C:\ProgramData\Microtask
2018-10-08 14:57 - 2018-10-08 15:09 - 000000000 ____D C:\Users\Gerson\AppData\Roaming\Microtask
2018-10-08 14:57 - 2018-10-08 15:09 - 000000000 ____D C:\Program Files\Microtask
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ContextMenuHandlers1: [FT360] -> {F2196025-497B-4A61-AEA7-27325149132A} =>  -> No File
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers4: [FT360] -> {F2196025-497B-4A61-AEA7-27325149132A} =>  -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers6: [FT360] -> {F2196025-497B-4A61-AEA7-27325149132A} =>  -> No File
Task: {64DC7A6D-3AC5-4CA0-91DA-8E1EB3EF06CE} - \NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> No File <==== ATTENTION
Task: {83152D87-E946-4912-A90C-9409357ABD48} - System32\Tasks\RzmVfSQvlkpVqKr2 => rundll32 "C:\Program Files (x86)\deoRkBcMU\oJFXfa.dll",#1
C:\Program Files (x86)\deoRkBcMU
Task: {9D0D6B06-3E5C-4F08-AAA3-6069F18AF81C} - System32\Tasks\GItHvXoKUgtwAW => rundll32 "C:\Program Files (x86)\pObWEjsjndqU2\hoIJJFsXLfoad.dll",#1
C:\Program Files (x86)\pObWEjsjndqU2
Task: {A04D6E4C-5F8D-4819-B5F6-DFBB43F52AA5} - \{FEAA4C2F-EB28-4B64-8B01-EACA56C3D861} -> No File <==== ATTENTION
Task: {AA87FC66-D0AF-4DDE-A05C-70C5779C4A65} - \{FD7A9FEC-7BE0-4C2D-AD08-6BA010E39391} -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]


HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
END
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
"HKU\S-1-5-21-4092908975-4099347736-315434978-1000\Software\Microsoft\Windows\CurrentVersion\Run\\electron.app.Microtask" => removed successfully
C:\Program Files\Microtask => moved successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj => removed successfully
HKLM\System\CurrentControlSet\Services\SwitchBoard => removed successfully
SwitchBoard => service removed successfully
HKLM\System\CurrentControlSet\Services\WacHidRouter => removed successfully
WacHidRouter => service removed successfully
HKLM\System\CurrentControlSet\Services\WacHidRouterPro => removed successfully
WacHidRouterPro => service removed successfully
HKLM\System\CurrentControlSet\Services\wacomrouterfilter => removed successfully
wacomrouterfilter => service removed successfully
C:\Users\Gerson\AppData\Roaming\QFqPR => moved successfully
C:\Users\Gerson\AppData\Roaming\2frgt0q3v0b => moved successfully
C:\Windows\System32\Tasks\GItHvXoKUgtwAW => moved successfully
C:\Windows\System32\Tasks\RzmVfSQvlkpVqKr2 => moved successfully
C:\Users\Gerson\AppData\Roaming\yi4eq0ol1q1 => moved successfully
C:\Program Files (x86)\eStaff => moved successfully
C:\ProgramData\Microtask => moved successfully
C:\Users\Gerson\AppData\Roaming\Microtask => moved successfully
"C:\Program Files\Microtask" => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => invalid subkey removed.
HKLM\Software\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => invalid subkey removed.
HKLM\Software\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => invalid subkey removed.
HKLM\Software\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => invalid subkey removed.
HKLM\Software\Wow6432Node\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => invalid subkey removed.
HKLM\Software\Wow6432Node\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => invalid subkey removed.
HKLM\Software\Wow6432Node\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\FT360 => removed successfully
HKLM\Software\Classes\CLSID\{F2196025-497B-4A61-AEA7-27325149132A} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => not found
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => not found
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\FT360 => removed successfully
HKLM\Software\Classes\CLSID\{F2196025-497B-4A61-AEA7-27325149132A} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\FT360 => removed successfully
HKLM\Software\Classes\CLSID\{F2196025-497B-4A61-AEA7-27325149132A} => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{64DC7A6D-3AC5-4CA0-91DA-8E1EB3EF06CE} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{64DC7A6D-3AC5-4CA0-91DA-8E1EB3EF06CE} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{83152D87-E946-4912-A90C-9409357ABD48} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{83152D87-E946-4912-A90C-9409357ABD48} => could not remove. Access Denied.
"C:\Windows\System32\Tasks\RzmVfSQvlkpVqKr2" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RzmVfSQvlkpVqKr2 => could not remove. Access Denied.
"C:\Program Files (x86)\deoRkBcMU" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9D0D6B06-3E5C-4F08-AAA3-6069F18AF81C} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9D0D6B06-3E5C-4F08-AAA3-6069F18AF81C} => could not remove. Access Denied.
"C:\Windows\System32\Tasks\GItHvXoKUgtwAW" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GItHvXoKUgtwAW => could not remove. Access Denied.
"C:\Program Files (x86)\pObWEjsjndqU2" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A04D6E4C-5F8D-4819-B5F6-DFBB43F52AA5} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A04D6E4C-5F8D-4819-B5F6-DFBB43F52AA5} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FEAA4C2F-EB28-4B64-8B01-EACA56C3D861} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AA87FC66-D0AF-4DDE-A05C-70C5779C4A65} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA87FC66-D0AF-4DDE-A05C-70C5779C4A65} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FD7A9FEC-7BE0-4C2D-AD08-6BA010E39391} => could not remove. Access Denied.
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-4092908975-4099347736-315434978-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-4092908975-4099347736-315434978-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows


========= End of CMD: =========


========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

No se puede vaciar la cach‚ de resoluci¢n de DNS: Error de una funci¢n durante la ejecuci¢n.


========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to connect to BITS - 0x8007042c

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 21107999 B
Java, Flash, Steam htmlcache => 78739599 B
Windows/system/drivers => 10914341 B
Edge => 0 B
Chrome => 0 B
Firefox => 527566126 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66356 B
systemprofile32 => 66356 B
LocalService => 66295 B
NetworkService => 2806 B
Gerson => 794226371 B

RecycleBin => 790748 B
EmptyTemp: => 1.3 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 10-10-2018 13:28:37)


Result of scheduled keys to remove after reboot:

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{64DC7A6D-3AC5-4CA0-91DA-8E1EB3EF06CE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{64DC7A6D-3AC5-4CA0-91DA-8E1EB3EF06CE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{83152D87-E946-4912-A90C-9409357ABD48}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{83152D87-E946-4912-A90C-9409357ABD48}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RzmVfSQvlkpVqKr2" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9D0D6B06-3E5C-4F08-AAA3-6069F18AF81C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9D0D6B06-3E5C-4F08-AAA3-6069F18AF81C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GItHvXoKUgtwAW" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A04D6E4C-5F8D-4819-B5F6-DFBB43F52AA5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A04D6E4C-5F8D-4819-B5F6-DFBB43F52AA5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FEAA4C2F-EB28-4B64-8B01-EACA56C3D861}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AA87FC66-D0AF-4DDE-A05C-70C5779C4A65}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA87FC66-D0AF-4DDE-A05C-70C5779C4A65}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FD7A9FEC-7BE0-4C2D-AD08-6BA010E39391}" => removed successfully

==== End of Fixlog 13:28:37 ====

Miguelgrado · 11 Octubre, 2018 05:14

Para eliminar las herramientas usadas en la desinfección, realizas:

Descargas y Ejecutas >> Delfix, en tu escritorio.
Doble clic para ejecutarlo.(Si usas Windows Vista/7 /8 /10,presiona clic derecho y selecciona >>;Ejecutar como Administrador.)
Marca solamente la casilla Remove disinfection tools
Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

Si queda alguna herramienta, la desinstalas desde panel de Windows y aquellas que no estén listadas, se eliminan directamente.

Me alegro de haberte podido ayudar!

TEMA SOLUCIONADO

system · 13 Octubre, 2018 05:14

Este tema se cerró automáticamente 2 días después del último post. No se permiten nuevas respuestas.