Pop up al escritorio

MARCELO_BRAVO · 2 Noviembre, 2019 10:34

Ran by pc (02-11-2019 07:25:59) Run:1
Running from C:\Users\pc\Desktop
Loaded Profiles: pc (Available Profiles: pc)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-940513610-2606913777-4097325418-1000\...\MountPoints2: {58869893-d61d-11e9-944a-38eaa7e09f04} - "F:\autorun.exe" 
HKU\S-1-5-21-940513610-2606913777-4097325418-1000\...\MountPoints2: {a22214ca-e0b6-11e9-944d-38eaa7e09f04} - "F:\Autorun.exe" 
HKU\S-1-5-21-940513610-2606913777-4097325418-1000\...\MountPoints2: {a222152c-e0b6-11e9-944d-38eaa7e09f04} - "G:\Autorun.exe" 
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] -> 
GroupPolicy: Restriction ? <==== ATTENTION
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47c2-B62A-B7C4CED925CB}
Task: {4944A21D-6FB3-4203-BFE2-82079831CBD2} - System32\Tasks\Microsoft\Windows\End Of Support\Notify1 => C:\WINDOWS\system32\sipnotify.exe
Task: {4C15816B-1438-4B23-9F1A-74C30872E550} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe /NOUACCHECK
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {A29A87CA-9FEF-4C05-BF4D-62C67A778E04} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {A8E02C08-AE1A-43DD-868A-6839D18A0037} - System32\Tasks\IObitSelfCheckTask => C:\Program Files (x86)\IObit\Smart Defrag\IObitSelfCheck.exe
Task: {C194A7C1-BE7F-4BCD-B55D-5B27974E1D3E} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe [314128 2018-05-02] (IObit Information Technology -> IObit)
Task: {EBA378B9-BA20-4AA1-866F-649E390FC117} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe [5923600 2019-09-18] (IObit Information Technology -> IObit)
Task: {F5B5494A-A227-4698-994B-CD1742F8B315} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [3007760 2019-04-24] (IObit Information Technology -> IObit)
CHR Notifications: Default -> hxxps://maranhesduve.club; hxxps://py.checkio.org; hxxps://www.youtube.com
S3 AscFileFilter; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscFileFilter.sys [X]
C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscFileFilter.sys
S3 AscRegistryFilter; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscRegistryFilter.sys [X]
U3 idsvc; no ImagePath
C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscRegistryFilter.sys
C:\Program Files (x86)\IObit\Advanced SystemCare
2019-10-28 04:32 - 2019-08-13 05:39 - 000000000 ____D C:\Users\pc\AppData\Roaming\IObit
2019-10-28 04:32 - 2019-08-13 05:39 - 000000000 ____D C:\ProgramData\IObit
2019-10-27 05:38 - 2019-08-13 05:40 - 000000000 ____D C:\Users\pc\AppData\LocalLow\IObit
2019-10-27 05:38 - 2019-08-13 05:39 - 000000000 ____D C:\Program Files (x86)\IObit
CustomCLSID: HKU\S-1-5-21-940513610-2606913777-4097325418-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\pc\AppData\Local\Microsoft\OneDrive\19.152.0801.0009\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-940513610-2606913777-4097325418-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\pc\AppData\Local\Microsoft\OneDrive\19.152.0801.0009\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-940513610-2606913777-4097325418-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\pc\AppData\Local\Microsoft\OneDrive\19.152.0801.0009\amd64\FileSyncShell64.dll => No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [183808 2010-12-07] () [File not signed]
HKLM\...\Drivers32: [VIDC.YV12] => C:\Windows\SysWOW64\yv12vfw.dll [237568 2010-11-03] (www.helixcommunity.org) [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [151552 2010-01-17] (fccHandler) [File not signed]
HKLM\...\Drivers32: [msacm.lameacm] => C:\Windows\SysWOW64\lameACM.acm [839680 2008-09-24] (hxxp://www.mp3dev.org/) [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [108032 2010-12-11] () [File not signed]
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
FirewallRules: [{A276A0C9-A368-45A6-A952-F42FF1676C63}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe No File
FirewallRules: [UDP Query User{920F50A5-BBE4-4C89-8BA7-FB14E59A895E}C:\program files\java\jre1.8.0_221\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_221\bin\javaw.exe No File
FirewallRules: [TCP Query User{B3AC174C-FB3C-4F01-B80C-11EF65744134}C:\program files\java\jre1.8.0_221\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_221\bin\javaw.exe No File
FirewallRules: [UDP Query User{A094ED79-6376-44FE-AB3E-129978381BE4}C:\users\pc\appdata\local\temp\kmsemul.exe] => (Allow) C:\users\pc\appdata\local\temp\kmsemul.exe No File
FirewallRules: [TCP Query User{CAD4438A-FD82-497D-8DFB-10DCAA8CB577}C:\users\pc\appdata\local\temp\kmsemul.exe] => (Allow) C:\users\pc\appdata\local\temp\kmsemul.exe No File
FirewallRules: [{D3CCA5FA-D507-408E-91C2-D8BBACBBE8F8}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD9.EXE No File
FirewallRules: [UDP Query User{172282FE-0923-4B08-B56C-D164F96543FA}F:\memoria interna\nueva carpeta\sdi_rus\sdi_x64_r1790.exe] => (Allow) F:\memoria interna\nueva carpeta\sdi_rus\sdi_x64_r1790.exe No File
FirewallRules: [TCP Query User{2A3677BD-E3E6-436D-8294-0A3198329C70}F:\memoria interna\nueva carpeta\sdi_rus\sdi_x64_r1790.exe] => (Allow) F:\memoria interna\nueva carpeta\sdi_rus\sdi_x64_r1790.exe No File
FirewallRules: [{CB526515-1ED8-4139-A2A0-6C984A0F0727}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.6.0\DriverBooster.exe No File
FirewallRules: [{4C153651-F3B8-4A3D-9BD6-D1CBF0ADC163}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.6.0\DriverBooster.exe No File
FirewallRules: [{B5A81B72-F9E9-4FF7-9329-D4AC061EDF4C}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.6.0\DBDownloader.exe No File
FirewallRules: [{12F75BA8-9AE2-4698-89D4-888E366EB7B5}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.6.0\DBDownloader.exe No File
FirewallRules: [{ED7C643F-0CE2-478C-AF63-B6929FE49559}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.6.0\AutoUpdate.exe No File
FirewallRules: [{10E13F96-A0F9-44A9-A1A4-4455CD6313B7}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.6.0\AutoUpdate.exe No File
FirewallRules: [TCP Query User{254C610D-E831-4F18-8784-FBC8FF13A4F4}C:\users\pc\desktop\microsoft office 2016-2019\files\bin\kmss.exe] => (Allow) C:\users\pc\desktop\microsoft office 2016-2019\files\bin\kmss.exe No File
FirewallRules: [UDP Query User{00CA2093-724E-48A3-A28D-459F64B27C09}C:\users\pc\desktop\microsoft office 2016-2019\files\bin\kmss.exe] => (Allow) C:\users\pc\desktop\microsoft office 2016-2019\files\bin\kmss.exe No File

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
*****************

Processes closed successfully.
Restore point was successfully created.
HKU\S-1-5-21-940513610-2606913777-4097325418-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58869893-d61d-11e9-944a-38eaa7e09f04} => removed successfully
HKU\S-1-5-21-940513610-2606913777-4097325418-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a22214ca-e0b6-11e9-944d-38eaa7e09f04} => removed successfully
HKU\S-1-5-21-940513610-2606913777-4097325418-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a222152c-e0b6-11e9-944d-38eaa7e09f04} => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{503739d0-4c5e-4cfd-b3ba-d881334f0df2}" => removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{486D715E-6AA2-44CF-BC48-B6990CBB53C6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{486D715E-6AA2-44CF-BC48-B6990CBB53C6}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Shell\WindowsParentalControlsMigration" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4944A21D-6FB3-4203-BFE2-82079831CBD2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4944A21D-6FB3-4203-BFE2-82079831CBD2}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\End Of Support\Notify1 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\End Of Support\Notify1" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4C15816B-1438-4B23-9F1A-74C30872E550}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C15816B-1438-4B23-9F1A-74C30872E550}" => removed successfully
C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CreateExplorerShellUnelevatedTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5B42DD9C-5A26-4F27-BB95-34603F0997E5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B42DD9C-5A26-4F27-BB95-34603F0997E5}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Shell\WindowsParentalControls" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A29A87CA-9FEF-4C05-BF4D-62C67A778E04}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A29A87CA-9FEF-4C05-BF4D-62C67A778E04}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\SideShow\AutoWake => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\AutoWake" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A8E02C08-AE1A-43DD-868A-6839D18A0037}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8E02C08-AE1A-43DD-868A-6839D18A0037}" => removed successfully
C:\WINDOWS\System32\Tasks\IObitSelfCheckTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IObitSelfCheckTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C194A7C1-BE7F-4BCD-B55D-5B27974E1D3E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C194A7C1-BE7F-4BCD-B55D-5B27974E1D3E}" => removed successfully
C:\WINDOWS\System32\Tasks\SmartDefrag_AutoAnalyze => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartDefrag_AutoAnalyze" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EBA378B9-BA20-4AA1-866F-649E390FC117}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EBA378B9-BA20-4AA1-866F-649E390FC117}" => removed successfully
C:\WINDOWS\System32\Tasks\SmartDefrag_Startup => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartDefrag_Startup" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F5B5494A-A227-4698-994B-CD1742F8B315}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5B5494A-A227-4698-994B-CD1742F8B315}" => removed successfully
C:\WINDOWS\System32\Tasks\SmartDefrag_Update => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartDefrag_Update" => removed successfully
"Chrome Notifications" => removed successfully
HKLM\System\CurrentControlSet\Services\AscFileFilter => removed successfully
AscFileFilter => service removed successfully
"C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscFileFilter.sys" => not found
HKLM\System\CurrentControlSet\Services\AscRegistryFilter => removed successfully
AscRegistryFilter => service removed successfully
HKLM\System\CurrentControlSet\Services\idsvc => removed successfully
idsvc => service removed successfully
"C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscRegistryFilter.sys" => not found
"C:\Program Files (x86)\IObit\Advanced SystemCare" => not found
C:\Users\pc\AppData\Roaming\IObit => moved successfully
C:\ProgramData\IObit => moved successfully
C:\Users\pc\AppData\LocalLow\IObit => moved successfully
C:\Program Files (x86)\IObit => moved successfully
HKU\S-1-5-21-940513610-2606913777-4097325418-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => removed successfully
HKU\S-1-5-21-940513610-2606913777-4097325418-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => removed successfully
HKU\S-1-5-21-940513610-2606913777-4097325418-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\VIDC.XVID" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\VIDC.YV12" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\msacm.ac3acm" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\msacm.lameacm" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\VIDC.FFDS" => not found
"CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"" => removed successfully
"BVTFilter" => removed successfully
"BVTConsumer" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A276A0C9-A368-45A6-A952-F42FF1676C63}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{920F50A5-BBE4-4C89-8BA7-FB14E59A895E}C:\program files\java\jre1.8.0_221\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B3AC174C-FB3C-4F01-B80C-11EF65744134}C:\program files\java\jre1.8.0_221\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{A094ED79-6376-44FE-AB3E-129978381BE4}C:\users\pc\appdata\local\temp\kmsemul.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{CAD4438A-FD82-497D-8DFB-10DCAA8CB577}C:\users\pc\appdata\local\temp\kmsemul.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D3CCA5FA-D507-408E-91C2-D8BBACBBE8F8}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{172282FE-0923-4B08-B56C-D164F96543FA}F:\memoria interna\nueva carpeta\sdi_rus\sdi_x64_r1790.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{2A3677BD-E3E6-436D-8294-0A3198329C70}F:\memoria interna\nueva carpeta\sdi_rus\sdi_x64_r1790.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CB526515-1ED8-4139-A2A0-6C984A0F0727}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4C153651-F3B8-4A3D-9BD6-D1CBF0ADC163}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B5A81B72-F9E9-4FF7-9329-D4AC061EDF4C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{12F75BA8-9AE2-4698-89D4-888E366EB7B5}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{ED7C643F-0CE2-478C-AF63-B6929FE49559}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{10E13F96-A0F9-44A9-A1A4-4455CD6313B7}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{254C610D-E831-4F18-8784-FBC8FF13A4F4}C:\users\pc\desktop\microsoft office 2016-2019\files\bin\kmss.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{00CA2093-724E-48A3-A28D-459F64B27C09}C:\users\pc\desktop\microsoft office 2016-2019\files\bin\kmss.exe" => removed successfully

========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows

No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local* 9 mientras los medios
est‚n desconectados.

Adaptador de Ethernet Conexi¢n de  rea local:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de LAN inal mbrica Conexi¢n de  rea local* 9:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de LAN inal mbrica Conexi¢n de red inal mbrica:

   Sufijo DNS espec¡fico para la conexi¢n. . : 
   Direcci¢n IPv6 . . . . . . . . . . : ::8006:1ae2:e883:6837
   Direcci¢n IPv6 temporal. . . . . . : ::993:711f:a92:dfdf
   V¡nculo: direcci¢n IPv6 local. . . : fe80::8006:1ae2:e883:6837%2
   Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.0.8
   M scara de subred . . . . . . . . . . . . : 255.255.255.0
   Puerta de enlace predeterminada . . . . . : 192.168.0.1

========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

0 out of 0 jobs canceled.

========= End of CMD: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= netsh advfirewall reset =========

Aceptar


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Aceptar


========= End of CMD: =========


========= netsh int ipv4 reset =========

Reenv¡o de compartimiento se restableci¢ correctamente.
Compartimiento se restableci¢ correctamente.
Protocolo de control se restableci¢ correctamente.
Solicitud de secuencia eco se restableci¢ correctamente.
Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de difusi¢n por proximidad (a se restableci¢ correctamente.
Direcciones de multidifusi¢n se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Posible se restableci¢ correctamente.
Directiva de prefijo se restableci¢ correctamente.
Vecino de proxy se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Prefijo de sitio se restableci¢ correctamente.
Subinterfaz se restableci¢ correctamente.
Patr¢n de reactivaci¢n se restableci¢ correctamente.
Resolver vecino se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.

 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= netsh int ipv6 reset =========

Reenv¡o de compartimiento se restableci¢ correctamente.
Compartimiento se restableci¢ correctamente.
Protocolo de control se restableci¢ correctamente.
Solicitud de secuencia eco se restableci¢ correctamente.
Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de difusi¢n por proximidad (a se restableci¢ correctamente.
Direcciones de multidifusi¢n se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Posible se restableci¢ correctamente.
Directiva de prefijo se restableci¢ correctamente.
Vecino de proxy se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Prefijo de sitio se restableci¢ correctamente.
Subinterfaz se restableci¢ correctamente.
Patr¢n de reactivaci¢n se restableci¢ correctamente.
Resolver vecino se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.

 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= RemoveProxy: =========

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-940513610-2606913777-4097325418-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-940513610-2606913777-4097325418-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 9199616 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 32830328 B
Java, Flash, Steam htmlcache => 1065 B
Windows/system/drivers => 9384000 B
Edge => 58108 B
Chrome => 433862271 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 33058 B
Users => 33058 B
ProgramData => 33058 B
Public => 33058 B
systemprofile => 33058 B
systemprofile32 => 33058 B
LocalService => 33058 B
NetworkService => 69014 B
pc => 48987382 B

RecycleBin => 67161430 B
EmptyTemp: => 573.9 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 07:27:26 ====

SanMar · 3 Noviembre, 2019 02:34

Hola @MARCELO_BRAVO

El Fix perfecto, solo falta que comentes si desapareció el problema???

Salu2

MARCELO_BRAVO · 3 Noviembre, 2019 11:01

desaparecio el problema desde la aplicacion de los tres primeros programas. muchas gracias. consulta: cual fue el archivo que trajo el virus? para evitar el sitio web o programa que me infecto

SanMar · 4 Noviembre, 2019 03:30

Hola @MARCELO_BRAVO

Lo mas detectado por las herramientas fue Advanced System Care y Driver Booster, mas algún archivo de Bitorrent.

Para eliminar las herramientas utilizadas:

Descargas/Ejecutas >> Delfix, desde tu escritorio.

Doble clic para ejecutarlo.(Si usas Windows Vista/7 /8 /10,presiona clic derecho y selecciona >> “Ejecutar como Administrador”)
Marca las casilla Remove disinfection tools y Purgue Sistem Restore
Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

Que bueno que hayamos podido resolver tu consulta…

Para otros problemas, ya sabes donde encontrarnos.

Tema Solucionado

Salu2.