hola, no osy nada experto en la materia, pero tengo un buscador que me salio depues de la instalacion de programas y supongo que es un virus o un espia , como novato para limpiar mi pc siempre use Malwarebytes, que siempre me encontro cosas y iba limpiando, pero este buscador no me lo detecta ni en modo seguro, tb esta vez al ver que no me funcionaba le pase adwcleaner_7.4.2 , me encontro varias cosas mas que borre, pero el buscador ese aun sigue alli, agradeceria si me pudieraos ayudar GRACIAS
Hola @jean
Pon los reportesde Malwarebytes y AdwCleaner para revisarlos.
Desactiva temporalmente el Antivirus >> Cómo deshabilitar temporalmente su Antivirus
Descarga Farbar Recovery Scan Tool. seleccionando la versión adecuada para la arquitectura(32 o 64bits) de tu equipo. [color=#FF8C00][size=1]
¿Cómo saber si mi Windows es de 32 o 64 bits.?[/size][/color]
- Ejecuta FRST.exe.
- En el mensaje de la ventana del Disclaimer, pulsamos Yes
- En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
- Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.
Pon los dos reportes generados.
Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo(mas de 50.000 caracteres aprox.).
Un saludo
Un saludo
Hola de nuevo, te adjunto los 4 reports que me pedistes en dos mensages ya que me pasaba de caracteres . Gracias por atender y buen fin de semana.
-Detalles del registro-
Fecha del análisis: 22/11/19
Hora del análisis: 21:09
Archivo de registro: 0c617db2-0d64-11ea-829c-00508db6f59e.json
-Información del software-
Versión: 3.8.3.2965
Versión de los componentes: 1.0.629
Versión del paquete de actualización: 1.0.13467
Licencia: Gratis
-Información del sistema-
SO: Windows 10 (Build 17763.805)
CPU: x64
Sistema de archivos: NTFS
Usuario: DESKTOP-1E5F1DV\jean
-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 287967
Amenazas detectadas: 1
Amenazas en cuarentena: 0
Tiempo transcurrido: 12 min, 47 seg
-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar
-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)
Módulo: 0
(No hay elementos maliciosos detectados)
Clave del registro: 0
(No hay elementos maliciosos detectados)
Valor del registro: 0
(No hay elementos maliciosos detectados)
Datos del registro: 0
(No hay elementos maliciosos detectados)
Secuencia de datos: 0
(No hay elementos maliciosos detectados)
Carpeta: 0
(No hay elementos maliciosos detectados)
Archivo: 1
Adware.FusionCore, C:\USERS\JEAN\DOWNLOADS\LDPLAYER_ES_3200_LD.EXE, Sin acciones por parte del usuario, [7521], [764694],1.0.13467
Sector físico: 0
(No hay elementos maliciosos detectados)
WMI: 0
(No hay elementos maliciosos detectados)
(end)
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 11-22-2019
# Duration: 00:00:59
# OS: Windows 10 Pro
# Scanned: 35182
# Detected: 0
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
No malicious registry entries found.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Preinstalled Software ] *****
No Preinstalled Software found.
AdwCleaner_Debug.log - [30462 octets] - [21/11/2019 13:22:40]
AdwCleaner[S00].txt - [2143 octets] - [21/11/2019 13:24:18]
AdwCleaner[C00].txt - [2110 octets] - [21/11/2019 13:24:51]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-11-2019
Ran by jean (administrator) on DESKTOP-1E5F1DV (System Manufacter System Product Name) (22-11-2019 21:34:54)
Running from C:\Users\jean\Desktop\chloe
Loaded Profiles: jean (Available Profiles: jean)
Platform: Windows 10 Pro Version 1809 17763.805 (X64) Language: Español (México)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Atheros Communications, Inc.) [File not signed] C:\Program Files (x86)\Jumpstart\jswpbapi.exe
(Atheros Communications, Inc.) [File not signed] C:\Program Files (x86)\Jumpstart\jswpsapi.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.342\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.342\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1909.2812.0_x64__8wekyb3d8bbwe\Time.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor Corp.) [File not signed] C:\Program Files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtWLan.exe
(Realtek Semiconductor Corp.) [File not signed] C:\Program Files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtWLan.exe
(Realtek) [File not signed] C:\Program Files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe
Failed to access process -> Nox.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-15] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM-x32\...\Run: [jswtrayutil] => C:\Program Files (x86)\Jumpstart\jswtrayutil.exe [528384 2008-09-26] (Atheros Communications, Inc.) [File not signed]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-4008288731-3804405609-1223090383-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3146016 2019-03-06] (Valve -> Valve Corporation)
HKU\S-1-5-21-4008288731-3804405609-1223090383-1001\...\Run: [NoxDaemon] => C:\Users\jean\AppData\Roaming\NoxSrv\NoxSrv.exe [116736 2019-08-26] () [File not signed]
HKU\S-1-5-21-4008288731-3804405609-1223090383-1001\...\Run: [Chromium] => "c:\users\jean\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\78.0.3904.108\Installer\chrmstp.exe [2019-11-18] (Google LLC -> Google LLC)
GroupPolicy: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-4008288731-3804405609-1223090383-1001\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {11A8E4F2-4F1A-4C0F-8325-911EA07229A4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe [470952 2019-03-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {1670BA85-21FC-4601-B96B-81B3BBADBB74} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe [470952 2019-03-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {2903AB00-F473-475E-8D8C-E0E16085B7C0} - System32\Tasks\GoogleUpdateTaskMachineCore1d5796a5352dc8b => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-03-07] (Google Inc -> Google Inc.)
Task: {5D7B6CE3-FDE9-431B-BDEE-7479321DE97D} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe [745480 2019-04-16] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
Task: {5F0740F8-F729-4266-9056-17641331CC45} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-03-07] (Google Inc -> Google Inc.)
Task: {9850241B-152B-487B-852F-61E723FEA7DA} - System32\Tasks\GoogleUpdateTaskMachineUA1d5796a537e27a9 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-03-07] (Google Inc -> Google Inc.)
Task: {9954CB3E-D6D4-4F66-893E-D3F27D454D5B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe [470952 2019-03-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {E34221E8-687B-4C12-93C7-BC779CBEF63B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe [470952 2019-03-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {EA68BB04-9BFE-4798-9D0F-A1F75E6CFA51} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-03-07] (Google Inc -> Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 80.58.61.250 80.58.61.254
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{098cc3ed-f3db-4d12-9de3-b3398bd95705}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{1adc7beb-d242-11e5-89e4-806e6f6e6963}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{2c5c6133-995c-4441-9c64-9cbdefcf8d88}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{484a91b2-8838-4e50-a5b0-b23576e56ef9}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{57d6f7bc-e8ae-4850-9774-74bc5ce05a5b}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{7a55341e-a24b-4ed4-92c7-b22a06f98929}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{9360a09b-a876-4b3e-877c-8fe29dba3dc0}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{b2086076-0281-4deb-800e-f67908916f6c}: [DhcpNameServer] 80.58.61.250 80.58.61.254
Tcpip\..\Interfaces\{bc0c8c95-2ae3-4315-ac0f-bfdfdbabf365}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{d4765382-cc16-4ae0-a12a-9c5cdc205308}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{d4765382-cc16-4ae0-a12a-9c5cdc205308}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{dd7acfc6-155a-48a1-a6e2-fdb60b7d298b}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{e125f657-4d3f-429b-a45c-3adc15a8637b}: [NameServer] 8.8.8.8
Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-4008288731-3804405609-1223090383-1001 -> DefaultScope {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} URL =
Edge:
======
DownloadDir: C:\Users\jean\Downloads
FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-05] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-05] (Google Inc -> Google LLC)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.es/
CHR StartupUrls: Default -> "hxxps://www.youtube.com/"
CHR NewTab: Default -> Not-active:"chrome-extension://gkafhoennmdfjegcfnmpkdfocdkjlclk/tab.html"
CHR Notifications: Default -> hxxps://click-on-this-now.online; hxxps://es.digitaltrends.com; hxxps://forospyware.com; hxxps://untappedearnings.com; hxxps://www.mundoperfecto.net
CHR Profile: C:\Users\jean\AppData\Local\Google\Chrome\User Data\Default [2019-11-22]
CHR Extension: (Presentaciones) - C:\Users\jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-03-07]
CHR Extension: (Documentos) - C:\Users\jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-03-07]
CHR Extension: (Google Drive) - C:\Users\jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-03-07]
CHR Extension: (YouTube) - C:\Users\jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-03-07]
CHR Extension: (Adblock Plus - bloqueador de anuncios gratis) - C:\Users\jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-10-23]
CHR Extension: (Hojas de cálculo) - C:\Users\jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-03-07]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-03-07]
CHR Extension: (AdBlock) - C:\Users\jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-11-21]
CHR Extension: (Weather Prophet) - C:\Users\jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkafhoennmdfjegcfnmpkdfocdkjlclk [2019-11-22]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-03]
CHR Extension: (ImTranslator: Traductor, Diccionario, Voz) - C:\Users\jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\noaijdpnepcgjemiklgfkcfbkokogabh [2019-10-31]
CHR Extension: (Gmail) - C:\Users\jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-29]
CHR Extension: (Chrome Media Router) - C:\Users\jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-11-05]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 fyservice; C:\Users\jean\AppData\Local\Temp\fy\fyservice.exe [42288 2019-11-17] (Shanghai Changzhi Network Technology Co., Ltd. -> ) <==== ATTENTION
R2 jswpbapi; C:\Program Files (x86)\Jumpstart\jswpbapi.exe [265216 2008-09-26] (Atheros Communications, Inc.) [File not signed]
R3 jswpsapi; C:\Program Files (x86)\Jumpstart\jswpsapi.exe [954368 2008-09-26] (Atheros Communications, Inc.) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-15] (NVIDIA Corporation -> NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-15] (NVIDIA Corporation -> NVIDIA Corporation)
S2 Plarium Play Client Service; C:\Users\jean\AppData\Local\Plarium\PlariumPlay\PlariumPlayClientService.exe [86472 2019-10-31] (Plarium Global Ltd. -> )
R2 Realtek87B; C:\Program Files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe [40960 2009-12-07] (Realtek) [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5378320 2019-10-03] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\NisSrv.exe [4098064 2019-03-15] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MsMpEng.exe [113992 2019-03-15] (Microsoft Corporation -> Microsoft Corporation)
S3 wuauserv; C:\WINDOWS\system32\svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 wuauserv; C:\WINDOWS\SysWOW64\svchost.exe [45448 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S2 Stereo Service; "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe" [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 BlueStacksDrv; C:\Program Files\BlueStacks\BstkDrv.sys [313112 2019-10-07] (Bluestack Systems, Inc. -> Bluestack System Inc. )
R1 JSWPSLWF; C:\WINDOWS\system32\DRIVERS\jswpslwfx.sys [26624 2008-05-15] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.)
R2 LdBoxDrv; C:\Program Files\dnplayerext2\LdBoxDrv.sys [312496 2019-11-17] (Microsoft Windows Hardware Compatibility Publisher -> Oracle Corporation)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-11-22] (Malwarebytes Corporation -> Malwarebytes)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_9ff5ab165faead52\nvlddmkm.sys [13754936 2016-08-27] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-15] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47976 2015-07-03] (NVIDIA Corporation -> NVIDIA Corporation)
R3 RTL8187; C:\WINDOWS\System32\drivers\rtl8187.sys [448512 2010-01-07] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corporation )
S3 TKCtrl; C:\WINDOWS\system32\TKCtrl2k64.sys [147240 2018-01-29] (INCA Internet Co.,Ltd. -> INCA Internet Co., Ltd.) <==== ATTENTION
S3 TKFsAvM; C:\WINDOWS\system32\TKFsAv64.sys [198808 2018-03-07] (INCA Internet Co.,Ltd. -> INCA Internet Co., Ltd.) <==== ATTENTION
S3 TKFsFtM; C:\WINDOWS\system32\TKFsFt64.sys [28824 2018-03-07] (INCA Internet Co.,Ltd. -> INCA Internet Co., Ltd.) <==== ATTENTION
S3 TKPcFt; C:\WINDOWS\system32\TKPcFtCb64.sys [54504 2018-01-30] (INCA Internet Co.,Ltd. -> INCA Internet Co., Ltd.) <==== ATTENTION
S3 TKRgAc; C:\WINDOWS\system32\TKRgAc2k64.sys [115760 2018-01-29] (INCA Internet Co.,Ltd. -> INCA Internet Co., Ltd.) <==== ATTENTION
S3 TKRgFt; C:\WINDOWS\system32\TKRgFtXp64.sys [68848 2018-02-04] (INCA Internet Co.,Ltd. -> INCA Internet Co., Ltd.) <==== ATTENTION
S3 TKSP; C:\WINDOWS\system32\TKSPxp64.sys [80824 2018-01-29] (INCA Internet Co.,Ltd. -> INCA Internet Co., Ltd.) <==== ATTENTION
U5 vwifimp; C:\Windows\System32\Drivers\vwifimp.sys [47616 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46472 2019-03-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [333792 2019-03-15] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62432 2019-03-15] (Microsoft Windows -> Microsoft Corporation)
R1 YSDrv; C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [310536 2019-08-27] (Beijing Duodian Online Science and Technology Co.,Ltd -> BigNox Corporation)
R3 yukonw8; C:\WINDOWS\System32\drivers\yk63x64.sys [288768 2018-09-15] (Microsoft Windows -> Marvell)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ===================
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-11-22 21:34 - 2019-11-22 21:35 - 000000000 ____D C:\FRST
2019-11-22 21:09 - 2019-11-22 21:09 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-11-22 16:31 - 2019-11-22 21:32 - 000000000 ____D C:\Users\jean\Desktop\reportes
2019-11-18 14:01 - 2019-11-18 14:01 - 000000000 ____D C:\Users\jean\AppData\Local\Seterra
2019-11-17 22:58 - 2019-11-18 15:35 - 000000000 ____D C:\Users\jean\.LdVirtualBox
2019-11-17 22:57 - 2019-11-17 22:57 - 000000068 _____ C:\Users\jean\AppData\Roaming\changzhi_leidian.data
2019-11-17 22:48 - 2019-11-17 22:48 - 000000000 ____D C:\Users\jean\Documents\LDPlayer
2019-11-17 22:48 - 2019-11-17 22:48 - 000000000 ____D C:\Program Files\dnplayerext2
2019-11-17 21:48 - 2019-11-19 03:22 - 000000000 ____D C:\Users\jean\AppData\Roaming\ChangZhi2
2019-11-17 21:48 - 2019-11-19 03:22 - 000000000 ____D C:\ChangZhi
2019-11-16 23:14 - 2019-11-16 23:14 - 000000000 ____D C:\Users\jean\Documents\ClasicosBasicos
2019-11-16 23:14 - 2019-11-16 23:14 - 000000000 ____D C:\Users\jean\AppData\Local\DOSBox
2019-11-15 21:57 - 2019-11-15 21:59 - 001087216 _____ C:\Users\jean\Downloads\Dumpper v.91.3.rar
2019-11-15 18:03 - 2019-11-22 21:34 - 000000000 ____D C:\Users\jean\Desktop\chloe
2019-11-15 15:36 - 2019-11-15 15:36 - 000000000 ____D C:\Users\jean\Desktop\GPUCache
2019-11-13 21:50 - 2019-11-15 00:50 - 718059314 _____ C:\Users\jean\Downloads\Watchmen - Temporada 1 [HDTV][Cap.101].avi
2019-11-13 21:50 - 2019-11-13 21:50 - 000000000 ____D C:\ProgramData\Intel
2019-11-06 20:58 - 2019-11-06 20:58 - 000001270 _____ C:\Users\jean\Desktop\AutoClicker - Acceso directo.lnk
2019-11-06 20:49 - 2019-11-06 20:49 - 000000000 ____D C:\Users\jean\Documents\AutomaticSolution Software
2019-11-06 19:30 - 2019-11-06 19:33 - 000150528 _____ C:\Users\jean\AppData\Roaming\3f4ed.exe
2019-11-06 19:29 - 2019-11-06 19:34 - 000000000 ____D C:\Program Files (x86)\Cryptoss
2019-11-06 19:19 - 2019-11-06 19:19 - 000000000 ____D C:\Users\jean\AppData\Roaming\Python
2019-11-06 18:59 - 2019-11-06 19:57 - 000000000 ____D C:\Users\jean\AppData\Roaming\UtcTimer
2019-11-06 18:45 - 2019-11-04 21:58 - 003118856 _____ (MurGee.com) C:\Users\jean\Documents\AutoMouseClick.exe
2019-11-06 18:00 - 2019-11-06 18:00 - 000000227 _____ C:\Users\jean\Documents\1.rms
2019-11-04 15:11 - 2019-11-04 15:11 - 000000000 ____D C:\Users\jean\AppData\Roaming\Mouse Recorder Pro
2019-11-04 15:08 - 2019-11-04 15:08 - 000000107 _____ C:\Users\jean\Documents\1test.m2s
2019-11-04 12:08 - 2019-11-04 15:38 - 000000000 ____D C:\Users\jean\Documents\My Recorded Scripts
2019-11-04 12:08 - 2019-11-04 15:11 - 000000000 ____D C:\Users\jean\AppData\Local\Nemex
2019-11-04 10:56 - 2019-11-04 10:56 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2019-11-04 10:56 - 2019-11-04 10:56 - 000000000 ____D C:\Program Files\Reference Assemblies
2019-11-04 10:56 - 2019-11-04 10:56 - 000000000 ____D C:\Program Files\MSBuild
2019-11-04 10:56 - 2019-11-04 10:56 - 000000000 ____D C:\Program Files (x86)\MSBuild
2019-11-04 10:53 - 2018-09-09 17:17 - 001167960 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2019-11-04 10:53 - 2018-09-09 17:16 - 000126064 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2019-11-04 10:53 - 2018-09-09 17:16 - 000035440 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2019-11-04 10:53 - 2018-08-29 17:56 - 000780376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2019-11-04 10:53 - 2018-08-29 17:56 - 000104560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2019-11-04 10:53 - 2018-08-29 17:56 - 000036896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2019-11-02 17:00 - 2019-11-04 09:13 - 000000125 _____ C:\ProgramData\autoclickconfig.ini
2019-10-31 19:04 - 2019-11-06 12:15 - 000000000 ____D C:\Users\jean\AppData\LocalLow\Unity
2019-10-31 19:04 - 2019-10-31 19:04 - 000000000 ____D C:\Users\jean\AppData\LocalLow\Plarium
2019-10-31 17:52 - 2019-11-13 23:20 - 000002224 _____ C:\Users\jean\Desktop\Raid Shadow Legends.lnk
2019-10-31 17:52 - 2019-10-31 17:52 - 000001325 _____ C:\Users\jean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlariumPlay.lnk
2019-10-31 15:39 - 2019-10-31 18:56 - 000002150 _____ C:\Users\jean\Desktop\Plarium Play.lnk
2019-10-31 15:39 - 2019-10-31 15:39 - 000001316 _____ C:\Users\jean\AppData\Roaming\Microsoft\Windows\Start Menu\Plarium Play.lnk
2019-10-31 15:38 - 2019-10-31 15:38 - 000000000 ____D C:\Users\jean\AppData\Local\Plarium
2019-10-31 15:38 - 2019-10-31 15:38 - 000000000 ____D C:\Users\jean\AppData\Local\Package Cache
2019-10-31 15:14 - 2019-10-31 15:14 - 001211304 _____ (Plarium) C:\Users\jean\Downloads\PlariumPlaySetup.exe
2019-10-29 17:14 - 2019-10-29 20:12 - 000000300 _____ C:\Users\jean\Documents\raid shadows repetir.mamc
2019-10-29 10:32 - 2019-10-29 10:32 - 000002239 _____ C:\Users\jean\Desktop\Zero City.lnk
2019-10-27 16:44 - 2019-10-27 16:44 - 000002165 _____ C:\Users\jean\Desktop\Raid.lnk
2019-10-27 13:56 - 2019-10-27 13:56 - 000003944 _____ C:\WINDOWS\system32\Tasks\BlueStacksHelper
2019-10-27 13:52 - 2019-10-27 13:52 - 000002077 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks Multi-Instance Manager.lnk
2019-10-27 13:52 - 2019-10-27 13:52 - 000001782 _____ C:\Users\Public\Desktop\BlueStacks.lnk
2019-10-27 13:52 - 2019-10-27 13:52 - 000001764 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks.lnk
2019-10-27 13:50 - 2019-10-27 13:52 - 000000000 ____D C:\ProgramData\BlueStacks
2019-10-27 13:50 - 2019-10-27 13:50 - 000000000 ____D C:\Program Files\BlueStacks
2019-10-27 12:30 - 2019-11-09 08:03 - 000000000 ____D C:\Users\jean\AppData\Local\BlueStacksSetup
2019-10-27 11:02 - 2019-10-27 11:13 - 090639653 _____ C:\Users\jean\Downloads\raid-shadow-legends-1-9-0.apk
2019-10-24 12:31 - 2019-10-24 12:31 - 000001191 _____ C:\Users\jean\Desktop\Legends_Of_Runeterra_Installer - Acceso directo.lnk
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-11-22 21:12 - 2018-09-15 08:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-11-22 21:06 - 2019-02-28 04:07 - 000000000 ____D C:\Users\jean\AppData\Local\Nox
2019-11-22 18:04 - 2019-03-27 16:49 - 000000000 ____D C:\Users\jean\AppData\Roaming\uTorrent
2019-11-22 18:04 - 2019-03-27 16:49 - 000000000 ____D C:\Users\jean\AppData\Local\BitTorrentHelper
2019-11-22 16:39 - 2019-02-28 14:18 - 000000000 ____D C:\Users\jean\.android
2019-11-22 16:38 - 2019-08-27 16:43 - 000000000 ____D C:\Users\jean\.BigNox
2019-11-22 16:38 - 2019-02-28 14:11 - 000000000 ____D C:\Users\jean\vmlogs
2019-11-22 15:53 - 2019-03-15 05:41 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-11-21 17:39 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-11-21 13:26 - 2019-03-15 05:58 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-11-21 13:25 - 2018-09-15 07:09 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-11-21 13:23 - 2015-01-21 12:00 - 000000000 ____D C:\AdwCleaner
2019-11-21 12:50 - 2019-09-29 19:34 - 000288674 _____ C:\WINDOWS\ntbtlog.txt
2019-11-21 12:28 - 2019-09-29 19:35 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2019-11-19 20:50 - 2019-05-24 15:50 - 000000088 _____ C:\Users\jean\Desktop\Nuevo documento de texto.txt
2019-11-19 17:37 - 2019-07-15 17:01 - 000000000 ____D C:\WINDOWS\Minidump
2019-11-18 22:38 - 2019-03-07 17:20 - 000002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-11-18 01:55 - 2019-03-15 05:50 - 000000000 ____D C:\Users\jean
2019-11-17 23:19 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-11-16 21:47 - 2019-10-04 18:26 - 430200260 _____ C:\WINDOWS\MEMORY.DMP
2019-11-15 22:03 - 2019-03-06 21:46 - 000000000 ____D C:\Users\jean\Desktop\red
2019-11-12 19:36 - 2019-03-08 16:29 - 000000000 ____D C:\Users\jean\AppData\Local\Battle.net
2019-11-12 13:42 - 2019-03-08 16:33 - 000000000 ____D C:\Program Files (x86)\Hearthstone
2019-11-07 17:38 - 2019-03-08 16:22 - 000000000 ____D C:\Program Files (x86)\Battle.net
2019-11-06 19:57 - 2019-10-01 20:42 - 000000000 ____D C:\ProgramData\{25646D66-A128-8936-50BC-B505505BEC54}
2019-11-06 19:57 - 2019-10-01 20:41 - 000000000 ____D C:\ProgramData\{0F2D3BC4-F78A-A37F-F2EA-FC2FF20DA57E}
2019-11-06 19:21 - 2019-03-10 22:04 - 000000000 ____D C:\Program Files (x86)\Auto Mouse Click by MurGee.com
2019-11-06 19:20 - 2019-03-08 16:19 - 000000000 ____D C:\Users\jean\Desktop\descargas
2019-11-05 07:05 - 2018-09-15 08:33 - 000000000 ___HD C:\Program Files\WindowsApps
2019-11-05 07:05 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-11-05 01:37 - 2019-10-02 22:42 - 000003652 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA1d5796a537e27a9
2019-11-05 01:37 - 2019-10-02 22:42 - 000003528 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore1d5796a5352dc8b
2019-11-05 01:37 - 2019-03-07 17:18 - 000000000 ____D C:\Program Files (x86)\Google
2019-11-04 11:01 - 2018-09-15 08:23 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-11-04 10:57 - 2018-09-15 17:39 - 000783108 _____ C:\WINDOWS\system32\perfh00A.dat
2019-11-04 10:57 - 2018-09-15 17:39 - 000152578 _____ C:\WINDOWS\system32\perfc00A.dat
2019-11-04 10:56 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2019-11-04 10:56 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\system32\MUI
2019-11-04 10:56 - 2018-09-15 08:31 - 000000000 ____D C:\WINDOWS\INF
2019-11-02 09:19 - 2019-03-15 05:50 - 000002364 _____ C:\Users\jean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-11-02 09:19 - 2019-02-28 03:35 - 000000000 ___RD C:\Users\jean\OneDrive
2019-11-01 10:37 - 2019-03-15 06:40 - 000000000 ____D C:\ProgramData\Packages
2019-10-31 19:03 - 2019-03-13 23:36 - 000000000 ____D C:\ProgramData\Package Cache
2019-10-30 21:43 - 2019-02-28 03:36 - 001678440 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-10-27 13:49 - 2019-10-10 12:45 - 000000000 ____D C:\Users\Public\BlueStacks
2019-10-27 13:49 - 2019-10-10 12:45 - 000000000 ____D C:\Users\jean\AppData\Local\BlueStacks
==================== Files in the root of some directories ========
2019-11-06 19:30 - 2019-11-06 19:33 - 000150528 _____ () C:\Users\jean\AppData\Roaming\3f4ed.exe
2019-11-17 22:57 - 2019-11-17 22:57 - 000000068 _____ () C:\Users\jean\AppData\Roaming\changzhi_leidian.data
2019-09-12 23:06 - 2019-09-12 23:06 - 000184242 _____ () C:\Users\jean\AppData\Roaming\Cinumatima
2019-09-21 23:06 - 2019-09-21 23:06 - 000200974 _____ () C:\Users\jean\AppData\Roaming\Ledogilegefo
2019-09-04 23:06 - 2019-09-04 23:06 - 000165862 _____ () C:\Users\jean\AppData\Roaming\Tukasafekato
2019-08-26 23:06 - 2019-09-21 23:06 - 000000405 _____ () C:\Users\jean\AppData\Roaming\WB.CFG
2019-04-16 22:13 - 2019-04-16 22:13 - 000000021 _____ () C:\Users\jean\AppData\Local\multi.ini
2019-03-23 15:46 - 2019-07-25 13:37 - 000000523 _____ () C:\Users\jean\AppData\Local\Nox_crash.log
2019-10-31 15:14 - 2019-10-31 15:39 - 000009549 _____ () C:\Users\jean\AppData\Local\PlariumPlay.log
2019-03-06 21:58 - 2019-03-06 21:59 - 000007605 _____ () C:\Users\jean\AppData\Local\Resmon.ResmonCfg
2019-02-28 14:12 - 2019-06-29 18:04 - 000000068 _____ () C:\Users\jean\AppData\Local\update_progress.txt
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-11-2019
Ran by jean (22-11-2019 21:37:03)
Running from C:\Users\jean\Desktop\chloe
Windows 10 Pro Version 1809 17763.805 (X64) (2019-03-15 05:00:42)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrador (S-1-5-21-4008288731-3804405609-1223090383-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4008288731-3804405609-1223090383-503 - Limited - Disabled)
Invitado (S-1-5-21-4008288731-3804405609-1223090383-501 - Limited - Disabled)
jean (S-1-5-21-4008288731-3804405609-1223090383-1001 - Administrator - Enabled) => C:\Users\jean
WDAGUtilityAccount (S-1-5-21-4008288731-3804405609-1223090383-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-4008288731-3804405609-1223090383-1001\...\uTorrent) (Version: 3.5.5.45395 - BitTorrent Inc.)
Actualización de NVIDIA 2.11.4.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BlueStacks App Player (HKLM\...\BlueStacks) (Version: 4.140.2.1004 - BlueStack Systems, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 78.0.3904.108 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.341 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Jumpstart Installation Program (HKLM-x32\...\{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}) (Version: - Atheros)
League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
Malwarebytes versión 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-4008288731-3804405609-1223090383-1001\...\OneDriveSetup.exe) (Version: 19.174.0902.0013 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27033 (HKLM-x32\...\{cc3a7c63-31fb-4129-9024-63ebefd86a95}) (Version: 14.16.27033.0 - Microsoft Corporation)
Nox APP Player (HKLM-x32\...\Nox) (Version: 6.2.2.0 - Duodian Technology Co. Ltd.)
NVIDIA Controlador de la controladora 3D Vision 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA Software del sistema PhysX 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Panel de control de NVIDIA 369.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 369.09 - NVIDIA Corporation) Hidden
Plarium Play (HKLM-x32\...\{5D95558C-3B08-4717-AB8B-0EA3125A9E2F}) (Version: 4.1.0 - Plarium) Hidden
Plarium Play (HKU\S-1-5-21-4008288731-3804405609-1223090383-1001\...\{2484bdea-dedc-4ecf-8ee2-2740c1b8ded5}) (Version: 4.1.0 - Plarium)
REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{0DF70CB6-553A-4C57-8E6D-87635EECFB78}) (Version: 1.00.0145 - ALFA NETWORK INC.)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{1FD817A6-63E1-4519-BFD4-228DABB7AB6B}) (Version: 2.55.0.0 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{344F3227-F502-4219-9DC4-1967E586FAFA}) (Version: 2.51.0.0 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.70 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)
Packages:
=========
Correo y Calendario -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20368.0_x64__8wekyb3d8bbwe [2019-11-05] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-07-24] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-07-24] (Microsoft Corporation) [MS Ad]
Microsoft News: Noticias destacadas en español -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.32.12463.0_x64__8wekyb3d8bbwe [2019-09-11] (Microsoft Corporation) [MS Ad]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-4008288731-3804405609-1223090383-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4008288731-3804405609-1223090383-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4008288731-3804405609-1223090383-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4008288731-3804405609-1223090383-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4008288731-3804405609-1223090383-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4008288731-3804405609-1223090383-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-08-01] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2019-02-28 14:10 - 2019-08-27 16:42 - 000007168 _____ () [File not signed] C:\Program Files (x86)\Nox\bin\firewall_mgr.dll
2019-02-28 14:10 - 2019-08-27 16:42 - 000169984 _____ () [File not signed] C:\Program Files (x86)\Nox\bin\glut32.dll
2019-02-28 14:10 - 2019-08-27 16:42 - 000498688 _____ () [File not signed] C:\Program Files (x86)\Nox\bin\hlog4qt1.dll
2019-02-28 14:10 - 2019-08-27 16:42 - 003327416 _____ () [File not signed] C:\Program Files (x86)\Nox\bin\icudt53.dll
2019-02-28 14:10 - 2019-08-27 16:42 - 003758827 _____ () [File not signed] C:\Program Files (x86)\Nox\bin\icuin53.dll
2019-02-28 14:10 - 2019-08-27 16:42 - 002093901 _____ () [File not signed] C:\Program Files (x86)\Nox\bin\icuuc53.dll
2019-02-28 14:10 - 2019-08-27 16:42 - 000117262 _____ () [File not signed] C:\Program Files (x86)\Nox\bin\libgcc_s_dw2-1.dll
2019-02-28 14:10 - 2019-08-27 16:42 - 001026574 _____ () [File not signed] C:\Program Files (x86)\Nox\bin\libstdc++-6.dll
2019-02-28 14:10 - 2019-08-27 16:42 - 000215552 _____ () [File not signed] C:\Program Files (x86)\Nox\bin\NoxCommon.dll
2019-02-28 14:10 - 2019-08-27 16:42 - 000401408 _____ () [File not signed] C:\Program Files (x86)\Nox\bin\VBoxApi.dll
2019-02-28 14:10 - 2019-08-27 16:42 - 000059904 _____ () [File not signed] C:\Program Files (x86)\Nox\bin\VMProtectSDK32.dll
2019-10-02 19:46 - 2009-12-09 20:20 - 000126976 _____ () [File not signed] C:\Program Files (x86)\REALTEK\RTL8187 Wireless LAN Utility\EnumDevLib.dll
2019-03-12 21:01 - 2008-09-26 18:02 - 000507904 _____ (Atheros Communications, Inc.) [File not signed] C:\Program Files (x86)\Jumpstart\jswscimd.dll
2019-03-12 21:01 - 2008-09-26 18:02 - 000876544 _____ (Atheros Communications, Inc.) [File not signed] C:\Program Files (x86)\Jumpstart\jswscsup.dll
2019-02-28 14:10 - 2019-08-27 16:42 - 004830208 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\Nox\bin\Qt5Core.dll
2019-02-28 14:10 - 2019-08-27 16:42 - 005219328 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\Nox\bin\Qt5Gui.dll
2019-02-28 14:10 - 2019-08-27 16:42 - 000784384 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\Nox\bin\Qt5Multimedia.dll
2019-02-28 14:10 - 2019-08-27 16:42 - 000110592 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\Nox\bin\Qt5MultimediaWidgets.dll
2019-02-28 14:10 - 2019-08-27 16:42 - 001513472 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\Nox\bin\Qt5Network.dll
2019-02-28 14:10 - 2019-08-27 16:42 - 000335360 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\Nox\bin\Qt5OpenGL.dll
2019-02-28 14:10 - 2019-08-27 16:42 - 000229376 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\Nox\bin\Qt5Positioning.dll
2019-02-28 14:10 - 2019-08-27 16:42 - 000352768 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\Nox\bin\Qt5PrintSupport.dll
2019-02-28 14:10 - 2019-08-27 16:42 - 004129280 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\Nox\bin\Qt5Qml.dll
2019-02-28 14:10 - 2019-08-27 16:42 - 003718144 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\Nox\bin\Qt5Quick.dll
2019-02-28 14:10 - 2019-08-27 16:42 - 000199680 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\Nox\bin\Qt5Sensors.dll
2019-02-28 14:10 - 2019-08-27 16:42 - 000259072 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\Nox\bin\Qt5Sql.dll
2019-02-28 14:10 - 2019-08-27 16:42 - 000117760 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\Nox\bin\Qt5WebChannel.dll
2019-02-28 14:10 - 2019-08-27 16:42 - 033309696 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\Nox\bin\Qt5WebKit.dll
2019-02-28 14:10 - 2019-08-27 16:42 - 000273408 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\Nox\bin\Qt5WebKitWidgets.dll
2019-02-28 14:10 - 2019-08-27 16:42 - 006472192 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\Nox\bin\Qt5Widgets.dll
2019-02-28 14:10 - 2019-08-27 16:42 - 000238080 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\Nox\bin\Qt5Xml.dll
2019-02-28 14:10 - 2019-08-27 16:42 - 000080896 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\Nox\plugins\audio\qtaudio_windows.dll
2019-02-28 14:10 - 2019-08-27 16:42 - 000059392 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\Nox\plugins\imageformats\qdds.dll
2019-02-28 14:10 - 2019-08-27 16:42 - 000033280 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\Nox\plugins\imageformats\qgif.dll
2019-02-28 14:10 - 2019-08-27 16:42 - 000047104 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\Nox\plugins\imageformats\qicns.dll
2019-02-28 14:10 - 2019-08-27 16:42 - 000035328 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\Nox\plugins\imageformats\qico.dll
2019-02-28 14:10 - 2019-08-27 16:42 - 000517120 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\Nox\plugins\imageformats\qjp2.dll
2019-02-28 14:10 - 2019-08-27 16:42 - 000247296 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\Nox\plugins\imageformats\qjpeg.dll
2019-02-28 14:10 - 2019-08-27 16:42 - 000367104 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\Nox\plugins\imageformats\qmng.dll
2019-02-28 14:10 - 2019-08-27 16:42 - 000028160 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\Nox\plugins\imageformats\qtga.dll
2019-02-28 14:10 - 2019-08-27 16:42 - 000433664 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\Nox\plugins\imageformats\qtiff.dll
2019-02-28 14:10 - 2019-08-27 16:42 - 000027136 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\Nox\plugins\imageformats\qwbmp.dll
2019-02-28 14:10 - 2019-08-27 16:42 - 000344064 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\Nox\plugins\imageformats\qwebp.dll
2019-02-28 14:10 - 2019-08-27 16:42 - 000219136 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\Nox\plugins\mediaservice\dsengine.dll
2019-02-28 14:10 - 2019-08-27 16:42 - 001324544 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\Nox\plugins\platforms\qwindows.dll
2019-02-28 14:10 - 2019-08-27 16:42 - 000049152 _____ (MingW-W64 Project. All rights reserved.) [File not signed] C:\Program Files (x86)\Nox\bin\libwinpthread-1.dll
2019-10-02 19:46 - 2010-01-08 12:46 - 000430080 _____ (Realtek Semiconductor Corp.) [File not signed] C:\Program Files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtlLib.dll
2019-10-02 19:46 - 2009-01-21 10:33 - 000200704 _____ (Realtek) [File not signed] C:\Program Files (x86)\REALTEK\RTL8187 Wireless LAN Utility\IpLib.dll
2019-10-02 19:46 - 2009-11-09 09:11 - 000032768 _____ (Realtek) [File not signed] C:\Program Files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtlICS.dll
2019-10-02 19:46 - 2009-12-25 08:18 - 000233472 _____ (Realtek) [File not signed] C:\Program Files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtlIhvOid.dll
2019-02-28 14:10 - 2019-08-27 16:42 - 001214976 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Nox\bin\LIBEAY32.dll
2019-02-28 14:10 - 2019-08-27 16:42 - 000275456 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Nox\bin\ssleay32.dll
2019-10-02 19:46 - 2006-07-05 05:45 - 001069056 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\REALTEK\RTL8187 Wireless LAN Utility\LIBEAY32.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TKFsAvM => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TKFsFtM => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TKPcFt => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TKRgAc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TKRgFt => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TKFsAvM => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TKFsFtM => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TKPcFt => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TKRgAc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TKRgFt => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer trusted/restricted ==========
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-10-30 08:24 - 2019-08-26 15:17 - 000002103 _____ C:\WINDOWS\system32\drivers\etc\hosts
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4008288731-3804405609-1223090383-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 80.58.61.250 - 80.58.61.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run32: => "jswtrayutil"
HKU\S-1-5-21-4008288731-3804405609-1223090383-1001\...\StartupApproved\Run: => "Steam"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{700A3B17-43F8-4897-914E-3A3596686600}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{18E57463-AB65-44CD-B8F5-8DC87F26B987}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{361D78D5-CDFF-4F79-97FF-30FA574CD996}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe (Blizzard Entertainment, Inc. -> )
FirewallRules: [UDP Query User{A1A5D9FC-B620-43FD-9DE5-2977C03BA942}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe (Blizzard Entertainment, Inc. -> )
FirewallRules: [TCP Query User{7F02AB83-F85E-4EC0-A648-B49A801227F7}C:\users\jean\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\jean\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [UDP Query User{DE40A93E-79EF-43F8-AF31-5F4EC11FC971}C:\users\jean\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\jean\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [TCP Query User{7F831387-ABD4-4CCC-80FE-7D2A741E4A3C}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe (Valve -> Valve Corporation)
FirewallRules: [UDP Query User{37322B59-EDF9-4092-BBCF-8660A84A1211}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe (Valve -> Valve Corporation)
FirewallRules: [{0E66DACC-E1E2-44CA-B180-77F8543A9612}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{D05B071F-1C0D-4AEF-9302-C041075629F5}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{1E0B9BA7-51D4-47AB-9168-3E9E3FF61910}C:\riot games\league of legends\game\league of legends.exe] => (Allow) C:\riot games\league of legends\game\league of legends.exe (Riot Games, Inc. -> )
FirewallRules: [UDP Query User{365662E2-18BE-4572-B976-8A9294A186EC}C:\riot games\league of legends\game\league of legends.exe] => (Allow) C:\riot games\league of legends\game\league of legends.exe (Riot Games, Inc. -> )
FirewallRules: [{1DF83BE7-1AF2-4ED3-8359-8206675B38F0}] => (Allow) C:\Users\jean\AppData\Local\Chromium\Application\chrome.exe No File
FirewallRules: [{854A1F5A-7287-4C7A-AF36-4F4CD99A5917}] => (Allow) C:\Program Files (x86)\Nox\bin\Nox.exe (Beijing Duodian Online Science and Technology Co.,Ltd -> Duodian Technology Co. Ltd.)
FirewallRules: [{BE2EB4AB-C36E-46A9-A039-966542A08EA8}] => (Allow) C:\Program Files (x86)\Bignox\BigNoxVM\RT\NoxVMHandle.exe (Beijing Duodian Online Science and Technology Co.,Ltd -> BigNox Corporation)
FirewallRules: [{18A9DFD3-9126-43CA-B89B-B56E903B046F}] => (Allow) C:\Program Files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.) [File not signed]
FirewallRules: [{F6E17663-412E-4246-AC9D-7510E9DB1EDF}] => (Allow) C:\Program Files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.) [File not signed]
FirewallRules: [{3CE55F6A-86A6-49DD-B608-7AB77A3D8954}] => (Allow) LPort=1542
FirewallRules: [{D0DECBB1-1387-4FE3-8022-A954A9A6627C}] => (Allow) LPort=1542
FirewallRules: [{91433C24-586F-45B0-8A3E-82304CEC431C}] => (Allow) LPort=53
FirewallRules: [TCP Query User{0E02DBCD-AFAD-4712-8540-9D4A20ED081A}C:\riot games\league of legends\game\league of legends.exe] => (Allow) C:\riot games\league of legends\game\league of legends.exe (Riot Games, Inc. -> )
FirewallRules: [UDP Query User{83F7EDE8-918C-404E-B369-5D094251F460}C:\riot games\league of legends\game\league of legends.exe] => (Allow) C:\riot games\league of legends\game\league of legends.exe (Riot Games, Inc. -> )
FirewallRules: [{8E97A785-B815-4B8E-B048-36A2C7D9ABD4}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
FirewallRules: [TCP Query User{0F4D47B9-3FA0-4B88-B51D-84486344B834}C:\users\jean\appdata\local\plarium\plariumplay\standaloneapps\raid\193\raid.exe] => (Allow) C:\users\jean\appdata\local\plarium\plariumplay\standaloneapps\raid\193\raid.exe (Plarium Global Ltd. -> Plarium Global Ltd.)
FirewallRules: [UDP Query User{5B6B5A1B-557A-4C86-9F14-62481CD056D6}C:\users\jean\appdata\local\plarium\plariumplay\standaloneapps\raid\193\raid.exe] => (Allow) C:\users\jean\appdata\local\plarium\plariumplay\standaloneapps\raid\193\raid.exe (Plarium Global Ltd. -> Plarium Global Ltd.)
FirewallRules: [TCP Query User{B6CA50FD-C26C-4B1D-9F8B-94BC970E0B93}C:\program files\dnplayerext2\ldboxheadless.exe] => (Allow) C:\program files\dnplayerext2\ldboxheadless.exe (Shanghai Changzhi Network Technology Co., Ltd. -> Oracle Corporation)
FirewallRules: [UDP Query User{79585F14-C0A0-49EF-8A5B-64FBD852772E}C:\program files\dnplayerext2\ldboxheadless.exe] => (Allow) C:\program files\dnplayerext2\ldboxheadless.exe (Shanghai Changzhi Network Technology Co., Ltd. -> Oracle Corporation)
FirewallRules: [{D9B70D66-D7BB-4D47-8BEF-F9FD0895FE67}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
11-11-2019 18:30:20 Punto de control programado
19-11-2019 17:49:06 Punto de control programado
21-11-2019 13:54:47 Removed NativeDesktopMediaService
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (11/22/2019 09:06:02 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0x8007232B
Argumentos de línea de comandos:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (11/22/2019 08:57:23 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0x8007007B
Argumentos de línea de comandos:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (11/22/2019 08:57:21 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0x8007007B
Argumentos de línea de comandos:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (11/22/2019 05:49:28 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0x8007232B
Argumentos de línea de comandos:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (11/22/2019 05:33:56 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0x8007007B
Argumentos de línea de comandos:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (11/22/2019 04:47:48 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0x8007232B
Argumentos de línea de comandos:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (11/22/2019 04:00:42 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0x8007232B
Argumentos de línea de comandos:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (11/22/2019 03:21:34 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0x8007007B
Argumentos de línea de comandos:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
System errors:
=============
Error: (11/22/2019 09:25:51 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-1E5F1DV)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
y APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
al usuario DESKTOP-1E5F1DV\jean con SID (S-1-5-21-4008288731-3804405609-1223090383-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.
Error: (11/22/2019 09:07:32 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: El servidor {E60687F7-01A1-40AA-86AC-DB1CBF673334} no se registró con DCOM dentro del tiempo de espera requerido.
Error: (11/22/2019 09:05:32 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: El servicio wuauserv se cerró con el siguiente error:
El sistema no puede encontrar el archivo especificado.
Error: (11/22/2019 09:05:02 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-1E5F1DV)
Description: El servidor {E60687F7-01A1-40AA-86AC-DB1CBF673334} no se registró con DCOM dentro del tiempo de espera requerido.
Error: (11/22/2019 09:03:02 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: El servicio wuauserv se cerró con el siguiente error:
El sistema no puede encontrar el archivo especificado.
Error: (11/22/2019 09:03:00 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: El servidor {E60687F7-01A1-40AA-86AC-DB1CBF673334} no se registró con DCOM dentro del tiempo de espera requerido.
Error: (11/22/2019 09:01:34 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-1E5F1DV)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
y APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
al usuario DESKTOP-1E5F1DV\jean con SID (S-1-5-21-4008288731-3804405609-1223090383-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.
Error: (11/22/2019 09:01:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: El servicio wuauserv se cerró con el siguiente error:
El sistema no puede encontrar el archivo especificado.
Windows Defender:
===================================
Date: 2019-03-15 18:46:01.159
Description:
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma:
Versión de firma anterior: 1.289.1237.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual:
Versión de motor anterior: 1.1.15700.9
Código de error: 0x80070422
Descripción del error: No se puede iniciar el servicio, porque está deshabilitado o porque no tiene dispositivos habilitados asociados a él.
Date: 2019-03-15 17:44:47.795
Description:
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma:
Versión de firma anterior: 1.289.1237.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual:
Versión de motor anterior: 1.1.15700.9
Código de error: 0x80070422
Descripción del error: No se puede iniciar el servicio, porque está deshabilitado o porque no tiene dispositivos habilitados asociados a él.
Date: 2019-03-15 15:24:11.517
Description:
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma:
Versión de firma anterior: 1.289.1237.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual:
Versión de motor anterior: 1.1.15700.9
Código de error: 0x80070422
Descripción del error: No se puede iniciar el servicio, porque está deshabilitado o porque no tiene dispositivos habilitados asociados a él.
CodeIntegrity:
===================================
Date: 2019-11-06 19:53:10.360
Description:
Windows blocked file \Device\HarddiskVolume1\Windows\System32\scrobj.dll which has been disallowed for protected processes.
Date: 2019-11-06 19:53:10.134
Description:
Windows blocked file \Device\HarddiskVolume1\Windows\System32\scrobj.dll which has been disallowed for protected processes.
Date: 2019-11-06 19:53:09.934
Description:
Windows blocked file \Device\HarddiskVolume1\Windows\System32\scrobj.dll which has been disallowed for protected processes.
Date: 2019-11-06 19:53:08.719
Description:
Windows blocked file \Device\HarddiskVolume1\Windows\System32\scrobj.dll which has been disallowed for protected processes.
Date: 2019-11-06 19:53:08.626
Description:
Windows blocked file \Device\HarddiskVolume1\Windows\System32\scrobj.dll which has been disallowed for protected processes.
Date: 2019-11-06 19:53:08.403
Description:
Windows blocked file \Device\HarddiskVolume1\Windows\System32\scrobj.dll which has been disallowed for protected processes.
Date: 2019-11-06 19:48:25.436
Description:
Windows blocked file \Device\HarddiskVolume1\Windows\System32\scrobj.dll which has been disallowed for protected processes.
Date: 2019-11-06 19:48:25.402
Description:
Windows blocked file \Device\HarddiskVolume1\Windows\System32\scrobj.dll which has been disallowed for protected processes.
==================== Memory info ===========================
BIOS: Phoenix Technologies, LTD 6.00 PG 09/28/2007
Motherboard: (Intel P35+ICH7)
Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz
Percentage of memory in use: 54%
Total physical RAM: 4094.49 MB
Available physical RAM: 1860.47 MB
Total Virtual: 6826.37 MB
Available Virtual: 3937.92 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:232.06 GB) (Free:123.87 GB) NTFS ==>[drive with boot components (obtained from BCD)]
\\?\Volume{0703ba35-0000-0000-0000-20043a000000}\ () (Fixed) (Total:0.82 GB) (Free:0.34 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: 0703BA35)
Partition 1: (Active) - (Size=232.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=839 MB) - (Type=27)
==================== End of Addition.txt =======================Hola
Ya puedes disculpar el retraso, he estado bastante ocupada estos días 
FRST lo tienes en el escritorio pero en una carpeta, sácalo de allí y déjalo en el escritorio si no fallará el paso siguiente.
MUY Importante 
Realiza una copia de seguridad del registro :
-
Para hacerlo descarga
DelFix.exe( en tu escritorio). -
Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona -Ejecutar como Administrador-).
-
Atención, ahora marca/selecciona únicamente la casilla "Create registry backup", las demás NO.
-
Pulsar en Run.
Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.
A continuación 
con los demás programas cerrados ve a Inicio Ejecutar y escribe Notepad.exe.
- Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-4008288731-3804405609-1223090383-1001\...\Run: [Chromium] => "c:\users\jean\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
GroupPolicy: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-4008288731-3804405609-1223090383-1001\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
SearchScopes: HKU\S-1-5-21-4008288731-3804405609-1223090383-1001 -> DefaultScope {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} URL =
CHR NewTab: Default -> Not-active:"chrome-extension://gkafhoennmdfjegcfnmpkdfocdkjlclk/tab.html"
CHR Extension: (Weather Prophet) - C:\Users\jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkafhoennmdfjegcfnmpkdfocdkjlclk [2019-11-22]
CHR Extension: (Chrome Media Router) - C:\Users\jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-11-05]
S2 fyservice; C:\Users\jean\AppData\Local\Temp\fy\fyservice.exe [42288 2019-11-17] (Shanghai Changzhi Network Technology Co., Ltd. -> ) <==== ATTENTION
S3 wuauserv; C:\WINDOWS\system32\svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 wuauserv; C:\WINDOWS\SysWOW64\svchost.exe [45448 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S2 Stereo Service; "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe" [X]
2019-11-06 19:30 - 2019-11-06 19:33 - 000150528 _____ C:\Users\jean\AppData\Roaming\3f4ed.exe
2019-11-06 19:57 - 2019-10-01 20:42 - 000000000 ____D C:\ProgramData\{25646D66-A128-8936-50BC-B505505BEC54}
2019-11-06 19:57 - 2019-10-01 20:41 - 000000000 ____D C:\ProgramData\{0F2D3BC4-F78A-A37F-F2EA-FC2FF20DA57E}
FirewallRules: [{1DF83BE7-1AF2-4ED3-8359-8206675B38F0}] => (Allow) C:\Users\jean\AppData\Local\Chromium\Application\chrome.exe No File
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
ENDGuárdalo bajo el nombre de FIXLIST.TXT en el escritorio Esto es muy importante.
Nota Es importante que la herramienta FRST.exe (Farbar Recovery Scanner Tool) y FIXLIST.TXT se encuentren en la misma ubicación (escritorio) o si no, no trabajara.
Y ahora usa el 2º MÉTODO: de esta Faq de Windows 8(aplicable a Windows 10) ¿Cómo iniciar Windows 8/8.1 en Modo Seguro?, para trabajar desde ese modo de windows.
- Ejecuta FRST.exe.(Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas -Ejecutar como Administrador-).
- Presionar el botón FIX y aguardar a que termine.
- La Herramienta guardara el reporte de reparación en el escritorio (FIXLOG.TXT).
Pega el contenido de este fichero en tu próxima respuesta.
Reiniciar el equipo y comprobar su funcionamiento en relación al problema planteado y comentarlo.
Un saludo
hice todo lo pedifo creo que correctamente, aqui adjunto el reporte (si pongo lo que me pides , lo del code ese, para abrir y cerrar el reporte, pues me pone un error diciendome que no puedo pegar imagenes en la publication.)
Por cierto acabo de darme cuenta al rato que ya no tengo esa maldita extension, realmente sois de una gran ayuda, gace años que os conocia, y siempre recomende a todos mis amigos esta pagina. Muchas gracias de verdad.
Fix result of Farbar Recovery Scan Tool (x64) Version: 25-11-2019 01
Ran by jean (27-11-2019 18:47:28) Run:1
Running from C:\Users\jean\Desktop
Loaded Profiles: jean (Available Profiles: jean)
Boot Mode: Safe Mode (with Networking)
==============================================
fixlist content:
*****************
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-4008288731-3804405609-1223090383-1001\...\Run: [Chromium] => "c:\users\jean\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
GroupPolicy: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-4008288731-3804405609-1223090383-1001\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
SearchScopes: HKU\S-1-5-21-4008288731-3804405609-1223090383-1001 -> DefaultScope {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} URL =
CHR NewTab: Default -> Not-active:"chrome-extension://gkafhoennmdfjegcfnmpkdfocdkjlclk/tab.html"
CHR Extension: (Weather Prophet) - C:\Users\jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkafhoennmdfjegcfnmpkdfocdkjlclk [2019-11-22]
CHR Extension: (Chrome Media Router) - C:\Users\jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-11-05]
S2 fyservice; C:\Users\jean\AppData\Local\Temp\fy\fyservice.exe [42288 2019-11-17] (Shanghai Changzhi Network Technology Co., Ltd. -> ) <==== ATTENTION
S3 wuauserv; C:\WINDOWS\system32\svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 wuauserv; C:\WINDOWS\SysWOW64\svchost.exe [45448 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S2 Stereo Service; "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe" [X]
2019-11-06 19:30 - 2019-11-06 19:33 - 000150528 _____ C:\Users\jean\AppData\Roaming\3f4ed.exe
2019-11-06 19:57 - 2019-10-01 20:42 - 000000000 ____D C:\ProgramData\{25646D66-A128-8936-50BC-B505505BEC54}
2019-11-06 19:57 - 2019-10-01 20:41 - 000000000 ____D C:\ProgramData\{0F2D3BC4-F78A-A37F-F2EA-FC2FF20DA57E}
FirewallRules: [{1DF83BE7-1AF2-4ED3-8359-8206675B38F0}] => (Allow) C:\Users\jean\AppData\Local\Chromium\Application\chrome.exe No File
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END
*****************
Error: Restore point can only be created in normal mode.
Processes closed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
"HKU\S-1-5-21-4008288731-3804405609-1223090383-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Chromium" => removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
HKU\S-1-5-21-4008288731-3804405609-1223090383-1001\SOFTWARE\Policies\Google => removed successfully
"HKU\S-1-5-21-4008288731-3804405609-1223090383-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"Chrome NewTab" => removed successfully
CHR Extension: (Weather Prophet) - C:\Users\jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkafhoennmdfjegcfnmpkdfocdkjlclk [2019-11-22] => Error: No automatic fix found for this entry.
CHR Extension: (Chrome Media Router) - C:\Users\jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-11-05] => Error: No automatic fix found for this entry.
HKLM\System\CurrentControlSet\Services\fyservice => removed successfully
fyservice => service removed successfully
HKLM\System\CurrentControlSet\Services\wuauserv => removed successfully
wuauserv => service removed successfully
wuauserv => service not found.
HKLM\System\CurrentControlSet\Services\Stereo Service => removed successfully
Stereo Service => service removed successfully
C:\Users\jean\AppData\Roaming\3f4ed.exe => moved successfully
C:\ProgramData\{25646D66-A128-8936-50BC-B505505BEC54} => moved successfully
C:\ProgramData\{0F2D3BC4-F78A-A37F-F2EA-FC2FF20DA57E} => moved successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1DF83BE7-1AF2-4ED3-8359-8206675B38F0}" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
========= RemoveProxy: =========
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-4008288731-3804405609-1223090383-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-4008288731-3804405609-1223090383-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
========= End of RemoveProxy: =========
========= netsh winsock reset =========
El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.
========= End of CMD: =========
========= ipconfig /renew =========
Configuraci¢n IP de Windows
No se puede realizar ninguna operaci¢n en Ethernet mientras los medios
est‚n desconectados.
Adaptador de Ethernet Ethernet:
Estado de los medios. . . . . . . . . . . : medios desconectados
Sufijo DNS espec¡fico para la conexi¢n. . :
Adaptador de LAN inal mbrica Wi-Fi 3:
Sufijo DNS espec¡fico para la conexi¢n. . : homestation
V¡nculo: direcci¢n IPv6 local. . . : fe80::e838:af48:240:a9fe%18
Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.1.34
M scara de subred . . . . . . . . . . . . : 255.255.255.0
Puerta de enlace predeterminada . . . . . : fe80::da61:94ff:fe1a:43f0%18
192.168.1.1
========= End of CMD: =========
========= ipconfig /flushdns =========
Configuraci¢n IP de Windows
Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.
========= End of CMD: =========
========= bitsadmin /reset /allusers =========
BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.
Unable to connect to BITS - 0x8007043c
El servicio no puede iniciarse en modo a prueba de errores
========= End of CMD: =========
========= netsh advfirewall reset =========
Aceptar
========= End of CMD: =========
========= netsh advfirewall set allprofiles state ON =========
Aceptar
========= End of CMD: =========
========= netsh int ipv4 reset =========
Reenv¡o de compartimiento se restableci¢ correctamente.
Compartimiento se restableci¢ correctamente.
Protocolo de control se restableci¢ correctamente.
Solicitud de secuencia eco se restableci¢ correctamente.
Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de difusi¢n por proximidad (a se restableci¢ correctamente.
Direcciones de multidifusi¢n se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Posible se restableci¢ correctamente.
Directiva de prefijo se restableci¢ correctamente.
Vecino de proxy se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Prefijo de sitio se restableci¢ correctamente.
Subinterfaz se restableci¢ correctamente.
Patr¢n de reactivaci¢n se restableci¢ correctamente.
Resolver vecino se restableci¢ correctamente.
se restableci¢ correctamente.
se restableci¢ correctamente.
se restableci¢ correctamente.
se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.
se restableci¢ correctamente.
se restableci¢ correctamente.
se restableci¢ correctamente.
se restableci¢ correctamente.
se restableci¢ correctamente.
se restableci¢ correctamente.
se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.
========= End of CMD: =========
========= netsh int ipv6 reset =========
Reenv¡o de compartimiento se restableci¢ correctamente.
Compartimiento se restableci¢ correctamente.
Protocolo de control se restableci¢ correctamente.
Solicitud de secuencia eco se restableci¢ correctamente.
Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de difusi¢n por proximidad (a se restableci¢ correctamente.
Direcciones de multidifusi¢n se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Posible se restableci¢ correctamente.
Directiva de prefijo se restableci¢ correctamente.
Vecino de proxy se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Prefijo de sitio se restableci¢ correctamente.
Subinterfaz se restableci¢ correctamente.
Patr¢n de reactivaci¢n se restableci¢ correctamente.
Resolver vecino se restableci¢ correctamente.
se restableci¢ correctamente.
se restableci¢ correctamente.
se restableci¢ correctamente.
se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.
se restableci¢ correctamente.
se restableci¢ correctamente.
se restableci¢ correctamente.
se restableci¢ correctamente.
se restableci¢ correctamente.
se restableci¢ correctamente.
se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.
========= End of CMD: =========
=========== EmptyTemp: ==========
BITS transfer queue => 13185080 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 164326272 B
Java, Flash, Steam htmlcache => 1421 B
Windows/system/drivers => 774372 B
Edge => 2992278 B
Chrome => 629311961 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 96856 B
NetworkService => 108416 B
jean => 44538376 B
RecycleBin => 111304215 B
EmptyTemp: => 921.9 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 18:49:12 ====
1 me gusta
Hola @jean
Sigue estos pasos, para eliminar las herramientas utilizadas:
Para hacerlo utiliza de nuevo/descarga >> DelFix.exe en tu escritorio.
-
Doble clic para ejecutarlo. (Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona - Ejecutar como Administrador)
-
Marca todas las casillas, y pulsas en Run
Se abrirá el informe (DelFix.txt), puedes cerrarlo.
Gracias a ti por confiar en ForoSpyware. Ha sido un placer ayudarte 
Nos alegramos que se te haya resuelto 
Damos el tema por solucionado.
Solucionado
Un saludo