Hola Daniela Disculpa la demora en ejecutar tus instrucciones, hice todo como me indicaste y al arrancar la PC Malwarebites no detectó nada, parece que el KEYGEN ya no apareció.
El FixLog.txt:
Fix result of Farbar Recovery Scan Tool (x64) Version: 02-05.2019
Ran by Usuario (03-05-2019 12:32:59) Run:1
Running from C:\Users\Usuario\Desktop
Loaded Profiles: Usuario (Available Profiles: Usuario)
Boot Mode: Safe Mode (minimal)
==============================================
fixlist content:
*****************
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
HKU\S-1-5-21-2117271867-4276607553-1121630274-1000\...\Run: [AgendaNpp] => C:\AgendaNpp\agenda.exe [1967616 2015-10-26] (nppsoft.com) [File not signed]
HKU\S-1-5-21-2117271867-4276607553-1121630274-1000\...\MountPoints2: {7636147a-0ee7-11e9-87ed-fcaa1437f3b7} - G:\HiSuiteDownLoader.exe
HKU\S-1-5-21-2117271867-4276607553-1121630274-1000\...\MountPoints2: {8b6065ce-0e4d-11e6-b14a-806e6f6e6963} - F:\Setup.exe
HKU\S-1-5-21-2117271867-4276607553-1121630274-1000\...\MountPoints2: {f4914647-d58b-11e5-90a8-806e6f6e6963} - D:\Run.exe
Task: {162AECE5-BAF4-4689-8B61-8686BF31E788} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe [472576 2017-07-09] (Microsoft) [File not signed]
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll [2008-05-23] (Microsoft Corporation) [File not signed]
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2016-03-04] [Legacy] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-10-13] (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-10-13] (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: JFGuide -> C:\Program Files (x86)\NetSurveillance\CMS\npGuide.dll [2016-11-18] () [File not signed]
FF Plugin-x32: JFWeb -> C:\Program Files (x86)\NetSurveillance\CMS\npWebPlugin.dll [2017-02-26] () [File not signed]
CHR Extension: (The QR Code Generator) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcmhlmapohffdglflokbgknlknnmogbb [2016-08-13]
CHR Extension: (Lector de facturas mexicanas XML) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\injbcedkhbdclbdfemgchphcdnkdkbng [2017-08-10]
CHR Extension: ( Calculadora de energ�a solar) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldpemlidphjhodmnkigeefcggbbpalkh [2016-08-13]
CHR Extension: (Chrome Media Router) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-04-25]
S2 InstallerService; [X]
S3 TrueKeyServiceHelper; [X]
2019-04-20 18:08 - 2019-04-25 20:31 - 000002912 _____ C:\Windows\System32\Tasks\{8A970E18-264A-4229-A05A-E3CFBFEC25A9}
2019-04-20 18:08 - 2019-04-25 20:31 - 000002912 _____ C:\Windows\System32\Tasks\{83D11E85-B005-49B6-ACB1-8F17BC1C8BF4}
HKU\S-1-5-21-2117271867-4276607553-1121630274-1000\...\ChromeHTML: -> <==== ATTENTION
ContextMenuHandlers1: [Cover Designer] -> [CC]{73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => -> No File
ContextMenuHandlers1: [Glary Utilities] -> [CC]{B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File
ContextMenuHandlers1-x32: [VersionsMenu] -> {03170921-4754-11cf-AB9A-00C0F00683EB} => C:\COREL\Versions\CVersion.dll [1997-11-03] (Corel Corporation Limited) [File not signed]
ContextMenuHandlers2: [Glary Utilities] -> [CC]{B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers6: [Glary Utilities] -> [CC]{B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File
ContextMenuHandlers6-x32: [VersionsMenu] -> {03170921-4754-11cf-AB9A-00C0F00683EB} => C:\COREL\Versions\CVersion.dll [1997-11-03] (Corel Corporation Limited) [File not signed]
FirewallRules: [TCP Query User{E3C4743D-B3AE-4277-A4A9-C4F36DFB5A26}C:\cms2000\cms2000.exe] => (Allow) C:\cms2000\cms2000.exe () [File not signed]
FirewallRules: [UDP Query User{1C4FA080-225D-40A6-8EB6-31C6F27735BA}C:\cms2000\cms2000.exe] => (Allow) C:\cms2000\cms2000.exe () [File not signed]
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END
*****************
Error: Restore point can only be created in normal mode.
Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SwitchBoard" => removed successfully
"HKU\S-1-5-21-2117271867-4276607553-1121630274-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AgendaNpp" => removed successfully
HKU\S-1-5-21-2117271867-4276607553-1121630274-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7636147a-0ee7-11e9-87ed-fcaa1437f3b7} => removed successfully
HKLM\Software\Classes\CLSID\{7636147a-0ee7-11e9-87ed-fcaa1437f3b7} => not found
HKU\S-1-5-21-2117271867-4276607553-1121630274-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b6065ce-0e4d-11e6-b14a-806e6f6e6963} => removed successfully
HKLM\Software\Classes\CLSID\{8b6065ce-0e4d-11e6-b14a-806e6f6e6963} => not found
HKU\S-1-5-21-2117271867-4276607553-1121630274-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4914647-d58b-11e5-90a8-806e6f6e6963} => removed successfully
HKLM\Software\Classes\CLSID\{f4914647-d58b-11e5-90a8-806e6f6e6963} => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{162AECE5-BAF4-4689-8B61-8686BF31E788}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{162AECE5-BAF4-4689-8B61-8686BF31E788}" => removed successfully
C:\Windows\System32\Tasks\AutoKMS => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{47833539-D0C5-4125-9FA8-0819E2EAAC93}" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}" => removed successfully
HKLM\Software\Classes\PROTOCOLS\Handler\ms-help => removed successfully
HKLM\Software\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294} => removed successfully
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn => moved successfully
"HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\[email protected]" => removed successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-10-13] (NVIDIA Corporation PE Sign v2014" => not found
"HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-10-13] (NVIDIA Corporation PE Sign v2014" => not found
HKLM\Software\Wow6432Node\MozillaPlugins\JFGuide => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\JFWeb => removed successfully
CHR Extension: (The QR Code Generator) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcmhlmapohffdglflokbgknlknnmogbb [2016-08-13] => Error: No automatic fix found for this entry.
CHR Extension: (Lector de facturas mexicanas XML) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\injbcedkhbdclbdfemgchphcdnkdkbng [2017-08-10] => Error: No automatic fix found for this entry.
CHR Extension: ( Calculadora de energ�a solar) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldpemlidphjhodmnkigeefcggbbpalkh [2016-08-13] => Error: No automatic fix found for this entry.
CHR Extension: (Chrome Media Router) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-04-25] => Error: No automatic fix found for this entry.
HKLM\System\CurrentControlSet\Services\InstallerService => removed successfully
InstallerService => service removed successfully
HKLM\System\CurrentControlSet\Services\TrueKeyServiceHelper => removed successfully
TrueKeyServiceHelper => service removed successfully
C:\Windows\System32\Tasks\{8A970E18-264A-4229-A05A-E3CFBFEC25A9} => moved successfully
C:\Windows\System32\Tasks\{83D11E85-B005-49B6-ACB1-8F17BC1C8BF4} => moved successfully
HKU\S-1-5-21-2117271867-4276607553-1121630274-1000_Classes\ChromeHTML => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\Cover Designer => removed successfully
HKLM\Software\Classes\CLSID\[CC]{73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\Glary Utilities => removed successfully
HKLM\Software\Classes\CLSID\[CC]{B3C418F8-922B-4faf-915E-59BC14448CF7} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\VersionsMenu => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{03170921-4754-11cf-AB9A-00C0F00683EB} => removed successfully
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\Glary Utilities => removed successfully
HKLM\Software\Classes\CLSID\[CC]{B3C418F8-922B-4faf-915E-59BC14448CF7} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Glary Utilities => removed successfully
HKLM\Software\Classes\CLSID\[CC]{B3C418F8-922B-4faf-915E-59BC14448CF7} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\VersionsMenu => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{03170921-4754-11cf-AB9A-00C0F00683EB} => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E3C4743D-B3AE-4277-A4A9-C4F36DFB5A26}C:\cms2000\cms2000.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{1C4FA080-225D-40A6-8EB6-31C6F27735BA}C:\cms2000\cms2000.exe" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
========= RemoveProxy: =========
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-2117271867-4276607553-1121630274-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-2117271867-4276607553-1121630274-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
========= End of RemoveProxy: =========
========= netsh winsock reset =========
El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.
========= End of CMD: =========
========= ipconfig /renew =========
Configuraci¢n IP de Windows
========= End of CMD: =========
========= ipconfig /flushdns =========
Configuraci¢n IP de Windows
No se puede vaciar la cach‚ de resoluci¢n de DNS: Error de una funci¢n durante la ejecuci¢n.
========= End of CMD: =========
========= bitsadmin /reset /allusers =========
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
Unable to connect to BITS - 0x8007042c
========= End of CMD: =========
========= netsh advfirewall reset =========
Error al intentar ponerse en contacto con el servicio Firewall de Windows. Aseg£rese de que el servicio se est ejecutando e intente la solicitud de nuevo.
========= End of CMD: =========
========= netsh advfirewall set allprofiles state ON =========
Error al intentar ponerse en contacto con el servicio Firewall de Windows. Aseg£rese de que el servicio se est ejecutando e intente la solicitud de nuevo.
========= End of CMD: =========
========= netsh int ipv4 reset =========
No hay valores configurados por el usuario para restablecer.
========= End of CMD: =========
========= netsh int ipv6 reset =========
No hay valores configurados por el usuario para restablecer.
========= End of CMD: =========
=========== EmptyTemp: ==========
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 54272736 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 2421040 B
Edge => 0 B
Chrome => 50799502 B
Firefox => 32984412 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 35894 B
systemprofile32 => 2234203 B
LocalService => 0 B
NetworkService => 430478 B
Usuario => 65134319 B
RecycleBin => 18365202705 B
EmptyTemp: => 17.3 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 12:33:21 ====
Agradezco tus finas atenciones y me congratulo por la suerte de recibir tu profesional ayuda Mil gracias Luis