Mi pc va muy lento y creo que esta infectado por CrossRider

Jofuca · 28 Abril, 2019 11:27

Hola:

Mi PC va muy lento. He pasado AdwCleaner que parece que ha eliminado el Crossriders; us adjunto el informe del analisis y de la limpieza. Però despues de esto el ordenador sigue yendo muy lento. He pasado el Malwarebytes y vuelven a salir les trece amenazas que vienen saliendo estos dias por mucho que las elimine; us adjunto el informe del Malwarebytes.

Que puedo hacer para que el PC no vaya tan lento y eliminar esta amenaza.

Gracias.

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build:    04-04-2019
# Database: 2019-04-23.2 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    04-28-2019
# Duration: 00:00:28
# OS:       Windows 10 Home
# Scanned:  27222
# Detected: 1


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

PUP.Optional.CrossRider         Bleaner

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.


AdwCleaner[S00].txt - [4926 octets] - [22/04/2019 16:26:43]
AdwCleaner[C00].txt - [4458 octets] - [22/04/2019 16:28:03]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build:    04-04-2019
# Database: 2019-04-23.2 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    04-28-2019
# Duration: 00:00:22
# OS:       Windows 10 Home
# Cleaned:  1
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

Deleted       Bleaner

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [4926 octets] - [22/04/2019 16:26:43]
AdwCleaner[C00].txt - [4458 octets] - [22/04/2019 16:28:03]
AdwCleaner[S01].txt - [1375 octets] - [28/04/2019 12:30:01]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

Malwarebytes

www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 28/4/19
Hora del análisis: 12:50
Archivo de registro: 76bf6788-69a3-11e9-83d8-00248cc733a2.json

-Información del software-
Versión: 3.7.1.2839
Versión de los componentes: 1.0.563
Versión del paquete de actualización: 1.0.10374
Licencia: Prueba

-Información del sistema-
SO: Windows 10 (Build 17134.706)
CPU: x64
Sistema de archivos: NTFS
Usuario: DESKTOP-EQB5PBG\jofue

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 275422
Amenazas detectadas: 13
Amenazas en cuarentena: 13
Tiempo transcurrido: 6 min, 11 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 1
PUP.Optional.CrossRider, HKU\S-1-5-21-3180699792-3532045423-3535131539-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|lkadffjmnaiokkdncgdlecdegajoiemi, En cuarentena, [438], [181025],1.0.10374

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 3
PUP.Optional.CrossRider, C:\Users\jofue\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\0.1_0\_metadata, En cuarentena, [438], [181025],1.0.10374
PUP.Optional.CrossRider, C:\Users\jofue\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\0.1_0, En cuarentena, [438], [181025],1.0.10374
PUP.Optional.CrossRider, C:\USERS\JOFUE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\LKADFFJMNAIOKKDNCGDLECDEGAJOIEMI, En cuarentena, [438], [181025],1.0.10374

Archivo: 9
PUP.Optional.CrossRider, C:\Users\jofue\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\0.1_0\_metadata\verified_contents.json, En cuarentena, [438], [181025],1.0.10374
PUP.Optional.CrossRider, C:\Users\jofue\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\0.1_0\background.js, En cuarentena, [438], [181025],1.0.10374
PUP.Optional.CrossRider, C:\Users\jofue\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\0.1_0\bleaner.js, En cuarentena, [438], [181025],1.0.10374
PUP.Optional.CrossRider, C:\Users\jofue\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\0.1_0\icon-128.png, En cuarentena, [438], [181025],1.0.10374
PUP.Optional.CrossRider, C:\Users\jofue\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\0.1_0\icon-16.png, En cuarentena, [438], [181025],1.0.10374
PUP.Optional.CrossRider, C:\Users\jofue\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\0.1_0\icon-48.png, En cuarentena, [438], [181025],1.0.10374
PUP.Optional.CrossRider, C:\Users\jofue\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\0.1_0\manifest.json, En cuarentena, [438], [181025],1.0.10374
PUP.Optional.CrossRider, C:\USERS\JOFUE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Sustituido, [438], [181025],1.0.10374
PUP.Optional.CrossRider, C:\USERS\JOFUE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Sustituido, [438], [181025],1.0.10374

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

Daniela · 28 Abril, 2019 11:53

Hola @Jofuca bienvenido al nuevo foro

Descarga Farbar Recovery Scan Tool. seleccionando la versión adecuada para la arquitectura(32 o 64bits) de tu equipo. [color=#FF8C00][size=1] ¿Cómo saber si mi Windows es de 32 o 64 bits.?[/size][/color]

Ejecuta FRST.exe.
En el mensaje de la ventana del Disclaimer, pulsamos Yes
En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Pon los dos reportes generados.

Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo(mas de 50.000 caracteres aprox.).

Un saludo

Jofuca · 28 Abril, 2019 13:15

Aqui tienes los archivos


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28.04.2019
Ran by jofue (28-04-2019 15:03:01)
Running from C:\Users\jofue\Downloads
Windows 10 Home Version 1803 17134.706 (X64) (2018-08-10 21:56:46)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-3180699792-3532045423-3535131539-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3180699792-3532045423-3535131539-503 - Limited - Disabled)
Invitado (S-1-5-21-3180699792-3532045423-3535131539-501 - Limited - Disabled)
jofue (S-1-5-21-3180699792-3532045423-3535131539-1001 - Administrator - Enabled) => C:\Users\jofue
WDAGUtilityAccount (S-1-5-21-3180699792-3532045423-3535131539-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Actualización de NVIDIA 2.11.4.125 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 2.11.4.125 - NVIDIA Corporation) Hidden
Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.010.20099 - Adobe Systems Incorporated)
Aegisub 3.2.2 (HKLM-x32\...\{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1) (Version: 3.2.2 - Aegisub Team)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.4.2374 - AVAST Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 73.0.1258.87 - Los creadores de Avast Secure Browser)
Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.154.333 - AVAST Software) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BitTorrent (HKU\S-1-5-21-3180699792-3532045423-3535131539-1001\...\BitTorrent) (Version: 7.10.4.44633 - BitTorrent Inc.)
BitTorrent (HKU\S-1-5-21-3180699792-3532045423-3535131539-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019123419901\...\BitTorrent) (Version: 7.10.4.44633 - BitTorrent Inc.)
Black Desert Online (HKLM-x32\...\{C1F96C92-7B8C-485F-A9CD-37A0708A2A60}) (Version: 1.0.0.10 - Kakao Games Europe B.V.)
CCleaner (HKLM\...\CCleaner) (Version: 5.56 - Piriform)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 74.0.3729.108 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
HP Support Assistant (HKLM-x32\...\{F322B446-B157-4257-B44F-4F22D41F8EDB}) (Version: 8.7.50.3 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{31CBAB2C-ED4B-403C-8933-192833FEB2C6}) (Version: 12.10.49.21 - HP Inc.)
IBM SPSS Statistics 24 (HKLM-x32\...\{4762AE15-E5A3-43BF-8822-1CFC70FB147A}) (Version: 24.0.0.0 - IBM Corp)
Malwarebytes versión 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3180699792-3532045423-3535131539-1001\...\OneDriveSetup.exe) (Version: 19.043.0304.0007 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3180699792-3532045423-3535131539-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019123419901\...\OneDriveSetup.exe) (Version: 19.043.0304.0007 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 63.0.1 (x64 es-ES) (HKLM\...\Mozilla Firefox 63.0.1 (x64 es-ES)) (Version: 63.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 61.0.2 - Mozilla)
Noise Reduction Plug-In 2.0 (x64) (HKLM\...\{BCD60981-841A-11E8-A5B0-408D5CC672F4}) (Version: 2.0.1318 - MAGIX)
NVIDIA Controlador de 3D Vision 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 342.01 - NVIDIA Corporation)
NVIDIA Controlador de gráficos 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.01 - NVIDIA Corporation)
NVIDIA Controlador de la controladora 3D Vision 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.125 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.125 - NVIDIA Corporation)
NVIDIA Software del sistema PhysX 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Panel de control de NVIDIA 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 342.01 - NVIDIA Corporation) Hidden
Paquete de idioma de Microsoft Visual Studio 2010 Tools para Office Runtime (x64) - ESN (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ESN) (Version: 10.0.50903 - Microsoft Corporation)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.125 - NVIDIA Corporation) Hidden
Spotify (HKU\S-1-5-21-3180699792-3532045423-3535131539-1001\...\Spotify) (Version: 1.0.99.250.g936eab8d - Spotify AB)
Spotify (HKU\S-1-5-21-3180699792-3532045423-3535131539-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019123419901\...\Spotify) (Version: 1.0.99.250.g936eab8d - Spotify AB)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{B2E25355-C24E-4E7D-8AD3-455D59810838}) (Version: 2.57.0.0 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.6 - VideoLAN)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
WinRAR 5.70 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-04-13] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-04-13] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-04-13] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-11-14] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-04-13] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2019-04-22 17:23 - 2016-11-14 11:45 - 001408200 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI64.dll
2019-04-22 17:25 - 2016-11-14 14:30 - 001300688 _____ (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed] C:\Program Files\NVIDIA Corporation\NvStreamSrv\rxinput.dll
2019-04-22 15:34 - 2019-03-13 09:22 - 000438272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll
2019-04-22 15:34 - 2019-03-13 09:22 - 005139968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll
2019-04-22 15:34 - 2019-03-13 09:22 - 003084800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll
2019-04-22 15:34 - 2019-03-13 09:22 - 004571648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll
2019-04-22 15:34 - 2019-03-13 09:22 - 002234880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll
2019-04-22 15:34 - 2019-03-13 09:22 - 002950144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
2019-04-22 15:34 - 2019-03-13 09:22 - 005010944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
2019-04-22 15:34 - 2019-03-13 09:22 - 001181184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll
2019-04-22 15:34 - 2019-03-13 09:22 - 000124928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\styles\qwindowsvistastyle.dll
2019-04-22 15:34 - 2019-03-13 09:22 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll
2019-04-22 15:34 - 2019-03-13 09:22 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll
2019-04-22 15:34 - 2019-03-13 09:22 - 000259584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll
2019-04-22 15:34 - 2019-03-13 09:22 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll
2019-04-22 15:34 - 2019-03-13 09:22 - 000729088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-04-22 15:34 - 2019-03-13 09:22 - 000073216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-04-22 15:34 - 2019-03-13 09:22 - 000179712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll
2019-04-22 15:34 - 2019-03-13 09:22 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll
2019-04-22 15:34 - 2019-03-13 09:22 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll
2019-04-22 15:34 - 2019-03-13 09:22 - 000101888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll
2019-04-22 15:34 - 2019-03-13 09:22 - 000035328 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\iconengines\qsvgicon.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\jofue\Datos de programa:6699d3ee8dd9cf775caae782c8f44f03 [394]
AlternateDataStreams: C:\Users\jofue\AppData\Roaming:6699d3ee8dd9cf775caae782c8f44f03 [394]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3180699792-3532045423-3535131539-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3180699792-3532045423-3535131539-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019123419901\...\localhost -> localhost

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-12 01:38 - 2019-01-04 11:59 - 000000827 _____ C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\IBM\SPSS\Statistics\24\JRE\bin
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019123417323\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019123418276\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3180699792-3532045423-3535131539-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
HKU\S-1-5-21-3180699792-3532045423-3535131539-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019123419901\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-3180699792-3532045423-3535131539-1001\...\StartupApproved\Run: => "AvastBrowserAutoLaunch_7722D7EF5BD7C5DEC62D2D914B66BCD3"
HKU\S-1-5-21-3180699792-3532045423-3535131539-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3180699792-3532045423-3535131539-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3180699792-3532045423-3535131539-1001\...\StartupApproved\Run: => "QMxNetworkSync"
HKU\S-1-5-21-3180699792-3532045423-3535131539-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019123419901\...\StartupApproved\Run: => "AvastBrowserAutoLaunch_7722D7EF5BD7C5DEC62D2D914B66BCD3"
HKU\S-1-5-21-3180699792-3532045423-3535131539-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019123419901\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3180699792-3532045423-3535131539-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019123419901\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3180699792-3532045423-3535131539-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019123419901\...\StartupApproved\Run: => "QMxNetworkSync"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A3BE7734-4890-4208-A635-85DBB85B01D5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{325BCD22-DCC1-49A5-B486-AB4628F851C6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{AE52C691-E314-4C93-BA7C-6B9795CF3007}] => (Allow) C:\Users\jofue\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{1B19B6F0-44EF-49C3-BF1F-451CCA605571}] => (Allow) C:\Users\jofue\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [TCP Query User{67CDDFC3-6632-4C3E-A064-86800890B642}C:\program files (x86)\ibm\spss\statistics\24\stats.exe] => (Allow) C:\program files (x86)\ibm\spss\statistics\24\stats.exe (IBM -> IBM Corp.) [File not signed]
FirewallRules: [UDP Query User{C88383CB-1BBF-429F-B3E7-4D3F1DF31F68}C:\program files (x86)\ibm\spss\statistics\24\stats.exe] => (Allow) C:\program files (x86)\ibm\spss\statistics\24\stats.exe (IBM -> IBM Corp.) [File not signed]
FirewallRules: [{05DFCBB3-F568-4B2B-87D8-0C300E391826}] => (Block) C:\program files (x86)\ibm\spss\statistics\24\stats.exe (IBM -> IBM Corp.) [File not signed]
FirewallRules: [{50EF8A8A-1A17-453C-A9C2-2BA499A6A396}] => (Block) C:\program files (x86)\ibm\spss\statistics\24\stats.exe (IBM -> IBM Corp.) [File not signed]
FirewallRules: [TCP Query User{0C8CFE6F-E6DE-472A-BCF3-49DDB30EB1F4}C:\users\jofue\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jofue\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{9DB63CA4-3F0E-4F85-B818-83BB5F221B99}C:\users\jofue\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jofue\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{A73C25F5-72FE-4D46-AB2A-50ECBF69F841}C:\program files (x86)\world of warcraft\_retail_\utils\wowvoiceproxy.exe] => (Allow) C:\program files (x86)\world of warcraft\_retail_\utils\wowvoiceproxy.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{3A48D1F6-F4DA-4E97-AAA9-9E58E770B7A9}C:\program files (x86)\world of warcraft\_retail_\utils\wowvoiceproxy.exe] => (Allow) C:\program files (x86)\world of warcraft\_retail_\utils\wowvoiceproxy.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{F561F6D7-B895-466F-93AD-79542FE52CD5}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{B16463C3-1E7E-4FAA-BE74-9A249A93B8EF}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{C93BA3EE-220A-401D-BE94-84A023764234}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{04EF8F35-146B-4D3B-9DC3-DD79E870A206}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{A949FA11-CE7F-40C0-96E3-B050E5D49AE2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{FD996CE6-A86A-450A-9B95-71EA6A33F6DD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{D4D2D4BA-88FA-4D6E-9D8D-BC47880273CA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{1E83AAE9-F839-4ED3-A4E4-9141200B107D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{1A74E97E-D3D2-4551-92B0-A4D4A274E6E4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)

==================== Restore Points =========================

10-04-2019 00:19:36 Windows Update
13-04-2019 19:33:38 Removed SOUND FORGE Pro 12.1 (x64)
22-04-2019 09:26:53 Punto de control programado

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/28/2019 12:57:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa SkypeApp.exe, versión 8.38.0.138, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, comprueba el historial de problemas en la sección Seguridad y mantenimiento del Panel de control.

Identificador de proceso: 1b68

Hora de inicio: 01d4fdae282313ae

Hora de finalización: 4294967295

Ruta de la aplicación: C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\SkypeApp.exe

Identificador de informe: 973d388f-a5ed-4207-ac45-9e357888f74e

Nombre completo de paquete con errores: Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c

Identificador de aplicación relativa del paquete con errores: App

Error: (04/28/2019 11:33:51 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa chrome.exe, versión 74.0.3729.108, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, comprueba el historial de problemas en la sección Seguridad y mantenimiento del Panel de control.

Identificador de proceso: 5a0c

Hora de inicio: 01d4fd90f29e533d

Hora de finalización: 4294967295

Ruta de la aplicación: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Identificador de informe: ffacb148-1bda-45e3-9d7d-15e252969ee9

Nombre completo de paquete con errores: 

Identificador de aplicación relativa del paquete con errores:

Error: (04/28/2019 11:30:10 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa Battle.net.exe, versión 1.13.2.11060, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, comprueba el historial de problemas en la sección Seguridad y mantenimiento del Panel de control.

Identificador de proceso: a2c8

Hora de inicio: 01d4fd9143d1cfd5

Hora de finalización: 2734

Ruta de la aplicación: C:\Program Files (x86)\Battle.net\Battle.net.exe

Identificador de informe: 15f73152-2ec8-4e85-b35f-2216276db449

Nombre completo de paquete con errores: 

Identificador de aplicación relativa del paquete con errores:

Error: (04/28/2019 10:15:48 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa Wow.exe, versión 8.1.5.29981, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, comprueba el historial de problemas en la sección Seguridad y mantenimiento del Panel de control.

Identificador de proceso: b170

Hora de inicio: 01d4fd9184e93a69

Hora de finalización: 776

Ruta de la aplicación: C:\Program Files (x86)\World of Warcraft\_retail_\Wow.exe

Identificador de informe: 0e66571d-1781-45e3-9f0a-bad79155d352

Nombre completo de paquete con errores: 

Identificador de aplicación relativa del paquete con errores:

Error: (04/28/2019 08:37:29 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa Microsoft.Photos.exe, versión 2019.18112.20010.0, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, comprueba el historial de problemas en la sección Seguridad y mantenimiento del Panel de control.

Identificador de proceso: a5b0

Hora de inicio: 01d4fd4024db968a

Hora de finalización: 4294967295

Ruta de la aplicación: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe

Identificador de informe: 37eac69d-1339-46d8-a522-d19626c4af8d

Nombre completo de paquete con errores: Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe

Identificador de aplicación relativa del paquete con errores: App

Error: (04/28/2019 08:23:49 AM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhostw (2892,R,98) WebCacheLocal: Error -1032 (0xfffffbf8) al abrir un archivo de registro C:\Users\jofue\AppData\Local\Microsoft\Windows\WebCache\V01.log.

Error: (04/28/2019 08:23:49 AM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhostw (2892,R,98) WebCacheLocal: Al intentar abrir el archivo "C:\Users\jofue\AppData\Local\Microsoft\Windows\WebCache\V01.log" para acceso de lectura y escritura se produjo el error de sistema 32 (0x00000020): "El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso. ". La operación para abrir el archivo se cerrará con el error -1032 (0xfffffbf8).

Error: (04/28/2019 08:23:39 AM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhostw (2892,R,98) WebCacheLocal: Error -1032 (0xfffffbf8) al abrir un archivo de registro C:\Users\jofue\AppData\Local\Microsoft\Windows\WebCache\V01.log.


System errors:
=============
Error: (04/28/2019 01:13:05 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-EQB5PBG)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario DESKTOP-EQB5PBG\jofue con SID (S-1-5-21-3180699792-3532045423-3535131539-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (04/28/2019 12:50:23 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-EQB5PBG)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario DESKTOP-EQB5PBG\jofue con SID (S-1-5-21-3180699792-3532045423-3535131539-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (04/28/2019 12:40:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio HP Support Solutions Framework Service no pudo iniciarse debido al siguiente error: 
El servicio no respondió a tiempo a la solicitud de inicio o de control.

Error: (04/28/2019 12:40:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio HP Support Solutions Framework Service.

Error: (04/28/2019 12:40:15 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: El servicio Optimización de entrega no respondió después de iniciar.

Error: (04/28/2019 12:38:47 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-EQB5PBG)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario DESKTOP-EQB5PBG\jofue con SID (S-1-5-21-3180699792-3532045423-3535131539-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (04/28/2019 12:34:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio NVIDIA Streamer Network Service.

Error: (04/28/2019 12:32:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio Adaptador de rendimiento de WMI no pudo iniciarse debido al siguiente error: 
El medio está protegido contra escritura.


Windows Defender:
===================================
Date: 2019-02-14 02:07:04.442
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.263.48.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.14600.4
Código de error: 0x80072f8f
Descripción del error: Error de seguridad 

Date: 2018-09-14 05:46:57.472
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.263.48.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.14600.4
Código de error: 0x8024402c
Descripción del error: Se produjo un problema inesperado mientras se buscaban actualizaciones. Para obtener más información sobre cómo instalar o solucionar problemas en las actualizaciones, consulte Ayuda y soporte técnico. 

CodeIntegrity:
===================================

Date: 2019-04-28 12:51:16.564
Description: 
Windows blocked file \Device\HarddiskVolume1\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-04-28 12:51:16.400
Description: 
Windows blocked file \Device\HarddiskVolume1\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-04-28 11:41:20.409
Description: 
Windows blocked file \Device\HarddiskVolume1\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-04-28 11:41:20.259
Description: 
Windows blocked file \Device\HarddiskVolume1\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-04-28 08:28:43.115
Description: 
Windows blocked file \Device\HarddiskVolume1\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-04-28 08:28:42.670
Description: 
Windows blocked file \Device\HarddiskVolume1\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-04-27 02:20:48.034
Description: 
Windows blocked file \Device\HarddiskVolume1\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-04-27 02:20:47.987
Description: 
Windows blocked file \Device\HarddiskVolume1\Windows\System32\scrobj.dll which has been disallowed for protected processes.

==================== Memory info =========================== 

BIOS: American Megatrends Inc. 0507 12/05/2008
Motherboard: ASUSTeK Computer INC. P5KPL/1600
Processor: Intel(R) Core(TM)2 Quad CPU Q8300 @ 2.50GHz
Percentage of memory in use: 82%
Total physical RAM: 3071.18 MB
Available physical RAM: 533.7 MB
Total Virtual: 8191.18 MB
Available Virtual: 5164.73 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:464.97 GB) (Free:212.19 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (peru 4) (CDROM) (Total:3.11 GB) (Free:0 GB) CDFS
Drive e: (Morrowind) (CDROM) (Total:0.65 GB) (Free:0 GB) CDFS

\\?\Volume{f570f570-0000-0000-0000-303e74000000}\ () (Fixed) (Total:0.78 GB) (Free:0.34 GB) NTFS

==================== MBR & Partition Table ==================

==================== End of Addition.txt ============================

Jofuca · 28 Abril, 2019 13:21

Ahora el FRST pero no me lo deja enviar. Sale este mensaje: “Lo sentimos, pero los usuarios nuevos solo pueden mencionar a 2 usuarios en un post.”

No se como evitarlo. Solo le he dado a responder y pegado el archivo. Que debo hacer?

Daniela · 28 Abril, 2019 15:00

Hola

Prueba a ver si te deja poner el reporte ahora, si no puedes, súbelo como archivo adjunto:

Un saludo

Jofuca · 28 Abril, 2019 15:19

Hola:

[FRST_28-04-2019 15.05.39.txt (69,0 KB)

Lo he adjuntado porque no me dejaba pegado

Daniela · 28 Abril, 2019 15:44

Hola

No descargaste y ejecutaste Frst desde el escritorio como te indiqué, muevelo allí porque si no no funcionará el siguiente paso.

MUY Importante Realiza una copia de seguridad del registro :

Para hacerlo descarga DelFix.exe( en tu escritorio).
Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona -Ejecutar como Administrador-).
Atención, ahora marca/selecciona únicamente la casilla "Create registry backup", las demás NO.
Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

A continuación inicia tu equipo desde el Modo Seguro de Windows sin función de red

Con los demás programas cerrados ve a Inicio Ejecutar y escribe Notepad.exe.

Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.

START
CREATERESTOREPOINT:
CLOSEPROCESSES:
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1767712 2016-11-14] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
HKU\S-1-5-21-3180699792-3532045423-3535131539-1001\...\MountPoints2: {0fbdf6ee-9cec-11e8-bb53-806e6f6e6963} - "E:\AutoRunMorrowind.exe" 
HKU\S-1-5-21-3180699792-3532045423-3535131539-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019123419901\...\MountPoints2: {0fbdf6ee-9cec-11e8-bb53-806e6f6e6963} - "E:\AutoRunMorrowind.exe" 
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
FF SearchPlugin: C:\Users\jofue\AppData\Roaming\Mozilla\Firefox\Profiles\b758nzkp.default\searchplugins\bing-lavasoft-ff59.xml [2018-10-22]
FF HKU\S-1-5-21-3180699792-3532045423-3535131539-1001\...\Firefox\Extensions: [[email protected]] - C:\Users\jofue\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension.xpi => not found
FF HKU\S-1-5-21-3180699792-3532045423-3535131539-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019123419901\...\Firefox\Extensions: [[email protected]] - C:\Users\jofue\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension.xpi => not found
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin HKU\S-1-5-21-3180699792-3532045423-3535131539-1001: @acestream.net/acestreamplugin,version=3.1.1 -> C:\Users\jofue\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File]
FF Plugin HKU\S-1-5-21-3180699792-3532045423-3535131539-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019123419901: @acestream.net/acestreamplugin,version=3.1.1 -> C:\Users\jofue\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File]
CHR Extension: (Bleaner) - C:\Users\jofue\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi [2019-04-28]
CHR Extension: (Chrome Media Router) - C:\Users\jofue\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-04-25]
CHR HKU\S-1-5-21-3180699792-3532045423-3535131539-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3180699792-3532045423-3535131539-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019123419901\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
AlternateDataStreams: C:\Users\jofue\Datos de programa:6699d3ee8dd9cf775caae782c8f44f03 [394]
AlternateDataStreams: C:\Users\jofue\AppData\Roaming:6699d3ee8dd9cf775caae782c8f44f03 [394]
FirewallRules: [TCP Query User{67CDDFC3-6632-4C3E-A064-86800890B642}C:\program files (x86)\ibm\spss\statistics\24\stats.exe] => (Allow) C:\program files (x86)\ibm\spss\statistics\24\stats.exe (IBM -> IBM Corp.) [File not signed]
FirewallRules: [UDP Query User{C88383CB-1BBF-429F-B3E7-4D3F1DF31F68}C:\program files (x86)\ibm\spss\statistics\24\stats.exe] => (Allow) C:\program files (x86)\ibm\spss\statistics\24\stats.exe (IBM -> IBM Corp.) [File not signed]
FirewallRules: [{05DFCBB3-F568-4B2B-87D8-0C300E391826}] => (Block) C:\program files (x86)\ibm\spss\statistics\24\stats.exe (IBM -> IBM Corp.) [File not signed]
FirewallRules: [{50EF8A8A-1A17-453C-A9C2-2BA499A6A396}] => (Block) C:\program files (x86)\ibm\spss\statistics\24\stats.exe (IBM -> IBM Corp.) [File not signed]

HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Guárdalo bajo el nombre de FIXLIST.TXT en el escritorio Esto es muy importante.

Nota Es importante que la herramienta FRST.exe (Farbar Recovery Scanner Tool) y FIXLIST.TXT se encuentren en la misma ubicación (escritorio) o si no, no trabajara.

Ejecuta FRST.exe.(Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas -Ejecutar como Administrador-).
Presionar el botón FIX y aguardar a que termine.
La Herramienta guardara el reporte de reparación en el escritorio (FIXLOG.TXT).

Pega el contenido de este fichero en tu próxima respuesta.

Reiniciar el equipo y comprobar su funcionamiento en relación al problema planteado y comentarlo.

Un saludo

Jofuca · 3 Mayo, 2019 17:24

Hola:

Perdon por no ejecutar correctamente el FIRST. Creo que ahora si he seguido correctametne tus instrucciones. Ahora mismo parece que el PC va un poco mas rápido però no estoy seguro si esta limpio del todo.

Pego el reporte del FIXLOG

Fix result of Farbar Recovery Scan Tool (x64) Version: 28.04.2019
Ran by jofue (03-05-2019 18:36:51) Run:1
Running from C:\Users\jofue\OneDrive\Escritorio
Loaded Profiles: jofue (Available Profiles: jofue)
Boot Mode: Safe Mode (minimal)
==============================================

fixlist content:
*****************
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1767712 2016-11-14] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
HKU\S-1-5-21-3180699792-3532045423-3535131539-1001\...\MountPoints2: {0fbdf6ee-9cec-11e8-bb53-806e6f6e6963} - "E:\AutoRunMorrowind.exe" 
HKU\S-1-5-21-3180699792-3532045423-3535131539-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019123419901\...\MountPoints2: {0fbdf6ee-9cec-11e8-bb53-806e6f6e6963} - "E:\AutoRunMorrowind.exe" 
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
FF SearchPlugin: C:\Users\jofue\AppData\Roaming\Mozilla\Firefox\Profiles\b758nzkp.default\searchplugins\bing-lavasoft-ff59.xml [2018-10-22]
FF HKU\S-1-5-21-3180699792-3532045423-3535131539-1001\...\Firefox\Extensions: [[email protected]] - C:\Users\jofue\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension.xpi => not found
FF HKU\S-1-5-21-3180699792-3532045423-3535131539-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019123419901\...\Firefox\Extensions: [[email protected]] - C:\Users\jofue\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension.xpi => not found
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin HKU\S-1-5-21-3180699792-3532045423-3535131539-1001: @acestream.net/acestreamplugin,version=3.1.1 -> C:\Users\jofue\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File]
FF Plugin HKU\S-1-5-21-3180699792-3532045423-3535131539-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019123419901: @acestream.net/acestreamplugin,version=3.1.1 -> C:\Users\jofue\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File]
CHR Extension: (Bleaner) - C:\Users\jofue\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi [2019-04-28]
CHR Extension: (Chrome Media Router) - C:\Users\jofue\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-04-25]
CHR HKU\S-1-5-21-3180699792-3532045423-3535131539-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3180699792-3532045423-3535131539-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019123419901\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
AlternateDataStreams: C:\Users\jofue\Datos de programa:6699d3ee8dd9cf775caae782c8f44f03 [394]
AlternateDataStreams: C:\Users\jofue\AppData\Roaming:6699d3ee8dd9cf775caae782c8f44f03 [394]
FirewallRules: [TCP Query User{67CDDFC3-6632-4C3E-A064-86800890B642}C:\program files (x86)\ibm\spss\statistics\24\stats.exe] => (Allow) C:\program files (x86)\ibm\spss\statistics\24\stats.exe (IBM -> IBM Corp.) [File not signed]
FirewallRules: [UDP Query User{C88383CB-1BBF-429F-B3E7-4D3F1DF31F68}C:\program files (x86)\ibm\spss\statistics\24\stats.exe] => (Allow) C:\program files (x86)\ibm\spss\statistics\24\stats.exe (IBM -> IBM Corp.) [File not signed]
FirewallRules: [{05DFCBB3-F568-4B2B-87D8-0C300E391826}] => (Block) C:\program files (x86)\ibm\spss\statistics\24\stats.exe (IBM -> IBM Corp.) [File not signed]
FirewallRules: [{50EF8A8A-1A17-453C-A9C2-2BA499A6A396}] => (Block) C:\program files (x86)\ibm\spss\statistics\24\stats.exe (IBM -> IBM Corp.) [File not signed]

HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ShadowPlay" => removed successfully
HKU\S-1-5-21-3180699792-3532045423-3535131539-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0fbdf6ee-9cec-11e8-bb53-806e6f6e6963} => removed successfully
HKLM\Software\Classes\CLSID\{0fbdf6ee-9cec-11e8-bb53-806e6f6e6963} => not found
HKU\S-1-5-21-3180699792-3532045423-3535131539-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019123419901\...\MountPoints2: {0fbdf6ee-9cec-11e8-bb53-806e6f6e6963} - "E:\AutoRunMorrowind.exe" => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
C:\Users\jofue\AppData\Roaming\Mozilla\Firefox\Profiles\b758nzkp.default\searchplugins\bing-lavasoft-ff59.xml => moved successfully
"HKU\S-1-5-21-3180699792-3532045423-3535131539-1001\Software\Mozilla\Firefox\Extensions\\[email protected]" => not found
FF HKU\S-1-5-21-3180699792-3532045423-3535131539-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019123419901\...\Firefox\Extensions: [[email protected]] - C:\Users\jofue\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension.xpi => not found => Error: No automatic fix found for this entry.
"HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation PE Sign v2016" => not found
"HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation PE Sign v2016" => not found
HKU\S-1-5-21-3180699792-3532045423-3535131539-1001\Software\MozillaPlugins\@acestream.net/acestreamplugin,version=3.1.1 => removed successfully
C:\Users\jofue\AppData\Roaming\ACEStream\player\npace_plugin.dll => moved successfully
FF Plugin HKU\S-1-5-21-3180699792-3532045423-3535131539-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019123419901: @acestream.net/acestreamplugin,version=3.1.1 -> C:\Users\jofue\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File] => Error: No automatic fix found for this entry.
CHR Extension: (Bleaner) - C:\Users\jofue\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi [2019-04-28] => Error: No automatic fix found for this entry.
CHR Extension: (Chrome Media Router) - C:\Users\jofue\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-04-25] => Error: No automatic fix found for this entry.
HKU\S-1-5-21-3180699792-3532045423-3535131539-1001\SOFTWARE\Google\Chrome\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo => removed successfully
CHR HKU\S-1-5-21-3180699792-3532045423-3535131539-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019123419901\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx => Error: No automatic fix found for this entry.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => removed successfully
HKLM\Software\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
"HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully
HKLM\Software\Classes\CLSID\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => not found
C:\Users\jofue\Datos de programa => ":6699d3ee8dd9cf775caae782c8f44f03" ADS removed successfully
"C:\Users\jofue\AppData\Roaming" => ":6699d3ee8dd9cf775caae782c8f44f03" ADS not found.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{67CDDFC3-6632-4C3E-A064-86800890B642}C:\program files (x86)\ibm\spss\statistics\24\stats.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C88383CB-1BBF-429F-B3E7-4D3F1DF31F68}C:\program files (x86)\ibm\spss\statistics\24\stats.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{05DFCBB3-F568-4B2B-87D8-0C300E391826}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{50EF8A8A-1A17-453C-A9C2-2BA499A6A396}" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-3180699792-3532045423-3535131539-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-3180699792-3532045423-3535131539-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows


========= End of CMD: =========


========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

No se puede vaciar la cach‚ de resoluci¢n de DNS: Error de una funci¢n durante la ejecuci¢n.


========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

Unable to connect to BITS - 0x8007043c
El servicio no puede iniciarse en modo a prueba de errores



========= End of CMD: =========


========= netsh advfirewall reset =========


Error al intentar ponerse en contacto con el servicio Firewall de Windows Defender. Aseg£rate de que el servicio se est  ejecutando e intenta la solicitud de nuevo.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========


Error al intentar ponerse en contacto con el servicio Firewall de Windows Defender. Aseg£rate de que el servicio se est  ejecutando e intenta la solicitud de nuevo.


========= End of CMD: =========


========= netsh int ipv4 reset =========

No hay valores configurados por el usuario para restablecer.


========= End of CMD: =========


========= netsh int ipv6 reset =========

No hay valores configurados por el usuario para restablecer.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 10772480 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 95200160 B
Java, Flash, Steam htmlcache => 409 B
Windows/system/drivers => 3586177 B
Edge => 54272 B
Chrome => 369842764 B
Firefox => 13637543 B
Opera => 155648 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 710055345 B
systemprofile32 => 188068713 B
LocalService => 3642 B
LocalService => 0 B
NetworkService => 293629792 B
NetworkService => 0 B
jofue => 73220872 B

RecycleBin => 6784534 B
EmptyTemp: => 1.6 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 18:37:58 ====

Daniela · 3 Mayo, 2019 22:03

Hola

Vamos a ver si queda algo más en tu equipo.

Realiza un análisis con ESETOnline, Revisa el manual para saber como utilizar EsetOnline y como poner el reporte.

Un saludo

Jofuca · 4 Mayo, 2019 13:16

Hola:

He pasado el Eset_online. Ha detectado dos amenaza que parece que ha resuelto.Te paso el informe

04/05/2019 15:09:12
Archivos explorados: 282566
Archivos infectados: 2
Amenazas eliminadas: 2
Tiempo total de exploración 02:54:52
Estado de la exploración: Finalizado

Daniela · 4 Mayo, 2019 14:57

Hola

Ese reporte está completo? Deberían verse las amenazas eliminadas como está en esta imagen:

No olvides comentar como sigue el problema.

Un saludo

Jofuca · 5 Mayo, 2019 05:39

Hola:

Sien el reporter no pone nada mas. Algo no debo haber hecho bien. He mirado en cuarentena y pone:

C\Windows.old.000\Users\JoseAntonio\AppData\local\Google\Chrome\UserData\Profile 4\Cache\f.0000ab Tipo:JS/adware.Agent.AA aplication

C:\Users\jofue\Dowloads\Sinconfirmar 164911.crdowload Tipo: LNK/TrojanDownloader.Agent.PA troyano.

No se si esta información te sirve.

En cuanto al ordenador, ahora arranca mas rapido y internet tambien busca mas ràpido. De todas formas, me parece que aun va un poco lento y, aveces, el buscador se queda bloqueado

Daniela · 5 Mayo, 2019 22:01

Hola

Vamos a ver si lo optimizamos algo más.

1. Utliza CCleaner. Siguiendo Su manual, lo ejecutas y utiliza las dos opciones del Uso Simple (Limpiador y Registro) del mismo, tal como se explican en el manual.

2. Realiza un análisis completo del Disco duro, siguiendo esta guía: Análisis y Escaneo del Disco Duro

3. Libera espacio de los discos siguiendo esta guía: Liberar espacios en Discos y Particiones

4. Desfragmenta el/los discos duros y particiones del PC, siguiendo esta guía: Desfragmentar Discos y Particiones

Nos comentas como sigue el funcionamiento del PC.

Un saludo

Jofuca · 6 Mayo, 2019 16:01

Hola:

Perdona cuando le doy al link del paso 2 “Análisis y Escaneo del Disco Duro” me dice que no tengo acceso a este tema.

Daniela · 6 Mayo, 2019 21:55

Hola

Edité el enlace, ahora ya deberías poder acceder.

Un saludo