Fix result of Farbar Recovery Scan Tool (x64) Version: 25-11-2019 01 Ran by Administrador (27-11-2019 08:20:22) Run:1 Running from D:\INGENIERIA\ESCRITORIO Loaded Profiles: CESAR & Administrador (Available Profiles: HORACIO & OPERADOR & TURNO NOCHE & VICARIO & CESAR & INDICADORES & Administrador) Boot Mode: Normal ============================================== fixlist content: ***************** Start CloseProcesses: CreateRestorePoint: 2019-11-25 08:13 - 2019-11-25 08:13 - 000000000 ____D C:\Program Files (x86)\FONDQXIMSYHLISNDBCFPGGQDFFXNKBARIRJH (Panda Security S.L. -> Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Aether Agent\AgentSvc.exe HKLM\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe, <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-1865021304-481513440-2593777952-500\...\Policies\Explorer: [] GroupPolicy\User: Restriction ? <==== ATTENTION GroupPolicyScripts-x32: Restriction <==== ATTENTION Task: {113494E9-B31F-4153-9C32-A1E126344BD9} - \RealUpgradeScheduledTaskS-1-5-21-1865021304-481513440-2593777952-1003 -> No File <==== ATTENTION Task: {4AE9F5F7-E768-41FC-A7D2-0C2182518C32} - \RealUpgradeLogonTaskS-1-5-21-1865021304-481513440-2593777952-1003 -> No File <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{585df129-5dc2-48b3-bb16-0fa77f4ef223} <==== ATTENTION R2 PandaAetherAgent; C:\Program Files (x86)\Panda Security\Panda Aether Agent\AgentSvc.exe [203296 2019-11-13] (Panda Security S.L. -> Panda Security, S.L.) S2 Ms64B4101AApp; C:\Windows\System32\Ms64B4101AApp.dll [X] NETSVC: Ms64B4101AAppBak -> no filepath. NETSVC: Ms64B4101AApp -> C:\Windows\System32\Ms64B4101AApp.dll ==> No File C:\Windows\System32\Ms64B4101AApp.dll 2019-11-25 08:11 - 2015-11-18 10:36 - 000000000 ____D C:\ProgramData\Panda Security 2019-11-04 08:54 - 2015-11-18 09:43 - 000000000 ____D C:\Program Files (x86)\Panda Security 2019-10-30 11:52 - 2015-11-18 10:18 - 000000000 ____D C:\Temp WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\":: WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99] WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate] AlternateDataStreams: C:\ProgramData\TEMP:A1EDB939 [114] HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ms64B4101AApp => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ms64B4101AApp => ""="Service" FirewallRules: [{76E42ED6-A9D1-4F1C-B61A-DC7A92ACCC2B}] => (Allow) C:\Program Files (x86)\Panda Security\WaAgent\WAHost\WAHost.exe No File C:\Program Files (x86)\Panda Security FirewallRules: [{8253C8DB-B5CD-413E-BE76-8068242A5C9A}] => (Allow) C:\Program Files (x86)\Panda Security\Panda Aether Agent\AgentSvc.exe (Panda Security S.L. -> Panda Security, S.L.) FirewallRules: [{72C9419B-6D9D-4D26-84C4-54996427E6EB}] => (Allow) C:\Program Files (x86)\Panda Security\Panda Aether Agent\AgentSvc.exe (Panda Security S.L. -> Panda Security, S.L.) CMD: ipconfig /flushdns CMD: ipconfig /renew CMD: bitsadmin /reset /allusers CMD: netsh winsock reset CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state ON CMD: netsh int ipv4 reset CMD: netsh int ipv6 reset RemoveProxy: EmptyTemp: Hosts: END ***************** Processes closed successfully. Restore point was successfully created. C:\Program Files (x86)\FONDQXIMSYHLISNDBCFPGGQDFFXNKBARIRJH => moved successfully C:\Program Files (x86)\Panda Security\Panda Aether Agent\AgentSvc.exe => No running process found HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\"Userinit"="C:\Windows\system32\userinit.exe," => value restored successfully HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully "HKU\S-1-5-21-1865021304-481513440-2593777952-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\" => removed successfully C:\Windows\system32\GroupPolicy\User => moved successfully C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully C:\Windows\SysWOW64\GroupPolicy\Machine => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{113494E9-B31F-4153-9C32-A1E126344BD9}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{113494E9-B31F-4153-9C32-A1E126344BD9}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealUpgradeScheduledTaskS-1-5-21-1865021304-481513440-2593777952-1003" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4AE9F5F7-E768-41FC-A7D2-0C2182518C32}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4AE9F5F7-E768-41FC-A7D2-0C2182518C32}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealUpgradeLogonTaskS-1-5-21-1865021304-481513440-2593777952-1003" => removed successfully "HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\\ActivePolicy" => removed successfully PandaAetherAgent => service not found. HKLM\System\CurrentControlSet\Services\Ms64B4101AApp => removed successfully Ms64B4101AApp => service removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs Ms64B4101AAppBak => removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs Ms64B4101AApp => removed successfully "C:\Windows\System32\Ms64B4101AApp.dll" => not found C:\ProgramData\Panda Security => moved successfully "C:\Program Files (x86)\Panda Security" => not found C:\Temp => moved successfully "CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"" => removed successfully "BVTFilter" => removed successfully "BVTConsumer" => removed successfully C:\ProgramData\TEMP => ":A1EDB939" ADS removed successfully HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Ms64B4101AApp => removed successfully HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Ms64B4101AApp => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{76E42ED6-A9D1-4F1C-B61A-DC7A92ACCC2B}" => not found "C:\Program Files (x86)\Panda Security" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8253C8DB-B5CD-413E-BE76-8068242A5C9A}" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{72C9419B-6D9D-4D26-84C4-54996427E6EB}" => not found ========= ipconfig /flushdns ========= Configuraci¢n IP de Windows Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS. ========= End of CMD: ========= ========= ipconfig /renew ========= Configuraci¢n IP de Windows Error en la operaci¢n. No hay ning£n adaptador permitido para esta operaci¢n. ========= End of CMD: ========= ========= bitsadmin /reset /allusers ========= BITSADMIN version 3.0 [ 7.5.7601 ] BITS administration utility. (C) Copyright 2000-2006 Microsoft Corp. BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows. Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets. Unable to cancel {C5720585-EB6C-487F-B8E1-2EFC48803F30}. 0 out of 1 jobs canceled. ========= End of CMD: ========= ========= netsh winsock reset ========= El cat logo Winsock se restableci¢ correctamente. Debe reiniciar el equipo para completar el restablecimiento. ========= End of CMD: ========= ========= netsh advfirewall reset ========= Aceptar ========= End of CMD: ========= ========= netsh advfirewall set allprofiles state ON ========= Aceptar ========= End of CMD: ========= ========= netsh int ipv4 reset ========= Global se restableci¢ correctamente. Interfaz se restableci¢ correctamente. Direcci¢n de unidifusi¢n se restableci¢ correctamente. Ruta se restableci¢ correctamente. Reinicie el equipo para completar esta acci¢n. ========= End of CMD: ========= ========= netsh int ipv6 reset ========= Interfaz se restableci¢ correctamente. Reinicie el equipo para completar esta acci¢n. ========= End of CMD: ========= ========= RemoveProxy: ========= "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully "HKU\S-1-5-21-1865021304-481513440-2593777952-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully "HKU\S-1-5-21-1865021304-481513440-2593777952-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully "HKU\S-1-5-21-1865021304-481513440-2593777952-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully "HKU\S-1-5-21-1865021304-481513440-2593777952-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully ========= End of RemoveProxy: ========= C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 4767891 B Java, Flash, Steam htmlcache => 446 B Windows/system/drivers => 159003156 B Edge => 0 B Chrome => 7996460 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Users => 0 B Default => 0 B Public => 0 B ProgramData => 0 B systemprofile => 16802 B systemprofile32 => 83158 B LocalService => 83158 B NetworkService => 103766 B HORACIO => 80534797 B OPERADOR => 101311045 B TURNO NOCHE => 118334124 B VICARIO => 362670946 B CESAR => 675003313 B INDICADORES => 679023164 B Administrador => 716623047 B RecycleBin => 5102 B EmptyTemp: => 2.7 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 08:21:12 ====