Fix result of Farbar Recovery Scan Tool (x64) Version: 30-10-2019 01 Ran by usuario (31-10-2019 14:45:51) Run:1 Running from C:\Users\usuario\Desktop Loaded Profiles: usuario (Available Profiles: usuario) Boot Mode: Normal ============================================== fixlist content: ***************** Start CloseProcesses: CreateRestorePoint: HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION Task: {36AAE86A-B8DC-4B8F-9E51-7D53739FE0EE} - System32\Tasks\{0FF62A7D-984D-4D1A-9B6A-7BCFD96748C9} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\ByteFence\ByteFence.exe" -c /uninstall C:\Program Files\ByteFence Task: {50495278-501C-4F46-BE4F-43A9BE9369A5} - System32\Tasks\{CCA3D054-B006-4266-A76C-4A7867E02C79} => C:\Windows\system32\pcalua.exe -a I:\AutoPlay\cd\monsetup.exe -d I:\AutoPlay\cd Task: {809F99BE-85FF-4987-80E1-096FB2939189} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\usuario\Downloads\ESETOnlineScanner_ESL.exe [8166712 2019-09-23] (ESET, spol. s r.o. -> ESET spol. s r.o.) Task: {A39379A8-0130-4CAE-87B8-F02D653F2FBD} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {B5530970-B3E8-4399-A939-93331F28817E} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\usuario\Downloads\ESETOnlineScanner_ESL.exe [8166712 2019-09-23] (ESET, spol. s r.o. -> ESET spol. s r.o.) Task: {DB67F0AE-6FA4-4895-ADC9-D3C81D1A8105} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK FF Extension: (Safe Browsing Version 4 (temporary add-on)) - C:\Users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\p3mjnxqy.default\Extensions\sbv4-gradual-rollout@mozilla.com.xpi [2017-10-24] [Legacy] CHR Extension: (Chrome Media Router) - C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-10-25] CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-09-12] (AVAST Software s.r.o. -> AVAST Software) S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-09-12] (AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser 2019-10-29 14:30 - 2019-10-29 14:30 - 001619968 _____ (Farbar) C:\Users\usuario\Downloads\Sin confirmar 809905.crdownload 2019-10-28 00:24 - 2019-10-28 03:17 - 000002980 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn 2019-10-28 00:24 - 2019-10-28 03:17 - 000002600 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File FirewallRules: [UDP Query User{9E47E849-4287-4D58-A1A8-6D5EB36C6866}C:\users\usuario\documents\ukuyol\downloads\call of duty\codmp.exe] => (Block) C:\users\usuario\documents\ukuyol\downloads\call of duty\codmp.exe No File FirewallRules: [TCP Query User{C3BB3DB7-8832-4CB3-87A0-DDD7A71188FD}C:\users\usuario\documents\ukuyol\downloads\call of duty\codmp.exe] => (Block) C:\users\usuario\documents\ukuyol\downloads\call of duty\codmp.exe No File FirewallRules: [UDP Query User{5827C16E-87D3-4A82-A841-E1885C3B5349}C:\users\usuario\desktop\battlefield 2 demo\bf2_w32ded.exe] => (Block) C:\users\usuario\desktop\battlefield 2 demo\bf2_w32ded.exe No File FirewallRules: [TCP Query User{841BCF0B-F82D-4FAF-B10C-D43C57BB5487}C:\users\usuario\desktop\battlefield 2 demo\bf2_w32ded.exe] => (Block) C:\users\usuario\desktop\battlefield 2 demo\bf2_w32ded.exe No File FirewallRules: [UDP Query User{F8673519-3D89-462A-AD7B-651E679D6C6B}C:\users\usuario\video games\half-life\hl.exe] => (Block) C:\users\usuario\video games\half-life\hl.exe No File FirewallRules: [TCP Query User{BBBCE8DB-6DC4-4449-BD86-B8092F0B1207}C:\users\usuario\video games\half-life\hl.exe] => (Block) C:\users\usuario\video games\half-life\hl.exe No File C:\Program Files\AVAST Software\Avast\setup\New_13080959\aswOfferTool.exe C:\Program Files\AVAST Software\Avast\setup\aswOfferTool.exe C:\Program Files\AVAST Software\Avast\setup\offertool_x64_ais-959.vpx CMD: ipconfig /flushdns CMD: ipconfig /renew CMD: bitsadmin /reset /allusers CMD: netsh winsock reset CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state ON CMD: netsh int ipv4 reset CMD: netsh int ipv6 reset RemoveProxy: EmptyTemp: Hosts: END ***************** Processes closed successfully. Restore point was successfully created. HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully HKLM\SOFTWARE\Policies\Mozilla => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{36AAE86A-B8DC-4B8F-9E51-7D53739FE0EE}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36AAE86A-B8DC-4B8F-9E51-7D53739FE0EE}" => removed successfully C:\WINDOWS\System32\Tasks\{0FF62A7D-984D-4D1A-9B6A-7BCFD96748C9} => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0FF62A7D-984D-4D1A-9B6A-7BCFD96748C9}" => removed successfully "C:\Program Files\ByteFence" => not found "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{50495278-501C-4F46-BE4F-43A9BE9369A5}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{50495278-501C-4F46-BE4F-43A9BE9369A5}" => removed successfully C:\WINDOWS\System32\Tasks\{CCA3D054-B006-4266-A76C-4A7867E02C79} => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CCA3D054-B006-4266-A76C-4A7867E02C79}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{809F99BE-85FF-4987-80E1-096FB2939189}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{809F99BE-85FF-4987-80E1-096FB2939189}" => removed successfully C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onLogOn => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onLogOn" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A39379A8-0130-4CAE-87B8-F02D653F2FBD}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A39379A8-0130-4CAE-87B8-F02D653F2FBD}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B5530970-B3E8-4399-A939-93331F28817E}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B5530970-B3E8-4399-A939-93331F28817E}" => removed successfully C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onTime => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onTime" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DB67F0AE-6FA4-4895-ADC9-D3C81D1A8105}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB67F0AE-6FA4-4895-ADC9-D3C81D1A8105}" => removed successfully C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CreateExplorerShellUnelevatedTask" => removed successfully C:\Users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\p3mjnxqy.default\Extensions\sbv4-gradual-rollout@mozilla.com.xpi => moved successfully CHR Extension: (Chrome Media Router) - C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-10-25] => Error: No automatic fix found for this entry. HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => removed successfully HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => removed successfully HKLM\System\CurrentControlSet\Services\avast => removed successfully avast => service removed successfully HKLM\System\CurrentControlSet\Services\avastm => removed successfully avastm => service removed successfully "C:\Program Files (x86)\AVAST Software\Browser" folder move: Could not move "C:\Program Files (x86)\AVAST Software\Browser" => Scheduled to move on reboot. "C:\Users\usuario\Downloads\Sin confirmar 809905.crdownload" => not found "C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn" => not found "C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime" => not found HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => removed successfully HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => removed successfully HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip => removed successfully HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully "HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{9E47E849-4287-4D58-A1A8-6D5EB36C6866}C:\users\usuario\documents\ukuyol\downloads\call of duty\codmp.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{C3BB3DB7-8832-4CB3-87A0-DDD7A71188FD}C:\users\usuario\documents\ukuyol\downloads\call of duty\codmp.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{5827C16E-87D3-4A82-A841-E1885C3B5349}C:\users\usuario\desktop\battlefield 2 demo\bf2_w32ded.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{841BCF0B-F82D-4FAF-B10C-D43C57BB5487}C:\users\usuario\desktop\battlefield 2 demo\bf2_w32ded.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F8673519-3D89-462A-AD7B-651E679D6C6B}C:\users\usuario\video games\half-life\hl.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{BBBCE8DB-6DC4-4449-BD86-B8092F0B1207}C:\users\usuario\video games\half-life\hl.exe" => removed successfully "C:\Program Files\AVAST Software\Avast\setup\New_13080959\aswOfferTool.exe" => not found Could not move "C:\Program Files\AVAST Software\Avast\setup\aswOfferTool.exe" => Scheduled to move on reboot. Could not move "C:\Program Files\AVAST Software\Avast\setup\offertool_x64_ais-959.vpx" => Scheduled to move on reboot. ========= ipconfig /flushdns ========= Configuraci¢n IP de Windows Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS. ========= End of CMD: ========= ========= ipconfig /renew ========= Configuraci¢n IP de Windows Adaptador de Ethernet Ethernet: Sufijo DNS espec¡fico para la conexi¢n. . : home Direcci¢n IPv6 . . . . . . . . . . : fd14:9d09:4643:4000:acc3:7e89:4d31:92dc Direcci¢n IPv6 temporal. . . . . . : fd14:9d09:4643:4000:39bd:85d4:957e:feea V¡nculo: direcci¢n IPv6 local. . . : fe80::acc3:7e89:4d31:92dc%14 Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.1.4 M scara de subred . . . . . . . . . . . . : 255.255.255.0 Puerta de enlace predeterminada . . . . . : 192.168.1.1 ========= End of CMD: ========= ========= bitsadmin /reset /allusers ========= BITSADMIN version 3.0 BITS administration utility. (C) Copyright Microsoft Corp. {B16C4108-61AA-46ED-9C14-691DA3235F42} canceled. {D9FF431A-1BE5-4532-9617-E707E85C5E5E} canceled. 2 out of 2 jobs canceled. ========= End of CMD: ========= ========= netsh winsock reset ========= El cat logo Winsock se restableci¢ correctamente. Debe reiniciar el equipo para completar el restablecimiento. ========= End of CMD: ========= ========= netsh advfirewall reset ========= Aceptar ========= End of CMD: ========= ========= netsh advfirewall set allprofiles state ON ========= Aceptar ========= End of CMD: ========= ========= netsh int ipv4 reset ========= Reenv¡o de compartimiento se restableci¢ correctamente. Compartimiento se restableci¢ correctamente. Protocolo de control se restableci¢ correctamente. Solicitud de secuencia eco se restableci¢ correctamente. Global se restableci¢ correctamente. Interfaz se restableci¢ correctamente. Direcci¢n de difusi¢n por proximidad (a se restableci¢ correctamente. Direcciones de multidifusi¢n se restableci¢ correctamente. Direcci¢n de unidifusi¢n se restableci¢ correctamente. Vecino se restableci¢ correctamente. Ruta de acceso se restableci¢ correctamente. Posible se restableci¢ correctamente. Directiva de prefijo se restableci¢ correctamente. Vecino de proxy se restableci¢ correctamente. Ruta se restableci¢ correctamente. Prefijo de sitio se restableci¢ correctamente. Subinterfaz se restableci¢ correctamente. Patr¢n de reactivaci¢n se restableci¢ correctamente. Resolver vecino se restableci¢ correctamente. se restableci¢ correctamente. se restableci¢ correctamente. se restableci¢ correctamente. se restableci¢ correctamente. Error al restablecer . Acceso denegado. se restableci¢ correctamente. se restableci¢ correctamente. se restableci¢ correctamente. se restableci¢ correctamente. se restableci¢ correctamente. se restableci¢ correctamente. se restableci¢ correctamente. Reinicie el equipo para completar esta acci¢n. ========= End of CMD: ========= ========= netsh int ipv6 reset ========= Reenv¡o de compartimiento se restableci¢ correctamente. Compartimiento se restableci¢ correctamente. Protocolo de control se restableci¢ correctamente. Solicitud de secuencia eco se restableci¢ correctamente. Global se restableci¢ correctamente. Interfaz se restableci¢ correctamente. Direcci¢n de difusi¢n por proximidad (a se restableci¢ correctamente. Direcciones de multidifusi¢n se restableci¢ correctamente. Direcci¢n de unidifusi¢n se restableci¢ correctamente. Vecino se restableci¢ correctamente. Ruta de acceso se restableci¢ correctamente. Posible se restableci¢ correctamente. Directiva de prefijo se restableci¢ correctamente. Vecino de proxy se restableci¢ correctamente. Ruta se restableci¢ correctamente. Prefijo de sitio se restableci¢ correctamente. Subinterfaz se restableci¢ correctamente. Patr¢n de reactivaci¢n se restableci¢ correctamente. Resolver vecino se restableci¢ correctamente. se restableci¢ correctamente. se restableci¢ correctamente. se restableci¢ correctamente. se restableci¢ correctamente. Error al restablecer . Acceso denegado. se restableci¢ correctamente. se restableci¢ correctamente. se restableci¢ correctamente. se restableci¢ correctamente. se restableci¢ correctamente. se restableci¢ correctamente. se restableci¢ correctamente. Reinicie el equipo para completar esta acci¢n. ========= End of CMD: ========= ========= RemoveProxy: ========= "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully "HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully "HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully "HKU\S-1-5-21-1752042819-2756060608-3822567964-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully "HKU\S-1-5-21-1752042819-2756060608-3822567964-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully ========= End of RemoveProxy: ========= C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. =========== EmptyTemp: ========== BITS transfer queue => 10510336 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 148738143 B Java, Flash, Steam htmlcache => 1124 B Windows/system/drivers => 2375417 B Edge => 493056 B Chrome => 326728079 B Firefox => 5541657 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 3794 B NetworkService => 3794 B usuario => 62949119 B RecycleBin => 998442384 B EmptyTemp: => 1.4 GB temporary data Removed. ================================ Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 31-10-2019 15:15:59) C:\Program Files (x86)\AVAST Software\Browser => Is moved successfully C:\Program Files\AVAST Software\Avast\setup\aswOfferTool.exe => Could not move C:\Program Files\AVAST Software\Avast\setup\offertool_x64_ais-959.vpx => Could not move ==== End of Fixlog 15:16:00 ====