Fix result of Farbar Recovery Scan Tool (x64) Version: 07-12-2019 Ran by Administrador (09-12-2019 00:05:35) Run:1 Running from C:\Users\Administrador\Desktop Loaded Profiles: Administrador (Available Profiles: OPERADOR & User & elauria & Laura & Melisa & Maria & Administrador) Boot Mode: Normal ============================================== fixlist content: ***************** Start CloseProcesses: CreateRestorePoint: Task: {9DD72C19-E6D7-489C-8531-6E750811D958} - System32\Tasks\SUPERAntiSpyware Scheduled Task 38e10d51-91c4-4078-910c-d6dae7dbe491 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [49944 2013-11-07] (SUPERAntiSpyware.com -> SUPERAdBlocker.com) Task: {AEABEAB4-FB2F-4E8B-885B-B3B7E78C1AFF} - System32\Tasks\EOSv3 Scheduler onTime => C:\esetonlinescanner_esl.exe [8166712 2019-11-12] (ESET, spol. s r.o. -> ESET spol. s r.o.) Task: {C5A247D4-1A13-4B2B-9B86-4FB6BED37575} - System32\Tasks\SUPERAntiSpyware Scheduled Task 636cecce-3a4b-4e3b-92fd-ce85e26f7f43 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [49944 2013-11-07] (SUPERAntiSpyware.com -> SUPERAdBlocker.com) Task: {CD20662C-B740-4023-87E5-B207B9705CC0} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\esetonlinescanner_esl.exe [8166712 2019-11-12] (ESET, spol. s r.o. -> ESET spol. s r.o.) Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 38e10d51-91c4-4078-910c-d6dae7dbe491.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 636cecce-3a4b-4e3b-92fd-ce85e26f7f43.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <==== ATTENTION (Restriction - ProxySettings) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION HKU\S-1-5-21-1290145888-3760638704-4044190752-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ar.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset SearchScopes: HKU\S-1-5-21-1290145888-3760638704-4044190752-500 -> {619FFEC0-9883-40F8-AC33-AE03E39EC320} URL = hxxps://ar.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default CHR DefaultSearchURL: Default -> hxxps://es.search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=orcl_default CHR DefaultSearchKeyword: Default -> Yahoo CHR DefaultSuggestURL: Default -> hxxps://es.search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10 CHR HKLM-x32\...\Chrome\Extension: [kpdmjodecdegfglgaapafjleomjjlpnh] R2 bddci; C:\Windows\System32\Drivers\bddci.sys [153224 2019-11-18] (Bitdefender SRL -> Bitdefender) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 Trufos; C:\Windows\System32\Drivers\trufos.sys [439928 2019-11-18] (Bitdefender SRL -> BitDefender S.R.L.) S3 mdareDriver_52; \??\C:\Program Files (x86)\Fortinet\FortiClient\mdare64_52.sys [X] S3 mdareDriver_60; \??\C:\Program Files (x86)\Fortinet\FortiClient\mdare64_60.sys [X] S3 mdareDriver_61; \??\C:\Program Files (x86)\Fortinet\FortiClient\mdare64_61.sys [X] S3 mdareDriver_62; \??\C:\Program Files (x86)\Fortinet\FortiClient\mdare64_62.sys [X] 2019-12-02 01:38 - 2019-12-06 02:00 - 000000526 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 38e10d51-91c4-4078-910c-d6dae7dbe491.job 2019-12-02 01:38 - 2019-12-06 01:38 - 000000526 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 636cecce-3a4b-4e3b-92fd-ce85e26f7f43.job 2019-12-02 01:38 - 2019-12-02 01:38 - 000003630 _____ C:\Windows\system32\Tasks\SUPERAntiSpyware Scheduled Task 38e10d51-91c4-4078-910c-d6dae7dbe491 2019-12-02 01:38 - 2019-12-02 01:38 - 000003556 _____ C:\Windows\system32\Tasks\SUPERAntiSpyware Scheduled Task 636cecce-3a4b-4e3b-92fd-ce85e26f7f43 2019-12-02 01:38 - 2019-12-02 01:38 - 000000000 ____D C:\Users\Administrador\AppData\Roaming\SUPERAntiSpyware.com 2019-12-02 01:37 - 2019-12-02 01:38 - 000000000 ____D C:\Program Files\SUPERAntiSpyware 2019-12-02 01:37 - 2019-12-02 01:37 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com 2019-12-02 01:37 - 2019-12-02 01:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware 2019-12-02 00:53 - 2019-12-02 00:53 - 043352128 _____ (SUPERAntiSpyware) C:\Users\Administrador\Downloads\SUPERAntiSpywarePro (1).exe 2019-12-02 00:52 - 2019-12-02 00:53 - 043352128 _____ (SUPERAntiSpyware) C:\Users\Administrador\Downloads\SUPERAntiSpywarePro.exe 2019-11-22 02:14 - 2019-11-22 02:14 - 000000000 ____D C:\Windows\system32\Tasks\Safer-Networking 2019-11-22 02:10 - 2019-12-06 02:30 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2019-11-22 02:10 - 2019-12-06 02:25 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy 2019-11-22 02:08 - 2019-11-22 02:08 - 069910960 _____ (Safer-Networking Ltd. ) C:\Users\Administrador\Downloads\spybotsd-2.7.64.0.exe 2019-11-22 01:12 - 2019-11-22 01:12 - 000000000 _____ C:\Users\Administrador\Downloads\Sin confirmar 252158.crdownload 2019-11-20 13:30 - 2019-11-20 13:30 - 000000000 ____D C:\ProgramData\Emsisoft 2019-11-20 13:26 - 2019-11-20 15:34 - 000000000 ____D C:\EEK 2019-11-20 13:23 - 2019-11-20 13:24 - 355269888 _____ C:\Users\Administrador\Downloads\EmsisoftEmergencyKit.exe 2019-11-18 13:58 - 2019-11-18 13:58 - 000439928 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys 2019-11-18 13:58 - 2019-11-18 13:58 - 000153224 _____ (Bitdefender) C:\Windows\system32\Drivers\bddci.sys 2019-11-16 13:57 - 2019-11-16 13:58 - 000000000 ____D C:\ProgramData\Trend Micro 2019-11-16 13:57 - 2019-11-16 13:57 - 000000000 ____D C:\Windows\Trend Micro 2019-11-13 16:37 - 2019-12-01 14:50 - 000003698 _____ C:\Windows\system32\Tasks\EOSv3 Scheduler onLogOn 2019-11-13 16:37 - 2019-12-01 14:50 - 000003258 _____ C:\Windows\system32\Tasks\EOSv3 Scheduler onTime 2019-11-12 17:27 - 2019-11-12 17:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security 2019-11-12 17:27 - 2019-11-12 17:27 - 000000000 ____D C:\Program Files (x86)\Panda Security 2019-11-12 17:27 - 2015-01-29 18:21 - 000050320 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys 2019-11-12 17:26 - 2019-11-12 17:26 - 038191600 _____ (Panda Security ) C:\Users\Administrador\Downloads\PandaCloudCleaner.exe 2019-11-12 13:13 - 2019-11-12 13:13 - 008166712 _____ (ESET spol. s r.o.) C:\esetonlinescanner_esl.exe 2019-11-12 13:13 - 2019-11-12 13:13 - 000000000 ____D C:\Users\Administrador\AppData\Local\ESET 2019-11-18 14:03 - 2015-09-28 14:28 - 000000000 ____D C:\Program Files (x86)\Fortinet 2019-11-16 13:58 - 2014-10-02 17:04 - 000000000 ____D C:\Program Files (x86)\Trend Micro 2019-11-12 15:20 - 2014-10-02 17:23 - 000000000 ____D C:\temp FirewallRules: [SCW-Allow-Inbound-Access-To-ScsHost-TCP-RPC-EndPointMapper] => (Allow) %systemroot%\system32\scshost.exe No File FirewallRules: [SCW-Allow-Inbound-Access-To-ScsHost-TCP-RPC] => (Allow) %systemroot%\system32\scshost.exe No File CMD: ipconfig /flushdns CMD: ipconfig /renew CMD: bitsadmin /reset /allusers CMD: netsh winsock reset CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state ON CMD: netsh int ipv4 reset CMD: netsh int ipv6 reset RemoveProxy: EmptyTemp: Hosts: END ***************** Processes closed successfully. Error: (0) Failed to create a restore point. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9DD72C19-E6D7-489C-8531-6E750811D958}" => not found "C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 38e10d51-91c4-4078-910c-d6dae7dbe491" => not found "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SUPERAntiSpyware Scheduled Task 38e10d51-91c4-4078-910c-d6dae7dbe491" => not found "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AEABEAB4-FB2F-4E8B-885B-B3B7E78C1AFF}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AEABEAB4-FB2F-4E8B-885B-B3B7E78C1AFF}" => removed successfully C:\Windows\System32\Tasks\EOSv3 Scheduler onTime => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onTime" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5A247D4-1A13-4B2B-9B86-4FB6BED37575}" => not found "C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 636cecce-3a4b-4e3b-92fd-ce85e26f7f43" => not found "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SUPERAntiSpyware Scheduled Task 636cecce-3a4b-4e3b-92fd-ce85e26f7f43" => not found "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CD20662C-B740-4023-87E5-B207B9705CC0}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD20662C-B740-4023-87E5-B207B9705CC0}" => removed successfully C:\Windows\System32\Tasks\EOSv3 Scheduler onLogOn => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onLogOn" => removed successfully "C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 38e10d51-91c4-4078-910c-d6dae7dbe491.job" => not found "C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 636cecce-3a4b-4e3b-92fd-ce85e26f7f43.job" => not found "HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxySettingsPerUser" => removed successfully HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully HKU\S-1-5-21-1290145888-3760638704-4044190752-500\Software\Microsoft\Internet Explorer\Main\\"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully HKU\S-1-5-21-1290145888-3760638704-4044190752-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{619FFEC0-9883-40F8-AC33-AE03E39EC320} => removed successfully "Chrome DefaultSearchURL" => removed successfully "Chrome DefaultSearchKeyword" => removed successfully "Chrome DefaultSuggestURL" => removed successfully HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kpdmjodecdegfglgaapafjleomjjlpnh => removed successfully bddci => Service stopped successfully. HKLM\System\CurrentControlSet\Services\bddci => removed successfully bddci => service removed successfully SASDIFSV => service not found. SASKUTIL => service not found. HKLM\System\CurrentControlSet\Services\Trufos => removed successfully Trufos => service removed successfully HKLM\System\CurrentControlSet\Services\mdareDriver_52 => removed successfully mdareDriver_52 => service removed successfully HKLM\System\CurrentControlSet\Services\mdareDriver_60 => removed successfully mdareDriver_60 => service removed successfully HKLM\System\CurrentControlSet\Services\mdareDriver_61 => removed successfully mdareDriver_61 => service removed successfully HKLM\System\CurrentControlSet\Services\mdareDriver_62 => removed successfully mdareDriver_62 => service removed successfully "C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 38e10d51-91c4-4078-910c-d6dae7dbe491.job" => not found "C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 636cecce-3a4b-4e3b-92fd-ce85e26f7f43.job" => not found "C:\Windows\system32\Tasks\SUPERAntiSpyware Scheduled Task 38e10d51-91c4-4078-910c-d6dae7dbe491" => not found "C:\Windows\system32\Tasks\SUPERAntiSpyware Scheduled Task 636cecce-3a4b-4e3b-92fd-ce85e26f7f43" => not found "C:\Users\Administrador\AppData\Roaming\SUPERAntiSpyware.com" => not found "C:\Program Files\SUPERAntiSpyware" => not found "C:\ProgramData\SUPERAntiSpyware.com" => not found "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware" => not found C:\Users\Administrador\Downloads\SUPERAntiSpywarePro (1).exe => moved successfully C:\Users\Administrador\Downloads\SUPERAntiSpywarePro.exe => moved successfully C:\Windows\system32\Tasks\Safer-Networking => moved successfully "C:\Program Files (x86)\Spybot - Search & Destroy 2" => not found C:\ProgramData\Spybot - Search & Destroy => moved successfully C:\Users\Administrador\Downloads\spybotsd-2.7.64.0.exe => moved successfully "C:\Users\Administrador\Downloads\Sin confirmar 252158.crdownload" => not found C:\ProgramData\Emsisoft => moved successfully C:\EEK => moved successfully C:\Users\Administrador\Downloads\EmsisoftEmergencyKit.exe => moved successfully C:\Windows\system32\Drivers\trufos.sys => moved successfully C:\Windows\system32\Drivers\bddci.sys => moved successfully C:\ProgramData\Trend Micro => moved successfully C:\Windows\Trend Micro => moved successfully "C:\Windows\system32\Tasks\EOSv3 Scheduler onLogOn" => not found "C:\Windows\system32\Tasks\EOSv3 Scheduler onTime" => not found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security => moved successfully C:\Program Files (x86)\Panda Security => moved successfully C:\Windows\system32\Drivers\PSKMAD.sys => moved successfully C:\Users\Administrador\Downloads\PandaCloudCleaner.exe => moved successfully C:\esetonlinescanner_esl.exe => moved successfully C:\Users\Administrador\AppData\Local\ESET => moved successfully C:\Program Files (x86)\Fortinet => moved successfully C:\Program Files (x86)\Trend Micro => moved successfully C:\temp => moved successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\SCW-Allow-Inbound-Access-To-ScsHost-TCP-RPC-EndPointMapper" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\SCW-Allow-Inbound-Access-To-ScsHost-TCP-RPC" => removed successfully ========= ipconfig /flushdns ========= Configuraci¢n IP de Windows Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS. ========= End of CMD: ========= ========= ipconfig /renew ========= Configuraci¢n IP de Windows Adaptador de Ethernet Conexi¢n de  rea local 3: Sufijo DNS espec¡fico para la conexi¢n. . : Direcci¢n IPv4. . . . . . . . . . . . . . : 169.254.95.120 M scara de subred . . . . . . . . . . . . : 255.255.255.0 Puerta de enlace predeterminada . . . . . : Adaptador de Ethernet Conexi¢n de  rea local: Sufijo DNS espec¡fico para la conexi¢n. . : Direcci¢n IPv6 . . . . . . . . . . : fdf4:e3fb:339:2600:9865:2ced:dacc:1cdd V¡nculo: direcci¢n IPv6 local. . . : fe80::9865:2ced:dacc:1cdd%11 Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.0.100 M scara de subred . . . . . . . . . . . . : 255.255.255.0 Puerta de enlace predeterminada . . . . . : 192.168.0.1 Adaptador de t£nel isatap.{9D46771A-A31C-4CDF-9CCE-08FA2970FB68}: Estado de los medios. . . . . . . . . . . : medios desconectados Sufijo DNS espec¡fico para la conexi¢n. . : Adaptador de t£nel isatap.{E70B7452-EAD7-4A1B-91EB-8C91AE036040}: Estado de los medios. . . . . . . . . . . : medios desconectados Sufijo DNS espec¡fico para la conexi¢n. . : ========= End of CMD: ========= ========= bitsadmin /reset /allusers ========= BITSADMIN version 3.0 [ 7.5.7601 ] BITS administration utility. (C) Copyright 2000-2006 Microsoft Corp. BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows. Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets. 0 out of 0 jobs canceled. ========= End of CMD: ========= ========= netsh winsock reset ========= El cat logo Winsock se restableci¢ correctamente. Debe reiniciar el equipo para completar el restablecimiento. ========= End of CMD: ========= ========= netsh advfirewall reset ========= Aceptar ========= End of CMD: ========= ========= netsh advfirewall set allprofiles state ON ========= Aceptar ========= End of CMD: ========= ========= netsh int ipv4 reset ========= Global se restableci¢ correctamente. Interfaz se restableci¢ correctamente. Direcci¢n de unidifusi¢n se restableci¢ correctamente. Ruta se restableci¢ correctamente. Reinicie el equipo para completar esta acci¢n. ========= End of CMD: ========= ========= netsh int ipv6 reset ========= Interfaz se restableci¢ correctamente. Reinicie el equipo para completar esta acci¢n. ========= End of CMD: ========= ========= RemoveProxy: ========= "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully "HKU\S-1-5-21-1290145888-3760638704-4044190752-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer" => removed successfully "HKU\S-1-5-21-1290145888-3760638704-4044190752-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully "HKU\S-1-5-21-1290145888-3760638704-4044190752-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully ========= End of RemoveProxy: ========= Could not move "C:\Windows\System32\Drivers\etc\hosts" => Scheduled to move on reboot. =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 3029754 B Java, Flash, Steam htmlcache => 506 B Windows/system/drivers => 13280005 B Edge => 0 B Chrome => 9788733 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Users => 0 B Default => 6188 B Public => 6188 B ProgramData => 6188 B systemprofile => 39374 B systemprofile32 => 354558 B LocalService => 354558 B NetworkService => 354558 B OPERADOR => 354736 B User => 354784 B elauria => 6197650 B TM_OSCE_SERVERCODISE => 6197650 B Laura => 6204274 B Melisa => 6216040 B Maria => 6220616 B Administrador => 11312840 B RecycleBin => 6673132 B EmptyTemp: => 81.4 MB temporary data Removed. ================================ Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 09-12-2019 07:54:29) C:\Windows\System32\Drivers\etc\hosts => Is moved successfully Hosts restored successfully. ==== End of Fixlog 07:54:29 ====