Fix result of Farbar Recovery Scan Tool (x86) Version: 03-07-2019 Ran by koneko (09-07-2019 09:58:31) Run:1 Running from C:\Users\koneko\Desktop Loaded Profiles: koneko & DefaultAppPool (Available Profiles: koneko & Classic .NET AppPool & DefaultAppPool) Boot Mode: Normal ============================================== fixlist content: ***************** Start CloseProcesses: CreateRestorePoint: (Doctor Web Ltd. -> ) C:\Users\koneko\AppData\Local\Temp\91F4889C-F4974A0-B2A9AFF4-2B109770\BDEsGRCkLB8T.exe (Doctor Web Ltd. -> ) C:\Users\koneko\AppData\Local\Temp\91F4889C-F4974A0-B2A9AFF4-2B109770\f72MFzqSTR0fVN.exe (Doctor Web Ltd. -> ) C:\Users\koneko\AppData\Local\Temp\91F4889C-F4974A0-B2A9AFF4-2B109770\w0uSboyG4THlc.exe (Doctor Web Ltd. -> ) C:\Users\koneko\Downloads\g39kwszy.exe HKU\S-1-5-21-214190906-2147722573-1573341451-1000\...\MountPoints2: {898aedf2-f76c-11e8-b12a-dc85dee142e6} - E:\setup.exe HKLM\...\Drivers32: [VIDC.FMVC] => C:\Windows\system32\fmcodec.dll [77824 2008-08-18] (Fox Magic Software) [File not signed] HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed] HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [216064 2011-12-07] ( ) [File not signed] HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\system32\xvidvfw.dll [284672 2018-01-28] () [File not signed] HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed] HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\system32\ff_vfw.dll [112128 2015-10-24] () [File not signed] Task: {5A7BEC72-A77B-4D08-AC2B-B0903EA3B9E7} - System32\Tasks\Driver Easy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe [3519856 2018-04-12] (Easeware Technology Limited -> Easeware) Task: C:\Windows\Tasks\AdwCleaner_onReboot.job => C:\Users\koneko\Downloads\AdwCleaner.exe Task: C:\Windows\Tasks\Driver Easy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION HKU\S-1-5-21-214190906-2147722573-1573341451-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-ve/?ocid=iehp SearchScopes: HKU\S-1-5-21-214190906-2147722573-1573341451-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_192\bin\ssv.dll [2018-10-29] (Oracle America, Inc. -> Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_192\bin\jp2ssv.dll [2018-10-29] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.192.2 -> C:\Program Files\Java\jre1.8.0_192\bin\plugin2\npjp2.dll [2018-10-29] (Oracle America, Inc. -> Oracle Corporation) HKLM\SYSTEM\CurrentControlSet\Services\458264B485FEB06A <==== ATTENTION (Rootkit!) AlternateDataStreams: C:\Users\koneko\Downloads\guitar.ogg:com.dropbox.attributes [168] AlternateDataStreams: C:\Users\koneko\Downloads\guitar.ogg:com.dropbox.attrs [58] AlternateDataStreams: C:\Users\koneko\Downloads\MEGA-RECOVERYKEY.txt:com.dropbox.attributes [168] AlternateDataStreams: C:\Users\koneko\Downloads\MEGA-RECOVERYKEY.txt:com.dropbox.attrs [58] CMD: ipconfig /flushdns CMD: ipconfig /renew CMD: bitsadmin /reset /allusers CMD: netsh winsock reset CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state ON CMD: netsh int ipv4 reset CMD: netsh int ipv6 reset RemoveProxy: EmptyTemp: Hosts: END ***************** Processes closed successfully. Restore point was successfully created. C:\Users\koneko\AppData\Local\Temp\91F4889C-F4974A0-B2A9AFF4-2B109770\BDEsGRCkLB8T.exe => No running process found C:\Users\koneko\AppData\Local\Temp\91F4889C-F4974A0-B2A9AFF4-2B109770\f72MFzqSTR0fVN.exe => No running process found C:\Users\koneko\AppData\Local\Temp\91F4889C-F4974A0-B2A9AFF4-2B109770\w0uSboyG4THlc.exe => No running process found C:\Users\koneko\Downloads\g39kwszy.exe => No running process found HKU\S-1-5-21-214190906-2147722573-1573341451-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{898aedf2-f76c-11e8-b12a-dc85dee142e6} => removed successfully. HKLM\Software\Classes\CLSID\{898aedf2-f76c-11e8-b12a-dc85dee142e6} => not found "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\VIDC.FMVC" => removed successfully. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\VIDC.X264" => removed successfully. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\VIDC.LAGS" => removed successfully. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\VIDC.XVID" => removed successfully. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\msacm.ac3acm" => removed successfully. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\VIDC.FFDS" => removed successfully. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A7BEC72-A77B-4D08-AC2B-B0903EA3B9E7} => not found "C:\Windows\System32\Tasks\Driver Easy Scheduled Scan" => not found HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Easy Scheduled Scan => not found C:\Windows\Tasks\AdwCleaner_onReboot.job => moved successfully "C:\Windows\Tasks\Driver Easy Scheduled Scan.job" => not found HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully. "HKU\S-1-5-21-214190906-2147722573-1573341451-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache" => removed successfully. "HKU\S-1-5-21-214190906-2147722573-1573341451-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => removed successfully. HKLM\Software\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => removed successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => removed successfully. HKLM\Software\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => removed successfully. "HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.192.2 -> C:\Program Files\Java\jre1.8.0_192\bin\plugin2\npjp2.dll [2018-10-29] (Oracle America, Inc." => not found C:\Program Files\Java\jre1.8.0_192\bin\plugin2\npjp2.dll => moved successfully HKLM\SYSTEM\CurrentControlSet\Services\458264B485FEB06A <==== ATTENTION (Rootkit!) => Error: No automatic fix found for this entry. C:\Users\koneko\Downloads\guitar.ogg => ":com.dropbox.attributes" ADS removed successfully. C:\Users\koneko\Downloads\guitar.ogg => ":com.dropbox.attrs" ADS removed successfully. C:\Users\koneko\Downloads\MEGA-RECOVERYKEY.txt => ":com.dropbox.attributes" ADS removed successfully. C:\Users\koneko\Downloads\MEGA-RECOVERYKEY.txt => ":com.dropbox.attrs" ADS removed successfully. ========= ipconfig /flushdns ========= Configuraci¢n IP de Windows Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS. ========= End of CMD: ========= ========= ipconfig /renew ========= Configuraci¢n IP de Windows No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local 4 mientras los medios est‚n desconectados. Adaptador de LAN inal mbrica Conexi¢n de red inal mbrica 2: Sufijo DNS espec¡fico para la conexi¢n. . : V¡nculo: direcci¢n IPv6 local. . . : fe80::2c7c:8bf0:e022:cb5c%18 Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.1.106 M scara de subred . . . . . . . . . . . . : 255.255.255.0 Puerta de enlace predeterminada . . . . . : 192.168.1.1 Adaptador de Ethernet Conexi¢n de  rea local 4: Estado de los medios. . . . . . . . . . . : medios desconectados Sufijo DNS espec¡fico para la conexi¢n. . : Adaptador de t£nel isatap.{ADF7F01B-4FC2-4611-898C-462162B244A8}: Estado de los medios. . . . . . . . . . . : medios desconectados Sufijo DNS espec¡fico para la conexi¢n. . : Adaptador de t£nel isatap.{835FB619-95AC-4576-900C-3574FC6E96F9}: Estado de los medios. . . . . . . . . . . : medios desconectados Sufijo DNS espec¡fico para la conexi¢n. . : ========= End of CMD: ========= ========= bitsadmin /reset /allusers ========= BITSADMIN version 3.0 [ 7.5.7601 ] BITS administration utility. (C) Copyright 2000-2006 Microsoft Corp. BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows. Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets. 0 out of 0 jobs canceled. ========= End of CMD: ========= ========= netsh winsock reset ========= El cat logo Winsock se restableci¢ correctamente. Debe reiniciar el equipo para completar el restablecimiento. ========= End of CMD: ========= ========= netsh advfirewall reset ========= Aceptar ========= End of CMD: ========= ========= netsh advfirewall set allprofiles state ON ========= Aceptar ========= End of CMD: ========= ========= netsh int ipv4 reset ========= Global se restableci¢ correctamente. Interfaz se restableci¢ correctamente. Reinicie el equipo para completar esta acci¢n. ========= End of CMD: ========= ========= netsh int ipv6 reset ========= No hay valores configurados por el usuario para restablecer. ========= End of CMD: ========= ========= RemoveProxy: ========= "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully. "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully. "HKU\S-1-5-21-214190906-2147722573-1573341451-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully. "HKU\S-1-5-21-214190906-2147722573-1573341451-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully. ========= End of RemoveProxy: ========= C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 7291580 B Java, Flash, Steam htmlcache => 7905698 B Windows/system/drivers => 0 B Edge => 0 B Chrome => 390085642 B Firefox => 16448884 B Opera => 248070 B Temp, IE cache, history, cookies, recent: Users => 0 B Default => 0 B Public => 0 B ProgramData => 0 B systemprofile => 66228 B LocalService => 66228 B NetworkService => 0 B koneko => 8191831 B Classic .NET AppPool => 0 B DefaultAppPool => 0 B RecycleBin => 0 B EmptyTemp: => 418.4 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 10:05:08 ====