Publicité
Publicité
Format du document : text/plain
Prévisualisation
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-01-2014
Ran by A at 2014-01-22 08:47:38 Run:1
Running from C:\Users\A\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
(Boxore OU) C:\Program Files (x86)\Boxore\BoxoreClient\boxore.exe
HKLM-x32\...\Run: [Boxore Client] - C:\Program Files (x86)\Boxore\BoxoreClient\boxore.exe [961312 2013-08-16] (Boxore OU)
CHR Plugin: (Application Manager) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\spext.dll No File
S2 Software_update; C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe [119408 2014-01-09] (The Software Group)
S3 Software_update_m; C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe [119408 2014-01-09] (The Software Group)
2014-01-09 22:27 - 2014-01-09 22:27 - 00000000 ____D C:\Users\A\AppData\Roaming\OpenCandy
2014-01-09 22:16 - 2014-01-10 22:16 - 00000000 ____D C:\ProgramData\BoxUpdChk
2014-01-09 22:16 - 2014-01-09 22:16 - 00000000 ____D C:\Program Files (x86)\Boxore
2014-01-09 22:09 - 2014-01-21 08:14 - 00000908 _____ C:\Windows\Tasks\SoftwareUpdateTaskMachineUA.job
2014-01-09 22:09 - 2014-01-21 08:09 - 00000904 _____ C:\Windows\Tasks\SoftwareUpdateTaskMachineCore.job
2014-01-09 22:09 - 2014-01-09 22:09 - 00003904 _____ C:\Windows\System32\Tasks\SoftwareUpdateTaskMachineUA
2014-01-09 22:09 - 2014-01-09 22:09 - 00003652 _____ C:\Windows\System32\Tasks\SoftwareUpdateTaskMachineCore
2014-01-09 22:09 - 2014-01-09 22:09 - 00000000 ____D C:\Users\A\AppData\Local\Software
2014-01-09 22:09 - 2014-01-09 22:09 - 00000000 ____D C:\Program Files (x86)\Software
Boxore Client (x32 Version: 4.6.0.0 - Boxore OU) <==== ATTENTION
Task: C:\Windows\Tasks\SoftwareUpdateTaskMachineCore.job
Task: C:\Windows\Tasks\SoftwareUpdateTaskMachineUA.job
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [1344800 2014-01-01] (Conduit)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [1037600 2014-01-01] (Conduit)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP5569590F-2ABD-4FDA-BC38-05E74041BA3B&SSPV=
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP5569590F-2ABD-4FDA-BC38-05E74041BA3B&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP5569590F-2ABD-4FDA-BC38-05E74041BA3B&q={searchTerms}&SSPV=
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
: HKLM-x32 - Ask - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAsk.dll (Ask.com)
FF NewTab: hxxp://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=2&UP=SP5569590F-2ABD-4FDA-BC38-05E74041BA3B
FF Homepage: hxxp://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP5569590F-2ABD-4FDA-BC38-05E74041BA3B&SSPV=
FF SearchPlugin: C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\w8c0oylh.default-1389045371166\searchplugins\conduit-search.xml
FF Extension: Ask Toolbar - C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\w8c0oylh.default-1389045371166\Extensions\toolbar@ask.com [2014-01-09]
2014-01-09 22:27 - 2014-01-09 22:28 - 00000000 ____D C:\Users\A\AppData\Local\SearchProtect
2014-01-09 22:27 - 2014-01-09 22:27 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2014-01-09 22:20 - 2014-01-09 22:20 - 00003802 _____ C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
2014-01-09 22:20 - 2014-01-09 22:20 - 00000000 ____D C:\Program Files (x86)\Ask.com
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:8877;https=127.0.0.1:8877
FF NewTab: hxxp://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=2&UP=SP5569590F-2ABD-4FDA-BC38-05E74041BA3B
FF DefaultSearchEngine: Conduit Search
FF SelectedSearchEngine: Conduit Search
FF Homepage: hxxp://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP5569590F-2ABD-4FDA-BC38-05E74041BA3B&SSPV=
CHR HomePage: hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_1&ent=hp&u=12176626F0992CE4A1824651CD27575A
End
*****************
[2684] C:\Program Files (x86)\Boxore\BoxoreClient\boxore.exe => Process closed successfully.
[2716] C:\Program Files (x86)\Boxore\BoxoreClient\boxore.exe => Process closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Boxore Client => Value deleted successfully.
C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\spext.dll not found.
Software_update => Service deleted successfully.
Software_update_m => Service deleted successfully.
C:\Users\A\AppData\Roaming\OpenCandy => Moved successfully.
C:\ProgramData\BoxUpdChk => Moved successfully.
C:\Program Files (x86)\Boxore => Moved successfully.
C:\Windows\Tasks\SoftwareUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\Tasks\SoftwareUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\System32\Tasks\SoftwareUpdateTaskMachineUA => Moved successfully.
C:\Windows\System32\Tasks\SoftwareUpdateTaskMachineCore => Moved successfully.
C:\Users\A\AppData\Local\Software => Moved successfully.
C:\Program Files (x86)\Software => Moved successfully.
Task: C:\Windows\Tasks\SoftwareUpdateTaskMachineCore.job not found.
Task: C:\Windows\Tasks\SoftwareUpdateTaskMachineUA.job not found.
"C:\\PROGRA~2\\SearchProtect\\SearchProtect\\bin\\SPVC64Loader.dll" => Value Data removed successfully.
"C:\\PROGRA~2\\SearchProtect\\SearchProtect\\bin\\SPVC32Loader.dll" => Value Data removed successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key deleted successfully.
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key deleted successfully.
Firefox newtab deleted successfully.
Firefox homepage deleted successfully.
C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\w8c0oylh.default-1389045371166\searchplugins\conduit-search.xml => Moved successfully.
C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\w8c0oylh.default-1389045371166\Extensions\toolbar@ask.com => Moved successfully.
C:\Users\A\AppData\Local\SearchProtect => Moved successfully.
C:\Program Files (x86)\SearchProtect => Moved successfully.
C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar => Moved successfully.
C:\Program Files (x86)\Ask.com => Moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully.
Firefox newtab deleted successfully.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
CHR HomePage: hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_1&ent=hp&u=12176626F0992CE4A1824651CD27575A ==> The Chrome "Settings" can be used to fix the entry.
==== End of Fixlog ====
Ran by A at 2014-01-22 08:47:38 Run:1
Running from C:\Users\A\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
(Boxore OU) C:\Program Files (x86)\Boxore\BoxoreClient\boxore.exe
HKLM-x32\...\Run: [Boxore Client] - C:\Program Files (x86)\Boxore\BoxoreClient\boxore.exe [961312 2013-08-16] (Boxore OU)
CHR Plugin: (Application Manager) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\spext.dll No File
S2 Software_update; C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe [119408 2014-01-09] (The Software Group)
S3 Software_update_m; C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe [119408 2014-01-09] (The Software Group)
2014-01-09 22:27 - 2014-01-09 22:27 - 00000000 ____D C:\Users\A\AppData\Roaming\OpenCandy
2014-01-09 22:16 - 2014-01-10 22:16 - 00000000 ____D C:\ProgramData\BoxUpdChk
2014-01-09 22:16 - 2014-01-09 22:16 - 00000000 ____D C:\Program Files (x86)\Boxore
2014-01-09 22:09 - 2014-01-21 08:14 - 00000908 _____ C:\Windows\Tasks\SoftwareUpdateTaskMachineUA.job
2014-01-09 22:09 - 2014-01-21 08:09 - 00000904 _____ C:\Windows\Tasks\SoftwareUpdateTaskMachineCore.job
2014-01-09 22:09 - 2014-01-09 22:09 - 00003904 _____ C:\Windows\System32\Tasks\SoftwareUpdateTaskMachineUA
2014-01-09 22:09 - 2014-01-09 22:09 - 00003652 _____ C:\Windows\System32\Tasks\SoftwareUpdateTaskMachineCore
2014-01-09 22:09 - 2014-01-09 22:09 - 00000000 ____D C:\Users\A\AppData\Local\Software
2014-01-09 22:09 - 2014-01-09 22:09 - 00000000 ____D C:\Program Files (x86)\Software
Boxore Client (x32 Version: 4.6.0.0 - Boxore OU) <==== ATTENTION
Task: C:\Windows\Tasks\SoftwareUpdateTaskMachineCore.job
Task: C:\Windows\Tasks\SoftwareUpdateTaskMachineUA.job
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [1344800 2014-01-01] (Conduit)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [1037600 2014-01-01] (Conduit)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP5569590F-2ABD-4FDA-BC38-05E74041BA3B&SSPV=
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP5569590F-2ABD-4FDA-BC38-05E74041BA3B&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP5569590F-2ABD-4FDA-BC38-05E74041BA3B&q={searchTerms}&SSPV=
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
: HKLM-x32 - Ask - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAsk.dll (Ask.com)
FF NewTab: hxxp://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=2&UP=SP5569590F-2ABD-4FDA-BC38-05E74041BA3B
FF Homepage: hxxp://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP5569590F-2ABD-4FDA-BC38-05E74041BA3B&SSPV=
FF SearchPlugin: C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\w8c0oylh.default-1389045371166\searchplugins\conduit-search.xml
FF Extension: Ask Toolbar - C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\w8c0oylh.default-1389045371166\Extensions\toolbar@ask.com [2014-01-09]
2014-01-09 22:27 - 2014-01-09 22:28 - 00000000 ____D C:\Users\A\AppData\Local\SearchProtect
2014-01-09 22:27 - 2014-01-09 22:27 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2014-01-09 22:20 - 2014-01-09 22:20 - 00003802 _____ C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
2014-01-09 22:20 - 2014-01-09 22:20 - 00000000 ____D C:\Program Files (x86)\Ask.com
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:8877;https=127.0.0.1:8877
FF NewTab: hxxp://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=2&UP=SP5569590F-2ABD-4FDA-BC38-05E74041BA3B
FF DefaultSearchEngine: Conduit Search
FF SelectedSearchEngine: Conduit Search
FF Homepage: hxxp://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP5569590F-2ABD-4FDA-BC38-05E74041BA3B&SSPV=
CHR HomePage: hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_1&ent=hp&u=12176626F0992CE4A1824651CD27575A
End
*****************
[2684] C:\Program Files (x86)\Boxore\BoxoreClient\boxore.exe => Process closed successfully.
[2716] C:\Program Files (x86)\Boxore\BoxoreClient\boxore.exe => Process closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Boxore Client => Value deleted successfully.
C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\spext.dll not found.
Software_update => Service deleted successfully.
Software_update_m => Service deleted successfully.
C:\Users\A\AppData\Roaming\OpenCandy => Moved successfully.
C:\ProgramData\BoxUpdChk => Moved successfully.
C:\Program Files (x86)\Boxore => Moved successfully.
C:\Windows\Tasks\SoftwareUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\Tasks\SoftwareUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\System32\Tasks\SoftwareUpdateTaskMachineUA => Moved successfully.
C:\Windows\System32\Tasks\SoftwareUpdateTaskMachineCore => Moved successfully.
C:\Users\A\AppData\Local\Software => Moved successfully.
C:\Program Files (x86)\Software => Moved successfully.
Task: C:\Windows\Tasks\SoftwareUpdateTaskMachineCore.job not found.
Task: C:\Windows\Tasks\SoftwareUpdateTaskMachineUA.job not found.
"C:\\PROGRA~2\\SearchProtect\\SearchProtect\\bin\\SPVC64Loader.dll" => Value Data removed successfully.
"C:\\PROGRA~2\\SearchProtect\\SearchProtect\\bin\\SPVC32Loader.dll" => Value Data removed successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key deleted successfully.
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key deleted successfully.
Firefox newtab deleted successfully.
Firefox homepage deleted successfully.
C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\w8c0oylh.default-1389045371166\searchplugins\conduit-search.xml => Moved successfully.
C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\w8c0oylh.default-1389045371166\Extensions\toolbar@ask.com => Moved successfully.
C:\Users\A\AppData\Local\SearchProtect => Moved successfully.
C:\Program Files (x86)\SearchProtect => Moved successfully.
C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar => Moved successfully.
C:\Program Files (x86)\Ask.com => Moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully.
Firefox newtab deleted successfully.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
CHR HomePage: hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_1&ent=hp&u=12176626F0992CE4A1824651CD27575A ==> The Chrome "Settings" can be used to fix the entry.
==== End of Fixlog ====