cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:28-06-2014 02
Ran by N at 2014-06-28 13:58:39 Run:2
Running from C:\Users\N\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
HKU\S-1-5-21-1715670674-287497209-379217394-1000\...\Winlogon: [Shell] C:\Windows\system32\Windows Audio Device Graph Isolation\audiodg.exe [39136256 2014-03-02] () <==== ATTENTION
IFEO\AvastSvc.exe: [Debugger] nqij.exe
IFEO\AvastUI.exe: [Debugger] nqij.exe
IFEO\avcenter.exe: [Debugger] nqij.exe
IFEO\avconfig.exe: [Debugger] nqij.exe
IFEO\avgcsrvx.exe: [Debugger] nqij.exe
IFEO\avgidsagent.exe: [Debugger] nqij.exe
IFEO\avgnt.exe: [Debugger] nqij.exe
IFEO\avgrsx.exe: [Debugger] nqij.exe
IFEO\avguard.exe: [Debugger] nqij.exe
IFEO\avgui.exe: [Debugger] nqij.exe
IFEO\avgwdsvc.exe: [Debugger] nqij.exe
IFEO\avp.exe: [Debugger] nqij.exe
IFEO\avscan.exe: [Debugger] nqij.exe
IFEO\bdagent.exe: [Debugger] nqij.exe
IFEO\blindman.exe: [Debugger] nqij.exe
IFEO\ccuac.exe: [Debugger] nqij.exe
IFEO\ComboFix.exe: [Debugger] nqij.exe
IFEO\egui.exe: [Debugger] nqij.exe
IFEO\hijackthis.exe: [Debugger] nqij.exe
IFEO\instup.exe: [Debugger] nqij.exe
IFEO\keyscrambler.exe: [Debugger] nqij.exe
IFEO\mbam.exe: [Debugger] nqij.exe
IFEO\mbamgui.exe: [Debugger] nqij.exe
IFEO\mbampt.exe: [Debugger] nqij.exe
IFEO\mbamscheduler.exe: [Debugger] nqij.exe
IFEO\mbamservice.exe: [Debugger] nqij.exe
IFEO\MpCmdRun.exe: [Debugger] nqij.exe
IFEO\MSASCui.exe: [Debugger] nqij.exe
IFEO\MsMpEng.exe: [Debugger] nqij.exe
IFEO\msseces.exe: [Debugger] nqij.exe
IFEO\rstrui.exe: [Debugger] nqij.exe
IFEO\SDFiles.exe: [Debugger] nqij.exe
IFEO\SDMain.exe: [Debugger] nqij.exe
IFEO\SDWinSec.exe: [Debugger] nqij.exe
IFEO\spybotsd.exe: [Debugger] nqij.exe
IFEO\wireshark.exe: [Debugger] nqij.exe
2014-06-25 19:28 - 2014-06-25 19:28 - 00006271 _____ () C:\Pre_Scan.txt
2014-06-25 19:05 - 2014-06-25 19:05 - 00000310 _____ () C:\Windows\PFRO.log
2014-06-25 08:02 - 2014-06-25 08:02 - 02595840 _____ () C:\Users\N\Documents\Pre_Scan.pif
2014-06-25 07:51 - 2014-06-25 07:51 - 00000000 _____ () C:\Users\N\Documents\DFyxilryPGe_combofix.com.vkb87cv.partial
2014-06-25 07:43 - 2014-06-25 07:43 - 00000000 _____ () C:\Users\N\Documents\DFyxilryPGe_combofix.com.zc4bkdg.partial
2014-06-24 21:54 - 2014-06-25 19:28 - 00000000 ____D () C:\Pre_Scan
2014-06-23 22:38 - 2014-06-23 22:38 - 00000000 _____ () C:\Users\N\Desktop\ComboFix.exe.kauo8je.partial
2014-06-23 22:29 - 2014-06-23 22:29 - 00000000 _____ () C:\Users\N\Desktop\RogueKiller.exe.yvxg2yx.partial
2014-06-23 22:07 - 2014-06-23 22:07 - 00000000 _____ () C:\Users\N\Desktop\RogueKiller.exe.ywaji2y.partial
2014-06-23 22:00 - 2014-06-25 19:12 - 00006400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-23 22:00 - 2014-06-25 19:12 - 00006400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-23 22:00 - 2014-06-23 22:00 - 00000552 _____ () C:\Windows\system32\spsys.log
2014-06-18 22:51 - 2014-06-18 22:51 - 00000000 ____D () C:\Windows\pss
2014-06-25 19:12 - 2014-06-23 22:00 - 00006400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-25 19:12 - 2014-06-23 22:00 - 00006400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-25 19:08 - 2013-12-04 17:45 - 01638425 _____ () C:\Windows\WindowsUpdate.log
2014-06-25 19:05 - 2014-06-25 19:05 - 00000310 _____ () C:\Windows\PFRO.log
2014-05-29 16:48 - 2014-05-03 23:54 - 00000000 _____ () C:\Users\N\Downloads\cacaoweb (1).exe
C:\Users\N\AppData\Roaming\msconfig.ini

end

*****************

HKU\S-1-5-21-1715670674-287497209-379217394-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AvastSvc.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AvastUI.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avcenter.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avconfig.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgcsrvx.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgidsagent.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgnt.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgrsx.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avguard.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgui.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgwdsvc.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avp.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avscan.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bdagent.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\blindman.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ccuac.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ComboFix.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\hijackthis.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\instup.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\keyscrambler.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbam.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamgui.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbampt.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamscheduler.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamservice.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MpCmdRun.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MSASCui.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MsMpEng.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rstrui.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SDFiles.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SDMain.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SDWinSec.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\spybotsd.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wireshark.exe' => Key deleted successfully.
C:\Pre_Scan.txt => Moved successfully.
C:\Windows\PFRO.log => Moved successfully.
C:\Users\N\Documents\Pre_Scan.pif => Moved successfully.
C:\Users\N\Documents\DFyxilryPGe_combofix.com.vkb87cv.partial => Moved successfully.
C:\Users\N\Documents\DFyxilryPGe_combofix.com.zc4bkdg.partial => Moved successfully.
C:\Pre_Scan => Moved successfully.
C:\Users\N\Desktop\ComboFix.exe.kauo8je.partial => Moved successfully.
C:\Users\N\Desktop\RogueKiller.exe.yvxg2yx.partial => Moved successfully.
C:\Users\N\Desktop\RogueKiller.exe.ywaji2y.partial => Moved successfully.
C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 => Moved successfully.
C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 => Moved successfully.
C:\Windows\system32\spsys.log => Moved successfully.
C:\Windows\pss => Moved successfully.
"C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0" => File/Directory not found.
"C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0" => File/Directory not found.
Could not move "C:\Windows\WindowsUpdate.log" => Scheduled to move on reboot.
"C:\Windows\PFRO.log" => File/Directory not found.
C:\Users\N\Downloads\cacaoweb (1).exe => Moved successfully.
C:\Users\N\AppData\Roaming\msconfig.ini => Moved successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-06-28 13:59:45)<=

C:\Windows\WindowsUpdate.log => Is moved successfully.

==== End of Fixlog ====

Publicité


Signaler le contenu de ce document

Publicité