cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-04-2015
Ran by g3n-h@ckm@n at 2015-04-21 01:06:39 Run:3
Running from C:\Users\g3n-h@ckm@n\Desktop
Loaded Profiles: g3n-h@ckm@n (Available profiles: g3n-h@ckm@n)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
HKLM-x32\...\Run: [Shell] => C:\Windows\Avgnt.exe
HKLM-x32\...\Run: [userinit] => C:\Windows\Avgnt.exe
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\system32\userinit,C:\Windows\Avgnt.exe [X]
HKLM-x32\...\Winlogon: [Shell] C:\Windows\Avgnt.exe [ ] () <=== ATTENTION
HKU\S-1-5-19\...\Run: [Shell] => C:\Windows\Avgnt.exe
HKU\S-1-5-19\...\Run: [userinit] => C:\Windows\Avgnt.exe
HKU\S-1-5-19\...\RunOnce: [Shell] => C:\Windows\Avgnt.exe
HKU\S-1-5-19\...\RunOnce: [userinit] => C:\Windows\Avgnt.exe
HKU\S-1-5-19\...\Policies\system: [DisableTaskMgr] 1
HKU\S-1-5-19\...\Policies\system: [DisableRegistryTools] 1
HKU\S-1-5-19\...\Winlogon: [Userinit] C:\Windows\system32\userinit,C:\Windows\Avgnt.exe
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\Avgnt.exe <==== ATTENTION
HKU\S-1-5-20\...\Run: [Shell] => C:\Windows\Avgnt.exe
HKU\S-1-5-20\...\Run: [userinit] => C:\Windows\Avgnt.exe
HKU\S-1-5-20\...\RunOnce: [Shell] => C:\Windows\Avgnt.exe
HKU\S-1-5-20\...\RunOnce: [userinit] => C:\Windows\Avgnt.exe
HKU\S-1-5-20\...\Policies\system: [DisableTaskMgr] 1
HKU\S-1-5-20\...\Policies\system: [DisableRegistryTools] 1
HKU\S-1-5-20\...\Winlogon: [Userinit] C:\Windows\system32\userinit,C:\Windows\Avgnt.exe
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\Avgnt.exe <==== ATTENTION
HKU\S-1-5-21-2345046614-25744674-3356666314-1000\...\Run: [Shell] => C:\Windows\Avgnt.exe
HKU\S-1-5-21-2345046614-25744674-3356666314-1000\...\Run: [userinit] => C:\Windows\Avgnt.exe
HKU\S-1-5-21-2345046614-25744674-3356666314-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [2872320 2010-11-21] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-18\...\Run: [Shell] => C:\Windows\Avgnt.exe
HKU\S-1-5-18\...\Run: [userinit] => C:\Windows\Avgnt.exe
HKU\S-1-5-18\...\RunOnce: [Shell] => C:\Windows\Avgnt.exe
HKU\S-1-5-18\...\RunOnce: [userinit] => C:\Windows\Avgnt.exe
HKU\S-1-5-18\...\Policies\system: [DisableRegedit] 1
HKU\S-1-5-18\...\Policies\system: [DisableTaskMgr] 1
HKU\S-1-5-18\...\Policies\system: [DisableRegistryTools] 1
HKU\S-1-5-18\...\Winlogon: [Userinit] C:\Windows\system32\userinit,C:\Windows\Avgnt.exe
HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\Avgnt.exe <==== ATTENTION
AppInit_DLLs-x32: C:\Windows\Avgnt.exe => "C:\Windows\Avgnt.exe" File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avgnt.exe [2015-04-18] ()
BootExecute: autocheck autochk * C:\Windows\Setup\Scripts\Avgnt.exe
AlternateShell: C:\Windows\Avgnt.exe
StartMenuInternet: IEXPLORE.EXE - C:\Windows\Avgnt.exe
2015-04-18 11:21 - 2015-04-18 11:25 - 00000000 ____D () C:\Users\g3n-h@ckm@n\Desktop\Screenlock
2015-04-18 11:21 - 2015-04-18 11:23 - 00000084 _____ () C:\Autoexec.bat
2015-04-18 11:21 - 2015-04-18 11:21 - 00000002 _____ () C:\Windows\KB45454545RR
2015-04-18 11:21 - 2015-04-18 11:20 - 01145210 _____ () C:\Users\g3n-h@ckm@n\Desktop\Screenlock.zip
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"="C:\Windows\Avgnt.exe"
C:\Windows\assembly\GAC\Desktop.ini
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
EmptyTemp:
end
*****************

Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Shell => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\userinit => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => Value was restored successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value was restored successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\Shell => value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\userinit => value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Shell => value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\userinit => value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableTaskMgr => value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableRegistryTools => value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\Shell => value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\userinit => value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Shell => value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\userinit => value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableTaskMgr => value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableRegistryTools => value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
HKU\S-1-5-21-2345046614-25744674-3356666314-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Shell => value deleted successfully.
HKU\S-1-5-21-2345046614-25744674-3356666314-1000\Software\Microsoft\Windows\CurrentVersion\Run\\userinit => value deleted successfully.
HKU\S-1-5-21-2345046614-25744674-3356666314-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Shell => value deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\userinit => value deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Shell => value deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\userinit => value deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableRegedit => value deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableTaskMgr => value deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableRegistryTools => value deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => value deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
"C:\Windows\Avgnt.exe" => Value Data removed successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avgnt.exe => Moved successfully.
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => Value was restored successfully.
hklm\System\CurrentControlSet\Control\SafeBoot\\AlternateShell => Value was restored successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
C:\Users\g3n-h@ckm@n\Desktop\Screenlock => Moved successfully.
C:\Autoexec.bat => Moved successfully.
C:\Windows\KB45454545RR => Moved successfully.
C:\Users\g3n-h@ckm@n\Desktop\Screenlock.zip => Moved successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\\Default => Value was restored successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\\AlternateShell => Value was restored successfully.
C:\Windows\assembly\GAC\Desktop.ini => Moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini => Moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini => Moved successfully.
EmptyTemp: => Removed 17.3 MB temporary data.


The system needed a reboot.

==== End of Fixlog 01:07:06 ====

Publicité


Signaler le contenu de ce document

Publicité