cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Fix result of Farbar Recovery Scan Tool (x64) Version:06-08-2015
Ran by Wendling (2015-08-07 20:39:50) Run:1
Running from C:\Users\Wendling\Desktop
Loaded Profiles: Wendling (Available Profiles: Wendling)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CloseProcesses:
emptytemp:
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [713016 2015-07-22] (Malwarebytes Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
2015-08-03 22:27 - 2015-08-03 22:28 - 00000000 ____D C:\AdwCleaner
2015-08-03 22:24 - 2015-08-03 22:24 - 00043168 _____ C:\ComboFix.txt
2015-08-03 22:18 - 2011-06-26 03:45 - 00256000 _____ C:\Windows\PEV.exe
2015-08-03 22:18 - 2010-11-07 14:20 - 00208896 _____ C:\Windows\MBR.exe
2015-08-03 22:18 - 2009-04-20 01:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-08-03 22:18 - 2000-08-30 21:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-08-03 22:18 - 2000-08-30 21:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-08-03 22:18 - 2000-08-30 21:00 - 00098816 _____ C:\Windows\sed.exe
2015-08-03 22:18 - 2000-08-30 21:00 - 00080412 _____ C:\Windows\grep.exe
2015-08-03 22:18 - 2000-08-30 21:00 - 00068096 _____ C:\Windows\zip.exe
2015-08-03 22:17 - 2015-08-03 22:24 - 00000000 ____D C:\Qoobox
2015-08-03 22:04 - 2015-08-03 22:04 - 00000000 ____D C:\TDSSKiller_Quarantine
2015-08-03 22:02 - 2015-08-03 22:03 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Wendling\Desktop\tdsskiller.exe
2015-08-03 21:45 - 2015-08-03 21:45 - 02248704 _____ C:\Users\Wendling\Desktop\AdwCleaner.exe
2015-08-03 21:43 - 2015-08-03 22:17 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes Anti-Exploit
2015-08-03 21:43 - 2015-08-03 22:17 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2015-08-03 21:43 - 2015-08-03 21:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-08-03 21:43 - 2015-08-03 21:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2015-08-03 21:41 - 2015-08-03 21:42 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2015-08-03 21:41 - 2015-08-03 21:41 - 00001083 _____ C:\Users\Public\Desktop\SpywareBlaster.lnk
2015-08-03 21:41 - 2015-08-03 21:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2015-08-03 21:40 - 2015-08-03 21:41 - 04184064 _____ (BrightFort LLC ) C:\Program Files (x86)\spywareblastersetup52.exe
2015-07-10 20:21 - 2015-07-10 20:21 - 00000222 _____ C:\Users\Wendling\Desktop\Hitman Absolution.url
2015-08-03 21:40 - 2015-08-03 21:41 - 4184064 _____ (BrightFort LLC) C:\Program Files (x86)\spywareblastersetup52.exe
C:\Users\Wendling\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp5wo1gc.dll
Task: {E67B709C-BE86-47BC-A5EB-A54277960780} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
AlternateDataStreams: C:\Program Files\Common Files\Microsoft Shared:ulGbOLtThzDkb2Z8CK1a
AlternateDataStreams: C:\ProgramData\Microsoft:7tzpeTy4vD1YADMuIWMwES
AlternateDataStreams: C:\ProgramData\Microsoft:J7iFHwXmYC3YFETSNPb4A
AlternateDataStreams: C:\ProgramData\Microsoft:qc9TJ3JlvBaSoz4e3S
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\Users\Todos os Usuários\Microsoft:7tzpeTy4vD1YADMuIWMwES
AlternateDataStreams: C:\Users\Todos os Usuários\Microsoft:J7iFHwXmYC3YFETSNPb4A
AlternateDataStreams: C:\Users\Todos os Usuários\Microsoft:qc9TJ3JlvBaSoz4e3S
AlternateDataStreams: C:\Users\Todos os Usuários\TEMP:5C321E34
AlternateDataStreams: C:\Users\Wendling\AppData\Local\Temp:ayOcvFQDMwr1eW2zeq6u
AlternateDataStreams: C:\Users\Wendling\AppData\Local\Temp:dRLsExsVPr38D8tNkISaK
C:\Users\Wendling\AppData\Local\Temp\Quarantine.exe
C:\Users\Wendling\AppData\Local\Temp\sqlite3.dll
CreateRestorePoint:
Reboot:
end
*****************

Processes closed successfully.
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe => No running process found
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe => No running process found
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe => No running process found
C:\Windows\system32\GroupPolicy\Machine => moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully.
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
MbaeSvc => service removed successfully
catchme => service removed successfully
IntcAzAudAddService => service removed successfully
klkbdflt2 => service could not remove
C:\AdwCleaner => moved successfully.
C:\ComboFix.txt => moved successfully.
C:\Windows\PEV.exe => moved successfully.
C:\Windows\MBR.exe => moved successfully.
C:\Windows\NIRCMD.exe => moved successfully.
C:\Windows\SWREG.exe => moved successfully.
C:\Windows\SWSC.exe => moved successfully.
C:\Windows\sed.exe => moved successfully.
C:\Windows\grep.exe => moved successfully.
C:\Windows\zip.exe => moved successfully.
C:\Qoobox => moved successfully.
C:\TDSSKiller_Quarantine => moved successfully.
C:\Users\Wendling\Desktop\tdsskiller.exe => moved successfully.
C:\Users\Wendling\Desktop\AdwCleaner.exe => moved successfully.
C:\Users\Todos os Usuários\Malwarebytes Anti-Exploit => moved successfully.
"C:\ProgramData\Malwarebytes Anti-Exploit" => File/Folder not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit => moved successfully.

"C:\Program Files (x86)\Malwarebytes Anti-Exploit" folder move:

Could not move "C:\Program Files (x86)\Malwarebytes Anti-Exploit" => Scheduled to move on reboot.

C:\Program Files (x86)\SpywareBlaster => moved successfully.
C:\Users\Public\Desktop\SpywareBlaster.lnk => moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster => moved successfully.
C:\Program Files (x86)\spywareblastersetup52.exe => moved successfully.
C:\Users\Wendling\Desktop\Hitman Absolution.url => moved successfully.
"C:\Program Files (x86)\spywareblastersetup52.exe" => File/Folder not found.
"C:\Users\Wendling\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp5wo1gc.dll" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E67B709C-BE86-47BC-A5EB-A54277960780}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E67B709C-BE86-47BC-A5EB-A54277960780}" => key removed successfully
C:\Windows\System32\Tasks\Adobe Acrobat Update Task => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => key removed successfully
C:\Program Files\Common Files\Microsoft Shared => ":ulGbOLtThzDkb2Z8CK1a" ADS removed successfully.
C:\ProgramData\Microsoft => ":7tzpeTy4vD1YADMuIWMwES" ADS removed successfully.
C:\ProgramData\Microsoft => ":J7iFHwXmYC3YFETSNPb4A" ADS removed successfully.
C:\ProgramData\Microsoft => ":qc9TJ3JlvBaSoz4e3S" ADS removed successfully.
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.
"C:\Users\Todos os Usuários\Microsoft" => ":7tzpeTy4vD1YADMuIWMwES" ADS not found.
"C:\Users\Todos os Usuários\Microsoft" => ":J7iFHwXmYC3YFETSNPb4A" ADS not found.
"C:\Users\Todos os Usuários\Microsoft" => ":qc9TJ3JlvBaSoz4e3S" ADS not found.
"C:\Users\Todos os Usuários\TEMP" => ":5C321E34" ADS not found.
C:\Users\Wendling\AppData\Local\Temp => ":ayOcvFQDMwr1eW2zeq6u" ADS removed successfully.
C:\Users\Wendling\AppData\Local\Temp => ":dRLsExsVPr38D8tNkISaK" ADS removed successfully.
C:\Users\Wendling\AppData\Local\Temp\Quarantine.exe => moved successfully.
C:\Users\Wendling\AppData\Local\Temp\sqlite3.dll => moved successfully.
Restore point was successfully created.
EmptyTemp: => 554.9 MB temporary data Removed.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-08-07 20:44:04)<=

C:\Program Files (x86)\Malwarebytes Anti-Exploit => Is moved successfully

==== End of Fixlog 20:44:04 ====

Publicité


Signaler le contenu de ce document

Publicité