Publicité
Publicité
Format du document : text/plain
Prévisualisation
Fix result of Farbar Recovery Scan Tool (x64) Version: 02-07-2016
Ran by salamouna2 (2016-07-06 03:44:35) Run:1
Running from C:\Users\salamouna2\Desktop
Loaded Profiles: salamouna2 (Available Profiles: salamouna2)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
RemoveProxy:
HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\...\RunOnce: [Uninstall C:\Users\salamouna2\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\salamouna2\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\...\RunOnce: [Uninstall C:\Users\salamouna2\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\salamouna2\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\...\RunOnce: [Uninstall C:\Users\salamouna2\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\salamouna2\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\...\RunOnce: [Uninstall C:\Users\salamouna2\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\salamouna2\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"
HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\...\MountPoints2: {4de4cc7b-ea26-11e5-8271-28c2ddb58208} - "F:\AutoRun.exe"
HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\...\MountPoints2: {5faaf9e2-9545-11e5-825d-28c2ddb58208} - "F:\LaunchU3.exe" -a
HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\...\MountPoints2: {b322f0de-e7b8-11e5-8271-28c2ddb58208} - "F:\AutoRun.exe"
HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\...\MountPoints2: {b40ed7ef-28e1-11e6-827d-28c2ddb58209} - "F:\AutoRun.exe"
FF NetworkProxy: "backup.ftp", "45.79.76.52"
FF NetworkProxy: "backup.ftp_port", 10023
FF NetworkProxy: "backup.socks", "45.79.76.52"
FF NetworkProxy: "backup.socks_port", 10023
FF NetworkProxy: "backup.ssl", "45.79.76.52"
FF NetworkProxy: "backup.ssl_port", 10023
FF NetworkProxy: "ftp", "167.114.125.160"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "gopher", "167.114.33.15"
FF NetworkProxy: "gopher_port", 3128
FF NetworkProxy: "http", "167.114.125.160"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "167.114.125.160"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "socks_version", 4
FF NetworkProxy: "ssl", "167.114.125.160"
FF NetworkProxy: "ssl_port", 3128
CHR dev: Chrome dev build detected! <======= ATTENTION
2016-07-02 02:45 - 2015-10-30 08:19 - 00045216 ___SH (Microsoft Corporation) C:\Users\salamouna2\RegSvcs.exe
C:\Users\salamouna2\RegSvcs.exe
Task: {00D85E4D-BD90-4534-9802-538A333C7E76} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {0BB48EE2-C323-4B10-BAA2-9271797FD747} - \Microsoft\Windows\Setup\GWXTriggers\Logon-URT -> No File <==== ATTENTION
Task: {21940C9F-3DD2-43FA-A983-8CFD26DCCCE6} - \Google Update -> No File <==== ATTENTION
Task: {2AFC4A1A-4624-4909-937E-C06573397783} - System32\Tasks\hfdccd => C:\Users\salamouna2\hfdccd\zvbvhivw.exe [2015-07-10] (AutoIt Team)
Task: {2E6FEAF1-ECE8-4A9F-9CD7-2288AE99B277} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {3A0F3D84-AC0E-4E2D-B40B-58DE5EB9037E} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
Task: {4453AEEB-2FD2-4C95-BAEC-D8CC46163A86} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {4904A467-029A-4FA3-814E-F9B60459075D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {6A596AF8-E666-45AB-939B-E553FD83FF1B} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {70637062-DC18-425E-AE37-B4AA5C44113A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {93357560-2CD3-4F9E-9E01-12179707A1FB} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {95CF4079-9C3D-4335-B50A-3AFA122A03E8} - System32\Tasks\{6DDF7C85-E9A4-482B-8905-8345726CEC8A} => Chrome.exe hxxp://ui.skype.com/ui/0/7.15.0.102/fr/abandoninstall?source=lightinstaller&page=tsMain
Task: {B93A2461-7FDF-4112-B796-75DA19B35D64} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {F90636A8-2115-4F09-BE19-FD70F9F9ACF4} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {F989AEF5-BCE8-4702-BF86-0603DCB557A8} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
CMD: netsh winsock reset all
CMD: ipconfig /flushdns
hosts:
EmptyTemp:
Reboot:
end
*****************
Restore point was successfully created.
Processes closed successfully.
========= RemoveProxy: =========
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
========= End of RemoveProxy: =========
HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\salamouna2\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64 => value removed successfully
HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\salamouna2\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64 => value removed successfully
HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\salamouna2\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64 => value removed successfully
HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\salamouna2\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64 => value removed successfully
"HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4de4cc7b-ea26-11e5-8271-28c2ddb58208}" => key removed successfully
HKCR\CLSID\{4de4cc7b-ea26-11e5-8271-28c2ddb58208} => key not found.
"HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5faaf9e2-9545-11e5-825d-28c2ddb58208}" => key removed successfully
HKCR\CLSID\{5faaf9e2-9545-11e5-825d-28c2ddb58208} => key not found.
"HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b322f0de-e7b8-11e5-8271-28c2ddb58208}" => key removed successfully
HKCR\CLSID\{b322f0de-e7b8-11e5-8271-28c2ddb58208} => key not found.
"HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b40ed7ef-28e1-11e6-827d-28c2ddb58209}" => key removed successfully
HKCR\CLSID\{b40ed7ef-28e1-11e6-827d-28c2ddb58209} => key not found.
Firefox Proxy settings were reset.
FF NetworkProxy: "backup.ftp_port", 10023 => not found
FF NetworkProxy: "backup.socks", "45.79.76.52" => not found
FF NetworkProxy: "backup.socks_port", 10023 => not found
FF NetworkProxy: "backup.ssl", "45.79.76.52" => not found
FF NetworkProxy: "backup.ssl_port", 10023 => not found
FF NetworkProxy: "ftp", "167.114.125.160" => not found
FF NetworkProxy: "ftp_port", 3128 => not found
FF NetworkProxy: "gopher", "167.114.33.15" => not found
FF NetworkProxy: "gopher_port", 3128 => not found
FF NetworkProxy: "http", "167.114.125.160" => not found
FF NetworkProxy: "http_port", 3128 => not found
FF NetworkProxy: "share_proxy_settings", true => not found
FF NetworkProxy: "socks", "167.114.125.160" => not found
FF NetworkProxy: "socks_port", 3128 => not found
FF NetworkProxy: "socks_version", 4 => not found
FF NetworkProxy: "ssl", "167.114.125.160" => not found
FF NetworkProxy: "ssl_port", 3128 => not found
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
C:\Users\salamouna2\RegSvcs.exe => moved successfully
"C:\Users\salamouna2\RegSvcs.exe" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{00D85E4D-BD90-4534-9802-538A333C7E76}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00D85E4D-BD90-4534-9802-538A333C7E76}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0BB48EE2-C323-4B10-BAA2-9271797FD747}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0BB48EE2-C323-4B10-BAA2-9271797FD747}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-URT" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{21940C9F-3DD2-43FA-A983-8CFD26DCCCE6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21940C9F-3DD2-43FA-A983-8CFD26DCCCE6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Google Update" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2AFC4A1A-4624-4909-937E-C06573397783}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2AFC4A1A-4624-4909-937E-C06573397783}" => key removed successfully
C:\WINDOWS\System32\Tasks\hfdccd => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\hfdccd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2E6FEAF1-ECE8-4A9F-9CD7-2288AE99B277}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E6FEAF1-ECE8-4A9F-9CD7-2288AE99B277}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3A0F3D84-AC0E-4E2D-B40B-58DE5EB9037E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A0F3D84-AC0E-4E2D-B40B-58DE5EB9037E}" => key removed successfully
C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CreateExplorerShellUnelevatedTask" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4453AEEB-2FD2-4C95-BAEC-D8CC46163A86}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4453AEEB-2FD2-4C95-BAEC-D8CC46163A86}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4904A467-029A-4FA3-814E-F9B60459075D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4904A467-029A-4FA3-814E-F9B60459075D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6A596AF8-E666-45AB-939B-E553FD83FF1B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6A596AF8-E666-45AB-939B-E553FD83FF1B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{70637062-DC18-425E-AE37-B4AA5C44113A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{70637062-DC18-425E-AE37-B4AA5C44113A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{93357560-2CD3-4F9E-9E01-12179707A1FB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{93357560-2CD3-4F9E-9E01-12179707A1FB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{95CF4079-9C3D-4335-B50A-3AFA122A03E8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{95CF4079-9C3D-4335-B50A-3AFA122A03E8}" => key removed successfully
C:\WINDOWS\System32\Tasks\{6DDF7C85-E9A4-482B-8905-8345726CEC8A} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6DDF7C85-E9A4-482B-8905-8345726CEC8A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B93A2461-7FDF-4112-B796-75DA19B35D64}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B93A2461-7FDF-4112-B796-75DA19B35D64}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F90636A8-2115-4F09-BE19-FD70F9F9ACF4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F90636A8-2115-4F09-BE19-FD70F9F9ACF4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F989AEF5-BCE8-4702-BF86-0603DCB557A8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F989AEF5-BCE8-4702-BF86-0603DCB557A8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
========= netsh winsock reset all =========
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
========= End of CMD: =========
========= ipconfig /flushdns =========
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
=========== EmptyTemp: ==========
BITS transfer queue => 294880 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10869486 B
Java, Flash, Steam htmlcache => 715 B
Windows/system/drivers => 453014 B
Edge => 200 B
Chrome => 0 B
Firefox => 272906960 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 22443 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 5714 B
NetworkService => 0 B
salamouna2 => 137360072 B
RecycleBin => 31466944 B
EmptyTemp: => 432.4 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 03:46:20 ====
Ran by salamouna2 (2016-07-06 03:44:35) Run:1
Running from C:\Users\salamouna2\Desktop
Loaded Profiles: salamouna2 (Available Profiles: salamouna2)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
RemoveProxy:
HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\...\RunOnce: [Uninstall C:\Users\salamouna2\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\salamouna2\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\...\RunOnce: [Uninstall C:\Users\salamouna2\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\salamouna2\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\...\RunOnce: [Uninstall C:\Users\salamouna2\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\salamouna2\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\...\RunOnce: [Uninstall C:\Users\salamouna2\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\salamouna2\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"
HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\...\MountPoints2: {4de4cc7b-ea26-11e5-8271-28c2ddb58208} - "F:\AutoRun.exe"
HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\...\MountPoints2: {5faaf9e2-9545-11e5-825d-28c2ddb58208} - "F:\LaunchU3.exe" -a
HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\...\MountPoints2: {b322f0de-e7b8-11e5-8271-28c2ddb58208} - "F:\AutoRun.exe"
HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\...\MountPoints2: {b40ed7ef-28e1-11e6-827d-28c2ddb58209} - "F:\AutoRun.exe"
FF NetworkProxy: "backup.ftp", "45.79.76.52"
FF NetworkProxy: "backup.ftp_port", 10023
FF NetworkProxy: "backup.socks", "45.79.76.52"
FF NetworkProxy: "backup.socks_port", 10023
FF NetworkProxy: "backup.ssl", "45.79.76.52"
FF NetworkProxy: "backup.ssl_port", 10023
FF NetworkProxy: "ftp", "167.114.125.160"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "gopher", "167.114.33.15"
FF NetworkProxy: "gopher_port", 3128
FF NetworkProxy: "http", "167.114.125.160"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "167.114.125.160"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "socks_version", 4
FF NetworkProxy: "ssl", "167.114.125.160"
FF NetworkProxy: "ssl_port", 3128
CHR dev: Chrome dev build detected! <======= ATTENTION
2016-07-02 02:45 - 2015-10-30 08:19 - 00045216 ___SH (Microsoft Corporation) C:\Users\salamouna2\RegSvcs.exe
C:\Users\salamouna2\RegSvcs.exe
Task: {00D85E4D-BD90-4534-9802-538A333C7E76} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {0BB48EE2-C323-4B10-BAA2-9271797FD747} - \Microsoft\Windows\Setup\GWXTriggers\Logon-URT -> No File <==== ATTENTION
Task: {21940C9F-3DD2-43FA-A983-8CFD26DCCCE6} - \Google Update -> No File <==== ATTENTION
Task: {2AFC4A1A-4624-4909-937E-C06573397783} - System32\Tasks\hfdccd => C:\Users\salamouna2\hfdccd\zvbvhivw.exe [2015-07-10] (AutoIt Team)
Task: {2E6FEAF1-ECE8-4A9F-9CD7-2288AE99B277} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {3A0F3D84-AC0E-4E2D-B40B-58DE5EB9037E} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
Task: {4453AEEB-2FD2-4C95-BAEC-D8CC46163A86} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {4904A467-029A-4FA3-814E-F9B60459075D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {6A596AF8-E666-45AB-939B-E553FD83FF1B} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {70637062-DC18-425E-AE37-B4AA5C44113A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {93357560-2CD3-4F9E-9E01-12179707A1FB} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {95CF4079-9C3D-4335-B50A-3AFA122A03E8} - System32\Tasks\{6DDF7C85-E9A4-482B-8905-8345726CEC8A} => Chrome.exe hxxp://ui.skype.com/ui/0/7.15.0.102/fr/abandoninstall?source=lightinstaller&page=tsMain
Task: {B93A2461-7FDF-4112-B796-75DA19B35D64} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {F90636A8-2115-4F09-BE19-FD70F9F9ACF4} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {F989AEF5-BCE8-4702-BF86-0603DCB557A8} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
CMD: netsh winsock reset all
CMD: ipconfig /flushdns
hosts:
EmptyTemp:
Reboot:
end
*****************
Restore point was successfully created.
Processes closed successfully.
========= RemoveProxy: =========
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
========= End of RemoveProxy: =========
HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\salamouna2\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64 => value removed successfully
HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\salamouna2\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64 => value removed successfully
HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\salamouna2\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64 => value removed successfully
HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\salamouna2\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64 => value removed successfully
"HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4de4cc7b-ea26-11e5-8271-28c2ddb58208}" => key removed successfully
HKCR\CLSID\{4de4cc7b-ea26-11e5-8271-28c2ddb58208} => key not found.
"HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5faaf9e2-9545-11e5-825d-28c2ddb58208}" => key removed successfully
HKCR\CLSID\{5faaf9e2-9545-11e5-825d-28c2ddb58208} => key not found.
"HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b322f0de-e7b8-11e5-8271-28c2ddb58208}" => key removed successfully
HKCR\CLSID\{b322f0de-e7b8-11e5-8271-28c2ddb58208} => key not found.
"HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b40ed7ef-28e1-11e6-827d-28c2ddb58209}" => key removed successfully
HKCR\CLSID\{b40ed7ef-28e1-11e6-827d-28c2ddb58209} => key not found.
Firefox Proxy settings were reset.
FF NetworkProxy: "backup.ftp_port", 10023 => not found
FF NetworkProxy: "backup.socks", "45.79.76.52" => not found
FF NetworkProxy: "backup.socks_port", 10023 => not found
FF NetworkProxy: "backup.ssl", "45.79.76.52" => not found
FF NetworkProxy: "backup.ssl_port", 10023 => not found
FF NetworkProxy: "ftp", "167.114.125.160" => not found
FF NetworkProxy: "ftp_port", 3128 => not found
FF NetworkProxy: "gopher", "167.114.33.15" => not found
FF NetworkProxy: "gopher_port", 3128 => not found
FF NetworkProxy: "http", "167.114.125.160" => not found
FF NetworkProxy: "http_port", 3128 => not found
FF NetworkProxy: "share_proxy_settings", true => not found
FF NetworkProxy: "socks", "167.114.125.160" => not found
FF NetworkProxy: "socks_port", 3128 => not found
FF NetworkProxy: "socks_version", 4 => not found
FF NetworkProxy: "ssl", "167.114.125.160" => not found
FF NetworkProxy: "ssl_port", 3128 => not found
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
C:\Users\salamouna2\RegSvcs.exe => moved successfully
"C:\Users\salamouna2\RegSvcs.exe" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{00D85E4D-BD90-4534-9802-538A333C7E76}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00D85E4D-BD90-4534-9802-538A333C7E76}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0BB48EE2-C323-4B10-BAA2-9271797FD747}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0BB48EE2-C323-4B10-BAA2-9271797FD747}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-URT" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{21940C9F-3DD2-43FA-A983-8CFD26DCCCE6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21940C9F-3DD2-43FA-A983-8CFD26DCCCE6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Google Update" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2AFC4A1A-4624-4909-937E-C06573397783}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2AFC4A1A-4624-4909-937E-C06573397783}" => key removed successfully
C:\WINDOWS\System32\Tasks\hfdccd => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\hfdccd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2E6FEAF1-ECE8-4A9F-9CD7-2288AE99B277}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E6FEAF1-ECE8-4A9F-9CD7-2288AE99B277}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3A0F3D84-AC0E-4E2D-B40B-58DE5EB9037E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A0F3D84-AC0E-4E2D-B40B-58DE5EB9037E}" => key removed successfully
C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CreateExplorerShellUnelevatedTask" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4453AEEB-2FD2-4C95-BAEC-D8CC46163A86}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4453AEEB-2FD2-4C95-BAEC-D8CC46163A86}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4904A467-029A-4FA3-814E-F9B60459075D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4904A467-029A-4FA3-814E-F9B60459075D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6A596AF8-E666-45AB-939B-E553FD83FF1B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6A596AF8-E666-45AB-939B-E553FD83FF1B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{70637062-DC18-425E-AE37-B4AA5C44113A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{70637062-DC18-425E-AE37-B4AA5C44113A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{93357560-2CD3-4F9E-9E01-12179707A1FB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{93357560-2CD3-4F9E-9E01-12179707A1FB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{95CF4079-9C3D-4335-B50A-3AFA122A03E8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{95CF4079-9C3D-4335-B50A-3AFA122A03E8}" => key removed successfully
C:\WINDOWS\System32\Tasks\{6DDF7C85-E9A4-482B-8905-8345726CEC8A} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6DDF7C85-E9A4-482B-8905-8345726CEC8A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B93A2461-7FDF-4112-B796-75DA19B35D64}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B93A2461-7FDF-4112-B796-75DA19B35D64}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F90636A8-2115-4F09-BE19-FD70F9F9ACF4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F90636A8-2115-4F09-BE19-FD70F9F9ACF4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F989AEF5-BCE8-4702-BF86-0603DCB557A8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F989AEF5-BCE8-4702-BF86-0603DCB557A8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
========= netsh winsock reset all =========
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
========= End of CMD: =========
========= ipconfig /flushdns =========
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
=========== EmptyTemp: ==========
BITS transfer queue => 294880 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10869486 B
Java, Flash, Steam htmlcache => 715 B
Windows/system/drivers => 453014 B
Edge => 200 B
Chrome => 0 B
Firefox => 272906960 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 22443 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 5714 B
NetworkService => 0 B
salamouna2 => 137360072 B
RecycleBin => 31466944 B
EmptyTemp: => 432.4 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 03:46:20 ====