Publicité
Publicité
Format du document : text/plain
Prévisualisation
Fix result of Farbar Recovery Scan Tool (x64) Version: 25-01-2017 01
Ran by s233864 (26-01-2017 13:18:56) Run:1
Running from C:\Users\S233864\Desktop
Loaded Profiles: s233864 (Available Profiles: s233864)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
GroupPolicy: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1014176260-98930707-4043447730-223147\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1014176260-98930707-4043447730-223147\...\ChromeHTML: -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) <==== ATTENTION
U2 ERSvc; no ImagePath
U2 IAStorDataMgrsvc; no ImagePath
U2 NIHardwareService; no ImagePath
U2 NVSvc; no ImagePath
U2 Parvdm; no ImagePath
U2 srService; no ImagePath
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
CHR Extension: (No Name) - C:\Users\S233864\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-03]
CHR Extension: (No Name) - C:\Users\S233864\AppData\Local\Google\Chrome\User Data\Default\Extensions\akimgimeeoiognljlfchpbkpfbmeapkh [2016-10-03]
CHR Extension: (No Name) - C:\Users\S233864\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-03]
CHR Extension: (No Name) - C:\Users\S233864\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-03]
CHR Extension: (No Name) - C:\Users\S233864\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-03]
CHR Extension: (No Name) - C:\Users\S233864\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2016-11-16]
CHR Extension: (No Name) - C:\Users\S233864\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-03]
U3 mfeavfk01; no ImagePath
C:\Users\S233864\VaCtZ9s0gUfnBqzh\JKbi.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
C:\Users\S233864\lpxgrjeZv9UVUoDk\ScVO.exe
HKLM\...\Run: [Able2Extract Professional 10.0 Dispatcher] => C:\Program Files\Investintech.com Inc\Able2Extract Professional 10.0\Able2ExtractPro.PrnDisp.exe [5274472 2016-01-28] (Investintech.com Inc.)
HKLM\...\Run: [Anywhere] => rundll32.exe C:\Program Files (x86)\Conferencing Appshare Plugin\Internet Explorer\64\ANWShare25.dll,InitAppshare
HKLM-x32\...\Run: [Anywhere] => rundll32.exe C:\Program Files (x86)\Conferencing Appshare Plugin\Internet Explorer\32\ANWShare25.dll,InitAppshare
FF Plugin-x32: Conferencing App -> C:\Program Files (x86)\Conferencing Appshare Plugin\NPAPI\npANWShare25.dll [2016-06-14] (Conferencing App)
2017-01-03 09:51 - 2017-01-03 09:51 - 00000000 ____D C:\Users\S233864\AppData\onedrivetest
ShortcutTarget: iBaNCNIhdEVH.lnk -> C:\Users\S233864\lpxgrjeZv9UVUoDk\ScVO.exe (AutoIt Team)
Startup: C:\Users\S233864\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cDWAACKHFfaW.lnk [2016-11-01]
ShortcutTarget: cDWAACKHFfaW.lnk -> C:\Users\S233864\VaCtZ9s0gUfnBqzh\JKbi.exe (AutoIt Team)
Startup: C:\Users\S233864\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iBaNCNIhdEVH.lnk [2016-10-31]
EmptyTemp:
end
*****************
Restore point was successfully created.
Processes closed successfully.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Google => key removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\S-1-5-21-1014176260-98930707-4043447730-223147\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\S-1-5-21-1014176260-98930707-4043447730-223147_Classes\ChromeHTML => key removed successfully
HKLM\System\CurrentControlSet\Services\ERSvc => key removed successfully
ERSvc => service removed successfully
HKLM\System\CurrentControlSet\Services\IAStorDataMgrsvc => key removed successfully
IAStorDataMgrsvc => service removed successfully
HKLM\System\CurrentControlSet\Services\NIHardwareService => key removed successfully
NIHardwareService => service removed successfully
HKLM\System\CurrentControlSet\Services\NVSvc => key removed successfully
NVSvc => service removed successfully
HKLM\System\CurrentControlSet\Services\Parvdm => key removed successfully
Parvdm => service removed successfully
HKLM\System\CurrentControlSet\Services\srService => key removed successfully
srService => service removed successfully
HKLM\System\CurrentControlSet\Services\VGPU => key removed successfully
VGPU => service removed successfully
C:\Users\S233864\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek => moved successfully
C:\Users\S233864\AppData\Local\Google\Chrome\User Data\Default\Extensions\akimgimeeoiognljlfchpbkpfbmeapkh => moved successfully
C:\Users\S233864\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake => moved successfully
C:\Users\S233864\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf => moved successfully
C:\Users\S233864\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi => moved successfully
C:\Users\S233864\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh => moved successfully
C:\Users\S233864\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia => moved successfully
HKLM\System\CurrentControlSet\Services\mfeavfk01 => key removed successfully
mfeavfk01 => service removed successfully
C:\Users\S233864\VaCtZ9s0gUfnBqzh\JKbi.exe => moved successfully
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe => moved successfully
C:\Users\S233864\lpxgrjeZv9UVUoDk\ScVO.exe => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Able2Extract Professional 10.0 Dispatcher => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Anywhere => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Anywhere => value removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\Conferencing App => key removed successfully
C:\Program Files (x86)\Conferencing Appshare Plugin\NPAPI\npANWShare25.dll => moved successfully
C:\Users\S233864\AppData\onedrivetest => moved successfully
C:\Users\S233864\lpxgrjeZv9UVUoDk\ScVO.exe => not found.
C:\Users\S233864\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cDWAACKHFfaW.lnk => moved successfully
C:\Users\S233864\VaCtZ9s0gUfnBqzh\JKbi.exe => not found.
C:\Users\S233864\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iBaNCNIhdEVH.lnk => moved successfully
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13270449 B
Java, Flash, Steam htmlcache => 741 B
Windows/system/drivers => 227312 B
Edge => 0 B
Chrome => 183279779 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 67007 B
systemprofile32 => 67686 B
LocalService => 128 B
NetworkService => 0 B
S233864 => 209540297 B
A102672 => 776039 B
A103185 => 774967 B
w99amaz0 => 3791684 B
RecycleBin => 0 B
EmptyTemp: => 400.8 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 13:19:36 ====
Ran by s233864 (26-01-2017 13:18:56) Run:1
Running from C:\Users\S233864\Desktop
Loaded Profiles: s233864 (Available Profiles: s233864)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
GroupPolicy: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1014176260-98930707-4043447730-223147\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1014176260-98930707-4043447730-223147\...\ChromeHTML: -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) <==== ATTENTION
U2 ERSvc; no ImagePath
U2 IAStorDataMgrsvc; no ImagePath
U2 NIHardwareService; no ImagePath
U2 NVSvc; no ImagePath
U2 Parvdm; no ImagePath
U2 srService; no ImagePath
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
CHR Extension: (No Name) - C:\Users\S233864\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-03]
CHR Extension: (No Name) - C:\Users\S233864\AppData\Local\Google\Chrome\User Data\Default\Extensions\akimgimeeoiognljlfchpbkpfbmeapkh [2016-10-03]
CHR Extension: (No Name) - C:\Users\S233864\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-03]
CHR Extension: (No Name) - C:\Users\S233864\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-03]
CHR Extension: (No Name) - C:\Users\S233864\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-03]
CHR Extension: (No Name) - C:\Users\S233864\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2016-11-16]
CHR Extension: (No Name) - C:\Users\S233864\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-03]
U3 mfeavfk01; no ImagePath
C:\Users\S233864\VaCtZ9s0gUfnBqzh\JKbi.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
C:\Users\S233864\lpxgrjeZv9UVUoDk\ScVO.exe
HKLM\...\Run: [Able2Extract Professional 10.0 Dispatcher] => C:\Program Files\Investintech.com Inc\Able2Extract Professional 10.0\Able2ExtractPro.PrnDisp.exe [5274472 2016-01-28] (Investintech.com Inc.)
HKLM\...\Run: [Anywhere] => rundll32.exe C:\Program Files (x86)\Conferencing Appshare Plugin\Internet Explorer\64\ANWShare25.dll,InitAppshare
HKLM-x32\...\Run: [Anywhere] => rundll32.exe C:\Program Files (x86)\Conferencing Appshare Plugin\Internet Explorer\32\ANWShare25.dll,InitAppshare
FF Plugin-x32: Conferencing App -> C:\Program Files (x86)\Conferencing Appshare Plugin\NPAPI\npANWShare25.dll [2016-06-14] (Conferencing App)
2017-01-03 09:51 - 2017-01-03 09:51 - 00000000 ____D C:\Users\S233864\AppData\onedrivetest
ShortcutTarget: iBaNCNIhdEVH.lnk -> C:\Users\S233864\lpxgrjeZv9UVUoDk\ScVO.exe (AutoIt Team)
Startup: C:\Users\S233864\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cDWAACKHFfaW.lnk [2016-11-01]
ShortcutTarget: cDWAACKHFfaW.lnk -> C:\Users\S233864\VaCtZ9s0gUfnBqzh\JKbi.exe (AutoIt Team)
Startup: C:\Users\S233864\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iBaNCNIhdEVH.lnk [2016-10-31]
EmptyTemp:
end
*****************
Restore point was successfully created.
Processes closed successfully.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Google => key removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\S-1-5-21-1014176260-98930707-4043447730-223147\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\S-1-5-21-1014176260-98930707-4043447730-223147_Classes\ChromeHTML => key removed successfully
HKLM\System\CurrentControlSet\Services\ERSvc => key removed successfully
ERSvc => service removed successfully
HKLM\System\CurrentControlSet\Services\IAStorDataMgrsvc => key removed successfully
IAStorDataMgrsvc => service removed successfully
HKLM\System\CurrentControlSet\Services\NIHardwareService => key removed successfully
NIHardwareService => service removed successfully
HKLM\System\CurrentControlSet\Services\NVSvc => key removed successfully
NVSvc => service removed successfully
HKLM\System\CurrentControlSet\Services\Parvdm => key removed successfully
Parvdm => service removed successfully
HKLM\System\CurrentControlSet\Services\srService => key removed successfully
srService => service removed successfully
HKLM\System\CurrentControlSet\Services\VGPU => key removed successfully
VGPU => service removed successfully
C:\Users\S233864\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek => moved successfully
C:\Users\S233864\AppData\Local\Google\Chrome\User Data\Default\Extensions\akimgimeeoiognljlfchpbkpfbmeapkh => moved successfully
C:\Users\S233864\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake => moved successfully
C:\Users\S233864\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf => moved successfully
C:\Users\S233864\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi => moved successfully
C:\Users\S233864\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh => moved successfully
C:\Users\S233864\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia => moved successfully
HKLM\System\CurrentControlSet\Services\mfeavfk01 => key removed successfully
mfeavfk01 => service removed successfully
C:\Users\S233864\VaCtZ9s0gUfnBqzh\JKbi.exe => moved successfully
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe => moved successfully
C:\Users\S233864\lpxgrjeZv9UVUoDk\ScVO.exe => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Able2Extract Professional 10.0 Dispatcher => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Anywhere => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Anywhere => value removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\Conferencing App => key removed successfully
C:\Program Files (x86)\Conferencing Appshare Plugin\NPAPI\npANWShare25.dll => moved successfully
C:\Users\S233864\AppData\onedrivetest => moved successfully
C:\Users\S233864\lpxgrjeZv9UVUoDk\ScVO.exe => not found.
C:\Users\S233864\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cDWAACKHFfaW.lnk => moved successfully
C:\Users\S233864\VaCtZ9s0gUfnBqzh\JKbi.exe => not found.
C:\Users\S233864\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iBaNCNIhdEVH.lnk => moved successfully
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13270449 B
Java, Flash, Steam htmlcache => 741 B
Windows/system/drivers => 227312 B
Edge => 0 B
Chrome => 183279779 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 67007 B
systemprofile32 => 67686 B
LocalService => 128 B
NetworkService => 0 B
S233864 => 209540297 B
A102672 => 776039 B
A103185 => 774967 B
w99amaz0 => 3791684 B
RecycleBin => 0 B
EmptyTemp: => 400.8 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 13:19:36 ====