Publicité
Publicité
Format du document : text/plain
Prévisualisation
Fix result of Farbar Recovery Scan Tool (x64) Version: 18-02-2017
Ran by MONSTER (18-02-2017 09:13:04) Run:1
Running from C:\Users\MONSTER\Desktop
Loaded Profiles: MONSTER (Available Profiles: defaultuser1 & MONSTER)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
() C:\Windows\Temp\gB524.tmp.exe
HKLM\...\RunOnce: [wd] => C:\Windows\TEMP\gB524.tmp.exe [248320 2017-02-17] ()
SearchScopes: HKU\S-1-5-21-3888481642-677613265-3218227817-1002 -> DefaultScope {8C3078A0-9AAB-4371-85D1-656CA8E46EE8} URL = hxxps://yandex.com.tr/search/?text={searchTerms}&clid=2233630
SearchScopes: HKU\S-1-5-21-3888481642-677613265-3218227817-1002 -> {8C3078A0-9AAB-4371-85D1-656CA8E46EE8} URL = hxxps://yandex.com.tr/search/?text={searchTerms}&clid=2233630
S3 catchme; \??\C:\Users\MONSTER\AppData\Local\Temp\catchme.sys [X]
2017-02-12 10:42 - 2017-02-17 21:38 - 00000000 ___HD C:\ProgramData\8958l50A34c720
2017-02-12 10:42 - 2017-02-12 10:42 - 00016812 _____ C:\Windows\System32\Tasks\8958l50A34c720
C:\Windows\TEMP\gB524.tmp.exe
Task: {84285716-C276-4AD0-B436-FAA67EE259FF} - System32\Tasks\8958l50A34c720 => Rundll32.exe "C:\ProgramData\8958l50A34c720\8958l50A34c720.dll",lAcqxFh
2017-02-12 10:42 - 2014-03-22 12:34 - 02997760 _____ () C:\ProgramData\8958l50A34c720\8958l50A34c720.dll
2017-02-17 21:42 - 2017-02-17 21:42 - 03288576 _____ () C:\Windows\TEMP\g4FAF.tmp
2017-02-17 21:41 - 2017-02-17 21:41 - 00248320 _____ () C:\Windows\TEMP\gB524.tmp.exe
FirewallRules: [{FA2548A3-D0F3-49D4-94F6-73D938C9CE00}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{A9119291-A62D-40B3-BA6D-7CFB3D527622}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{265181B9-3151-4AF5-9CBE-D54A0922A95D}] => (Allow) C:\Windows\System32\rundll32.exe
EmptyTemp:
end
*****************
Restore point was successfully created.
Processes closed successfully.
C:\Windows\Temp\gB524.tmp.exe => No running process found
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\wd => value not found.
HKU\S-1-5-21-3888481642-677613265-3218227817-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-3888481642-677613265-3218227817-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8} => key removed successfully
HKCR\CLSID\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8} => key not found.
HKLM\System\CurrentControlSet\Services\catchme => key removed successfully
catchme => service removed successfully
C:\ProgramData\8958l50A34c720 => moved successfully
C:\Windows\System32\Tasks\8958l50A34c720 => moved successfully
C:\Windows\TEMP\gB524.tmp.exe => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{84285716-C276-4AD0-B436-FAA67EE259FF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84285716-C276-4AD0-B436-FAA67EE259FF} => key removed successfully
C:\Windows\System32\Tasks\8958l50A34c720 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\8958l50A34c720 => key removed successfully
"C:\ProgramData\8958l50A34c720\8958l50A34c720.dll" => not found.
C:\Windows\TEMP\g4FAF.tmp => moved successfully
"C:\Windows\TEMP\gB524.tmp.exe" => not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FA2548A3-D0F3-49D4-94F6-73D938C9CE00} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A9119291-A62D-40B3-BA6D-7CFB3D527622} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{265181B9-3151-4AF5-9CBE-D54A0922A95D} => value not found.
=========== EmptyTemp: ==========
BITS transfer queue => 3622852 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 105836225 B
Java, Flash, Steam htmlcache => 463570266 B
Windows/system/drivers => 16290544 B
Edge => 156501971 B
Chrome => 353016819 B
Firefox => 11517895 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 50022 B
NetworkService => 128 B
defaultuser1 => 128 B
MONSTER => 17800886 B
RecycleBin => 5365664 B
EmptyTemp: => 1.1 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 09:13:18 ====
Ran by MONSTER (18-02-2017 09:13:04) Run:1
Running from C:\Users\MONSTER\Desktop
Loaded Profiles: MONSTER (Available Profiles: defaultuser1 & MONSTER)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
() C:\Windows\Temp\gB524.tmp.exe
HKLM\...\RunOnce: [wd] => C:\Windows\TEMP\gB524.tmp.exe [248320 2017-02-17] ()
SearchScopes: HKU\S-1-5-21-3888481642-677613265-3218227817-1002 -> DefaultScope {8C3078A0-9AAB-4371-85D1-656CA8E46EE8} URL = hxxps://yandex.com.tr/search/?text={searchTerms}&clid=2233630
SearchScopes: HKU\S-1-5-21-3888481642-677613265-3218227817-1002 -> {8C3078A0-9AAB-4371-85D1-656CA8E46EE8} URL = hxxps://yandex.com.tr/search/?text={searchTerms}&clid=2233630
S3 catchme; \??\C:\Users\MONSTER\AppData\Local\Temp\catchme.sys [X]
2017-02-12 10:42 - 2017-02-17 21:38 - 00000000 ___HD C:\ProgramData\8958l50A34c720
2017-02-12 10:42 - 2017-02-12 10:42 - 00016812 _____ C:\Windows\System32\Tasks\8958l50A34c720
C:\Windows\TEMP\gB524.tmp.exe
Task: {84285716-C276-4AD0-B436-FAA67EE259FF} - System32\Tasks\8958l50A34c720 => Rundll32.exe "C:\ProgramData\8958l50A34c720\8958l50A34c720.dll",lAcqxFh
2017-02-12 10:42 - 2014-03-22 12:34 - 02997760 _____ () C:\ProgramData\8958l50A34c720\8958l50A34c720.dll
2017-02-17 21:42 - 2017-02-17 21:42 - 03288576 _____ () C:\Windows\TEMP\g4FAF.tmp
2017-02-17 21:41 - 2017-02-17 21:41 - 00248320 _____ () C:\Windows\TEMP\gB524.tmp.exe
FirewallRules: [{FA2548A3-D0F3-49D4-94F6-73D938C9CE00}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{A9119291-A62D-40B3-BA6D-7CFB3D527622}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{265181B9-3151-4AF5-9CBE-D54A0922A95D}] => (Allow) C:\Windows\System32\rundll32.exe
EmptyTemp:
end
*****************
Restore point was successfully created.
Processes closed successfully.
C:\Windows\Temp\gB524.tmp.exe => No running process found
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\wd => value not found.
HKU\S-1-5-21-3888481642-677613265-3218227817-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-3888481642-677613265-3218227817-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8} => key removed successfully
HKCR\CLSID\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8} => key not found.
HKLM\System\CurrentControlSet\Services\catchme => key removed successfully
catchme => service removed successfully
C:\ProgramData\8958l50A34c720 => moved successfully
C:\Windows\System32\Tasks\8958l50A34c720 => moved successfully
C:\Windows\TEMP\gB524.tmp.exe => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{84285716-C276-4AD0-B436-FAA67EE259FF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84285716-C276-4AD0-B436-FAA67EE259FF} => key removed successfully
C:\Windows\System32\Tasks\8958l50A34c720 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\8958l50A34c720 => key removed successfully
"C:\ProgramData\8958l50A34c720\8958l50A34c720.dll" => not found.
C:\Windows\TEMP\g4FAF.tmp => moved successfully
"C:\Windows\TEMP\gB524.tmp.exe" => not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FA2548A3-D0F3-49D4-94F6-73D938C9CE00} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A9119291-A62D-40B3-BA6D-7CFB3D527622} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{265181B9-3151-4AF5-9CBE-D54A0922A95D} => value not found.
=========== EmptyTemp: ==========
BITS transfer queue => 3622852 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 105836225 B
Java, Flash, Steam htmlcache => 463570266 B
Windows/system/drivers => 16290544 B
Edge => 156501971 B
Chrome => 353016819 B
Firefox => 11517895 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 50022 B
NetworkService => 128 B
defaultuser1 => 128 B
MONSTER => 17800886 B
RecycleBin => 5365664 B
EmptyTemp: => 1.1 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 09:13:18 ====