Publicité
Publicité
Format du document : text/plain
Prévisualisation
Fix result of Farbar Recovery Scan Tool (x64) Version: 20-06-2016 01
Ran by Hamza (2016-06-23 15:44:36) Run:1
Running from C:\Users\Hamza\Desktop
Loaded Profiles: Hamza (Available Profiles: Hamza & Elamr & Administrator & Guest)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
RemoveProxy:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-518511124-2112986350-859192497-1001\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-518511124-2112986350-859192497-1001\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-518511124-2112986350-859192497-1001\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-518511124-2112986350-859192497-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-518511124-2112986350-859192497-1001\...\MountPoints2: {16a42400-2e5c-11e6-8453-001e101f0164} - "E:\AutoRun.exe"
HKU\S-1-5-21-518511124-2112986350-859192497-1001\...\MountPoints2: {28ee51fd-0d82-11e6-8429-645a044d5063} - "E:\AutoRun.exe"
HKU\S-1-5-21-518511124-2112986350-859192497-1001\...\MountPoints2: {8c83d1ce-cb0c-11e4-826e-645a044d5064} - "E:\AutoRun.exe"
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-518511124-2112986350-859192497-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-518511124-2112986350-859192497-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://mystart.toshiba.com
HKU\S-1-5-21-518511124-2112986350-859192497-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
URLSearchHook: [S-1-5-21-518511124-2112986350-859192497-1001] ATTENTION => Default URLSearchHook is missing
S3 catchme; \??\C:\Users\Hamza\AppData\Local\Temp\catchme.sys [X]
2016-05-31 22:30 - 2016-05-31 22:30 - 00000000 _SHDL C:\Users\Elamr\My Documents
2016-05-31 22:30 - 2016-05-31 22:30 - 00000000 _SHDL C:\Users\Elamr\Documents\My Videos
2016-05-31 22:30 - 2016-05-31 22:30 - 00000000 _SHDL C:\Users\Elamr\Documents\My Pictures
2016-05-31 22:30 - 2016-05-31 22:30 - 00000000 _SHDL C:\Users\Elamr\Documents\My Music
Task: {084A47F8-F644-43A0-B330-043E128C27DA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {12B10F39-4DD6-4554-9BDF-DAF81497899C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {243B511E-25DD-4E23-A6C6-350356404049} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {628D4C64-C897-4C27-9974-9C6FC56E3201} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {6E20F80E-34EC-47BC-918D-A9455DAA4FD0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {ABD33CDC-DB94-428A-804A-08862413E952} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {AC0A4796-3E55-415A-AF0C-B4FDF501E589} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {BE7E222E-653A-4142-83CB-CACA163D1E13} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {BFAFBE3D-03AA-422F-8B79-089446AB69F9} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {EBB99341-184B-4EE2-BA84-230F0DDA11EC} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {F19D18CE-55F8-47EB-ACD6-C30A33470F23} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
CMD: netsh winsock reset all
CMD: ipconfig /flushdns
hosts:
EmptyTemp:
Reboot:
end
*****************
Restore point was successfully created.
Processes closed successfully.
========= RemoveProxy: =========
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-518511124-2112986350-859192497-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-518511124-2112986350-859192497-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
========= End of RemoveProxy: =========
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-518511124-2112986350-859192497-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\LinkResolveIgnoreLinkInfo => value removed successfully
HKU\S-1-5-21-518511124-2112986350-859192497-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => value removed successfully
HKU\S-1-5-21-518511124-2112986350-859192497-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoInternetOpenWith => value removed successfully
HKU\S-1-5-21-518511124-2112986350-859192497-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLowDiskSpaceChecks => value removed successfully
"HKU\S-1-5-21-518511124-2112986350-859192497-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16a42400-2e5c-11e6-8453-001e101f0164}" => key removed successfully
HKCR\CLSID\{16a42400-2e5c-11e6-8453-001e101f0164} => key not found.
"HKU\S-1-5-21-518511124-2112986350-859192497-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{28ee51fd-0d82-11e6-8429-645a044d5063}" => key removed successfully
HKCR\CLSID\{28ee51fd-0d82-11e6-8429-645a044d5063} => key not found.
"HKU\S-1-5-21-518511124-2112986350-859192497-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c83d1ce-cb0c-11e4-826e-645a044d5064}" => key removed successfully
HKCR\CLSID\{8c83d1ce-cb0c-11e4-826e-645a044d5064} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending" => key removed successfully
HKCR\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced" => key removed successfully
HKCR\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing" => key removed successfully
HKCR\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending" => key removed successfully
HKCR\Wow6432Node\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced" => key removed successfully
HKCR\Wow6432Node\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing" => key removed successfully
HKCR\Wow6432Node\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key not found.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-518511124-2112986350-859192497-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-518511124-2112986350-859192497-1001\Software\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL => value removed successfully
HKU\S-1-5-21-518511124-2112986350-859192497-1001\Software\Microsoft\Internet Explorer\Main\\Search Bar => value removed successfully
Could not restore Default URLSearchHook.
catchme => service removed successfully
Symbolic link found: "C:\Users\Elamr\My Documents" => "C:\Users\Elamr\Documents"
"C:\Users\Elamr\My Documents" => Symbolic link removed successfully
C:\Users\Elamr\My Documents => moved successfully
Symbolic link found: "C:\Users\Elamr\Documents\My Videos" => "C:\Users\Elamr\Videos"
"C:\Users\Elamr\Documents\My Videos" => Symbolic link removed successfully
C:\Users\Elamr\Documents\My Videos => moved successfully
Symbolic link found: "C:\Users\Elamr\Documents\My Pictures" => "C:\Users\Elamr\Pictures"
"C:\Users\Elamr\Documents\My Pictures" => Symbolic link removed successfully
C:\Users\Elamr\Documents\My Pictures => moved successfully
Symbolic link found: "C:\Users\Elamr\Documents\My Music" => "C:\Users\Elamr\Music"
"C:\Users\Elamr\Documents\My Music" => Symbolic link removed successfully
C:\Users\Elamr\Documents\My Music => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{084A47F8-F644-43A0-B330-043E128C27DA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{084A47F8-F644-43A0-B330-043E128C27DA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{12B10F39-4DD6-4554-9BDF-DAF81497899C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{12B10F39-4DD6-4554-9BDF-DAF81497899C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{243B511E-25DD-4E23-A6C6-350356404049}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{243B511E-25DD-4E23-A6C6-350356404049}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{628D4C64-C897-4C27-9974-9C6FC56E3201}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{628D4C64-C897-4C27-9974-9C6FC56E3201}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6E20F80E-34EC-47BC-918D-A9455DAA4FD0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E20F80E-34EC-47BC-918D-A9455DAA4FD0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{ABD33CDC-DB94-428A-804A-08862413E952}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ABD33CDC-DB94-428A-804A-08862413E952}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC0A4796-3E55-415A-AF0C-B4FDF501E589}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC0A4796-3E55-415A-AF0C-B4FDF501E589}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BE7E222E-653A-4142-83CB-CACA163D1E13}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE7E222E-653A-4142-83CB-CACA163D1E13}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BFAFBE3D-03AA-422F-8B79-089446AB69F9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BFAFBE3D-03AA-422F-8B79-089446AB69F9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EBB99341-184B-4EE2-BA84-230F0DDA11EC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EBB99341-184B-4EE2-BA84-230F0DDA11EC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F19D18CE-55F8-47EB-ACD6-C30A33470F23}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F19D18CE-55F8-47EB-ACD6-C30A33470F23}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
========= netsh winsock reset all =========
Le catalogue Winsock a �t� r�initialis� correctement.
Vous devez red�marrer l'ordinateur afin de finaliser la r�initialisation.
========= End of CMD: =========
========= ipconfig /flushdns =========
Configuration IP de Windows
Cache de r�solution DNS vid�.
========= End of CMD: =========
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
=========== EmptyTemp: ==========
BITS transfer queue => 1530787 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 37755093 B
Java, Flash, Steam htmlcache => 1002 B
Windows/system/drivers => 240841428 B
Edge => 2957 B
Chrome => 315135485 B
Firefox => 23991189 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 181264 B
NetworkService => 3584 B
Hamza => 5205257 B
Elamr => 647492 B
Administrator => 12266 B
Guest => 62228 B
RecycleBin => 2881 B
EmptyTemp: => 596.4 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 15:46:59 ====
Ran by Hamza (2016-06-23 15:44:36) Run:1
Running from C:\Users\Hamza\Desktop
Loaded Profiles: Hamza (Available Profiles: Hamza & Elamr & Administrator & Guest)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
RemoveProxy:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-518511124-2112986350-859192497-1001\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-518511124-2112986350-859192497-1001\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-518511124-2112986350-859192497-1001\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-518511124-2112986350-859192497-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-518511124-2112986350-859192497-1001\...\MountPoints2: {16a42400-2e5c-11e6-8453-001e101f0164} - "E:\AutoRun.exe"
HKU\S-1-5-21-518511124-2112986350-859192497-1001\...\MountPoints2: {28ee51fd-0d82-11e6-8429-645a044d5063} - "E:\AutoRun.exe"
HKU\S-1-5-21-518511124-2112986350-859192497-1001\...\MountPoints2: {8c83d1ce-cb0c-11e4-826e-645a044d5064} - "E:\AutoRun.exe"
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-518511124-2112986350-859192497-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-518511124-2112986350-859192497-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://mystart.toshiba.com
HKU\S-1-5-21-518511124-2112986350-859192497-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
URLSearchHook: [S-1-5-21-518511124-2112986350-859192497-1001] ATTENTION => Default URLSearchHook is missing
S3 catchme; \??\C:\Users\Hamza\AppData\Local\Temp\catchme.sys [X]
2016-05-31 22:30 - 2016-05-31 22:30 - 00000000 _SHDL C:\Users\Elamr\My Documents
2016-05-31 22:30 - 2016-05-31 22:30 - 00000000 _SHDL C:\Users\Elamr\Documents\My Videos
2016-05-31 22:30 - 2016-05-31 22:30 - 00000000 _SHDL C:\Users\Elamr\Documents\My Pictures
2016-05-31 22:30 - 2016-05-31 22:30 - 00000000 _SHDL C:\Users\Elamr\Documents\My Music
Task: {084A47F8-F644-43A0-B330-043E128C27DA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {12B10F39-4DD6-4554-9BDF-DAF81497899C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {243B511E-25DD-4E23-A6C6-350356404049} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {628D4C64-C897-4C27-9974-9C6FC56E3201} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {6E20F80E-34EC-47BC-918D-A9455DAA4FD0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {ABD33CDC-DB94-428A-804A-08862413E952} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {AC0A4796-3E55-415A-AF0C-B4FDF501E589} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {BE7E222E-653A-4142-83CB-CACA163D1E13} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {BFAFBE3D-03AA-422F-8B79-089446AB69F9} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {EBB99341-184B-4EE2-BA84-230F0DDA11EC} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {F19D18CE-55F8-47EB-ACD6-C30A33470F23} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
CMD: netsh winsock reset all
CMD: ipconfig /flushdns
hosts:
EmptyTemp:
Reboot:
end
*****************
Restore point was successfully created.
Processes closed successfully.
========= RemoveProxy: =========
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-518511124-2112986350-859192497-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-518511124-2112986350-859192497-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
========= End of RemoveProxy: =========
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-518511124-2112986350-859192497-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\LinkResolveIgnoreLinkInfo => value removed successfully
HKU\S-1-5-21-518511124-2112986350-859192497-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => value removed successfully
HKU\S-1-5-21-518511124-2112986350-859192497-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoInternetOpenWith => value removed successfully
HKU\S-1-5-21-518511124-2112986350-859192497-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLowDiskSpaceChecks => value removed successfully
"HKU\S-1-5-21-518511124-2112986350-859192497-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16a42400-2e5c-11e6-8453-001e101f0164}" => key removed successfully
HKCR\CLSID\{16a42400-2e5c-11e6-8453-001e101f0164} => key not found.
"HKU\S-1-5-21-518511124-2112986350-859192497-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{28ee51fd-0d82-11e6-8429-645a044d5063}" => key removed successfully
HKCR\CLSID\{28ee51fd-0d82-11e6-8429-645a044d5063} => key not found.
"HKU\S-1-5-21-518511124-2112986350-859192497-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c83d1ce-cb0c-11e4-826e-645a044d5064}" => key removed successfully
HKCR\CLSID\{8c83d1ce-cb0c-11e4-826e-645a044d5064} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending" => key removed successfully
HKCR\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced" => key removed successfully
HKCR\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing" => key removed successfully
HKCR\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending" => key removed successfully
HKCR\Wow6432Node\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced" => key removed successfully
HKCR\Wow6432Node\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing" => key removed successfully
HKCR\Wow6432Node\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key not found.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-518511124-2112986350-859192497-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-518511124-2112986350-859192497-1001\Software\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL => value removed successfully
HKU\S-1-5-21-518511124-2112986350-859192497-1001\Software\Microsoft\Internet Explorer\Main\\Search Bar => value removed successfully
Could not restore Default URLSearchHook.
catchme => service removed successfully
Symbolic link found: "C:\Users\Elamr\My Documents" => "C:\Users\Elamr\Documents"
"C:\Users\Elamr\My Documents" => Symbolic link removed successfully
C:\Users\Elamr\My Documents => moved successfully
Symbolic link found: "C:\Users\Elamr\Documents\My Videos" => "C:\Users\Elamr\Videos"
"C:\Users\Elamr\Documents\My Videos" => Symbolic link removed successfully
C:\Users\Elamr\Documents\My Videos => moved successfully
Symbolic link found: "C:\Users\Elamr\Documents\My Pictures" => "C:\Users\Elamr\Pictures"
"C:\Users\Elamr\Documents\My Pictures" => Symbolic link removed successfully
C:\Users\Elamr\Documents\My Pictures => moved successfully
Symbolic link found: "C:\Users\Elamr\Documents\My Music" => "C:\Users\Elamr\Music"
"C:\Users\Elamr\Documents\My Music" => Symbolic link removed successfully
C:\Users\Elamr\Documents\My Music => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{084A47F8-F644-43A0-B330-043E128C27DA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{084A47F8-F644-43A0-B330-043E128C27DA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{12B10F39-4DD6-4554-9BDF-DAF81497899C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{12B10F39-4DD6-4554-9BDF-DAF81497899C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{243B511E-25DD-4E23-A6C6-350356404049}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{243B511E-25DD-4E23-A6C6-350356404049}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{628D4C64-C897-4C27-9974-9C6FC56E3201}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{628D4C64-C897-4C27-9974-9C6FC56E3201}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6E20F80E-34EC-47BC-918D-A9455DAA4FD0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E20F80E-34EC-47BC-918D-A9455DAA4FD0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{ABD33CDC-DB94-428A-804A-08862413E952}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ABD33CDC-DB94-428A-804A-08862413E952}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC0A4796-3E55-415A-AF0C-B4FDF501E589}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC0A4796-3E55-415A-AF0C-B4FDF501E589}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BE7E222E-653A-4142-83CB-CACA163D1E13}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE7E222E-653A-4142-83CB-CACA163D1E13}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BFAFBE3D-03AA-422F-8B79-089446AB69F9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BFAFBE3D-03AA-422F-8B79-089446AB69F9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EBB99341-184B-4EE2-BA84-230F0DDA11EC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EBB99341-184B-4EE2-BA84-230F0DDA11EC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F19D18CE-55F8-47EB-ACD6-C30A33470F23}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F19D18CE-55F8-47EB-ACD6-C30A33470F23}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
========= netsh winsock reset all =========
Le catalogue Winsock a �t� r�initialis� correctement.
Vous devez red�marrer l'ordinateur afin de finaliser la r�initialisation.
========= End of CMD: =========
========= ipconfig /flushdns =========
Configuration IP de Windows
Cache de r�solution DNS vid�.
========= End of CMD: =========
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
=========== EmptyTemp: ==========
BITS transfer queue => 1530787 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 37755093 B
Java, Flash, Steam htmlcache => 1002 B
Windows/system/drivers => 240841428 B
Edge => 2957 B
Chrome => 315135485 B
Firefox => 23991189 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 181264 B
NetworkService => 3584 B
Hamza => 5205257 B
Elamr => 647492 B
Administrator => 12266 B
Guest => 62228 B
RecycleBin => 2881 B
EmptyTemp: => 596.4 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 15:46:59 ====