cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Fix result of Farbar Recovery Scan Tool (x64) Version: 16-11-2017
Ran by Mohd and Bayan (17-11-2017 13:15:41) Run:1
Running from C:\Users\Mohd and Bayan\Desktop
Loaded Profiles: Mohd and Bayan (Available Profiles: Mohd and Bayan)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
RemoveProxy:

HKU\S-1-5-21-1360484886-3019900457-2137984265-1000\...\Run: [CheckNewAge] => C:\Windows\system32\cmd.exe /c start C:\BrowserUpdater\Rad.exe "C:\BrowserUpdater\newage.tnt" & exit
HKU\S-1-5-21-1360484886-3019900457-2137984265-1000\...\Run: [Bitdefender Wallet Agent] => "C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe"
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1360484886-3019900457-2137984265-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1360484886-3019900457-2137984265-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-1360484886-3019900457-2137984265-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1360484886-3019900457-2137984265-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1360484886-3019900457-2137984265-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://maktoob.search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10181_1255_161119__yaie&p={searchTerms}
BHO-x32: No Name -> {D5FEC983-01DB-414a-9456-AF95AC9ED7B5} -> No File
Toolbar: HKU\S-1-5-21-1360484886-3019900457-2137984265-1000 -> No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - No File
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\nahd6ha2.default -> Bing
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\nahd6ha2.default -> Bing
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR DefaultProfile: Default
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR StartupUrls: Default -> "hxxp://www.facebook.com/","hxxp://twitter.com/","hxxp://google.ae/","hxxp://www.youtube.com/"
CHR DefaultSearchURL: Default -> hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_popjar_15_53_newdop�m1=1�m2=f%3D4%26b%3DChrome%26cc%3Dps%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0AtDtC0DyEzz0B0FtAyE0D0BtByEtB0EtN0D0Tzu0StCyEyCtCtN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StC0B0BtAyDtA0AyDtGtByC0AyBtG0FtAtByEtGyCyEyByEtG0E0EtD0DtByDyB0CtBtDyEzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtDtAyDtB0AyDyDtGtAyC0CtDtGyEzz0AyEtGzz0EyDtDtG0FzyyD0EyEyEyDtDyCyD0FtD2QtN0A0LzutD%26cr%3D643771636%26a%3Dwny_popjar_15_53_newdop%26os%3DWindows%2B7%2BProfessional&p={searchTerms}
CHR DefaultSearchKeyword: Default -> search provided by yahoo.com
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
S3 catchme; \??\C:\ComboFix_2\catchme.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
HKU\S-1-5-21-1360484886-3019900457-2137984265-1000\...\Run: [BingSvc] => C:\Users\Mohd and Bayan\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (� 2015 Microsoft Corporation)






CMD: netsh winsock reset all
CMD: ipconfig /flushdns
hosts:
EmptyTemp:
Reboot:
end
*****************

Restore point was successfully created.
Processes closed successfully.

========= RemoveProxy: =========

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\S-1-5-21-1360484886-3019900457-2137984265-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1360484886-3019900457-2137984265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1360484886-3019900457-2137984265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========

HKU\S-1-5-21-1360484886-3019900457-2137984265-1000\Software\Microsoft\Windows\CurrentVersion\Run\\CheckNewAge => value removed successfully
HKU\S-1-5-21-1360484886-3019900457-2137984265-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Bitdefender Wallet Agent => value removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully
HKU\S-1-5-21-1360484886-3019900457-2137984265-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-1360484886-3019900457-2137984265-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-1360484886-3019900457-2137984265-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-1360484886-3019900457-2137984265-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\S-1-5-21-1360484886-3019900457-2137984265-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353} => key removed successfully
HKLM\Software\Classes\CLSID\{C0C3A6C6-03BC-4195-8FCB-AEA091301353} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5FEC983-01DB-414a-9456-AF95AC9ED7B5} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{D5FEC983-01DB-414a-9456-AF95AC9ED7B5} => key not found.
HKU\S-1-5-21-1360484886-3019900457-2137984265-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} => value removed successfully
HKLM\Software\Classes\CLSID\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} => key not found.
Firefox DefaultSearchEngine removed successfully
Firefox SelectedSearchEngine removed successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
CHR DefaultProfile: Default => Error: No automatic fix found for this entry.
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
Chrome DefaultSuggestURL => removed successfully
HKLM\System\CurrentControlSet\Services\catchme => key removed successfully
catchme => service removed successfully
HKLM\System\CurrentControlSet\Services\dbx => key removed successfully
dbx => service removed successfully
HKU\S-1-5-21-1360484886-3019900457-2137984265-1000\Software\Microsoft\Windows\CurrentVersion\Run\\BingSvc => value removed successfully

========= netsh winsock reset all =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 15394546 B
Java, Flash, Steam htmlcache => 524 B
Windows/system/drivers => 5038 B
Edge => 0 B
Chrome => 2274065 B
Firefox => 11042775 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 33125 B
Public => 0 B
ProgramData => 0 B
systemprofile => 58504039 B
systemprofile32 => 72006 B
LocalService => 66228 B
NetworkService => 104316 B
Mohd and Bayan => 139322427 B

RecycleBin => 0 B
EmptyTemp: => 224.3 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 13:16:32 ====

Publicité


Signaler le contenu de ce document

Publicité