Publicité
Publicité
Format du document : text/plain
Prévisualisation
Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by mohamed (19-03-2018 07:27:10) Run:1
Running from C:\Users\mohamed\Desktop
Loaded Profiles: mohamed (Available Profiles: mohamed & moha)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
RemoveProxy:
HKU\S-1-5-21-3544706222-1499703263-3937389962-1000\...\Policies\Explorer: []
HKU\S-1-5-21-3544706222-1499703263-3937389962-1000\...\MountPoints2: {0fa1e872-7a7a-11e7-b821-b82a72aa285d} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3544706222-1499703263-3937389962-1000\...\MountPoints2: {f580b47b-7a76-11e6-b728-b82a72aa285d} - "G:\SISetup.exe"
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => No File
ShortcutTarget: WizIQ Desktop.lnk -> C:\Program Files (x86)\WizIQ Desktop\WizIQ Desktop.exe ()
GroupPolicy: Restriction <==== ATTENTION
BHO: No Name -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> No File
BHO-x32: No Name -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> No File
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [No File]
StartMenuInternet: Google Chrome.6YVD3SAXKUMUCUYPYGWUIFT3OQ - C:\Users\mohamed\AppData\Local\Google\Chrome\Application\chrome.exe
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => -> No File
ContextMenuHandlers3-x32: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {9ADC4F4E-F9B6-46B2-BD34-96325EFDD430} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {FA6B4797-77E8-4695-BA9D-8649F517C1D7} - System32\Tasks\{19CE17E5-7E37-48D4-9ECD-7B7ABE71A747} => C:\Windows\system32\pcalua.exe -a C:\Users\mohamed\AppData\Local\Temp\jre-8u66-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
CMD: netsh winsock reset all
CMD: ipconfig /flushdns
hosts:
EmptyTemp:
Reboot:
end
*****************
Restore point was successfully created.
Processes closed successfully.
========= RemoveProxy: =========
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-3544706222-1499703263-3937389962-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-3544706222-1499703263-3937389962-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
========= End of RemoveProxy: =========
"HKU\S-1-5-21-3544706222-1499703263-3937389962-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\" => removed successfully
"HKU\S-1-5-21-3544706222-1499703263-3937389962-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0fa1e872-7a7a-11e7-b821-b82a72aa285d}" => removed successfully
HKLM\Software\Classes\CLSID\{0fa1e872-7a7a-11e7-b821-b82a72aa285d} => not found
"HKU\S-1-5-21-3544706222-1499703263-3937389962-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f580b47b-7a76-11e6-b728-b82a72aa285d}" => removed successfully
HKLM\Software\Classes\CLSID\{f580b47b-7a76-11e6-b728-b82a72aa285d} => not found
"C:\Windows\system32\nvinitx.dll" => Value data removed successfully
C:\Program Files => FRST is scripted not to move this directory.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}" => removed successfully
"HKLM\Software\Classes\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}" => removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0" => removed successfully
HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome.6YVD3SAXKUMUCUYPYGWUIFT3OQ\shell\open\command\\Default => value restored successfully
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64" => removed successfully
HKLM\Software\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593} => not found
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\SHAREit.FileContextMenuExt" => removed successfully
HKLM\Software\Classes\CLSID\{430BD134-576D-4E75-87CD-0F5C6221A82B} => not found
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => not found
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\SHAREit.FileContextMenuExt" => removed successfully
HKLM\Software\Classes\CLSID\{430BD134-576D-4E75-87CD-0F5C6221A82B} => not found
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets" => removed successfully
HKLM\Software\Classes\CLSID\{6B9228DA-9C15-419e-856C-19E768A13BDC} => not found
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9ADC4F4E-F9B6-46B2-BD34-96325EFDD430}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9ADC4F4E-F9B6-46B2-BD34-96325EFDD430}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA6B4797-77E8-4695-BA9D-8649F517C1D7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA6B4797-77E8-4695-BA9D-8649F517C1D7}" => removed successfully
C:\WINDOWS\System32\Tasks\{19CE17E5-7E37-48D4-9ECD-7B7ABE71A747} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{19CE17E5-7E37-48D4-9ECD-7B7ABE71A747}" => removed successfully
========= netsh winsock reset all =========
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
========= End of CMD: =========
========= ipconfig /flushdns =========
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
=========== EmptyTemp: ==========
BITS transfer queue => 11821056 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 27877560 B
Java, Flash, Steam htmlcache => 1170 B
Windows/system/drivers => 66665757 B
Edge => 3509130 B
Chrome => 478836116 B
Firefox => 58917276 B
Opera => 254976 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 4102 B
NetworkService => 0 B
mohamed => 84358059 B
moha.mohamed-PC => 26054009 B
RecycleBin => 871841 B
EmptyTemp: => 724 MB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 19-03-2018 07:36:53)
Result of scheduled keys to remove after reboot:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.
==== End of Fixlog 07:36:54 ====
Ran by mohamed (19-03-2018 07:27:10) Run:1
Running from C:\Users\mohamed\Desktop
Loaded Profiles: mohamed (Available Profiles: mohamed & moha)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
RemoveProxy:
HKU\S-1-5-21-3544706222-1499703263-3937389962-1000\...\Policies\Explorer: []
HKU\S-1-5-21-3544706222-1499703263-3937389962-1000\...\MountPoints2: {0fa1e872-7a7a-11e7-b821-b82a72aa285d} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3544706222-1499703263-3937389962-1000\...\MountPoints2: {f580b47b-7a76-11e6-b728-b82a72aa285d} - "G:\SISetup.exe"
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => No File
ShortcutTarget: WizIQ Desktop.lnk -> C:\Program Files (x86)\WizIQ Desktop\WizIQ Desktop.exe ()
GroupPolicy: Restriction <==== ATTENTION
BHO: No Name -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> No File
BHO-x32: No Name -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> No File
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [No File]
StartMenuInternet: Google Chrome.6YVD3SAXKUMUCUYPYGWUIFT3OQ - C:\Users\mohamed\AppData\Local\Google\Chrome\Application\chrome.exe
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => -> No File
ContextMenuHandlers3-x32: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {9ADC4F4E-F9B6-46B2-BD34-96325EFDD430} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {FA6B4797-77E8-4695-BA9D-8649F517C1D7} - System32\Tasks\{19CE17E5-7E37-48D4-9ECD-7B7ABE71A747} => C:\Windows\system32\pcalua.exe -a C:\Users\mohamed\AppData\Local\Temp\jre-8u66-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
CMD: netsh winsock reset all
CMD: ipconfig /flushdns
hosts:
EmptyTemp:
Reboot:
end
*****************
Restore point was successfully created.
Processes closed successfully.
========= RemoveProxy: =========
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-3544706222-1499703263-3937389962-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-3544706222-1499703263-3937389962-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
========= End of RemoveProxy: =========
"HKU\S-1-5-21-3544706222-1499703263-3937389962-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\" => removed successfully
"HKU\S-1-5-21-3544706222-1499703263-3937389962-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0fa1e872-7a7a-11e7-b821-b82a72aa285d}" => removed successfully
HKLM\Software\Classes\CLSID\{0fa1e872-7a7a-11e7-b821-b82a72aa285d} => not found
"HKU\S-1-5-21-3544706222-1499703263-3937389962-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f580b47b-7a76-11e6-b728-b82a72aa285d}" => removed successfully
HKLM\Software\Classes\CLSID\{f580b47b-7a76-11e6-b728-b82a72aa285d} => not found
"C:\Windows\system32\nvinitx.dll" => Value data removed successfully
C:\Program Files => FRST is scripted not to move this directory.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}" => removed successfully
"HKLM\Software\Classes\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}" => removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0" => removed successfully
HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome.6YVD3SAXKUMUCUYPYGWUIFT3OQ\shell\open\command\\Default => value restored successfully
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64" => removed successfully
HKLM\Software\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593} => not found
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\SHAREit.FileContextMenuExt" => removed successfully
HKLM\Software\Classes\CLSID\{430BD134-576D-4E75-87CD-0F5C6221A82B} => not found
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => not found
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\SHAREit.FileContextMenuExt" => removed successfully
HKLM\Software\Classes\CLSID\{430BD134-576D-4E75-87CD-0F5C6221A82B} => not found
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets" => removed successfully
HKLM\Software\Classes\CLSID\{6B9228DA-9C15-419e-856C-19E768A13BDC} => not found
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9ADC4F4E-F9B6-46B2-BD34-96325EFDD430}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9ADC4F4E-F9B6-46B2-BD34-96325EFDD430}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA6B4797-77E8-4695-BA9D-8649F517C1D7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA6B4797-77E8-4695-BA9D-8649F517C1D7}" => removed successfully
C:\WINDOWS\System32\Tasks\{19CE17E5-7E37-48D4-9ECD-7B7ABE71A747} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{19CE17E5-7E37-48D4-9ECD-7B7ABE71A747}" => removed successfully
========= netsh winsock reset all =========
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
========= End of CMD: =========
========= ipconfig /flushdns =========
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
=========== EmptyTemp: ==========
BITS transfer queue => 11821056 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 27877560 B
Java, Flash, Steam htmlcache => 1170 B
Windows/system/drivers => 66665757 B
Edge => 3509130 B
Chrome => 478836116 B
Firefox => 58917276 B
Opera => 254976 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 4102 B
NetworkService => 0 B
mohamed => 84358059 B
moha.mohamed-PC => 26054009 B
RecycleBin => 871841 B
EmptyTemp: => 724 MB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 19-03-2018 07:36:53)
Result of scheduled keys to remove after reboot:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.
==== End of Fixlog 07:36:54 ====