API tools faq
paste
Advertisement
Guest User

fixlog

a guest
Jun 3rd, 2017
94
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 15.06 KB | None | 0 0
raw download clone embed print report
  1. Fix result of Farbar Recovery Scan Tool (x64) Version: 02-06-2017
  2. Ran by aczyr (03-06-2017 21:58:23) Run:1
  3. Running from C:\Users\aczyr\Desktop
  4. Loaded Profiles: aczyr (Available Profiles: aczyr)
  5. Boot Mode: Normal
  6. ==============================================
  7.  
  8. fixlist content:
  9. *****************
  10. IFEO\GoogleUpdate.exe: [Debugger] 324095823984.exe
  11. IFEO\GoogleUpdaterService.exe: [Debugger] 8736459873644.exe
  12. CHR StartupUrls: Default -> "hxxp://www.initialpage123.com/?z=5694b02e3f15c803a1073ebgazdt5c5t3o9g4o6tfe&from=wak&uid=SPCCXSolidXStateXDisk_5FB7076B17A100025693&type=hp"
  13. CHR DefaultSearchURL: Default -> hxxp://www.mystarting123.com/search/index.php?z=69ff2f0d125b3422b7ca732g8z3tcw8m3e2e6c9g6w&q={searchTerms}
  14. CHR DefaultSearchKeyword: Default -> mystarting123
  15. cryptfd.sys R1 cryptfd; C:\WINDOWS\System32\drivers\cryptfd.sys [193448 2017-04-18] ()
  16. S1 arvjzyox; C:\WINDOWS\system32\drivers\arvjzyox.sys [55168 2017-05-10] (Microsoft Corporation)
  17. S1 hcpvzyab; C:\WINDOWS\system32\drivers\hcpvzyab.sys [55168 2017-05-12] (Microsoft Corporation)
  18. S1 hdvwkbdb; C:\WINDOWS\system32\drivers\hdvwkbdb.sys [55168 2017-05-12] (Microsoft Corporation)
  19. S1 jfldkhut; C:\WINDOWS\system32\drivers\jfldkhut.sys [55168 2017-05-12] (Microsoft Corporation)
  20. S1 jjfqkwmn; C:\WINDOWS\system32\drivers\jjfqkwmn.sys [55168 2017-05-12] (Microsoft Corporation)
  21. S1 khnjcpkb; C:\WINDOWS\system32\drivers\khnjcpkb.sys [55168 2017-05-13] (Microsoft Corporation)
  22. S1 pjzmykmx; C:\WINDOWS\system32\drivers\pjzmykmx.sys [55168 2017-05-10] (Microsoft Corporation)
  23. S1 rbkumxrl; C:\WINDOWS\system32\drivers\rbkumxrl.sys [55168 2017-05-12] (Microsoft Corporation)
  24. S1 vqvzpobw; C:\WINDOWS\system32\drivers\vqvzpobw.sys [55168 2017-05-11] (Microsoft Corporation)
  25. U3 kgadikog; C:\Users\aczyr\AppData\Local\Temp\kgadikog.sys [56584 2017-06-03] (GMER) [File not signed] <==== ATTENTION
  26. S1 wkezlllz; \??\C:\WINDOWS\system32\drivers\wkezlllz.sys [X]
  27. 2017-05-31 12:08 - 2017-05-31 12:08 - 00000000 ____D C:\Program Files (x86)\MIO
  28. 2017-05-29 18:16 - 2017-05-29 18:16 - 00000000 ____D C:\Users\aczyr\AppData\Local\Tempzxpsignacececc0e27f8bd2
  29. 2017-05-29 18:15 - 2017-05-29 18:15 - 00000000 ____D C:\Users\aczyr\AppData\Local\Tempzxpsign57d4cf35d0bece51
  30. 2017-05-29 18:15 - 2017-05-29 18:15 - 00000000 ____D C:\Users\aczyr\AppData\Local\Tempzxpsign1e8c36098ccf3221
  31. 2017-05-29 18:07 - 2017-05-29 18:07 - 00000000 ____D C:\Users\aczyr\AppData\Local\Tempzxpsignb46f2b0dd2bd5ef3
  32. 2017-05-29 17:54 - 2017-05-29 17:54 - 00000000 ____D C:\Users\aczyr\AppData\Local\Tempzxpsign72d0126d6fd7b0b1
  33. 2017-05-29 17:54 - 2017-05-29 17:54 - 00000000 ____D C:\Users\aczyr\AppData\Local\Tempzxpsign6572d370d79e4e54
  34. 2017-05-29 17:45 - 2017-05-29 17:45 - 00000000 ____D C:\Users\aczyr\AppData\Local\Tempzxpsignbd0a7d7fd51f6340
  35. 2017-05-29 17:45 - 2017-05-29 17:45 - 00000000 ____D C:\Users\aczyr\AppData\Local\Tempzxpsign849f0aa8d98be781
  36. 2017-05-28 20:59 - 2017-05-28 20:59 - 00000000 ____D C:\Users\aczyr\AppData\Local\Tempzxpsign8bd75e9bf481f7be
  37. 2017-05-28 20:59 - 2017-05-28 20:59 - 00000000 ____D C:\Users\aczyr\AppData\Local\Tempzxpsign55724b38bc4f8ba3
  38. 2017-05-28 20:59 - 2017-05-28 20:59 - 00000000 ____D C:\Users\aczyr\AppData\Local\Tempzxpsign17b662aefc766c5d
  39. 2017-05-20 12:42 - 2017-06-03 19:41 - 00000000 ____D C:\AdwCleaner
  40. 2017-05-12 17:32 - 2017-05-12 17:32 - 00055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\jjfqkwmn.sys
  41. 2017-05-12 12:11 - 2017-05-12 12:11 - 00055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rbkumxrl.sys
  42. 2017-05-12 11:40 - 2017-05-12 11:40 - 00000000 ____D C:\Program Files (x86)\Default Company Name
  43. 2017-05-12 10:59 - 2017-05-12 10:59 - 00055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hcpvzyab.sys
  44. 2017-05-11 14:18 - 2017-05-11 14:18 - 00055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vqvzpobw.sys
  45. 2017-05-11 13:48 - 2017-05-11 13:48 - 00000000 _____ C:\WINDOWS\SysWOW64\3333333
  46. 2017-05-11 13:47 - 2017-05-11 13:47 - 00000000 _____ C:\WINDOWS\SysWOW64\22
  47. 2017-05-11 13:47 - 2017-05-11 13:47 - 00000000 _____ C:\WINDOWS\SysWOW64\1111111
  48. 2017-05-11 13:47 - 2017-05-11 13:47 - 00000000 _____ C:\WINDOWS\SysWOW64\11
  49. 2017-05-11 13:47 - 2017-05-11 13:47 - 00000000 _____ C:\WINDOWS\SysWOW64\00
  50. 2017-05-10 21:59 - 2017-05-10 21:59 - 00055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\arvjzyox.sys
  51. 2017-05-10 14:06 - 2017-05-10 14:06 - 00055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pjzmykmx.sys
  52. 2017-05-10 14:05 - 2017-05-20 12:26 - 00000000 ____D C:\Users\aczyr\AppData\Local\YnsvPack
  53. 2017-05-09 23:48 - 2017-05-12 11:40 - 00000000 _____ C:\WINDOWS\SysWOW64\3333
  54. 2017-05-09 23:48 - 2017-05-12 11:40 - 00000000 _____ C:\WINDOWS\SysWOW64\2222
  55. 2017-05-09 23:48 - 2017-05-12 11:40 - 00000000 _____ C:\WINDOWS\SysWOW64\1111
  56. 2017-05-09 22:08 - 2017-05-09 22:08 - 00000000 _____ C:\WINDOWS\SysWOW64\1
  57. 2017-05-08 17:06 - 2017-05-20 12:26 - 00000000 ____D C:\Users\aczyr\AppData\Local\Ucvnmedia
  58. 2017-05-08 09:48 - 2017-05-08 09:48 - 00000000 ____D C:\Users\aczyr\AppData\LocalLow\Temp
  59. 2017-05-04 20:10 - 2017-05-04 20:10 - 00000000 __SHD C:\Users\aczyr\AppData\Local\kemgadeojglibflomicgnfeopkdfflnw
  60. 2017-05-04 20:08 - 2017-06-01 11:21 - 00000000 ____D C:\Program Files (x86)\Anerfery
  61. 2017-05-04 20:08 - 2017-05-20 12:31 - 00000000 ____D C:\Users\aczyr\AppData\Roaming\Plewughtdrbety
  62. 2017-05-04 20:08 - 2017-05-04 20:08 - 00000000 ____D C:\Users\aczyr\AppData\Local\Coersybufing
  63. 2017-05-04 19:24 - 2017-05-04 19:24 - 00000000 ____D C:\Users\aczyr\AppData\Local\Tempzxpsign9411b528a854f40b
  64. 2017-05-04 19:24 - 2017-05-04 19:24 - 00000000 ____D C:\Users\aczyr\AppData\Local\Tempzxpsign8afa3b30d4ba3fa4
  65. 2017-05-04 18:46 - 2017-05-04 18:46 - 00000000 ____D C:\Users\aczyr\AppData\Local\Tempzxpsignd4b8f9ecc33949f2
  66. 2017-05-04 18:46 - 2017-05-04 18:46 - 00000000 ____D C:\Users\aczyr\AppData\Local\Tempzxpsign84629826d5452adc
  67. 2017-05-04 18:46 - 2017-05-04 18:46 - 00000000 ____D C:\Users\aczyr\AppData\Local\Tempzxpsign5bed57948370f833
  68. 2017-05-04 18:38 - 2017-05-04 18:38 - 00000000 ____D C:\Users\aczyr\AppData\Local\Tempzxpsignfcffd1edefad0f5a
  69. 2017-05-04 18:38 - 2017-05-04 18:38 - 00000000 ____D C:\Users\aczyr\AppData\Local\Tempzxpsignfa207aee834b5350
  70. 2017-05-04 18:38 - 2017-05-04 18:38 - 00000000 ____D C:\Users\aczyr\AppData\Local\Tempzxpsignb07e8dd2cec9ba2d
  71. 2017-05-04 18:19 - 2017-05-04 18:19 - 00000000 ____D C:\Users\aczyr\AppData\Local\Tempzxpsignde213b703085d208
  72. 2017-05-04 18:19 - 2017-05-04 18:19 - 00000000 ____D C:\Users\aczyr\AppData\Local\Tempzxpsignbb5825313ff8bb70
  73. 2017-05-04 18:19 - 2017-05-04 18:19 - 00000000 ____D C:\Users\aczyr\AppData\Local\Tempzxpsignab02cd3a70c9b28b
  74. 2017-05-04 18:19 - 2017-05-04 18:19 - 00000000 ____D C:\Users\aczyr\AppData\Local\Tempzxpsign2e004239c010e426
  75. 2017-05-03 16:06 - 2017-05-03 16:06 - 0000053 _____ () C:\ProgramData\serverclasscache.ini
  76. Task: {2FBE4BB1-595E-4C21-B158-73CEDA9B2F53} - \Wehesaterferck -> No File <==== ATTENTION
  77. Task: {7D94F1CF-F527-48A6-AAE9-814FF43D0845} - System32\Tasks\Ghasotunet Schedule => C:\Program Files (x86)\Anerfery\ruhty.exe [2017-05-04] (Google Inc.)
  78. AlternateDataStreams: C:\WINDOWS\system32\Drivers\arvjzyox.sys:changelist [1114]
  79. AlternateDataStreams: C:\WINDOWS\system32\Drivers\hcpvzyab.sys:changelist [318]
  80. AlternateDataStreams: C:\WINDOWS\system32\Drivers\hdvwkbdb.sys:changelist [318]
  81. AlternateDataStreams: C:\WINDOWS\system32\Drivers\jfldkhut.sys:changelist [318]
  82. AlternateDataStreams: C:\WINDOWS\system32\Drivers\jjfqkwmn.sys:changelist [318]
  83. AlternateDataStreams: C:\WINDOWS\system32\Drivers\khnjcpkb.sys:changelist [1386]
  84. AlternateDataStreams: C:\WINDOWS\system32\Drivers\pjzmykmx.sys:changelist [1118]
  85. AlternateDataStreams: C:\WINDOWS\system32\Drivers\rbkumxrl.sys:changelist [318]
  86. AlternateDataStreams: C:\WINDOWS\system32\Drivers\vqvzpobw.sys:changelist [318]
  87. EmptyTemp:
  88. *****************
  89.  
  90. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\GoogleUpdate.exe => key removed successfully
  91. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\GoogleUpdaterService.exe => key removed successfully
  92. Chrome StartupUrls => removed successfully
  93. Chrome DefaultSearchURL => removed successfully
  94. Chrome DefaultSearchKeyword => removed successfully
  95. cryptfd.sys R1 cryptfd; C:\WINDOWS\System32\drivers\cryptfd.sys [193448 2017-04-18] () => Error: No automatic fix found for this entry.
  96. HKLM\System\CurrentControlSet\Services\arvjzyox => key removed successfully
  97. arvjzyox => service removed successfully
  98. HKLM\System\CurrentControlSet\Services\hcpvzyab => key removed successfully
  99. hcpvzyab => service removed successfully
  100. HKLM\System\CurrentControlSet\Services\hdvwkbdb => key removed successfully
  101. hdvwkbdb => service removed successfully
  102. HKLM\System\CurrentControlSet\Services\jfldkhut => key removed successfully
  103. jfldkhut => service removed successfully
  104. HKLM\System\CurrentControlSet\Services\jjfqkwmn => key removed successfully
  105. jjfqkwmn => service removed successfully
  106. HKLM\System\CurrentControlSet\Services\khnjcpkb => key removed successfully
  107. khnjcpkb => service removed successfully
  108. HKLM\System\CurrentControlSet\Services\pjzmykmx => key removed successfully
  109. pjzmykmx => service removed successfully
  110. HKLM\System\CurrentControlSet\Services\rbkumxrl => key removed successfully
  111. rbkumxrl => service removed successfully
  112. HKLM\System\CurrentControlSet\Services\vqvzpobw => key removed successfully
  113. vqvzpobw => service removed successfully
  114. HKLM\System\CurrentControlSet\Services\kgadikog => key removed successfully
  115. kgadikog => service removed successfully
  116. HKLM\System\CurrentControlSet\Services\wkezlllz => key removed successfully
  117. wkezlllz => service removed successfully
  118. C:\Program Files (x86)\MIO => moved successfully
  119. C:\Users\aczyr\AppData\Local\Tempzxpsignacececc0e27f8bd2 => moved successfully
  120. C:\Users\aczyr\AppData\Local\Tempzxpsign57d4cf35d0bece51 => moved successfully
  121. C:\Users\aczyr\AppData\Local\Tempzxpsign1e8c36098ccf3221 => moved successfully
  122. C:\Users\aczyr\AppData\Local\Tempzxpsignb46f2b0dd2bd5ef3 => moved successfully
  123. C:\Users\aczyr\AppData\Local\Tempzxpsign72d0126d6fd7b0b1 => moved successfully
  124. C:\Users\aczyr\AppData\Local\Tempzxpsign6572d370d79e4e54 => moved successfully
  125. C:\Users\aczyr\AppData\Local\Tempzxpsignbd0a7d7fd51f6340 => moved successfully
  126. C:\Users\aczyr\AppData\Local\Tempzxpsign849f0aa8d98be781 => moved successfully
  127. C:\Users\aczyr\AppData\Local\Tempzxpsign8bd75e9bf481f7be => moved successfully
  128. C:\Users\aczyr\AppData\Local\Tempzxpsign55724b38bc4f8ba3 => moved successfully
  129. C:\Users\aczyr\AppData\Local\Tempzxpsign17b662aefc766c5d => moved successfully
  130. C:\AdwCleaner => moved successfully
  131. C:\WINDOWS\system32\Drivers\jjfqkwmn.sys => moved successfully
  132. C:\WINDOWS\system32\Drivers\rbkumxrl.sys => moved successfully
  133. C:\Program Files (x86)\Default Company Name => moved successfully
  134. C:\WINDOWS\system32\Drivers\hcpvzyab.sys => moved successfully
  135. C:\WINDOWS\system32\Drivers\vqvzpobw.sys => moved successfully
  136. C:\WINDOWS\SysWOW64\3333333 => moved successfully
  137. C:\WINDOWS\SysWOW64\22 => moved successfully
  138. C:\WINDOWS\SysWOW64\1111111 => moved successfully
  139. C:\WINDOWS\SysWOW64\11 => moved successfully
  140. C:\WINDOWS\SysWOW64\00 => moved successfully
  141. C:\WINDOWS\system32\Drivers\arvjzyox.sys => moved successfully
  142. C:\WINDOWS\system32\Drivers\pjzmykmx.sys => moved successfully
  143. C:\Users\aczyr\AppData\Local\YnsvPack => moved successfully
  144. C:\WINDOWS\SysWOW64\3333 => moved successfully
  145. C:\WINDOWS\SysWOW64\2222 => moved successfully
  146. C:\WINDOWS\SysWOW64\1111 => moved successfully
  147. C:\WINDOWS\SysWOW64\1 => moved successfully
  148. C:\Users\aczyr\AppData\Local\Ucvnmedia => moved successfully
  149. C:\Users\aczyr\AppData\LocalLow\Temp => moved successfully
  150. C:\Users\aczyr\AppData\Local\kemgadeojglibflomicgnfeopkdfflnw => moved successfully
  151. C:\Program Files (x86)\Anerfery => moved successfully
  152. C:\Users\aczyr\AppData\Roaming\Plewughtdrbety => moved successfully
  153. C:\Users\aczyr\AppData\Local\Coersybufing => moved successfully
  154. C:\Users\aczyr\AppData\Local\Tempzxpsign9411b528a854f40b => moved successfully
  155. C:\Users\aczyr\AppData\Local\Tempzxpsign8afa3b30d4ba3fa4 => moved successfully
  156. C:\Users\aczyr\AppData\Local\Tempzxpsignd4b8f9ecc33949f2 => moved successfully
  157. C:\Users\aczyr\AppData\Local\Tempzxpsign84629826d5452adc => moved successfully
  158. C:\Users\aczyr\AppData\Local\Tempzxpsign5bed57948370f833 => moved successfully
  159. C:\Users\aczyr\AppData\Local\Tempzxpsignfcffd1edefad0f5a => moved successfully
  160. C:\Users\aczyr\AppData\Local\Tempzxpsignfa207aee834b5350 => moved successfully
  161. C:\Users\aczyr\AppData\Local\Tempzxpsignb07e8dd2cec9ba2d => moved successfully
  162. C:\Users\aczyr\AppData\Local\Tempzxpsignde213b703085d208 => moved successfully
  163. C:\Users\aczyr\AppData\Local\Tempzxpsignbb5825313ff8bb70 => moved successfully
  164. C:\Users\aczyr\AppData\Local\Tempzxpsignab02cd3a70c9b28b => moved successfully
  165. C:\Users\aczyr\AppData\Local\Tempzxpsign2e004239c010e426 => moved successfully
  166. C:\ProgramData\serverclasscache.ini => moved successfully
  167. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2FBE4BB1-595E-4C21-B158-73CEDA9B2F53} => key removed successfully
  168. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2FBE4BB1-595E-4C21-B158-73CEDA9B2F53} => key removed successfully
  169. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Wehesaterferck => key removed successfully
  170. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7D94F1CF-F527-48A6-AAE9-814FF43D0845} => key removed successfully
  171. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7D94F1CF-F527-48A6-AAE9-814FF43D0845} => key removed successfully
  172. C:\WINDOWS\System32\Tasks\Ghasotunet Schedule => moved successfully
  173. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ghasotunet Schedule => key removed successfully
  174. "C:\WINDOWS\system32\Drivers\arvjzyox.sys" => ":changelist" ADS not found.
  175. "C:\WINDOWS\system32\Drivers\hcpvzyab.sys" => ":changelist" ADS not found.
  176. C:\WINDOWS\system32\Drivers\hdvwkbdb.sys => ":changelist" ADS removed successfully.
  177. C:\WINDOWS\system32\Drivers\jfldkhut.sys => ":changelist" ADS removed successfully.
  178. "C:\WINDOWS\system32\Drivers\jjfqkwmn.sys" => ":changelist" ADS not found.
  179. C:\WINDOWS\system32\Drivers\khnjcpkb.sys => ":changelist" ADS removed successfully.
  180. "C:\WINDOWS\system32\Drivers\pjzmykmx.sys" => ":changelist" ADS not found.
  181. "C:\WINDOWS\system32\Drivers\rbkumxrl.sys" => ":changelist" ADS not found.
  182. "C:\WINDOWS\system32\Drivers\vqvzpobw.sys" => ":changelist" ADS not found.
  183.  
  184. =========== EmptyTemp: ==========
  185.  
  186. BITS transfer queue => 7888896 B
  187. DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 32710084 B
  188. Java, Flash, Steam htmlcache => 39321375 B
  189. Windows/system/drivers => 36896593 B
  190. Edge => 129290574 B
  191. Chrome => 289112433 B
  192. Firefox => 18864741 B
  193. Opera => 0 B
  194.  
  195. Temp, IE cache, history, cookies, recent:
  196. Default => 0 B
  197. Users => 0 B
  198. ProgramData => 0 B
  199. Public => 0 B
  200. systemprofile => 0 B
  201. systemprofile32 => 155 B
  202. LocalService => 0 B
  203. NetworkService => 21476 B
  204. aczyr => 415995632 B
  205.  
  206. RecycleBin => 7157 B
  207. EmptyTemp: => 925.2 MB temporary data Removed.
  208.  
  209. ================================
  210.  
  211.  
  212. The system needed a reboot.
  213.  
  214. ==== End of Fixlog 21:58:45 ====
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!