API tools faq
paste
Advertisement
Guest User

fixlog

a guest
Nov 30th, 2015
130
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.94 KB | None | 0 0
raw download clone embed print report
  1. Fix result of Farbar Recovery Scan Tool (x64) Version:29-11-2015
  2. Ran by Dimitris (2015-11-30 18:54:11) Run:1
  3. Running from C:\Users\Dimitris\Desktop
  4. Loaded Profiles: Dimitris (Available Profiles: Dimitris & Chrisa & DefaultAppPool)
  5. Boot Mode: Normal
  6. ==============================================
  7.  
  8. fixlist content:
  9. *****************
  10. start
  11. CreateRestorePoint:
  12. CloseProcesses:
  13. CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
  14. HKU\S-1-5-21-4193550190-2721119157-2499064272-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
  15. HKU\S-1-5-21-4193550190-2721119157-2499064272-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [232960 2015-10-30] (Microsoft Corporation)
  16. HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
  17. SearchScopes: HKLM -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL =
  18. SearchScopes: HKLM -> OldSearch URL = hxxp://www.google.com/search?q={searchTerms}
  19. SearchScopes: HKLM-x32 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
  20. SearchScopes: HKLM-x32 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
  21. SearchScopes: HKU\S-1-5-21-4193550190-2721119157-2499064272-1000 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL =
  22. SearchScopes: HKU\S-1-5-21-4193550190-2721119157-2499064272-1000 -> OldSearch URL = hxxps://www.google.com/search?q={searchTerms}
  23. SearchScopes: HKU\S-1-5-21-4193550190-2721119157-2499064272-1000 -> {EDA4D357-355E-4C76-B3F2-45100A0B9B6C} URL = hxxps://www.google.com/search?q={searchTerms}
  24. BHO: No Name -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> No File
  25. BHO: No Name -> {11111111-1111-1111-1111-110411851159} -> No File
  26. CHR RestoreOnStartup: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggbeQgIWAkUGRgWcltdTA0TFgcOIVoKWBQVQwYXeQ5bBAxAQw0FIk0FA1oDB0V?XfV5bFElXTwhuL1dZE1oZZ1xNJA=="
  27. CHR StartupUrls: Default -> "hxxp://www.google.gr/"
  28. CHR DefaultSearchURL: Default -> hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQEBUAlIEVAbbQwKA1xcFVcUchRZAgtIDFFBcw0BVloUFARBeB9aFQQTQkc?FME0FBloEURNNfXRXD1gDQl1lKVdc&q={searchTerms}
  29. CHR DefaultSearchKeyword: Default -> searchinterneat-a.akamaihd.net
  30. CHR DefaultNewTabURL: Default -> hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHA0acQkBUVxJDAARIlwVVVtGExhCIwsBTF0TEgEad1pdVAgTGRNBNARaAktXUUE?eJ1pNER8fHHhMLlhKAlE3SFtH
  31. 2014-09-01 10:18 - 2014-09-01 10:18 - 0001248 _____ () C:\Users\Dimitris\AppData\Roaming\KZYWOTH
  32. 2014-09-01 10:18 - 2014-09-01 10:18 - 0002086 _____ () C:\Users\Dimitris\AppData\Roaming\NQTL
  33. Task: {002E43F3-566D-440C-BAF8-9F5C414F0DE4} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Baidu Security\Duplicaterecord.js" <==== ATTENTION
  34. Task: {162F35DF-1DDD-4B95-B79C-CED2BAE9E050} - System32\Tasks\KZYWOTH => C:\Users\Dimitris\AppData\Roaming\KZYWOTH.exe <==== ATTENTION
  35. Task: {1FDD5AF4-B2B7-4904-AD0B-D88CA0487B5D} - System32\Tasks\NQTL => C:\Users\Dimitris\AppData\Roaming\NQTL.exe <==== ATTENTION
  36. Task: {41FA8F66-B839-419E-A47A-FE32D5CBAC9E} - \SPBIW_UpdateTask_Time_3731373031333335312d414a34413734452a786c5a5a -> No File <==== ATTENTION
  37. Task: C:\WINDOWS\Tasks\KZYWOTH.job => C:\Users\Dimitris\AppData\Roaming\KZYWOTH.exe <==== ATTENTION
  38. Task: C:\WINDOWS\Tasks\NQTL.job => C:\Users\Dimitris\AppData\Roaming\NQTL.exe <==== ATTENTION
  39. AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
  40. EmptyTemp:
  41. end
  42. *****************
  43.  
  44. Restore point was successfully created.
  45. Processes closed successfully.
  46. "HKLM\SOFTWARE\Policies\Google" => key removed successfully
  47. HKU\S-1-5-21-4193550190-2721119157-2499064272-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLowDiskSpaceChecks => value removed successfully
  48. HKU\S-1-5-21-4193550190-2721119157-2499064272-1000\Control Panel\Desktop\\SCRNSAVE.EXE => value removed successfully
  49. "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
  50. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
  51. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\OldSearch" => key removed successfully
  52. HKCR\CLSID\OldSearch => key not found.
  53. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
  54. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}" => key removed successfully
  55. HKCR\Wow6432Node\CLSID\{0191A6B0-1154-4C22-9182-23A95BBE92D9} => key not found.
  56. HKU\S-1-5-21-4193550190-2721119157-2499064272-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
  57. "HKU\S-1-5-21-4193550190-2721119157-2499064272-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\OldSearch" => key removed successfully
  58. HKCR\CLSID\OldSearch => key not found.
  59. "HKU\S-1-5-21-4193550190-2721119157-2499064272-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EDA4D357-355E-4C76-B3F2-45100A0B9B6C}" => key removed successfully
  60. HKCR\CLSID\{EDA4D357-355E-4C76-B3F2-45100A0B9B6C} => key not found.
  61. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}" => key removed successfully
  62. HKCR\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814} => key not found.
  63. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411851159}" => key removed successfully
  64. HKCR\CLSID\{11111111-1111-1111-1111-110411851159} => key not found.
  65. Chrome RestoreOnStartup => removed successfully
  66. Chrome StartupUrls => removed successfully
  67. Chrome DefaultSearchURL => removed successfully
  68. Chrome DefaultSearchKeyword => removed successfully
  69. Chrome DefaultNewTabURL => removed successfully
  70. C:\Users\Dimitris\AppData\Roaming\KZYWOTH => moved successfully
  71. C:\Users\Dimitris\AppData\Roaming\NQTL => moved successfully
  72. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{002E43F3-566D-440C-BAF8-9F5C414F0DE4}" => key removed successfully
  73. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{002E43F3-566D-440C-BAF8-9F5C414F0DE4}" => key removed successfully
  74. C:\WINDOWS\System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => moved successfully
  75. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\060184C3-9766-46a0-B258-F4518A0B2633" => key removed successfully
  76. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{162F35DF-1DDD-4B95-B79C-CED2BAE9E050}" => key removed successfully
  77. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{162F35DF-1DDD-4B95-B79C-CED2BAE9E050}" => key removed successfully
  78. C:\WINDOWS\System32\Tasks\KZYWOTH => moved successfully
  79. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\KZYWOTH" => key removed successfully
  80. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1FDD5AF4-B2B7-4904-AD0B-D88CA0487B5D}" => key removed successfully
  81. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1FDD5AF4-B2B7-4904-AD0B-D88CA0487B5D}" => key removed successfully
  82. C:\WINDOWS\System32\Tasks\NQTL => moved successfully
  83. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NQTL" => key removed successfully
  84. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{41FA8F66-B839-419E-A47A-FE32D5CBAC9E}" => key removed successfully
  85. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{41FA8F66-B839-419E-A47A-FE32D5CBAC9E}" => key removed successfully
  86. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SPBIW_UpdateTask_Time_3731373031333335312d414a34413734452a786c5a5a => key not found.
  87. C:\WINDOWS\Tasks\KZYWOTH.job => moved successfully
  88. C:\WINDOWS\Tasks\NQTL.job => moved successfully
  89. C:\ProgramData\TEMP => ":56E2E879" ADS removed successfully.
  90. EmptyTemp: => 60.3 MB temporary data Removed.
  91.  
  92.  
  93. The system needed a reboot.
  94.  
  95. ==== End of Fixlog 18:54:53 ====
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!