Fix result of Farbar Recovery Scan Tool (x64) Version: 12-08-2020
Ran by Filip (14-08-2020 08:55:37) Run:1
Running from C:\Users\Filip\Desktop
Loaded Profiles: Filip & OVRLibraryService &
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
File: C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe
ExportKey: HKLM\SOFTWARE\Policies\Mozilla\Firefox
ExportKey: HKLM\SOFTWARE\Policies\Google
C:\ProgramData\KMSAuto
SearchScopes: HKU\S-1-5-21-3660142046-34373978-1671556906-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10440__180411__yaie&p={searchTerms}
Toolbar: HKU\S-1-5-21-3660142046-34373978-1671556906-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
R2 KMSEmulator; C:\ProgramData\KMSAuto\bin\KMSSS.exe [301056 2016-07-17] (MDL Forum, mod by Ratiborus) [File not signed]
2020-08-09 15:19 - 2020-08-09 15:19 - 002296320 _____ (Farbar) C:\Users\Filip\Downloads\FRST64.exe.part
2020-08-09 15:19 - 2020-08-09 15:19 - 000000000 _____ C:\Users\Filip\Downloads\FRST64.exe
2020-08-08 10:50 - 2020-08-08 10:50 - 000000000 _____ C:\WINDOWS\system32\setup4.2.6.tmp
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\Users\Filip\Data aplikací:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\Filip\Data aplikací:6699d3ee8dd9cf775caae782c8f44f03 [394]
AlternateDataStreams: C:\Users\Filip\Data aplikací:b2471a6db8deb9681d22d6d26ae65e4b [394]
AlternateDataStreams: C:\Users\Filip\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\Filip\AppData\Roaming:6699d3ee8dd9cf775caae782c8f44f03 [394]
AlternateDataStreams: C:\Users\Filip\AppData\Roaming:b2471a6db8deb9681d22d6d26ae65e4b [394]
AlternateDataStreams: C:\Users\Public\AppData:CSM [472]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [227]
Hosts:
EmptyTemp:
End
*****************
Processes closed successfully.
Restore point was successfully created.
========= Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum =========
Count : 175
Average :
Sum : 130663815
Maximum :
Minimum :
Property : Length
========= End of Powershell: =========
========================= File: C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe ========================
C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe
File not signed
MD5: F0738E835E93D6735ADC9F90EFD0D78F
Creation and modification date: 2015-07-15 16:28 - 2015-07-15 16:28
Size: 000394752
Attributes: ----A
Company Name: Apple Inc.
Internal Name: mDNSResponder.exe
Original Name: mDNSResponder.exe
Product: Bonjour
Description: Bonjour Service
File Version: 3,0,0,10
Product Version: 3,0,0,10
Copyright: Copyright (C) 2003-2011 Apple Inc.
VirusTotal:
https://www.virustotal.com/gui/file/095 ... 1592134626
====== End of File: ======
================== ExportKey: ===================
[HKLM\SOFTWARE\Policies\Mozilla\Firefox]
[HKLM\SOFTWARE\Policies\Mozilla\Firefox\Certificates]
"ImportEnterpriseRoots"="1"
=== End of ExportKey ===
================== ExportKey: ===================
[HKLM\SOFTWARE\Policies\Google]
[HKLM\SOFTWARE\Policies\Google\Chrome]
=== End of ExportKey ===
C:\ProgramData\KMSAuto => moved successfully
HKU\S-1-5-21-3660142046-34373978-1671556906-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353} => removed successfully
"HKU\S-1-5-21-3660142046-34373978-1671556906-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93}" => removed successfully
HKLM\System\CurrentControlSet\Services\KMSEmulator => removed successfully
KMSEmulator => service removed successfully
C:\Users\Filip\Downloads\FRST64.exe.part => moved successfully
C:\Users\Filip\Downloads\FRST64.exe => moved successfully
C:\WINDOWS\system32\setup4.2.6.tmp => moved successfully
C:\ProgramData\Reprise => ":wupeogjxlctlfudivq`qsp`28hfm" ADS removed successfully
C:\Users\Filip\Data aplikací => ":00e481b5e22dbe1f649fcddd505d3eb7" ADS removed successfully
C:\Users\Filip\Data aplikací => ":6699d3ee8dd9cf775caae782c8f44f03" ADS removed successfully
C:\Users\Filip\Data aplikací => ":b2471a6db8deb9681d22d6d26ae65e4b" ADS removed successfully
"C:\Users\Filip\AppData\Roaming" => ":00e481b5e22dbe1f649fcddd505d3eb7" ADS not found.
"C:\Users\Filip\AppData\Roaming" => ":6699d3ee8dd9cf775caae782c8f44f03" ADS not found.
"C:\Users\Filip\AppData\Roaming" => ":b2471a6db8deb9681d22d6d26ae65e4b" ADS not found.
C:\Users\Public\AppData => ":CSM" ADS removed successfully
C:\Users\Public\Shared Files => ":VersionCache" ADS removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
=========== EmptyTemp: ==========
BITS transfer queue => 10772480 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 57277410 B
Java, Flash, Steam htmlcache => 735713356 B
Windows/system/drivers => 20394202 B
Edge => 25600 B
Chrome => 232972 B
Firefox => 1105881490 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 7168 B
Users => 7168 B
ProgramData => 7168 B
Public => 7168 B
systemprofile => 7168 B
systemprofile32 => 7168 B
LocalService => 29020 B
NetworkService => 29020 B
Filip => 80706485 B
OVRLibraryService => 80706485 B
MSSQL$SQLEXPRESS => 80706485 B
RecycleBin => 24070150 B
EmptyTemp: => 2 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 08:56:30 ====