cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:09-05-2016
Ran by رياض (administrator) on رياض-PC (12-05-2016 18:13:59)
Running from C:\Users\رياض\Downloads
Loaded Profiles: رياض (Available Profiles: رياض)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: العربية (السعودية)‏
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
() C:\Users\رياض\Downloads\RogueKiller.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [GoldenFilterPro] => C:\Program Files\Golden Filter Premium\GFPro.exe [1650688 2011-11-19] (Gsi Technologies)
HKLM\...\Run: [SoundMan] => C:\Windows\SOUNDMAN.EXE [604704 2009-04-14] (Realtek Semiconductor Corp.)
HKU\S-1-5-21-3488952640-1886036067-2608822963-1000\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [3405208 2011-07-18] (Tonec Inc.)
HKU\S-1-5-21-3488952640-1886036067-2608822963-1000\...\Run: [F.lux] => C:\Users\رياض\Local Settings\Apps\F.lux\flux.exe [966656 2009-08-29] ()
HKU\S-1-5-21-3488952640-1886036067-2608822963-1000\...\Run: [ManyCam] => C:\Program Files\ManyCam\ManyCam.exe [8473064 2014-03-26] (Visicom Media Inc.)
HKU\S-1-5-21-3488952640-1886036067-2608822963-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6675672 2016-04-15] (Piriform Ltd)
HKU\S-1-5-21-3488952640-1886036067-2608822963-1000\...\Policies\Explorer: [NoInstrumentation] 1
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2012-02-08] (Tonec Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk [2016-04-29]
ShortcutTarget: Ralink Wireless Utility.lnk -> C:\Program Files\Ralink\Common\RaUI.exe (Ralink Technology, Corp.)
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{2EF583AC-4840-43C9-88B8-CE4C80E668B6}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{3D6BB332-A870-48AF-8358-1210F1F3A3BD}: [NameServer] 8.8.8.8 193.251.169.165
Tcpip\..\Interfaces\{44FDC2AD-20F2-4EC2-874F-154E3B793A34}: [NameServer] 208.67.222.222,41.221.20.4
Tcpip\..\Interfaces\{44FDC2AD-20F2-4EC2-874F-154E3B793A34}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4FCD83E8-9667-4863-A31B-B91F7416A1E6}: [NameServer] 8.8.8.8 193.251.169.165
Tcpip\..\Interfaces\{55FF1682-D814-4285-8A59-11760D20341C}: [NameServer] 8.8.8.8 193.251.169.165
Tcpip\..\Interfaces\{59129682-C464-4BEE-B2F3-65FC8FA08609}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{793DEFE7-7CC9-4477-AECF-FA65109AD073}: [NameServer] 8.8.8.8 193.251.169.165
Tcpip\..\Interfaces\{93840BFD-602D-4A6C-A81E-B0C84D1E0726}: [NameServer] 8.8.8.8 193.251.169.165
Tcpip\..\Interfaces\{B67DFCF3-C04D-4398-A180-EEC0B281F4B2}: [NameServer] 8.8.8.8 193.251.169.165
Tcpip\..\Interfaces\{C86BC538-96CF-46BB-BFCC-11C304BEA675}: [NameServer] 8.8.8.8 193.251.169.165
Tcpip\..\Interfaces\{DFE741B9-A817-4993-8094-35E688DB06CD}: [NameServer] 8.8.8.8 193.251.169.165

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3488952640-1886036067-2608822963-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3488952640-1886036067-2608822963-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-21-3488952640-1886036067-2608822963-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://arabic.arabia.msn.com/
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-3488952640-1886036067-2608822963-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2012-08-28] (Internet Download Manager, Tonec Inc.)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2016-04-29] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-03-15] (Oracle Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-03-15] (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} hxxp://fichiers2.touslesdrivers.com/maconfig/MaConfig_6_5_1_1.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-04-08] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\رياض\AppData\Roaming\Mozilla\Firefox\Profiles\czrqr5zs.default
FF SelectedSearchEngine: Yahoo
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Extension: IDM CC - C:\Users\رياض\AppData\Roaming\IDM\idmmzcc5 [2012-10-01] [not signed]
FF HKU\S-1-5-21-3488952640-1886036067-2608822963-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\رياض\AppData\Roaming\IDM\idmmzcc5
FF HKU\S-1-5-21-3488952640-1886036067-2608822963-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\رياض\AppData\Roaming\IDM\idmmzcc5

Chrome:
=======
CHR Profile: C:\Users\رياض\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (عروض Google التقديمية) - C:\Users\رياض\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-09]
CHR Extension: (محرّر مستندات Google) - C:\Users\رياض\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-09]
CHR Extension: (Google Drive) - C:\Users\رياض\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-09]
CHR Extension: (Youtube) - C:\Users\رياض\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-09]
CHR Extension: (جداول بيانات Google ) - C:\Users\رياض\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-09]
CHR Extension: (مستندات Google في وضع عدم الاتصال) - C:\Users\رياض\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\رياض\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-16]
CHR Extension: (Gmail) - C:\Users\رياض\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-09]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] -

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AVP15.0.0; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
S2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
S2 MobiConnect. RunOuc; C:\Program Files\MobiConnect\UpdateDog\ouc.exe [656976 2013-05-21] ()
S2 NitroDriverReadSpool8; C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe [196616 2013-03-05] (Nitro PDF Software)
S2 RalinkRegistryWriter; C:\Program Files\Ralink\Common\RaRegistry.exe [374112 2010-11-11] (Ralink Technology, Corp.)
S3 RaMediaServer; C:\Program Files\Ralink\Common\RaMediaServer.exe [619872 2010-12-31] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ALCXWDM; C:\Windows\System32\drivers\RTKVAC.SYS [4172832 2009-06-18] (Realtek Semiconductor Corp.)
S1 BIOS; C:\Windows\system32\drivers\BIOS.sys [13696 2005-03-16] (BIOSTAR Group) [File not signed]
S1 BS_I2cIo; C:\Windows\system32\drivers\BS_I2cIo.sys [6272 2010-05-17] (BIOSTAR Group) [File not signed]
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135264 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [112136 2016-04-29] (Kaspersky Lab ZAO)
S1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [34400 2014-04-10] (Kaspersky Lab ZAO)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [644808 2016-04-29] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2014-02-25] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [24672 2014-03-28] (Kaspersky Lab ZAO)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-08-08] (Kaspersky Lab ZAO)
S1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2014-03-25] (Kaspersky Lab ZAO)
S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145888 2014-03-26] (Kaspersky Lab ZAO)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [40736 2013-11-27] (Visicom Media Inc.)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv.sys [29728 2013-12-06] (Visicom Media Inc.)
R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [1174880 2010-12-28] (Ralink Technology Corp.)
S3 NPF; C:\Users\رياض\Desktop\Selfishnet win 7\npf.sys [42000 2007-01-25] (CACE Technologies)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-05-12] ()
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x32.sys [X]
S3 Nbdrv; system32\DRIVERS\nbdrv.sys [X]
S3 PciPPorts; system32\DRIVERS\PciPPorts.sys [X]
S3 PciSPorts; system32\DRIVERS\PciSPorts.sys [X]
S3 SliceDisk5; \??\C:\Program Files\A-FF Find and Mount\slicedisk.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-12 18:13 - 2016-05-12 18:15 - 00013294 _____ C:\Users\رياض\Downloads\FRST.txt
2016-05-12 18:13 - 2016-05-12 18:13 - 00001322 _____ C:\Users\رياض\Desktop\FRST.exe - رمز اختصار.lnk
2016-05-12 18:13 - 2016-05-12 18:13 - 00000000 ____D C:\FRST
2016-05-12 18:10 - 2016-05-12 18:11 - 01732096 _____ (Farbar) C:\Users\رياض\Downloads\FRST.exe
2016-05-12 18:09 - 2016-05-12 18:09 - 00002370 _____ C:\Users\رياض\Desktop\rk_B04D.tmp.txt
2016-05-12 17:52 - 2016-05-12 17:53 - 19837512 _____ C:\Users\رياض\Downloads\RogueKiller.exe
2016-05-11 21:09 - 2016-05-12 17:56 - 00587228 _____ C:\Windows\ntbtlog.txt
2016-05-11 06:44 - 2016-05-11 06:44 - 00000145 _____ C:\Users\رياض\Desktop\ففففففففف.txt
2016-05-09 10:17 - 2016-05-09 11:38 - 00000000 ____D C:\Users\رياض\AppData\Local\CrashDumps
2016-05-09 10:09 - 2016-05-09 10:09 - 00000929 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-05-09 10:09 - 2016-05-09 10:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-05-08 17:49 - 2016-05-08 17:55 - 00000000 ____D C:\AdwCleaner
2016-05-08 13:42 - 2008-05-15 03:28 - 00020384 _____ (Atheros Communications, Inc.) C:\Windows\system32\Drivers\jswpslwf.sys
2016-05-08 13:41 - 2016-05-09 11:24 - 00000000 ____D C:\Program Files\Jumpstart
2016-05-08 13:40 - 2016-05-08 13:42 - 00000000 ____D C:\ProgramData\Atheros
2016-05-08 13:39 - 2016-05-09 11:12 - 00000000 ____D C:\Program Files\WinPcap
2016-05-07 17:53 - 2016-05-07 17:53 - 00000035 _____ C:\Users\رياض\Desktop\مستند نصي جديد ‫‬.txt
2016-05-07 17:03 - 2016-05-12 17:56 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-05-07 16:33 - 2016-05-07 18:19 - 00000000 ____D C:\ProgramData\RogueKiller
2016-05-07 13:51 - 2016-05-07 13:51 - 00002165 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-06 21:08 - 2016-05-06 21:09 - 00000000 ____D C:\Users\رياض\AppData\Roaming\Mozilla
2016-05-06 21:08 - 2016-05-06 21:08 - 00001068 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-05-06 21:08 - 2016-05-06 21:08 - 00001056 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-05-06 21:08 - 2016-05-06 21:08 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-04-30 14:40 - 2016-04-30 14:40 - 00000000 ____D C:\Users\رياض\Desktop\Selfishnet win 7
2016-04-29 17:01 - 2016-04-29 17:54 - 00000000 ____D C:\Program Files\Common Files\AV
2016-04-29 14:15 - 2016-04-29 18:00 - 00000000 ____D C:\ProgramData\Ralink
2016-04-29 14:15 - 2016-04-29 14:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ralink Wireless
2016-04-29 14:13 - 2016-04-29 14:13 - 00000000 ____D C:\ProgramData\Ralink Driver
2016-04-29 14:13 - 2016-04-29 14:13 - 00000000 ____D C:\Program Files\Cisco
2016-04-29 14:13 - 2010-12-28 19:55 - 01174880 _____ (Ralink Technology Corp.) C:\Windows\system32\Drivers\netr28u.sys
2016-04-29 14:13 - 2010-12-28 19:43 - 00238944 _____ (Ralink Technology, Inc.) C:\Windows\system32\RaCoInst.dll
2016-04-29 14:13 - 2010-12-28 19:43 - 00014051 ____R C:\Windows\system32\RaCoInst.dat
2016-04-29 14:12 - 2016-04-29 14:12 - 00000000 ____D C:\Program Files\Ralink
2016-04-29 14:12 - 2010-10-01 18:28 - 00796000 _____ (Ralink Technology, Corp.) C:\Windows\system32\RAIHV.dll
2016-04-29 14:12 - 2010-07-01 17:45 - 00119648 _____ (Ralink Technology, Corp.) C:\Windows\system32\RAEXTUI.dll
2016-04-29 14:12 - 2010-07-01 17:29 - 01607008 _____ (Ralink Technology, Corp.) C:\Windows\system32\RaCertMgr.dll
2016-04-29 14:12 - 2010-06-29 10:34 - 00480608 _____ C:\Windows\system32\DiagFunc.dll
2016-04-29 14:12 - 2010-01-27 11:54 - 00000451 _____ C:\Windows\system32\DiagFunc.ini
2016-04-29 14:12 - 2009-09-03 21:59 - 00000072 _____ C:\Windows\system32\RaCertMgr.ini
2016-04-29 14:02 - 2012-12-07 08:47 - 01383130 _____ C:\Users\رياض\Desktop\RT 3070 the driver and the cracking IN enlish.pdf
2016-04-29 10:58 - 2016-05-07 13:51 - 00002177 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-29 10:43 - 2016-05-12 17:37 - 00000826 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-29 10:43 - 2016-05-12 17:36 - 00000830 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-29 10:19 - 2016-04-29 10:19 - 00000000 ____D C:\Users\رياض\AppData\Local\MiniService
2016-04-29 09:07 - 2016-04-29 09:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2016-04-29 09:06 - 2016-04-29 17:00 - 00644808 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2016-04-29 09:06 - 2016-04-29 17:00 - 00112136 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2016-04-29 09:06 - 2016-04-29 09:06 - 00000000 ____D C:\Windows\ELAMBKUP
2016-04-29 09:06 - 2016-04-29 09:06 - 00000000 ____D C:\Program Files\Kaspersky Lab
2016-04-29 09:06 - 2014-04-10 17:25 - 00034400 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-12 17:44 - 2011-07-11 10:24 - 00000000 ____D C:\Users\رياض\AppData\Roaming\DMCache
2016-05-12 17:42 - 2009-07-14 05:34 - 00013760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-12 17:42 - 2009-07-14 05:34 - 00013760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-12 17:36 - 2014-10-15 14:53 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-05-12 17:36 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-12 16:33 - 2011-07-11 09:32 - 01162928 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-12 16:33 - 2009-12-14 18:14 - 00012530 _____ C:\Windows\system32\perfh01F.dat
2016-05-12 16:33 - 2009-12-14 18:14 - 00007220 _____ C:\Windows\system32\perfc01F.dat
2016-05-12 16:33 - 2009-12-14 18:00 - 00013312 _____ C:\Windows\system32\perfh019.dat
2016-05-12 16:33 - 2009-12-14 18:00 - 00007518 _____ C:\Windows\system32\perfc019.dat
2016-05-12 16:33 - 2009-12-14 17:53 - 00013922 _____ C:\Windows\system32\perfh013.dat
2016-05-12 16:33 - 2009-12-14 17:53 - 00007226 _____ C:\Windows\system32\perfc013.dat
2016-05-12 16:33 - 2009-12-14 17:46 - 00013184 _____ C:\Windows\system32\perfh010.dat
2016-05-12 16:33 - 2009-12-14 17:46 - 00007032 _____ C:\Windows\system32\perfc010.dat
2016-05-12 16:33 - 2009-12-14 17:39 - 00013046 _____ C:\Windows\system32\perfh00E.dat
2016-05-12 16:33 - 2009-12-14 17:39 - 00007922 _____ C:\Windows\system32\perfc00E.dat
2016-05-12 16:33 - 2009-12-14 17:29 - 00014386 _____ C:\Windows\system32\perfh007.dat
2016-05-12 16:33 - 2009-12-14 17:29 - 00007506 _____ C:\Windows\system32\perfc007.dat
2016-05-12 16:33 - 2009-12-14 17:23 - 00358082 _____ C:\Windows\system32\perfh00C.dat
2016-05-12 16:33 - 2009-12-14 17:23 - 00308682 _____ C:\Windows\system32\perfh001.dat
2016-05-12 16:33 - 2009-12-14 17:23 - 00048842 _____ C:\Windows\system32\perfc001.dat
2016-05-12 16:33 - 2009-12-14 17:23 - 00045122 _____ C:\Windows\system32\perfc00C.dat
2016-05-12 16:33 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2016-05-12 16:13 - 2013-11-05 07:25 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-11 22:06 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF
2016-05-10 22:49 - 2011-07-11 09:23 - 00000000 ____D C:\Users\رياض
2016-05-10 22:49 - 2009-07-14 08:49 - 00000000 ____D C:\Windows\CSC
2016-05-09 11:28 - 2013-03-28 20:42 - 00000000 ____D C:\EFSTMPWP
2016-05-09 11:08 - 2012-09-24 12:34 - 00000000 ____D C:\ProgramData\TEMP
2016-05-09 10:09 - 2011-07-14 08:07 - 00000000 ____D C:\Program Files\CCleaner
2016-05-09 07:15 - 2011-08-03 02:47 - 00000000 ____D C:\Users\رياض\AppData\Roaming\IDM
2016-05-09 06:24 - 2014-07-14 23:04 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-05-08 16:14 - 2014-01-01 13:46 - 00000000 ____D C:\Users\رياض\AppData\Roaming\ZHP
2016-05-08 13:41 - 2011-07-11 09:38 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-05-07 21:49 - 2014-07-29 00:48 - 00000000 ____D C:\Users\رياض\Desktop\مجلد جديد ‫‬
2016-05-07 20:33 - 2014-07-23 10:40 - 00000000 ____D C:\Users\رياض\Desktop\الهحوم
2016-05-06 21:19 - 2014-05-14 12:54 - 00000000 ____D C:\Users\رياض\AppData\Local\ElevatedDiagnostics
2016-05-06 20:09 - 2014-10-03 18:19 - 00032594 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-04-30 14:11 - 2011-07-11 10:24 - 00000000 ____D C:\Users\رياض\Downloads\Compressed
2016-04-30 14:01 - 2011-07-11 10:24 - 00000000 ____D C:\Users\رياض\Downloads\Video
2016-04-30 09:16 - 2013-11-05 07:25 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-04-30 09:16 - 2013-11-05 07:25 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-04-29 17:53 - 2014-06-20 11:01 - 00000375 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2016-04-29 15:03 - 2011-07-14 08:08 - 00000000 ____D C:\Users\رياض\AppData\Local\Google
2016-04-29 14:12 - 2014-06-20 10:40 - 00000000 ____D C:\Windows\system32\RaLanguages
2016-04-29 10:57 - 2011-07-14 08:04 - 00000000 ____D C:\Program Files\Google
2016-04-29 09:04 - 2013-10-25 11:19 - 00784384 ___SH C:\Users\رياض\Downloads\Thumbs.db
2016-04-16 16:34 - 2015-02-09 18:36 - 00000000 ____D C:\ProgramData\AVG2015
2016-04-16 16:34 - 2015-02-09 17:44 - 00000000 ____D C:\ProgramData\MFAData
2016-04-16 16:30 - 2015-02-09 18:36 - 00000000 ___HD C:\$AVG

==================== Files in the root of some directories =======

2013-11-02 11:22 - 2013-11-02 11:22 - 0000001 __RSH () C:\Program Files\GeniusXXAddon
2013-11-02 11:22 - 2013-11-02 11:22 - 0000001 __RSH () C:\Program Files\onewebsearch
2011-12-08 10:40 - 2011-12-08 10:40 - 0000000 ____H () C:\Users\رياض\AppData\Local\BIT3D3E.tmp
2012-01-01 05:54 - 2012-01-01 05:54 - 0000000 ____H () C:\Users\رياض\AppData\Local\BITCD3D.tmp
2014-03-14 14:42 - 2014-07-30 14:32 - 0004608 _____ () C:\Users\رياض\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-02 11:22 - 2013-11-02 11:22 - 0000001 __RSH () C:\Users\رياض\AppData\Local\iexplorer
2011-10-05 23:21 - 2011-10-05 23:21 - 0000001 _____ () C:\Users\رياض\AppData\Local\llftool.4.12.agreement
2013-03-25 21:24 - 2013-03-25 21:24 - 0000001 _____ () C:\Users\رياض\AppData\Local\llftool.4.25.agreement
2013-03-25 21:24 - 2013-03-25 21:24 - 0000019 _____ () C:\Users\رياض\AppData\Local\llftool.license
2013-02-06 11:09 - 2013-02-06 11:09 - 0000017 _____ () C:\Users\رياض\AppData\Local\resmon.resmoncfg
2011-09-25 17:57 - 2011-09-25 17:57 - 0017408 _____ () C:\Users\رياض\AppData\Local\WebpageIcons.db
2011-08-20 17:14 - 2011-08-20 17:15 - 0000000 _____ () C:\Users\رياض\AppData\Local\{0BDBC548-F899-4CB7-A6F8-59B95AE8B868}
2011-07-14 20:37 - 2011-07-14 20:37 - 0000000 _____ () C:\Users\رياض\AppData\Local\{0EABC9E7-909D-41D6-8872-715793C766AD}
2011-09-07 21:03 - 2011-09-07 21:03 - 0000000 _____ () C:\Users\رياض\AppData\Local\{25E6E4DF-690A-47F2-9D92-D957E959C8B4}
2011-12-08 10:39 - 2011-12-08 10:39 - 0000000 _____ () C:\Users\رياض\AppData\Local\{35973252-E49C-40E3-8C18-D752A7A72BA5}
2011-07-14 10:55 - 2011-07-14 10:55 - 0000000 _____ () C:\Users\رياض\AppData\Local\{3957EBDF-0440-4779-9467-ABE886E07919}
2011-07-29 21:24 - 2011-07-29 21:24 - 0000000 _____ () C:\Users\رياض\AppData\Local\{3E58C4C5-4430-4E8E-8F11-A1A0B4A1E929}
2011-07-27 03:00 - 2011-07-27 03:01 - 0000000 _____ () C:\Users\رياض\AppData\Local\{49941626-D409-490D-A40B-ECE11F348372}
2011-07-27 02:09 - 2011-07-27 02:09 - 0000000 _____ () C:\Users\رياض\AppData\Local\{5C263E4C-3B00-4C37-85A2-510851ED7AC2}
2012-01-01 05:54 - 2012-01-01 05:54 - 0000000 _____ () C:\Users\رياض\AppData\Local\{C275C91D-6D2E-4B52-B8A5-532D06256B5A}
2011-07-28 05:23 - 2011-07-28 05:23 - 0000000 _____ () C:\Users\رياض\AppData\Local\{C6663089-F3F1-4BED-8609-50518C7471FB}
2011-10-31 08:25 - 2011-10-31 08:26 - 0000000 _____ () C:\Users\رياض\AppData\Local\{D2B2A704-AFCD-4BB1-BEC7-EF1D1C8EBC73}
2011-09-07 21:01 - 2011-09-07 21:01 - 0000000 _____ () C:\Users\رياض\AppData\Local\{E28229B5-DCEE-4002-BDFE-40D1107677BB}
2011-07-16 07:39 - 2011-07-16 07:39 - 0000000 _____ () C:\Users\رياض\AppData\Local\{E8D08FA6-03F8-4479-AE8A-99528FC35EBE}
2011-07-28 20:13 - 2011-07-28 20:13 - 0000000 _____ () C:\Users\رياض\AppData\Local\{EA85EBBB-46FF-4CAA-9343-A3E1F1F788CF}
2011-07-28 04:20 - 2011-07-28 04:21 - 0000000 _____ () C:\Users\رياض\AppData\Local\{F058FFA6-83DC-4BCF-BFDA-9920C0BA3F8F}
2011-07-23 12:51 - 2011-07-23 12:51 - 0000000 _____ () C:\Users\رياض\AppData\Local\{FFB5BF52-D37D-4B65-A6D1-638B9A734D1E}

Some files in TEMP:
====================
C:\Users\رياض\AppData\Local\temp\dllnt_dump.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-16 06:50

==================== End of FRST.txt ============================

Publicité


Signaler le contenu de ce document

Publicité