cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:22-05-2016 01
Ran by ahmed (administrator) on AHMED-PC (24-05-2016 15:22:03)
Running from C:\Users\ahmed\Desktop
Loaded Profiles: ahmed (Available Profiles: ahmed)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: الإنجليزية (الولايات المتحدة)‏
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\lpksetup.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-UpdaterService.exe
(SecureMix LLC) C:\Program Files\GlassWire\GWCtlSrv.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Skype Technologies) C:\Program Files\Skype\Updater\Updater.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(SecureMix LLC) C:\Program Files\GlassWire\GWIdlMon.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(SoftPerfect) C:\Program Files\NetWorx\networx.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-Agent.exe
(SecureMix LLC) C:\Program Files\GlassWire\GlassWire.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(BitLeader) C:\Program Files\lg_fwupdate\fwupdate.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [570664 2008-07-14] (Nero AG)
HKLM\...\Run: [LGODDFU] => C:\Program Files\lg_fwupdate\lgfw.exe [27760 2015-10-22] (Bitleader)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [296520 2015-10-22] (RealNetworks, Inc.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-11-09] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] ()
HKLM\...\Run: [] => [X]
HKLM\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [337432 2013-10-23] (Power Software Ltd)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2016-01-17] (AVAST Software)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS6ServiceManager] => C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM\...\Run: [NetWorx] => C:\Program Files\NetWorx\networx.exe [5193032 2016-05-20] (SoftPerfect)
HKU\S-1-5-21-1492026092-2507368824-3614128289-1001\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2008-07-30] (Hewlett-Packard Company)
HKU\S-1-5-21-1492026092-2507368824-3614128289-1001\...\Run: [Messenger (Yahoo!)] => C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-1492026092-2507368824-3614128289-1001\...\Run: [Google Update] => C:\Users\ahmed\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-10-24] (Google Inc.)
HKU\S-1-5-21-1492026092-2507368824-3614128289-1001\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [3911248 2015-10-16] (Tonec Inc.)
HKU\S-1-5-21-1492026092-2507368824-3614128289-1001\...\Run: [BlueStacks Agent] => C:\Program Files\BlueStacks\HD-Agent.exe [912920 2016-03-11] (BlueStack Systems, Inc.)
HKU\S-1-5-21-1492026092-2507368824-3614128289-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1492026092-2507368824-3614128289-1001\...\Run: [GlassWire] => C:\Program Files\GlassWire\glasswire.exe [5507584 2016-05-06] (SecureMix LLC)
HKU\S-1-5-21-1492026092-2507368824-3614128289-1001\...\MountPoints2: H - H:\CDLaunch\shelexec.exe \readmesp.htm
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-01-17] (AVAST Software)
Startup: C:\Users\ahmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\مراقبة تنبيهات الحبر - HP Deskjet 1510 series.lnk [2016-05-04]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk [2015-10-22]
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0D6ABF20-008E-4E45-AEE9-000D9B6BFC9E}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4E423858-9739-49E3-8511-08EBD8545A63}: [DhcpNameServer] 192.168.1.1
ManualProxies:

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
SearchScopes: HKLM -> DefaultScope value is missing
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2015-09-28] (Internet Download Manager, Tonec Inc.)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-02-12] (RealDownloader)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-01-17] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}

FireFox:
========
FF ProfilePath: C:\Users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\ebhsye1e.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-13] ()
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=17.0.6.13 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2015-10-22] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=17.0.6 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2014-02-12] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=17.0.6 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-02-12] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=17.0.6 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2014-02-12] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=17.0.6.13 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll [2015-10-22] (RealPlayer Cloud)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1492026092-2507368824-3614128289-1001: @tools.google.com/Google Update;version=3 -> C:\Users\ahmed\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin HKU\S-1-5-21-1492026092-2507368824-3614128289-1001: @tools.google.com/Google Update;version=9 -> C:\Users\ahmed\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Extension: IDM integration - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2015-10-02]
FF HKLM\...\Firefox\Extensions: [{8E8D8D12-A43B-4289-994D-DF2C7C0EF736}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2015-10-22] [not signed]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-01-17]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-01-17]
FF HKU\S-1-5-21-1492026092-2507368824-3614128289-1001\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-1492026092-2507368824-3614128289-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-1492026092-2507368824-3614128289-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\ahmed\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\ahmed\AppData\Roaming\IDM\idmmzcc5 [2016-05-24] [not signed]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://ar.hao123.com/"
CHR DefaultSearchKeyword: Default -> https://www.google.com.eg/‪‪‬
CHR Profile: C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2016-05-23]
CHR Extension: (التلفزيون) - C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\bppbpeijolfcampacpljolaegibfhjph [2016-03-18]
CHR Extension: (Photo Zoom for Facebook) - C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2016-03-18]
CHR Extension: (مولد رمز ريال قطري) - C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcmhlmapohffdglflokbgknlknnmogbb [2016-03-18]
CHR Extension: (Avast Online Security) - C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-04-06]
CHR Extension: (RealPlayer Downloader) - C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2016-03-18]
CHR Extension: (Facebook Unseen) - C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\iicapmagmhahddefgokbabbgieiogjop [2016-03-18]
CHR Extension: (My Browser Page) - C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghfknlgajlcihkhkhnlcoffhbohnlbg [2016-03-18]
CHR Extension: (IDM Integration Module) - C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-04-18]
CHR Extension: (Save to Pocket) - C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2016-04-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-01-17]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-02-12]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2015-07-10]
StartMenuInternet: Google Chrome.LU5YOIURPDWR76X3YBZN44YB3I - C:\Users\ahmed\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2016-01-17] (AVAST Software)
S3 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [437784 2016-03-11] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [417304 2016-03-11] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [880152 2016-03-11] (BlueStack Systems, Inc.)
R2 GlassWire; C:\Program Files\GlassWire\GWCtlSrv.exe [4339712 2016-05-06] (SecureMix LLC)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [113632 2016-05-23] (SurfRight B.V.)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-07-30] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-02-12] ()
R2 RealPlayer Cloud Service; C:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1141336 2015-10-22] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-02-12] () [File not signed]
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2016-01-17] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [81168 2016-01-17] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2016-01-17] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2016-01-17] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [812720 2016-03-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449384 2016-01-20] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [117712 2016-01-17] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209432 2016-01-17] (AVAST Software)
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [140856 2016-03-11] (BlueStack Systems)
R1 gwdrv; C:\Windows\System32\DRIVERS\gwdrv.sys [27568 2015-05-29] (SecureMix LLC)
R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [82168 2013-11-21] (EZB Systems, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-05-24] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [53120 2016-03-10] (Malwarebytes Corporation)
R1 networx; C:\Windows\System32\drivers\networx.sys [67256 2016-01-14] (NetFilterSDK.com)
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [114376 2013-10-23] (Power Software Ltd)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-05-22] ()
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-24 15:22 - 2016-05-24 15:22 - 00019453 _____ C:\Users\ahmed\Desktop\FRST.txt
2016-05-24 15:21 - 2016-05-23 15:26 - 01733632 _____ (Farbar) C:\Users\ahmed\Desktop\FRST.exe
2016-05-24 15:17 - 2016-05-24 15:17 - 00004459 _____ C:\Users\ahmed\Desktop\ZHPFixReport.txt
2016-05-24 14:59 - 2016-05-24 14:59 - 00001799 _____ C:\Users\Public\Desktop\ZHPFix.lnk
2016-05-24 14:59 - 2016-05-24 14:59 - 00001799 _____ C:\ProgramData\Desktop\ZHPFix.lnk
2016-05-24 14:59 - 2016-05-24 14:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2016-05-24 14:59 - 2016-05-24 14:59 - 00000000 ____D C:\Program Files\ZHPFix
2016-05-24 14:59 - 2016-05-24 14:57 - 03521617 _____ (Nicolas Coolman ) C:\Users\ahmed\Desktop\ZHPFix.exe
2016-05-23 16:01 - 2016-05-24 15:22 - 00000000 ____D C:\FRST
2016-05-23 15:54 - 2016-05-23 15:54 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2016-05-23 15:27 - 2016-05-23 15:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-05-23 15:27 - 2016-05-23 15:27 - 00000000 ____D C:\Program Files\HitmanPro
2016-05-23 15:26 - 2016-05-23 16:00 - 00000000 ____D C:\ProgramData\HitmanPro
2016-05-23 02:08 - 2016-05-24 15:21 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-23 02:07 - 2016-05-23 02:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-05-23 02:07 - 2016-05-23 02:07 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-05-23 02:07 - 2016-05-23 02:07 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-05-23 02:07 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-05-23 02:07 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-05-23 02:07 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-05-23 01:04 - 2016-05-23 01:04 - 00000000 ____D C:\ProgramData\SoftPerfect
2016-05-23 01:04 - 2016-05-23 01:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetWorx
2016-05-23 01:04 - 2016-05-23 01:04 - 00000000 ____D C:\Program Files\NetWorx
2016-05-23 01:04 - 2016-01-14 10:07 - 00067256 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\networx.sys
2016-05-23 00:51 - 2016-05-23 00:51 - 00000000 ____D C:\Users\ahmed\AppData\Local\GlassWire
2016-05-23 00:51 - 2016-05-23 00:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GlassWire
2016-05-23 00:50 - 2016-05-23 00:51 - 00000000 ____D C:\Program Files\GlassWire
2016-05-23 00:50 - 2016-05-23 00:50 - 00000000 ____D C:\ProgramData\GlassWire
2016-05-23 00:50 - 2015-05-29 06:30 - 00008657 _____ C:\Windows\system32\Drivers\gwdrv.cat
2016-05-23 00:50 - 2015-05-29 06:15 - 00027568 _____ (SecureMix LLC) C:\Windows\system32\Drivers\gwdrv.sys
2016-05-22 18:55 - 2016-05-22 18:55 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-05-22 18:49 - 2016-05-22 18:49 - 00000000 ____D C:\ProgramData\RogueKiller
2016-05-19 22:41 - 2016-05-19 22:42 - 00000000 ____D C:\Users\ahmed\AppData\Local\ExtractNow
2016-05-19 22:41 - 2016-05-19 22:42 - 00000000 ____D C:\Program Files\ExtractNow
2016-05-19 21:32 - 2016-05-23 22:35 - 00000000 ____D C:\AdwCleaner
2016-05-19 19:05 - 2016-05-19 19:05 - 00000000 ____D C:\ProgramData\GridinSoft
2016-05-19 18:55 - 2016-05-19 18:55 - 00000000 ____D C:\Program Files\Enigma Software Group
2016-05-14 12:09 - 2016-05-14 12:09 - 00000000 ____D C:\Users\Public\Documents\Baidu
2016-05-14 12:09 - 2016-05-14 12:09 - 00000000 ____D C:\ProgramData\Documents\Baidu
2016-05-13 19:58 - 2016-05-13 19:58 - 00000000 ____D C:\Users\Public\Documents\Tools
2016-05-13 19:58 - 2016-05-13 19:58 - 00000000 ____D C:\ProgramData\Documents\Tools
2016-05-13 19:56 - 2016-05-13 19:56 - 00000000 ____D C:\Users\ahmed\Documents\KONAMI
2016-05-13 19:56 - 2016-05-13 19:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PESEdit.com 2013 Patch
2016-05-13 19:56 - 2016-05-13 19:56 - 00000000 ____D C:\ProgramData\KONAMI
2016-05-13 19:50 - 2016-05-23 15:12 - 00000000 ____D C:\Users\ahmed\Desktop\Pes 13
2016-05-12 13:21 - 2016-05-16 15:53 - 00000000 ____D C:\Windows\system32\directx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-24 15:21 - 2015-10-22 17:56 - 00000362 _____ C:\Windows\lgfwup.ini
2016-05-24 15:21 - 2015-10-22 17:56 - 00000000 ____D C:\Program Files\lg_fwupdate
2016-05-24 15:21 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
2016-05-24 15:20 - 2015-10-22 21:53 - 00000826 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-24 15:20 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-24 15:19 - 2015-10-22 18:36 - 00000000 ____D C:\Users\ahmed\AppData\Roaming\DMCache
2016-05-24 15:18 - 2015-12-05 01:47 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1492026092-2507368824-3614128289-1001UA1d12eee184b990f.job
2016-05-24 15:17 - 2015-10-28 20:23 - 00000000 ____D C:\Users\ahmed\AppData\Roaming\ZHP
2016-05-24 15:07 - 2016-04-09 20:58 - 00000000 ____D C:\Users\ahmed\AppData\Local\ElevatedDiagnostics
2016-05-24 15:04 - 2015-10-22 21:53 - 00000830 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-24 14:55 - 2015-10-22 18:02 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-24 14:53 - 2009-07-14 06:34 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-24 14:53 - 2009-07-14 06:34 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-24 14:52 - 2015-10-24 00:39 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1492026092-2507368824-3614128289-1001UA.job
2016-05-24 14:50 - 2016-03-20 13:17 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-05-24 02:00 - 2015-10-22 20:39 - 00000000 ____D C:\Users\ahmed\AppData\Local\Adobe
2016-05-23 13:11 - 2015-10-22 20:28 - 02978450 _____ C:\Windows\system32\perfh001.dat
2016-05-23 13:11 - 2015-10-22 20:28 - 01539670 _____ C:\Windows\system32\perfh00C.dat
2016-05-23 13:11 - 2015-10-22 20:28 - 00948558 _____ C:\Windows\system32\perfc00C.dat
2016-05-23 13:11 - 2015-10-22 20:28 - 00938676 _____ C:\Windows\system32\perfc001.dat
2016-05-23 13:11 - 2010-11-20 23:01 - 00006250 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-23 06:18 - 2015-10-24 00:39 - 00000800 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1492026092-2507368824-3614128289-1001Core.job
2016-05-23 03:14 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\IME
2016-05-19 21:38 - 2015-10-22 23:01 - 00001343 _____ C:\Users\ahmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-19 21:38 - 2015-10-22 23:01 - 00000000 ____D C:\Users\ahmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2016-05-19 21:38 - 2015-10-22 18:26 - 00000000 ____D C:\Users\ahmed\AppData\LocalLow\Yahoo!
2016-05-19 21:38 - 2015-10-22 18:20 - 00000000 ____D C:\Program Files\Yahoo!
2016-05-19 21:38 - 2015-10-22 17:38 - 00001124 _____ C:\Users\ahmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-05-19 19:06 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\inf
2016-05-19 18:54 - 2016-03-14 05:07 - 00000000 ____D C:\Users\ahmed\AppData\Roaming\IDM
2016-05-19 16:51 - 2015-11-16 23:35 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-16 15:48 - 2016-03-04 21:01 - 00000000 ____D C:\Users\ahmed\Downloads\Compressed
2016-05-13 13:59 - 2015-10-22 18:02 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-05-13 13:59 - 2015-10-22 18:02 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-05-11 12:37 - 2015-12-04 15:42 - 00000000 ____D C:\Users\ahmed\Documents\FIFA 07

==================== Files in the root of some directories =======

2015-10-27 22:48 - 2015-10-27 22:48 - 0000057 _____ () C:\ProgramData\Ament.ini
2016-03-12 06:03 - 2016-03-13 05:08 - 0000234 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-05-18 03:38

==================== End of FRST.txt ============================

Publicité


Signaler le contenu de ce document

Publicité