cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-07-2016
Ran by mahmoud (administrator) on MAHMOUD-PC (10-07-2016 17:43:09)
Running from C:\Users\mahmoud\Desktop
Loaded Profiles: mahmoud (Available Profiles: mahmoud)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-11-09] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-08-14] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-21-453311672-2777936180-2027923614-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [53288576 2015-06-30] (Skype Technologies S.A.)
HKU\S-1-5-21-453311672-2777936180-2027923614-1000\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [3903056 2015-05-20] (Tonec Inc.)
HKU\S-1-5-21-453311672-2777936180-2027923614-1000\...\Run: [Backup] => D:\Backup.exe
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2014-04-21] (Tonec Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\rvlkl.lnk [2016-07-07]
ShortcutTarget: rvlkl.lnk -> C:\ProgramData\rvlkl\rvlkl.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{87B743D1-8DE3-4DB0-84D2-DA01EDCED2D1}: [DhcpNameServer] 192.168.1.1 0.0.0.0

Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-453311672-2777936180-2027923614-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2015-05-20] (Internet Download Manager, Tonec Inc.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-08-14] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-01-18] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-01-18] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\itc732kg.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-07-10] ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-01-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-01-18] (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-08-14] (Adobe Systems Inc.)
FF Extension: rainalarmmdienerde - C:\Users\mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\itc732kg.default\extensions\rain-alarm@mdiener.de [2015-01-24] [not signed]
FF Extension: jid0c1av474BVPIHcGJfBp3GkhlhAa4jetpack - C:\Users\mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\itc732kg.default\extensions\jid0-c1av474BVPIHcGJfBp3GkhlhAa4@jetpack [2015-04-09] [not signed]
FF Extension: Bing Search - C:\Users\mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\itc732kg.default\Extensions\bingsearch.full@microsoft.com [2015-04-20] [not signed]
FF HKLM\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\itc732kg.default\extensions\fftoolbar2014@etech.com => not found
FF HKLM\...\Firefox\Extensions: [quick_searchff@gmail.com] - C:\Users\mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\itc732kg.default\extensions\quick_searchff@gmail.com => not found
FF HKLM\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\itc732kg.default\extensions\sweetsearch@gmail.com => not found
FF HKLM\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\itc732kg.default\extensions\defsearchp@gmail.com => not found
FF HKLM\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\itc732kg.default\extensions\deskCutv2@gmail.com => not found
FF HKLM\...\Firefox\Extensions: [yahooprotected@gmail.com] - C:\Users\mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\itc732kg.default\extensions\yahooprotected@gmail.com => not found
FF HKU\S-1-5-21-453311672-2777936180-2027923614-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\mahmoud\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\mahmoud\AppData\Roaming\IDM\idmmzcc5 [2016-07-10] [not signed]
FF HKU\S-1-5-21-453311672-2777936180-2027923614-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\mahmoud\AppData\Roaming\IDM\idmmzcc5

Chrome:
=======
CHR HomePage: Profile 2 -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=ar-xl
CHR StartupUrls: Profile 2 -> "hxxp://ar.hao123.com/"
CHR DefaultSearchURL: Profile 2 -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Profile 2 -> bing.com
CHR Profile: C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-20]
CHR Extension: (Google Docs) - C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-20]
CHR Extension: (Google Drive) - C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-20]
CHR Extension: (YouTube) - C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-20]
CHR Extension: (Google Search) - C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-20]
CHR Extension: (Google Sheets) - C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-20]
CHR Extension: (EditThisCookie) - C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2015-06-10]
CHR Extension: (Cookie Monster) - C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfiffgdeofcbmemekinaajmenfgenplh [2015-06-10]
CHR Extension: (Skype Click to Call) - C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-05-19]
CHR Extension: (Hola Better Internet) - C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhcmfkkjmkcfgelgdpndepmimbmkbpfp [2015-06-10]
CHR Extension: (Google Wallet) - C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-16]
CHR Extension: (Gmail) - C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-20]
CHR Profile: C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (عروض Google التقديمية) - C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-07-03]
CHR Extension: (محرّر مستندات Google) - C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-03]
CHR Extension: (Google Drive) - C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-03]
CHR Extension: (Youtube) - C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-03]
CHR Extension: (جداول بيانات Google ) - C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-07-03]
CHR Extension: (مستندات Google في وضع عدم الاتصال) - C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-03]
CHR Extension: (IDM Integration Module) - C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-07-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-03]
CHR Extension: (Gmail) - C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-03]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2015-04-18]
CHR HKU\S-1-5-21-453311672-2777936180-2027923614-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-10 17:43 - 2016-07-10 17:43 - 00012598 _____ C:\Users\mahmoud\Desktop\FRST.txt
2016-07-08 18:04 - 2016-07-08 18:04 - 00144512 _____ C:\Windows\Minidump\070816-25693-01.dmp
2016-07-08 18:03 - 2016-07-08 18:03 - 175270433 ____N C:\Windows\MEMORY.DMP
2016-07-08 16:11 - 2016-07-08 16:11 - 00144512 _____ C:\Windows\Minidump\070816-33821-01.dmp
2016-07-08 16:05 - 2016-07-08 16:05 - 00144512 _____ C:\Windows\Minidump\070816-31122-01.dmp
2016-07-08 14:38 - 2016-07-08 14:38 - 00144512 _____ C:\Windows\Minidump\070816-27440-01.dmp
2016-07-08 05:52 - 2016-07-08 05:52 - 00144512 _____ C:\Windows\Minidump\070816-26800-01.dmp
2016-07-08 05:39 - 2016-07-08 05:40 - 00144512 _____ C:\Windows\Minidump\070816-26145-01.dmp
2016-07-08 00:58 - 2016-07-08 00:58 - 00144512 _____ C:\Windows\Minidump\070816-26254-01.dmp
2016-07-08 00:56 - 2016-07-08 00:56 - 00144512 _____ C:\Windows\Minidump\070816-27721-01.dmp
2016-07-08 00:53 - 2016-07-08 00:53 - 00144512 _____ C:\Windows\Minidump\070816-29515-01.dmp
2016-07-07 21:12 - 2016-07-07 21:12 - 00144512 _____ C:\Windows\Minidump\070716-24866-01.dmp
2016-07-07 15:34 - 2016-07-07 15:34 - 00144512 _____ C:\Windows\Minidump\070716-26254-01.dmp
2016-07-07 15:29 - 2016-07-07 15:29 - 00144512 _____ C:\Windows\Minidump\070716-27050-01.dmp
2016-07-07 15:21 - 2016-07-08 05:47 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-07 15:21 - 2016-07-07 16:00 - 00001054 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-07-07 15:21 - 2016-07-07 15:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-07-07 15:21 - 2016-07-07 15:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-07-07 15:21 - 2016-07-07 15:21 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-07-07 15:21 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-07-07 15:21 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-07-07 15:21 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-07-07 15:09 - 2016-07-07 15:16 - 22851472 _____ (Malwarebytes ) C:\Users\mahmoud\Downloads\mbam-setup-2.2.1.1043.exe
2016-07-07 14:17 - 2016-07-07 14:17 - 00144512 _____ C:\Windows\Minidump\070716-25147-01.dmp
2016-07-07 05:36 - 2016-07-10 17:43 - 00000000 ____D C:\FRST
2016-07-07 05:36 - 2016-07-09 22:14 - 01740288 _____ (Farbar) C:\Users\mahmoud\Desktop\FRST.exe
2016-07-07 05:34 - 2016-07-07 05:35 - 01740288 _____ (Farbar) C:\Users\mahmoud\Downloads\FRST.exe
2016-07-07 05:28 - 2016-07-07 05:28 - 00144520 _____ C:\Windows\Minidump\070716-25287-01.dmp
2016-07-06 07:16 - 2016-07-06 07:16 - 00144512 _____ C:\Windows\Minidump\070616-25396-01.dmp
2016-07-06 07:14 - 2016-07-06 07:15 - 00144512 _____ C:\Windows\Minidump\070616-27424-01.dmp
2016-07-06 07:12 - 2016-07-06 07:12 - 00144512 _____ C:\Windows\Minidump\070616-28158-01.dmp
2016-07-06 04:30 - 2016-07-06 04:30 - 00144512 _____ C:\Windows\Minidump\070616-25599-02.dmp
2016-07-06 04:26 - 2016-07-06 04:26 - 00144520 _____ C:\Windows\Minidump\070616-25740-01.dmp
2016-07-06 04:21 - 2016-07-06 04:21 - 00144512 _____ C:\Windows\Minidump\070616-25584-01.dmp
2016-07-06 03:22 - 2016-07-06 03:22 - 00144512 _____ C:\Windows\Minidump\070616-25162-01.dmp
2016-07-05 18:55 - 2016-07-05 18:55 - 00144520 _____ C:\Windows\Minidump\070516-25864-01.dmp
2016-07-05 18:53 - 2016-07-05 18:53 - 00144512 _____ C:\Windows\Minidump\070516-30435-01.dmp
2016-07-05 14:31 - 2016-07-05 14:31 - 00144512 _____ C:\Windows\Minidump\070516-28454-01.dmp
2016-07-05 13:49 - 2016-07-05 13:49 - 00144512 _____ C:\Windows\Minidump\070516-25552-01.dmp
2016-07-04 18:48 - 2016-07-05 01:48 - 00000000 ____D C:\Users\mahmoud\Doctor Web
2016-07-04 18:48 - 2016-07-04 18:33 - 136156208 _____ C:\Users\mahmoud\Desktop\ifi0mcn2.exe
2016-07-04 17:52 - 2016-07-04 17:52 - 00000000 ____D C:\Users\mahmoud\AppData\Local\ElevatedDiagnostics
2016-07-04 17:50 - 2016-07-04 17:50 - 00144520 _____ C:\Windows\Minidump\070416-16146-01.dmp
2016-07-04 14:06 - 2016-07-04 14:06 - 00144512 _____ C:\Windows\Minidump\070416-16302-01.dmp
2016-07-04 14:04 - 2016-07-04 14:04 - 00144512 _____ C:\Windows\Minidump\070416-20779-01.dmp
2016-07-04 13:32 - 2016-07-04 13:32 - 00144512 _____ C:\Windows\Minidump\070416-19500-01.dmp
2016-07-04 13:29 - 2016-07-04 13:30 - 00144512 _____ C:\Windows\Minidump\070416-19999-01.dmp
2016-07-04 13:27 - 2016-07-04 13:27 - 00144512 _____ C:\Windows\Minidump\070416-19297-01.dmp
2016-07-04 13:25 - 2016-07-04 13:25 - 00144512 _____ C:\Windows\Minidump\070416-19624-01.dmp
2016-07-04 13:23 - 2016-07-04 13:23 - 00144512 _____ C:\Windows\Minidump\070416-20077-01.dmp
2016-07-03 23:20 - 2016-07-03 23:21 - 00144512 _____ C:\Windows\Minidump\070316-15990-01.dmp
2016-07-03 23:19 - 2016-07-03 23:19 - 00000000 ____H C:\Users\mahmoud\AppData\Local\BIT51AA.tmp
2016-07-03 23:19 - 2016-07-03 23:19 - 00000000 _____ C:\Users\mahmoud\AppData\Local\{0495DEBF-C1E6-41CC-95EE-FAE7BD01042F}
2016-07-03 05:34 - 2016-07-03 05:34 - 00144512 _____ C:\Windows\Minidump\070316-16411-01.dmp
2016-07-03 03:04 - 2016-07-03 03:04 - 00144512 _____ C:\Windows\Minidump\070316-16988-01.dmp
2016-07-03 03:00 - 2016-07-08 18:04 - 00000000 ____D C:\Windows\Minidump
2016-07-03 03:00 - 2016-07-03 03:01 - 00144512 _____ C:\Windows\Minidump\070316-16832-01.dmp
2016-07-02 07:50 - 2016-07-08 18:04 - 01626382 _____ C:\Windows\ntbtlog.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-10 17:42 - 2015-01-05 16:36 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-07-10 17:41 - 2015-04-20 20:09 - 00000000 ____D C:\Users\mahmoud\AppData\Roaming\Skype
2016-07-10 17:41 - 2015-01-05 16:37 - 00000826 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-10 17:40 - 2009-07-14 07:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-10 06:17 - 2015-01-05 15:57 - 00000000 ____D C:\Users\mahmoud\AppData\Roaming\DMCache
2016-07-10 06:02 - 2015-01-05 16:37 - 00000830 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-10 05:38 - 2009-07-14 07:34 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-10 05:38 - 2009-07-14 07:34 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-10 05:31 - 2014-09-05 23:10 - 00057560 _____ C:\Users\mahmoud\AppData\Local\GDIPFONTCACHEV1.DAT
2016-07-10 05:31 - 2009-07-14 07:53 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-07-10 05:31 - 2009-07-14 07:33 - 00266808 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-10 05:26 - 2015-01-27 15:53 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-07-10 03:45 - 2015-01-05 16:36 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-07-10 03:45 - 2015-01-05 16:36 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-07-10 03:04 - 2014-09-05 22:55 - 00000000 ____D C:\ProgramData\DatacardService
2016-07-10 03:04 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\inf
2016-07-10 03:01 - 2015-04-20 20:09 - 00000000 ___RD C:\Program Files\Skype
2016-07-09 01:04 - 2015-01-27 17:01 - 00002141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-07-08 16:13 - 2010-11-21 00:01 - 00713888 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-07 21:10 - 2015-01-19 21:36 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-07-07 21:10 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\tracing
2016-07-07 16:00 - 2014-09-05 23:06 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2016-07-07 16:00 - 2014-09-05 22:54 - 00001389 _____ C:\Users\mahmoud\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-07-07 16:00 - 2014-09-05 22:51 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-07-07 16:00 - 2014-09-05 22:51 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-07-07 16:00 - 2009-07-14 07:46 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-07-07 16:00 - 2009-07-14 07:42 - 00001330 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-07-07 16:00 - 2009-07-14 07:42 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-07-07 16:00 - 2009-07-14 07:42 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-07-07 15:59 - 2015-09-25 00:04 - 00000915 _____ C:\ProgramData\Microsoft\Windows\Start Menu\LINE.lnk
2016-07-07 15:59 - 2015-01-27 17:02 - 00001179 _____ C:\Users\mahmoud\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk
2016-07-07 15:59 - 2009-07-14 07:46 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-07-07 15:59 - 2009-07-14 07:37 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-07-07 15:32 - 2016-05-12 13:53 - 00000001 _____ C:\Windows\system32\eg.html
2016-07-07 14:22 - 2009-07-14 05:04 - 00000219 _____ C:\Windows\system.ini
2016-07-05 13:46 - 2014-09-05 22:53 - 00000000 ____D C:\Users\mahmoud
2016-07-05 11:49 - 2016-05-12 20:52 - 00000000 ____D C:\Program Files\WinZipper
2016-07-05 11:49 - 2014-09-05 23:04 - 00000000 ____D C:\Program Files\WinRAR
2016-07-05 02:00 - 2016-05-12 20:50 - 00000000 ____D C:\Windows\system32\_tWm
2016-07-05 01:52 - 2015-12-15 02:41 - 00000000 ____D C:\ProgramData\ZWdMZ
2016-07-05 01:52 - 2014-09-07 03:21 - 00000000 ____D C:\Program Files\Subway Surfers
2016-07-05 01:51 - 2015-09-25 00:04 - 00000000 ____D C:\Program Files\LINE
2016-07-05 01:51 - 2015-07-07 12:27 - 00000000 ____D C:\Program Files\Internet Download Manager
2016-07-04 17:48 - 2016-05-12 20:52 - 00000000 ____D C:\Users\mahmoud\AppData\Roaming\WinZiper
2016-07-04 17:48 - 2015-04-11 00:52 - 00000004 _____ C:\Windows\system32\029B560A371F4E00AB32838EBC01B9E7

==================== Files in the root of some directories =======

2015-09-03 11:42 - 2015-09-03 11:42 - 0000000 _____ () C:\Program Files\GUT8585.tmp
2015-09-20 09:17 - 2015-09-20 09:17 - 0033134 _____ () C:\Users\mahmoud\AppData\Roaming\UserTile.png
2016-07-03 23:19 - 2016-07-03 23:19 - 0000000 ____H () C:\Users\mahmoud\AppData\Local\BIT51AA.tmp
2016-07-03 23:19 - 2016-07-03 23:19 - 0000000 _____ () C:\Users\mahmoud\AppData\Local\{0495DEBF-C1E6-41CC-95EE-FAE7BD01042F}
2015-10-26 23:33 - 2015-12-29 11:17 - 0000074 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat

Files to move or delete:
====================
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
C:\Users\mahmoud\LineInst.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-07-09 22:32

==================== End of FRST.txt ============================

Publicité


Signaler le contenu de ce document

Publicité