Publicité
Publicité
Format du document : text/plain
Prévisualisation
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-10-2016
Ran by windows (administrator) on WINDOWS-PC (21-10-2016 13:51:53)
Running from C:\Users\windows\Desktop
Loaded Profiles: windows (Available Profiles: windows)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: العربية (السعودية)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\RogueKiller\RogueKiller.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [USB Security] => C:\Program Files\USB Disk Security\USBGuard.exe [623520 2011-01-31] (Zbshareware Lab)
HKU\S-1-5-21-2744508499-2295875598-203414080-1000\...\Run: [f.lux] => C:\Users\windows\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-2744508499-2295875598-203414080-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6868696 2016-08-26] (Piriform Ltd)
HKU\S-1-5-21-2744508499-2295875598-203414080-1000\...\Run: [Google Update] => C:\Users\windows\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2016-02-14] (Google Inc.)
HKU\S-1-5-21-2744508499-2295875598-203414080-1000\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [3952696 2016-08-05] (Tonec Inc.)
HKU\S-1-5-21-2744508499-2295875598-203414080-1000\...\MountPoints2: {3c2dc0c1-d327-11e5-a08d-806e6f6e6963} - F:\setup.exe
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2015-08-14] (Tonec Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{07FC3D91-9359-4CB0-8788-95F211F6361E}: [DhcpNameServer] 192.168.1.1 0.0.0.0
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/?q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/
URLSearchHook: [S-1-5-21-2744508499-2295875598-203414080-1000] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2016-07-13] (Internet Download Manager, Tonec Inc.)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\windows\AppData\Roaming\Mozilla\Firefox\Profiles\67ht759p.default-1476360324329 [2016-10-21]
FF HKU\S-1-5-21-2744508499-2295875598-203414080-1000\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2016-08-03]
FF HKU\S-1-5-21-2744508499-2295875598-203414080-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-2744508499-2295875598-203414080-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\windows\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\windows\AppData\Roaming\IDM\idmmzcc5 [2016-10-21] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-12] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2016-08-25] (Google)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-2744508499-2295875598-203414080-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\windows\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2744508499-2295875598-203414080-1000: @talk.google.com/O1DPlugin -> C:\Users\windows\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2744508499-2295875598-203414080-1000: @tools.google.com/Google Update;version=3 -> C:\Users\windows\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-2744508499-2295875598-203414080-1000: @tools.google.com/Google Update;version=9 -> C:\Users\windows\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\windows\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\windows\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
Chrome:
=======
CHR Profile: C:\Users\windows\AppData\Local\Google\Chrome\User Data\Default [2016-10-21]
CHR Extension: (عروض Google التقديمية) - C:\Users\windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-18]
CHR Extension: (محرّر مستندات Google) - C:\Users\windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-18]
CHR Extension: (Google Drive) - C:\Users\windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-18]
CHR Extension: (Youtube) - C:\Users\windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-18]
CHR Extension: (آدبلوك بلس) - C:\Users\windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-18]
CHR Extension: (جداول بيانات Google ) - C:\Users\windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-18]
CHR Extension: (مستندات Google في وضع عدم الاتصال) - C:\Users\windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-18]
CHR Extension: (IDM Integration Module) - C:\Users\windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-10-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-17]
CHR Extension: (Gmail) - C:\Users\windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-18]
CHR Extension: (Chrome Media Router) - C:\Users\windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-17]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2016-06-09]
StartMenuInternet: Google Chrome.FEK3O4GKYLSY2NC5BFRL7UYLK4 - C:\Users\windows\AppData\Local\Google\Chrome\Application\chrome.exe
Opera:
=======
OPR Extension: (IDM Integration Module) - C:\Users\windows\AppData\Roaming\Opera Software\Opera Stable\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-09-23]
OPR Extension: (Adblock Plus) - C:\Users\windows\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2016-08-27]
StartMenuInternet: (HKLM) Operadeveloper - C:\Program Files\Opera developer\Launcher.exe
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2171280 2016-10-11] (ESET)
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2016-05-03] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 E617A003; C:\Windows\System32\drivers\E617A003.sys [153784 2016-04-08] (Kaspersky Lab ZAO)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [206472 2016-10-11] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [156320 2016-10-11] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [121504 2016-10-11] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [162472 2016-10-11] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [52904 2016-10-11] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [71336 2016-10-11] (ESET)
R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [82168 2013-11-21] (EZB Systems, Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [53120 2016-03-10] (Malwarebytes Corporation)
R3 solo; C:\Windows\System32\drivers\solo.sys [73873 2000-07-10] (ESS Technology, Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-10-21] ()
S3 catchme; \??\C:\Users\windows\AppData\Local\Temp\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-10-21 13:51 - 2016-10-21 13:52 - 00011464 _____ C:\Users\windows\Desktop\FRST.txt
2016-10-21 13:51 - 2016-10-21 13:51 - 00000000 ____D C:\FRST
2016-10-21 13:48 - 2016-10-21 13:49 - 01756672 _____ (Farbar) C:\Users\windows\Desktop\FRST.exe
2016-10-21 07:50 - 2016-10-21 07:50 - 00438816 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-20 12:43 - 2016-10-20 12:43 - 00000000 ____D C:\Users\windows\Desktop\ouarsenis.com147674272889271
2016-10-19 19:46 - 2016-10-19 19:46 - 00003240 ____N C:\bootsqm.dat
2016-10-18 14:18 - 2016-10-18 14:18 - 00001930 _____ C:\Users\windows\Desktop\ZHPFix[R2].txt
2016-10-18 14:17 - 2016-10-18 14:17 - 00001930 _____ C:\Users\windows\Desktop\ZHPFixReport.txt
2016-10-18 14:16 - 2016-10-18 14:16 - 00001813 _____ C:\Users\windows\Desktop\ZHPFix.lnk
2016-10-18 14:14 - 2016-10-18 14:14 - 00001795 _____ C:\Users\Public\Desktop\ZHPFix.lnk
2016-10-18 14:14 - 2016-10-18 14:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2016-10-18 14:08 - 2016-10-18 14:08 - 03521617 _____ (Nicolas Coolman ) C:\Users\windows\Desktop\ZHPFix.exe
2016-10-18 14:06 - 2016-10-18 14:08 - 03521617 _____ (Nicolas Coolman ) C:\Users\windows\Downloads\ZHPFix.exe
2016-10-17 21:46 - 2016-10-17 21:46 - 00091091 _____ C:\Users\windows\Desktop\ZHPDiag.txt
2016-10-17 21:40 - 2016-10-17 21:40 - 02415616 _____ C:\Users\windows\Downloads\ZHPDiag3.exe
2016-10-17 21:26 - 2016-10-17 21:30 - 00001896 _____ C:\Users\windows\Desktop\ZHPCleaner.txt
2016-10-17 20:56 - 2016-10-17 20:56 - 00000894 _____ C:\Users\windows\Desktop\ZHPCleaner.lnk
2016-10-17 20:54 - 2016-10-17 20:55 - 02463744 _____ C:\Users\windows\Desktop\ZHPCleaner_2.exe
2016-10-16 16:05 - 2016-10-16 16:05 - 00004698 _____ C:\Users\windows\Documents\الفحص.txt
2016-10-16 16:04 - 2016-10-16 16:04 - 00004780 _____ C:\Users\windows\Documents\الحذف.txt
2016-10-16 14:53 - 2016-10-21 11:56 - 00001001 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2016-10-16 14:53 - 2016-10-21 11:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-10-16 14:53 - 2016-10-21 11:56 - 00000000 ____D C:\Program Files\RogueKiller
2016-10-16 14:38 - 2016-10-16 14:42 - 00000000 ____D C:\ProgramData\RogueKiller
2016-10-14 11:19 - 2016-10-14 11:33 - 00000000 ___SD C:\ComboFix_2
2016-10-14 11:19 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2016-10-14 11:19 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2016-10-14 11:19 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-10-14 11:19 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-10-14 11:19 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-10-14 11:19 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2016-10-14 11:19 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2016-10-14 11:19 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2016-10-13 14:26 - 2016-10-14 13:38 - 00000000 ____D C:\Program Files\HitmanPro
2016-10-13 14:23 - 2016-10-13 14:58 - 00000000 ____D C:\ProgramData\HitmanPro
2016-10-13 13:59 - 2016-10-16 16:00 - 00000958 _____ C:\Users\windows\Desktop\Pre_Scan_Donate.lnk
2016-10-13 13:59 - 2016-10-13 14:00 - 00000000 ____D C:\Pre_Scan
2016-10-11 13:18 - 2016-10-11 13:18 - 00121504 _____ (ESET) C:\Windows\system32\Drivers\ekbdflt.sys
2016-10-06 13:20 - 2016-10-06 13:20 - 00002102 _____ C:\Users\Public\Desktop\Google Earth.lnk
2016-10-06 13:20 - 2016-10-06 13:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2016-09-27 20:50 - 2016-10-18 22:56 - 00000000 ____D C:\Users\windows\AppData\Local\CrashDumps
2016-09-27 06:34 - 2016-09-27 06:45 - 00000000 ____D C:\Program Files\Mozilla Firefox
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-10-21 13:47 - 2016-03-06 20:56 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-10-21 13:38 - 2016-02-14 15:44 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-10-21 13:21 - 2016-05-12 15:03 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2744508499-2295875598-203414080-1000UA.job
2016-10-21 13:11 - 2016-05-11 16:59 - 00000830 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-21 11:57 - 2016-08-24 22:12 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-10-21 11:57 - 2016-02-14 13:48 - 00000000 ____D C:\Users\windows\AppData\Roaming\DMCache
2016-10-21 09:17 - 2016-04-23 16:52 - 00000000 ____D C:\Users\windows\AppData\Roaming\IDM
2016-10-21 09:07 - 2016-04-28 14:25 - 00000000 ____D C:\Program Files\Opera
2016-10-21 09:04 - 2009-07-14 05:34 - 00022944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-21 09:04 - 2009-07-14 05:34 - 00022944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-21 08:57 - 2016-05-11 16:59 - 00000826 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-21 08:56 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-18 22:29 - 2016-03-25 19:32 - 00000000 ____D C:\Program Files\CCleaner
2016-10-18 15:21 - 2016-05-12 15:03 - 00000808 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2744508499-2295875598-203414080-1000Core.job
2016-10-18 14:17 - 2016-04-22 18:34 - 00000000 ____D C:\Users\windows\AppData\Roaming\ZHP
2016-10-18 14:14 - 2016-04-22 20:42 - 00000000 ____D C:\Program Files\ZHPFix
2016-10-15 21:24 - 2016-03-17 14:15 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-10-15 21:23 - 2016-02-14 13:52 - 00000000 ____D C:\Windows\system32\Macromed
2016-10-14 13:57 - 2016-02-14 15:40 - 00000000 ____D C:\Users\windows\AppData\Local\Adobe
2016-10-14 13:56 - 2016-02-14 13:52 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-10-14 13:56 - 2016-02-14 13:52 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-10-14 11:19 - 2016-09-09 15:08 - 00000000 ____D C:\Qoobox
2016-10-13 13:21 - 2016-04-25 00:08 - 00000000 ____D C:\Users\windows\AppData\LocalLow\Adblock Plus for IE
2016-10-13 13:05 - 2016-06-19 00:14 - 00000000 ____D C:\Users\windows\Desktop\بيانات Firefox القديمة
2016-10-11 22:22 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2016-10-11 13:18 - 2016-02-23 15:25 - 00206472 _____ (ESET) C:\Windows\system32\Drivers\eamonm.sys
2016-10-11 13:18 - 2016-02-23 15:25 - 00162472 _____ (ESET) C:\Windows\system32\Drivers\epfw.sys
2016-10-11 13:18 - 2016-02-23 15:25 - 00156320 _____ (ESET) C:\Windows\system32\Drivers\ehdrv.sys
2016-10-11 13:18 - 2016-02-23 15:25 - 00071336 _____ (ESET) C:\Windows\system32\Drivers\epfwwfp.sys
2016-10-11 13:18 - 2016-02-23 15:25 - 00052904 _____ (ESET) C:\Windows\system32\Drivers\EpfwLWF.sys
2016-10-09 06:49 - 2016-02-14 13:48 - 00000000 ____D C:\The KMPlayer
2016-10-07 22:22 - 2009-07-14 05:53 - 00032652 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-10-07 12:14 - 2016-02-14 13:48 - 00000000 ____D C:\Users\windows\Downloads\Video
2016-10-06 13:20 - 2016-02-14 15:51 - 00000000 ____D C:\Program Files\Google
2016-10-04 14:15 - 2016-04-24 09:57 - 00002141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-04 14:15 - 2016-04-24 09:57 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-09-27 13:45 - 2016-04-24 09:49 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-09-24 22:34 - 2016-03-25 19:32 - 00000965 _____ C:\Users\Public\Desktop\CCleaner.lnk
==================== Files in the root of some directories =======
2016-02-14 13:54 - 2009-04-18 01:38 - 0349815 _____ () C:\Program Files\Common Files\Win7 Chrome 1920x1200.jpg
2016-04-24 18:09 - 2016-09-09 17:44 - 0007593 _____ () C:\Users\windows\AppData\Local\Resmon.ResmonCfg
Files to move or delete:
====================
C:\Users\windows\ZHPDiag3.exe
Some files in TEMP:
====================
C:\Users\windows\AppData\Local\temp\dllnt_dump.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-10-05 13:44
==================== End of FRST.txt ============================
Ran by windows (administrator) on WINDOWS-PC (21-10-2016 13:51:53)
Running from C:\Users\windows\Desktop
Loaded Profiles: windows (Available Profiles: windows)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: العربية (السعودية)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\RogueKiller\RogueKiller.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [USB Security] => C:\Program Files\USB Disk Security\USBGuard.exe [623520 2011-01-31] (Zbshareware Lab)
HKU\S-1-5-21-2744508499-2295875598-203414080-1000\...\Run: [f.lux] => C:\Users\windows\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-2744508499-2295875598-203414080-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6868696 2016-08-26] (Piriform Ltd)
HKU\S-1-5-21-2744508499-2295875598-203414080-1000\...\Run: [Google Update] => C:\Users\windows\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2016-02-14] (Google Inc.)
HKU\S-1-5-21-2744508499-2295875598-203414080-1000\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [3952696 2016-08-05] (Tonec Inc.)
HKU\S-1-5-21-2744508499-2295875598-203414080-1000\...\MountPoints2: {3c2dc0c1-d327-11e5-a08d-806e6f6e6963} - F:\setup.exe
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2015-08-14] (Tonec Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{07FC3D91-9359-4CB0-8788-95F211F6361E}: [DhcpNameServer] 192.168.1.1 0.0.0.0
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/?q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/
URLSearchHook: [S-1-5-21-2744508499-2295875598-203414080-1000] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2016-07-13] (Internet Download Manager, Tonec Inc.)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\windows\AppData\Roaming\Mozilla\Firefox\Profiles\67ht759p.default-1476360324329 [2016-10-21]
FF HKU\S-1-5-21-2744508499-2295875598-203414080-1000\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2016-08-03]
FF HKU\S-1-5-21-2744508499-2295875598-203414080-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-2744508499-2295875598-203414080-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\windows\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\windows\AppData\Roaming\IDM\idmmzcc5 [2016-10-21] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-12] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2016-08-25] (Google)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-2744508499-2295875598-203414080-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\windows\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2744508499-2295875598-203414080-1000: @talk.google.com/O1DPlugin -> C:\Users\windows\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2744508499-2295875598-203414080-1000: @tools.google.com/Google Update;version=3 -> C:\Users\windows\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-2744508499-2295875598-203414080-1000: @tools.google.com/Google Update;version=9 -> C:\Users\windows\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\windows\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\windows\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
Chrome:
=======
CHR Profile: C:\Users\windows\AppData\Local\Google\Chrome\User Data\Default [2016-10-21]
CHR Extension: (عروض Google التقديمية) - C:\Users\windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-18]
CHR Extension: (محرّر مستندات Google) - C:\Users\windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-18]
CHR Extension: (Google Drive) - C:\Users\windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-18]
CHR Extension: (Youtube) - C:\Users\windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-18]
CHR Extension: (آدبلوك بلس) - C:\Users\windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-18]
CHR Extension: (جداول بيانات Google ) - C:\Users\windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-18]
CHR Extension: (مستندات Google في وضع عدم الاتصال) - C:\Users\windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-18]
CHR Extension: (IDM Integration Module) - C:\Users\windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-10-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-17]
CHR Extension: (Gmail) - C:\Users\windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-18]
CHR Extension: (Chrome Media Router) - C:\Users\windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-17]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2016-06-09]
StartMenuInternet: Google Chrome.FEK3O4GKYLSY2NC5BFRL7UYLK4 - C:\Users\windows\AppData\Local\Google\Chrome\Application\chrome.exe
Opera:
=======
OPR Extension: (IDM Integration Module) - C:\Users\windows\AppData\Roaming\Opera Software\Opera Stable\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-09-23]
OPR Extension: (Adblock Plus) - C:\Users\windows\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2016-08-27]
StartMenuInternet: (HKLM) Operadeveloper - C:\Program Files\Opera developer\Launcher.exe
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2171280 2016-10-11] (ESET)
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2016-05-03] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 E617A003; C:\Windows\System32\drivers\E617A003.sys [153784 2016-04-08] (Kaspersky Lab ZAO)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [206472 2016-10-11] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [156320 2016-10-11] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [121504 2016-10-11] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [162472 2016-10-11] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [52904 2016-10-11] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [71336 2016-10-11] (ESET)
R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [82168 2013-11-21] (EZB Systems, Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [53120 2016-03-10] (Malwarebytes Corporation)
R3 solo; C:\Windows\System32\drivers\solo.sys [73873 2000-07-10] (ESS Technology, Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-10-21] ()
S3 catchme; \??\C:\Users\windows\AppData\Local\Temp\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-10-21 13:51 - 2016-10-21 13:52 - 00011464 _____ C:\Users\windows\Desktop\FRST.txt
2016-10-21 13:51 - 2016-10-21 13:51 - 00000000 ____D C:\FRST
2016-10-21 13:48 - 2016-10-21 13:49 - 01756672 _____ (Farbar) C:\Users\windows\Desktop\FRST.exe
2016-10-21 07:50 - 2016-10-21 07:50 - 00438816 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-20 12:43 - 2016-10-20 12:43 - 00000000 ____D C:\Users\windows\Desktop\ouarsenis.com147674272889271
2016-10-19 19:46 - 2016-10-19 19:46 - 00003240 ____N C:\bootsqm.dat
2016-10-18 14:18 - 2016-10-18 14:18 - 00001930 _____ C:\Users\windows\Desktop\ZHPFix[R2].txt
2016-10-18 14:17 - 2016-10-18 14:17 - 00001930 _____ C:\Users\windows\Desktop\ZHPFixReport.txt
2016-10-18 14:16 - 2016-10-18 14:16 - 00001813 _____ C:\Users\windows\Desktop\ZHPFix.lnk
2016-10-18 14:14 - 2016-10-18 14:14 - 00001795 _____ C:\Users\Public\Desktop\ZHPFix.lnk
2016-10-18 14:14 - 2016-10-18 14:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2016-10-18 14:08 - 2016-10-18 14:08 - 03521617 _____ (Nicolas Coolman ) C:\Users\windows\Desktop\ZHPFix.exe
2016-10-18 14:06 - 2016-10-18 14:08 - 03521617 _____ (Nicolas Coolman ) C:\Users\windows\Downloads\ZHPFix.exe
2016-10-17 21:46 - 2016-10-17 21:46 - 00091091 _____ C:\Users\windows\Desktop\ZHPDiag.txt
2016-10-17 21:40 - 2016-10-17 21:40 - 02415616 _____ C:\Users\windows\Downloads\ZHPDiag3.exe
2016-10-17 21:26 - 2016-10-17 21:30 - 00001896 _____ C:\Users\windows\Desktop\ZHPCleaner.txt
2016-10-17 20:56 - 2016-10-17 20:56 - 00000894 _____ C:\Users\windows\Desktop\ZHPCleaner.lnk
2016-10-17 20:54 - 2016-10-17 20:55 - 02463744 _____ C:\Users\windows\Desktop\ZHPCleaner_2.exe
2016-10-16 16:05 - 2016-10-16 16:05 - 00004698 _____ C:\Users\windows\Documents\الفحص.txt
2016-10-16 16:04 - 2016-10-16 16:04 - 00004780 _____ C:\Users\windows\Documents\الحذف.txt
2016-10-16 14:53 - 2016-10-21 11:56 - 00001001 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2016-10-16 14:53 - 2016-10-21 11:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-10-16 14:53 - 2016-10-21 11:56 - 00000000 ____D C:\Program Files\RogueKiller
2016-10-16 14:38 - 2016-10-16 14:42 - 00000000 ____D C:\ProgramData\RogueKiller
2016-10-14 11:19 - 2016-10-14 11:33 - 00000000 ___SD C:\ComboFix_2
2016-10-14 11:19 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2016-10-14 11:19 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2016-10-14 11:19 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-10-14 11:19 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-10-14 11:19 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-10-14 11:19 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2016-10-14 11:19 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2016-10-14 11:19 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2016-10-13 14:26 - 2016-10-14 13:38 - 00000000 ____D C:\Program Files\HitmanPro
2016-10-13 14:23 - 2016-10-13 14:58 - 00000000 ____D C:\ProgramData\HitmanPro
2016-10-13 13:59 - 2016-10-16 16:00 - 00000958 _____ C:\Users\windows\Desktop\Pre_Scan_Donate.lnk
2016-10-13 13:59 - 2016-10-13 14:00 - 00000000 ____D C:\Pre_Scan
2016-10-11 13:18 - 2016-10-11 13:18 - 00121504 _____ (ESET) C:\Windows\system32\Drivers\ekbdflt.sys
2016-10-06 13:20 - 2016-10-06 13:20 - 00002102 _____ C:\Users\Public\Desktop\Google Earth.lnk
2016-10-06 13:20 - 2016-10-06 13:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2016-09-27 20:50 - 2016-10-18 22:56 - 00000000 ____D C:\Users\windows\AppData\Local\CrashDumps
2016-09-27 06:34 - 2016-09-27 06:45 - 00000000 ____D C:\Program Files\Mozilla Firefox
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-10-21 13:47 - 2016-03-06 20:56 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-10-21 13:38 - 2016-02-14 15:44 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-10-21 13:21 - 2016-05-12 15:03 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2744508499-2295875598-203414080-1000UA.job
2016-10-21 13:11 - 2016-05-11 16:59 - 00000830 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-21 11:57 - 2016-08-24 22:12 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-10-21 11:57 - 2016-02-14 13:48 - 00000000 ____D C:\Users\windows\AppData\Roaming\DMCache
2016-10-21 09:17 - 2016-04-23 16:52 - 00000000 ____D C:\Users\windows\AppData\Roaming\IDM
2016-10-21 09:07 - 2016-04-28 14:25 - 00000000 ____D C:\Program Files\Opera
2016-10-21 09:04 - 2009-07-14 05:34 - 00022944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-21 09:04 - 2009-07-14 05:34 - 00022944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-21 08:57 - 2016-05-11 16:59 - 00000826 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-21 08:56 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-18 22:29 - 2016-03-25 19:32 - 00000000 ____D C:\Program Files\CCleaner
2016-10-18 15:21 - 2016-05-12 15:03 - 00000808 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2744508499-2295875598-203414080-1000Core.job
2016-10-18 14:17 - 2016-04-22 18:34 - 00000000 ____D C:\Users\windows\AppData\Roaming\ZHP
2016-10-18 14:14 - 2016-04-22 20:42 - 00000000 ____D C:\Program Files\ZHPFix
2016-10-15 21:24 - 2016-03-17 14:15 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-10-15 21:23 - 2016-02-14 13:52 - 00000000 ____D C:\Windows\system32\Macromed
2016-10-14 13:57 - 2016-02-14 15:40 - 00000000 ____D C:\Users\windows\AppData\Local\Adobe
2016-10-14 13:56 - 2016-02-14 13:52 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-10-14 13:56 - 2016-02-14 13:52 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-10-14 11:19 - 2016-09-09 15:08 - 00000000 ____D C:\Qoobox
2016-10-13 13:21 - 2016-04-25 00:08 - 00000000 ____D C:\Users\windows\AppData\LocalLow\Adblock Plus for IE
2016-10-13 13:05 - 2016-06-19 00:14 - 00000000 ____D C:\Users\windows\Desktop\بيانات Firefox القديمة
2016-10-11 22:22 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2016-10-11 13:18 - 2016-02-23 15:25 - 00206472 _____ (ESET) C:\Windows\system32\Drivers\eamonm.sys
2016-10-11 13:18 - 2016-02-23 15:25 - 00162472 _____ (ESET) C:\Windows\system32\Drivers\epfw.sys
2016-10-11 13:18 - 2016-02-23 15:25 - 00156320 _____ (ESET) C:\Windows\system32\Drivers\ehdrv.sys
2016-10-11 13:18 - 2016-02-23 15:25 - 00071336 _____ (ESET) C:\Windows\system32\Drivers\epfwwfp.sys
2016-10-11 13:18 - 2016-02-23 15:25 - 00052904 _____ (ESET) C:\Windows\system32\Drivers\EpfwLWF.sys
2016-10-09 06:49 - 2016-02-14 13:48 - 00000000 ____D C:\The KMPlayer
2016-10-07 22:22 - 2009-07-14 05:53 - 00032652 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-10-07 12:14 - 2016-02-14 13:48 - 00000000 ____D C:\Users\windows\Downloads\Video
2016-10-06 13:20 - 2016-02-14 15:51 - 00000000 ____D C:\Program Files\Google
2016-10-04 14:15 - 2016-04-24 09:57 - 00002141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-04 14:15 - 2016-04-24 09:57 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-09-27 13:45 - 2016-04-24 09:49 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-09-24 22:34 - 2016-03-25 19:32 - 00000965 _____ C:\Users\Public\Desktop\CCleaner.lnk
==================== Files in the root of some directories =======
2016-02-14 13:54 - 2009-04-18 01:38 - 0349815 _____ () C:\Program Files\Common Files\Win7 Chrome 1920x1200.jpg
2016-04-24 18:09 - 2016-09-09 17:44 - 0007593 _____ () C:\Users\windows\AppData\Local\Resmon.ResmonCfg
Files to move or delete:
====================
C:\Users\windows\ZHPDiag3.exe
Some files in TEMP:
====================
C:\Users\windows\AppData\Local\temp\dllnt_dump.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-10-05 13:44
==================== End of FRST.txt ============================