cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-03-2017
Ran by ibrahim (administrator) on IBRAHIM-PC (23-03-2017 09:57:54)
Running from C:\Users\ibrahim\Desktop
Loaded Profiles: ibrahim (Available Profiles: ibrahim)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: العربية (السعودية)‏
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Ralink Technology, Corp.) C:\Program Files\Ralink\Common\RaRegistry.exe
(Silicon Integrated Systems Corporation) C:\Program Files\SiS VGA Utilities\SiSTray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Ralink Technology, Corp.) C:\Program Files\Ralink\Common\RaUI.exe
() C:\Program Files\PdaNet for Android\PdaNetPC.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SiSTray] => C:\Program Files\SiS VGA Utilities\SiSTray.exe [557056 2017-03-18] (Silicon Integrated Systems Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-03-21] (AVAST Software)
HKU\S-1-5-21-2785253729-1883162254-1830346523-1000\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [4005944 2017-02-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-03-21] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk [2017-03-23]
ShortcutTarget: Ralink Wireless Utility.lnk -> C:\Program Files\Ralink\Common\RaUI.exe (Ralink Technology, Corp.)
Startup: C:\Users\ibrahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk [2017-03-18]
ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files\PdaNet for Android\PdaNetPC.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{AE9A9A96-30D8-4108-98D7-DE5E5E8AD1D7}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{BD3BC5BD-A77F-4144-94B0-6297F9635CCC}: [DhcpNameServer] 8.8.8.8

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2785253729-1883162254-1830346523-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2785253729-1883162254-1830346523-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)

FireFox:
========
FF HKU\S-1-5-21-2785253729-1883162254-1830346523-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\ibrahim\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\ibrahim\AppData\Roaming\IDM\idmmzcc5 [2017-03-23] [not signed]
FF HKU\S-1-5-21-2785253729-1883162254-1830346523-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2017-01-26]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_23_0_0_185.dll [2017-03-21] ()
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-03-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-03-17] (Google Inc.)

Chrome:
=======
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\ibrahim\AppData\Local\Google\Chrome\User Data\Default [2017-03-23]
CHR Extension: (عروض Google التقديمية) - C:\Users\ibrahim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-17]
CHR Extension: (محرّر مستندات Google) - C:\Users\ibrahim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-17]
CHR Extension: (Google Drive) - C:\Users\ibrahim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-17]
CHR Extension: (Youtube) - C:\Users\ibrahim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-17]
CHR Extension: (جداول بيانات Google ) - C:\Users\ibrahim\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-17]
CHR Extension: (مستندات Google في وضع عدم الاتصال) - C:\Users\ibrahim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-17]
CHR Extension: (آدبلوك بلس) - C:\Users\ibrahim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-03-19]
CHR Extension: (Ashish Mishra) - C:\Users\ibrahim\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnkdbjbjpnpjeciipoaflmpcddinpjjp [2017-03-19]
CHR Extension: (IDM Integration Module) - C:\Users\ibrahim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2017-03-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ibrahim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-17]
CHR Extension: (ImTranslator: Translator, Dictionary, TTS) - C:\Users\ibrahim\AppData\Local\Google\Chrome\User Data\Default\Extensions\noaijdpnepcgjemiklgfkcfbkokogabh [2017-03-23]
CHR Extension: (Gmail) - C:\Users\ibrahim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-17]
CHR Extension: (Chrome Media Router) - C:\Users\ibrahim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-17]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2017-02-13]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-03-21] (AVAST Software)
R2 RalinkRegistryWriter; C:\Program Files\Ralink\Common\RaRegistry.exe [391472 2013-06-26] (Ralink Technology, Corp.)
S2 RaMediaServer; C:\Program Files\Ralink\Common\RaMediaServer.exe [1863680 2012-07-06] (Ralink) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34136 2017-03-21] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [106392 2017-03-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [90336 2017-03-21] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [62152 2017-03-21] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [756200 2017-03-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465024 2017-03-21] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [118288 2017-03-21] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [278776 2017-03-21] (AVAST Software)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2017-03-17] (REALiX(tm))
S3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt32.sys [144416 2017-01-30] (Zemana Ltd.)
R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [1635632 2013-09-06] (Ralink Technology Corp.)
R3 pneteth; C:\Windows\System32\DRIVERS\pneteth.sys [13440 2011-11-25] (June Fabrics Technology Inc.)
R0 uagp35; C:\Windows\System32\DRIVERS\sisagpx.sys [58400 2017-03-18] (Silicon Integrated Systems Corporation)
S3 catchme; \??\C:\Users\ibrahim\AppData\Local\Temp\catchme.sys [X] <==== ATTENTION
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam32.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard32.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-23 09:57 - 2017-03-23 09:58 - 00010277 _____ C:\Users\ibrahim\Desktop\FRST.txt
2017-03-23 09:57 - 2017-03-23 09:57 - 00000000 ____D C:\FRST
2017-03-23 09:53 - 2017-03-23 09:02 - 01766912 _____ (Farbar) C:\Users\ibrahim\Desktop\FRST.exe
2017-03-23 09:51 - 2017-03-23 09:51 - 00002248 _____ C:\Users\ibrahim\Desktop\AdwCleaner[C0]2 تنظيف.txt
2017-03-23 09:43 - 2017-03-23 09:42 - 00002377 _____ C:\Users\ibrahim\Desktop\AdwCleaner[S0].txt
2017-03-23 09:40 - 2017-03-23 09:45 - 00000000 ____D C:\AdwCleaner
2017-03-23 09:40 - 2017-03-23 09:03 - 04031440 _____ C:\Users\ibrahim\Desktop\adwcleaner_6.044.exe
2017-03-23 09:35 - 2017-03-23 09:35 - 00003538 _____ C:\Users\ibrahim\Desktop\JRT.txt
2017-03-23 09:31 - 2017-03-23 08:50 - 01663904 _____ (Malwarebytes) C:\Users\ibrahim\Desktop\JRT.exe
2017-03-23 09:28 - 2017-03-23 09:28 - 00262705 _____ C:\Users\ibrahim\Desktop\منتديات ستار تايمز_ ♦◄ شرح أداة JunkWare Removal Tool ►♦ جمعتنا المحبة ♥.html
2017-03-23 09:28 - 2017-03-23 09:28 - 00253462 _____ C:\Users\ibrahim\Desktop\منتديات ستار تايمز_ ___تجديد شرح أداة AdwCleaner لإزالة البرامج الإشهارية والتولبارات___.html
2017-03-23 09:28 - 2017-03-23 09:28 - 00230094 _____ C:\Users\ibrahim\Desktop\منتديات ستار تايمز FRST.html
2017-03-23 09:28 - 2017-03-23 09:28 - 00000000 ____D C:\Users\ibrahim\Desktop\منتديات ستار تايمز_ ___تجديد شرح أداة AdwCleaner لإزالة البرامج الإشهارية والتولبارات____files
2017-03-23 09:28 - 2017-03-23 09:28 - 00000000 ____D C:\Users\ibrahim\Desktop\منتديات ستار تايمز_ ♦◄ شرح أداة JunkWare Removal Tool ►♦ جمعتنا المحبة ♥_files
2017-03-23 09:28 - 2017-03-23 09:28 - 00000000 ____D C:\Users\ibrahim\Desktop\منتديات ستار تايمز FRST_files
2017-03-22 20:12 - 2017-03-22 20:12 - 00091196 _____ C:\Users\ibrahim\Desktop\ZHPDiag.txt
2017-03-22 19:03 - 2017-03-22 19:03 - 00000000 ___SD C:\ComboFix
2017-03-22 19:03 - 2017-03-22 19:02 - 07275640 _____ C:\Users\ibrahim\Desktop\Video_2017-03-22_190259.wmv
2017-03-22 19:00 - 2017-03-22 19:00 - 03346662 _____ C:\Users\ibrahim\Documents\capture1.bmp
2017-03-22 16:11 - 2017-03-22 16:11 - 00015955 _____ C:\ComboFix.txt
2017-03-22 16:00 - 2017-03-22 19:03 - 00000000 ____D C:\Qoobox
2017-03-22 16:00 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2017-03-22 16:00 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2017-03-22 16:00 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-03-22 16:00 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-03-22 16:00 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-03-22 16:00 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2017-03-22 16:00 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2017-03-22 16:00 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2017-03-22 15:59 - 2017-03-22 16:09 - 00000000 ____D C:\Windows\erdnt
2017-03-22 15:46 - 2017-03-22 15:41 - 05659269 ____R (Swearware) C:\Users\ibrahim\Desktop\ComboFix.exe
2017-03-22 12:45 - 2017-03-22 12:45 - 00001087 _____ C:\Users\Public\Desktop\CPUID HWMonitor.lnk
2017-03-22 12:45 - 2017-03-22 12:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2017-03-22 12:45 - 2017-03-22 12:45 - 00000000 ____D C:\Program Files\CPUID
2017-03-22 11:03 - 2017-03-22 11:03 - 00000020 _____ C:\Users\ibrahim\Desktop\كونفج 15-04-2017.rar
2017-03-22 10:46 - 2017-03-22 20:10 - 00000000 ____D C:\Users\ibrahim\AppData\Roaming\ZHP
2017-03-22 10:46 - 2017-03-22 10:46 - 00000784 _____ C:\Users\ibrahim\Desktop\ZHPDiag.lnk
2017-03-22 09:27 - 2017-03-22 10:27 - 02203282 _____ C:\Users\ibrahim\Downloads\لم يتم تأكيده 860017.crdownload
2017-03-21 18:23 - 2017-03-22 11:20 - 00068285 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-03-21 18:23 - 2017-03-22 09:01 - 00143004 _____ C:\Windows\ZAM.krnl.trace
2017-03-21 18:22 - 2017-03-22 12:43 - 00000000 ____D C:\Program Files\Zemana AntiLogger
2017-03-21 18:22 - 2017-03-22 09:01 - 00000000 ____D C:\Program Files\KeyCryptSDK
2017-03-21 18:22 - 2017-01-30 12:09 - 00144416 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\KeyCrypt32.sys
2017-03-21 18:21 - 2017-03-21 18:23 - 00000000 ____D C:\Users\ibrahim\AppData\Local\Zemana
2017-03-21 18:14 - 2017-03-21 18:14 - 00506750 _____ C:\Users\ibrahim\Desktop\Video_2017-03-21_181410.wmv
2017-03-21 18:12 - 2017-03-21 18:12 - 00000000 ____D C:\Users\ibrahim\AppData\Roaming\FastStone
2017-03-21 18:12 - 2017-03-21 18:12 - 00000000 ____D C:\Users\ibrahim\AppData\Local\FastStone
2017-03-21 18:11 - 2017-03-21 18:11 - 00001037 _____ C:\Users\Public\Desktop\FastStone Capture.lnk
2017-03-21 18:11 - 2017-03-21 18:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Capture
2017-03-21 18:11 - 2017-03-21 18:11 - 00000000 ____D C:\Program Files\FastStone Capture
2017-03-21 17:59 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2017-03-21 17:59 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2017-03-21 17:59 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2017-03-21 17:58 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2017-03-21 17:57 - 2017-03-21 17:57 - 00001320 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2017-03-21 17:57 - 2017-03-21 17:57 - 00001251 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2017-03-21 17:55 - 2017-03-21 17:56 - 00000000 ____D C:\Program Files\Windows Live
2017-03-21 17:55 - 2017-03-21 17:55 - 00001188 _____ C:\Users\Public\Desktop\Windows Movie Maker.lnk
2017-03-21 17:55 - 2017-03-21 17:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker
2017-03-21 17:55 - 2017-03-21 17:55 - 00000000 ____D C:\Program Files\Windows Movie Maker
2017-03-21 14:01 - 2017-03-21 14:01 - 00000000 ____D C:\Program Files\MyPlayCity.com
2017-03-21 13:06 - 2017-03-21 13:06 - 00000000 ____D C:\Users\ibrahim\AppData\Roaming\AVAST Software
2017-03-21 13:06 - 2017-03-21 13:06 - 00000000 ____D C:\Users\ibrahim\AppData\Local\CEF
2017-03-21 13:05 - 2017-03-21 13:05 - 00002079 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-03-21 13:05 - 2017-03-21 13:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2017-03-21 13:05 - 2017-03-21 13:05 - 00000000 ____D C:\Program Files\Common Files\AV
2017-03-21 13:04 - 2017-03-21 18:09 - 00465024 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2017-03-21 13:04 - 2017-03-21 13:05 - 00278776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2017-03-21 13:04 - 2017-03-21 13:03 - 00756200 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-03-21 13:04 - 2017-03-21 13:03 - 00118288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-03-21 13:04 - 2017-03-21 13:03 - 00106392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-03-21 13:04 - 2017-03-21 13:03 - 00090336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-03-21 13:04 - 2017-03-21 13:03 - 00062152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-03-21 13:04 - 2017-03-21 13:03 - 00034136 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-03-21 13:03 - 2017-03-21 13:03 - 00921280 _____ (Microsoft Corporation) C:\Windows\ucrtbase.dll
2017-03-21 13:03 - 2017-03-21 13:03 - 00328208 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-03-21 12:26 - 2017-03-21 12:26 - 00000000 ____D C:\Program Files\AVAST Software
2017-03-21 12:18 - 2017-03-21 12:18 - 00000000 ____D C:\ProgramData\AVAST Software
2017-03-20 19:28 - 2017-03-20 19:28 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2017-03-20 15:14 - 2017-03-20 15:14 - 00007597 _____ C:\Users\ibrahim\AppData\Local\Resmon.ResmonCfg
2017-03-20 11:39 - 2017-03-20 11:39 - 00004536 _____ C:\Users\ibrahim\AppData\Roaming\CamStudio.cfg
2017-03-20 11:38 - 2017-03-20 11:39 - 00000000 ____D C:\Users\ibrahim\Documents\My CamStudio Temp Files
2017-03-20 11:38 - 2017-03-20 11:38 - 00000096 _____ C:\Users\ibrahim\AppData\Roaming\version2.xml
2017-03-20 11:38 - 2017-03-20 11:38 - 00000000 ____D C:\Users\ibrahim\Documents\My CamStudio Videos
2017-03-20 10:20 - 2017-03-20 10:20 - 00000000 ____D C:\Users\ibrahim\AppData\Roaming\AVS4YOU
2017-03-20 10:20 - 2017-03-20 10:20 - 00000000 ____D C:\ProgramData\AVS4YOU
2017-03-20 10:19 - 2017-03-20 10:19 - 00000000 ____D C:\Users\ibrahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
2017-03-20 10:18 - 2017-03-20 10:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
2017-03-20 10:18 - 2017-03-20 10:19 - 00000000 ____D C:\Program Files\Common Files\AVSMedia
2017-03-20 10:18 - 2017-03-20 10:18 - 00001163 _____ C:\Users\ibrahim\Desktop\AVS Video Editor.lnk
2017-03-20 10:16 - 2017-03-20 10:19 - 00000000 ____D C:\Program Files\AVS4YOU
2017-03-20 10:16 - 2011-06-23 12:26 - 01700352 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2017-03-20 10:16 - 2011-06-23 12:25 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\msxml3a.dll
2017-03-19 22:47 - 2017-03-19 22:47 - 00001080 _____ C:\Users\ibrahim\Desktop\DimScreen - رمز اختصار.lnk
2017-03-19 17:31 - 2017-03-19 17:31 - 00000821 _____ C:\Users\ibrahim\Desktop\استماع - رمز اختصار.lnk
2017-03-19 17:28 - 2017-03-19 17:28 - 00000000 ____D C:\Users\ibrahim\AppData\Roaming\TuneUp Software
2017-03-19 17:27 - 2017-03-19 17:27 - 00000000 ____D C:\ProgramData\TuneUp Software
2017-03-19 17:26 - 2017-03-19 17:26 - 00000000 __SHD C:\ProgramData\{55A29068-F2CE-456C-9148-C869879E2357}
2017-03-19 16:08 - 2017-03-19 16:08 - 00000193 _____ C:\Windows\WORDPAD.INI
2017-03-19 16:05 - 2014-05-14 17:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-03-19 16:05 - 2014-05-14 17:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-03-19 16:05 - 2014-05-14 17:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-03-19 16:05 - 2014-05-14 17:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-03-19 16:05 - 2014-05-14 17:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-03-19 16:05 - 2014-05-14 17:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-03-19 16:05 - 2014-05-14 17:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-03-19 16:05 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-03-19 16:05 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-03-19 11:44 - 2016-10-26 17:29 - 00407720 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-03-19 10:58 - 2017-03-19 10:58 - 00000000 ____D C:\Users\ibrahim\Documents\The KMPlayer
2017-03-19 10:58 - 2017-03-19 10:58 - 00000000 ____D C:\Users\ibrahim\AppData\Roaming\Macromedia
2017-03-19 10:56 - 2017-03-19 10:58 - 00000000 ____D C:\Program Files\The KMPlayer
2017-03-19 10:56 - 2017-03-19 10:56 - 00000997 _____ C:\Users\ibrahim\Desktop\KMPlayer.lnk
2017-03-19 10:56 - 2017-03-19 10:56 - 00000000 ____D C:\Users\ibrahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer
2017-03-19 07:32 - 2017-03-19 07:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-03-19 07:31 - 2017-03-19 07:33 - 00000030 _____ C:\Windows\QQPlayer.INI
2017-03-18 19:42 - 2017-03-18 19:42 - 00000000 ____D C:\Users\ibrahim\AppData\Roaming\Foxit Software
2017-03-18 19:41 - 2017-03-21 18:06 - 00000000 ____D C:\Program Files\Bonjour
2017-03-18 19:41 - 2017-03-18 19:41 - 00000000 ____D C:\ProgramData\Apple
2017-03-18 19:40 - 2017-03-19 17:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\5kplayer
2017-03-18 19:40 - 2017-03-18 19:49 - 00000000 ____D C:\Users\ibrahim\AppData\Roaming\5kplayer
2017-03-18 19:40 - 2017-03-18 19:40 - 00001024 _____ C:\Users\Public\Desktop\Foxit Reader.lnk
2017-03-18 19:40 - 2017-03-18 19:40 - 00000000 ____D C:\Program Files\Foxit Software
2017-03-18 19:40 - 2017-03-18 19:40 - 00000000 ____D C:\Program Files\DearMob
2017-03-18 19:38 - 2017-03-19 07:32 - 00000969 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-03-18 19:38 - 2017-03-19 07:32 - 00000000 ____D C:\Program Files\CCleaner
2017-03-18 18:03 - 2017-03-18 18:03 - 00000000 ____D C:\Users\Public\Documents\Wondershare
2017-03-18 12:54 - 2017-03-18 12:55 - 00000000 ____D C:\Users\ibrahim\AppData\Roaming\Kodi
2017-03-18 12:53 - 2015-06-07 00:08 - 00883712 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-03-18 12:53 - 2015-06-07 00:08 - 00064352 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-03-18 12:53 - 2015-06-07 00:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-03-18 12:53 - 2015-06-07 00:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-03-18 12:53 - 2015-06-07 00:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-03-18 12:53 - 2015-06-07 00:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-03-18 12:53 - 2015-06-07 00:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-03-18 12:53 - 2015-06-07 00:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-03-18 12:53 - 2015-06-07 00:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-03-18 12:53 - 2015-06-07 00:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-03-18 12:53 - 2015-06-07 00:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-03-18 12:53 - 2015-06-07 00:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-03-18 12:53 - 2015-06-07 00:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-03-18 12:53 - 2015-06-07 00:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-03-18 12:53 - 2015-06-07 00:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-03-18 12:53 - 2015-06-07 00:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-03-18 12:53 - 2015-06-07 00:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-03-18 12:53 - 2015-06-07 00:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-03-18 12:53 - 2015-06-07 00:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-03-18 12:53 - 2015-06-07 00:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2017-03-18 12:53 - 2015-06-07 00:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-03-18 12:53 - 2015-06-07 00:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-03-18 12:53 - 2015-06-07 00:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-03-18 12:53 - 2015-06-07 00:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-03-18 12:52 - 2017-03-18 12:52 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-18 12:50 - 2017-03-18 12:56 - 00000000 ____D C:\Program Files\Kodi
2017-03-18 12:09 - 2017-03-18 12:09 - 00000656 _____ C:\Users\ibrahim\Desktop\التحميلات - رمز اختصار.lnk
2017-03-18 10:54 - 2017-03-18 10:54 - 00000000 ____D C:\Users\ibrahim\AppData\Roaming\Adobe
2017-03-18 10:38 - 2017-03-18 12:54 - 00000000 ____D C:\Program Files\MKV Player
2017-03-18 09:20 - 2017-03-18 09:20 - 00001253 _____ C:\Users\ibrahim\Desktop\Media Player Classic.lnk
2017-03-18 09:05 - 2017-03-18 09:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SiS VGA Utilities
2017-03-18 09:05 - 2017-03-18 09:05 - 00000000 ____D C:\Program Files\SiS VGA Utilities
2017-03-18 09:05 - 2017-03-18 09:04 - 00006656 _____ (Silicon Integrated Systems Corporation) C:\Windows\system32\SiSApi.dll
2017-03-18 09:04 - 2017-03-18 09:04 - 04080128 _____ (Silicon Integrated Systems Corporation) C:\Windows\system32\SiSGlv.dll
2017-03-18 09:04 - 2017-03-18 09:04 - 03653632 _____ (Silicon Integrated Systems Corporation) C:\Windows\system32\SISGRUMD.dll
2017-03-18 09:04 - 2017-03-18 09:04 - 00655360 _____ (Silicon Integrated Systems Corporation) C:\Windows\system32\SiSClone.dll
2017-03-18 09:04 - 2017-03-18 09:04 - 00466432 _____ (Silicon Integrated Systems Corporation) C:\Windows\system32\Drivers\SISGRKMD.sys
2017-03-18 09:04 - 2017-03-18 09:04 - 00212992 _____ (Silicon Integrated Systems Corporation) C:\Windows\system32\SiSFunc.dll
2017-03-18 09:04 - 2017-03-18 09:04 - 00006656 _____ (Silicon Integrated Systems Corporation) C:\Windows\system32\SiSCo.dll
2017-03-18 09:04 - 2017-03-18 09:04 - 00005632 _____ (Silicon Integrated Systems Corporation) C:\Windows\system32\SiSKrl.dll
2017-03-18 08:49 - 2017-03-18 08:49 - 00031245 _____ C:\Users\ibrahim\Desktop\منتديات ستار تايمز_ IObit Driver Booster Pro 3.0.3.257 Final Multilingual + Serial.html
2017-03-18 08:46 - 2017-03-18 08:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack
2017-03-18 08:46 - 2017-03-18 08:46 - 00000000 ____D C:\Program Files\Combined Community Codec Pack
2017-03-18 08:01 - 2017-03-18 19:35 - 00000000 ____D C:\KMPlayer
2017-03-18 07:55 - 2017-03-18 07:55 - 00058400 _____ (Silicon Integrated Systems Corporation) C:\Windows\system32\Drivers\sisagpx.sys
2017-03-18 07:35 - 2017-03-18 07:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PdaNet for Android
2017-03-18 07:34 - 2017-03-23 09:32 - 00000000 ____D C:\Users\ibrahim\AppData\Roaming\DMCache
2017-03-18 07:34 - 2017-03-22 09:36 - 00000000 ____D C:\Users\ibrahim\AppData\Roaming\IDM
2017-03-18 07:34 - 2017-03-18 10:55 - 00000000 ____D C:\Users\ibrahim\Downloads\Video
2017-03-18 07:34 - 2017-03-18 10:55 - 00000000 ____D C:\Users\ibrahim\Downloads\Compressed
2017-03-18 07:34 - 2017-03-18 07:34 - 00000983 _____ C:\Users\ibrahim\Desktop\Internet Download Manager.lnk
2017-03-18 07:34 - 2017-03-18 07:34 - 00000000 ____D C:\Users\ibrahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2017-03-18 07:34 - 2017-03-18 07:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2017-03-18 07:34 - 2017-03-18 07:34 - 00000000 ____D C:\ProgramData\IDM
2017-03-18 07:34 - 2017-03-18 07:34 - 00000000 ____D C:\Program Files\Internet Download Manager
2017-03-18 07:32 - 2017-03-21 17:57 - 00000000 ____D C:\ProgramData\TEMP
2017-03-18 07:32 - 2017-03-18 07:32 - 00001048 _____ C:\Users\ibrahim\Desktop\Your Unin-staller!.lnk
2017-03-18 07:32 - 2017-03-18 07:32 - 00000000 ____D C:\Users\ibrahim\AppData\Roaming\URSoft
2017-03-18 07:32 - 2017-03-18 07:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Uninstaller 2010
2017-03-18 07:32 - 2017-03-18 07:32 - 00000000 ____D C:\Program Files\Your Uninstaller 2010
2017-03-17 21:04 - 2017-03-18 19:39 - 00000000 ____D C:\Windows\Panther
2017-03-17 20:56 - 2017-03-17 20:56 - 00000000 ____D C:\Windows.old
2017-03-17 20:35 - 2017-03-18 07:35 - 00000000 ____D C:\Program Files\PdaNet for Android
2017-03-17 19:49 - 2017-03-22 09:09 - 00000000 ____D C:\Users\ibrahim\AppData\Roaming\Media Player Classic
2017-03-17 18:38 - 2017-03-17 18:38 - 00000000 ____D C:\Users\ibrahim\AppData\Local\ElevatedDiagnostics
2017-03-17 14:31 - 2017-03-17 14:31 - 00000000 ____D C:\Users\ibrahim\AppData\LocalLow\Temp
2017-03-17 14:06 - 2017-03-17 14:06 - 00000000 ____D C:\ProgramData\Ralink
2017-03-17 14:06 - 2017-03-17 14:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ralink Wireless
2017-03-17 14:06 - 2011-09-08 05:51 - 00237568 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\system32\ssleay32.dll
2017-03-17 14:06 - 2011-09-08 05:50 - 01100288 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\system32\libeay32.dll
2017-03-17 14:05 - 2017-03-17 14:05 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2017-03-17 14:05 - 2017-03-17 14:05 - 00000000 ____D C:\Windows\system32\RaLanguages
2017-03-17 14:05 - 2017-03-17 14:05 - 00000000 ____D C:\ProgramData\Ralink Driver
2017-03-17 14:05 - 2017-03-17 14:05 - 00000000 ____D C:\Program Files\Ralink
2017-03-17 14:05 - 2017-03-17 14:05 - 00000000 ____D C:\Program Files\Cisco
2017-03-17 14:05 - 2013-09-06 20:43 - 01635632 _____ (Ralink Technology Corp.) C:\Windows\system32\Drivers\netr28u.sys
2017-03-17 14:05 - 2013-08-27 09:18 - 00239920 _____ (Ralink Technology, Inc.) C:\Windows\system32\RaCoInst.dll
2017-03-17 14:05 - 2013-08-27 09:18 - 00080316 _____ C:\Windows\system32\Drivers\FW_7610.bin
2017-03-17 14:05 - 2013-08-27 09:18 - 00046692 _____ C:\Windows\system32\Drivers\FW_7601.bin
2017-03-17 14:05 - 2013-08-27 09:18 - 00008192 _____ C:\Windows\system32\Drivers\FW_2870.bin
2017-03-17 14:05 - 2013-08-27 09:18 - 00004096 _____ C:\Windows\system32\Drivers\FW_3573.bin
2017-03-17 14:05 - 2012-08-01 16:47 - 00795648 _____ (Ralink Technology, Corp.) C:\Windows\system32\RAIHV.dll
2017-03-17 14:05 - 2012-01-10 11:29 - 00117760 _____ (Ralink Technology, Corp.) C:\Windows\system32\RAEXTUI.dll
2017-03-17 14:05 - 2011-05-04 13:56 - 01608768 _____ (Ralink Technology, Corp.) C:\Windows\system32\RaCertMgr.dll
2017-03-17 14:05 - 2010-06-29 10:34 - 00480608 _____ C:\Windows\system32\DiagFunc.dll
2017-03-17 14:05 - 2010-01-27 11:54 - 00000451 _____ C:\Windows\system32\DiagFunc.ini
2017-03-17 14:01 - 2013-08-27 09:18 - 00013973 _____ C:\Windows\system32\RaCoInst.dat
2017-03-17 13:52 - 2017-03-18 09:04 - 00000000 ____D C:\Users\ibrahim\Desktop\Backups
2017-03-17 13:44 - 2017-03-17 13:44 - 00000000 ____D C:\Windows\IObit
2017-03-17 13:43 - 2017-03-18 16:18 - 00002224 _____ C:\Users\Public\Desktop\Driver Booster 4.lnk
2017-03-17 13:43 - 2017-03-17 13:44 - 00000000 ____D C:\Users\ibrahim\AppData\LocalLow\IObit
2017-03-17 13:43 - 2017-03-17 13:43 - 00023840 _____ (REALiX(tm)) C:\Windows\system32\Drivers\HWiNFO32.SYS
2017-03-17 13:43 - 2017-03-17 13:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 4
2017-03-17 13:43 - 2017-03-17 13:43 - 00000000 ____D C:\ProgramData\IObit
2017-03-17 13:43 - 2017-03-17 13:43 - 00000000 ____D C:\Program Files\IObit
2017-03-17 13:33 - 2017-03-17 13:33 - 00000000 ____D C:\Users\ibrahim\AppData\Roaming\IObit
2017-03-17 13:32 - 2017-03-17 13:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2017-03-17 13:32 - 2017-03-17 13:32 - 00000000 ____D C:\Program Files\K-Lite Codec Pack
2017-03-17 13:32 - 2012-06-09 18:21 - 00178688 _____ C:\Windows\system32\unrar.dll
2017-03-17 13:31 - 2017-03-21 19:16 - 00000000 ____D C:\Users\ibrahim\AppData\Roaming\Thinstall
2017-03-17 13:31 - 2017-03-17 13:31 - 00000000 ____D C:\Users\ibrahim\AppData\Local\Thinstall
2017-03-17 13:22 - 2017-03-21 13:22 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-03-17 13:22 - 2017-03-21 13:22 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-03-17 13:22 - 2017-03-21 13:21 - 00000000 ____D C:\Windows\system32\Macromed
2017-03-17 13:17 - 2017-03-17 13:17 - 00013943 _____ C:\Users\ibrahim\Desktop\07-03 - رمز اختصار.lnk
2017-03-17 13:11 - 2017-03-17 13:11 - 00002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-17 13:11 - 2017-03-17 13:11 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-03-17 13:02 - 2017-03-17 13:02 - 00000000 ____D C:\Users\ibrahim\AppData\Roaming\WinRAR
2017-03-17 13:02 - 2017-03-17 13:02 - 00000000 ____D C:\Users\ibrahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-03-17 13:02 - 2017-03-17 13:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-03-17 13:02 - 2017-03-17 13:02 - 00000000 ____D C:\Program Files\WinRAR
2017-03-17 12:59 - 2017-03-17 16:54 - 00000000 ____D C:\Users\ibrahim\AppData\Local\Google
2017-03-17 12:59 - 2017-03-17 13:11 - 00000000 ____D C:\Program Files\Google
2017-03-17 12:57 - 2017-03-17 12:57 - 00000000 ____D C:\Users\ibrahim\AppData\Roaming\MPC-HC
2017-03-17 12:56 - 2017-03-17 12:56 - 00000474 _____ C:\Users\ibrahim\Desktop\القرص المحلي ‭(E)‬ - رمز اختصار.lnk
2017-03-17 12:56 - 2017-03-17 12:56 - 00000474 _____ C:\Users\ibrahim\Desktop\القرص المحلي ‭(D)‬ - رمز اختصار.lnk
2017-03-17 12:53 - 2017-03-20 23:38 - 00000000 ____D C:\Windows\Minidump
2017-03-17 12:48 - 2017-03-17 12:48 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2017-03-17 12:23 - 2011-11-25 00:26 - 00013440 _____ (June Fabrics Technology Inc.) C:\Windows\system32\Drivers\pneteth.sys
2017-03-17 12:18 - 2017-03-20 10:19 - 00057968 _____ C:\Users\ibrahim\AppData\Local\GDIPFONTCACHEV1.DAT
2017-03-17 12:18 - 2017-03-17 12:19 - 00000000 ____D C:\Users\ibrahim\AppData\Local\Microsoft Games
2017-03-17 12:16 - 2017-03-22 08:38 - 00000000 ____D C:\Users\ibrahim
2017-03-17 12:16 - 2017-03-17 12:16 - 00001393 _____ C:\Users\ibrahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-03-17 12:16 - 2017-03-17 12:16 - 00000020 ___SH C:\Users\ibrahim\ntuser.ini
2017-03-17 12:16 - 2017-03-17 12:16 - 00000000 _SHDL C:\Users\ibrahim\قائمة ابدأ
2017-03-17 12:16 - 2017-03-17 12:16 - 00000000 _SHDL C:\Users\ibrahim\My Documents
2017-03-17 12:16 - 2017-03-17 12:16 - 00000000 _SHDL C:\Users\ibrahim\Documents\My Videos
2017-03-17 12:16 - 2017-03-17 12:16 - 00000000 _SHDL C:\Users\ibrahim\Documents\My Pictures
2017-03-17 12:16 - 2017-03-17 12:16 - 00000000 _SHDL C:\Users\ibrahim\Documents\My Music
2017-03-17 12:16 - 2017-03-17 12:16 - 00000000 _SHDL C:\Users\ibrahim\AppData\Roaming\Microsoft\Windows\Start Menu\البرامج
2017-03-17 12:16 - 2017-03-17 12:16 - 00000000 ____D C:\Users\ibrahim\AppData\Local\VirtualStore
2017-03-17 12:16 - 2010-11-21 01:46 - 00000000 ____D C:\Users\ibrahim\AppData\Roaming\Media Center Programs
2017-03-17 12:15 - 2017-03-17 12:15 - 00000000 _SHDL C:\Users\Default\قائمة ابدأ
2017-03-17 12:15 - 2017-03-17 12:15 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\البرامج
2017-03-17 12:15 - 2017-03-17 12:15 - 00000000 _SHDL C:\ProgramData\قائمة ابدأ
2017-03-17 12:15 - 2017-03-17 12:15 - 00000000 _SHDL C:\ProgramData\سطح المكتب
2017-03-17 12:15 - 2017-03-17 12:15 - 00000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\البرامج
2017-03-17 12:09 - 2017-03-17 12:09 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2017-03-17 12:09 - 2017-03-17 12:09 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2017-03-17 12:08 - 2017-03-17 12:08 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2017-03-02 07:46 - 2017-03-05 09:55 - 00032256 ____H C:\~WRL0092.tmp
2017-03-02 07:46 - 2017-03-04 15:42 - 00031744 ____H C:\~WRL0003.tmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-23 09:55 - 2009-07-14 05:34 - 00022944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-23 09:55 - 2009-07-14 05:34 - 00022944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-23 09:48 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-22 17:49 - 2011-02-07 13:31 - 00684756 _____ C:\Windows\system32\perfh00C.dat
2017-03-22 17:49 - 2011-02-07 13:31 - 00434890 _____ C:\Windows\system32\perfh001.dat
2017-03-22 17:49 - 2011-02-07 13:31 - 00126872 _____ C:\Windows\system32\perfc00C.dat
2017-03-22 17:49 - 2011-02-07 13:31 - 00076040 _____ C:\Windows\system32\perfc001.dat
2017-03-22 17:49 - 2010-11-20 22:01 - 02024198 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-22 17:49 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2017-03-22 16:09 - 2009-07-14 03:04 - 00000215 _____ C:\Windows\system.ini
2017-03-21 17:55 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-03-20 19:56 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2017-03-20 15:09 - 2009-07-14 05:33 - 00267496 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-20 10:13 - 2016-03-24 18:04 - 00000000 ____D C:\Program Files\Microsoft Office
2017-03-17 21:04 - 2009-07-14 05:52 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2017-03-17 21:03 - 2009-07-14 05:34 - 00000000 ____D C:\Windows\Setup
2017-03-17 18:38 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF
2017-03-17 12:09 - 2009-07-14 05:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-03-17 12:09 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\sysprep
2017-03-17 12:06 - 2010-11-21 01:46 - 00000000 ____D C:\Windows\CSC

==================== Files in the root of some directories =======

2017-03-20 11:39 - 2017-03-20 11:39 - 0004536 _____ () C:\Users\ibrahim\AppData\Roaming\CamStudio.cfg
2017-03-20 11:38 - 2017-03-20 11:38 - 0000096 _____ () C:\Users\ibrahim\AppData\Roaming\version2.xml
2017-03-20 15:14 - 2017-03-20 15:14 - 0007597 _____ () C:\Users\ibrahim\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-18 12:37

==================== End of FRST.txt ============================

Publicité


Signaler le contenu de ce document

Publicité