Publicité
Publicité
Format du document : text/plain
Prévisualisation
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-04-2017
Ran by TAHER (28-04-2017 18:54:11)
Running from C:\Users\TAHER\Desktop
Windows 8.1 Pro (Update) (X64) (2015-09-14 00:15:50)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2422561113-3094125170-2170945475-500 - Administrator - Disabled)
Guest (S-1-5-21-2422561113-3094125170-2170945475-501 - Limited - Disabled)
TAHER (S-1-5-21-2422561113-3094125170-2170945475-1001 - Administrator - Enabled) => C:\Users\TAHER
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: ESET Smart Security 10.0.390.0 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Smart Security 10.0.390.0 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: جدار الحماية الشخصي ESET (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
4Media Video Cutter 2 (HKLM-x32\...\4Media Video Cutter 2) (Version: 2.2.0.20120901 - 4Media)
7GIF (HKLM\...\{D27A1E28-51AD-4CB7-9AAD-11D8DDA3B619}_is1) (Version: 1.1.1.1020 - Xtreme-LAb®)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Adobe Flash Player 25 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
AVG (Version: 1.181.1 - AVG Technologies) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform)
Complément Microsoft Enregistrer en tant que PDF ou XPS pour programmes Microsoft Office 2007 (HKLM-x32\...\{90120000-00B2-040C-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1206.101.109 - ALPS ELECTRIC CO., LTD.)
Driver Booster 4.3 (HKLM-x32\...\Driver Booster_is1) (Version: 4.3.0 - IObit)
EagleGet version 2.0.4.9 (HKLM-x32\...\{F6D8142A-B30B-454B-9EE0-08A7B997DFE4}_is1) (Version: 2.0.4.9 - EagleGet)
ESET Smart Security (HKLM\...\{BB33F44D-E38B-4213-9136-858CB576A210}) (Version: 10.0.390.0 - ESET, spol. s r.o.)
FMW 1 (Version: 1.182.1 - AVG Technologies) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.2.1.6871 - Foxit Software Inc.)
GiliSoft Video Editor 7.1.0 (HKLM-x32\...\{3908B421-EF03-4389-A38C-DBAF6252E312}_is1) (Version: 7.1.0 - GiliSoft International LLC.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
ImageShack Uploader 2.2.0 (HKLM-x32\...\{8BCD7AE7-F713-4D50-BAB9-7839B9386870}) (Version: 2.2.0 - ImageShack Corp.)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 6.3.0.18 - IObit)
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 4.0.4.6 - PandoraTV)
Malwarebytes version 3.0.6.1458 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1458 - Malwarebytes)
MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 53.0 (x64 ar) (HKLM\...\Mozilla Firefox 53.0 (x64 ar)) (Version: 53.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.0.6312 - Mozilla)
MPC-HC 1.7.9 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.9 - MPC-HC Team)
NVIDIA برنامج نظام PhysX 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Opera Stable 43.0.2442.1144 (HKLM-x32\...\Opera 43.0.2442.1144) (Version: 43.0.2442.1144 - Opera Software)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Real GIF Optimizer v3.05 (HKLM-x32\...\Real GIF Optimizer_is1) (Version: - RealMultiMedia Development)
Snagit 13 (HKLM-x32\...\{f77be5ce-8cc7-4cbe-aac0-2164e844b4be}) (Version: 13.0.1.6326 - TechSmith Corporation)
Snagit 13 (x32 Version: 13.0.1 - TechSmith Corporation) Hidden
SnagIt 8 (HKLM-x32\...\{DA0BF7AB-88EB-4675-8FA1-531EAD938821}) (Version: 8.2.3 - TechSmith Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WhatsApp (HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\WhatsApp) (Version: 0.2.2732 - WhatsApp)
Winamp (remove only) (HKLM-x32\...\Winamp) (Version: - )
WinRAR 5.31 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.1 - win.rar GmbH)
لوحة تحكم NVIDIA 342.01 (Version: 342.01 - NVIDIA Corporation) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001_Classes\CLSID\{6d4c2238-c1b9-5d67-81d8-2cf6949997db}\InprocServer32 -> C:\Program Files (x86)\EagleGet\npEagleget64.dll (EagleGet)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {069A81EA-7E2F-4819-A90A-C6927ECCB25E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2017-04-12] (Microsoft Corporation)
Task: {209FD1F4-868D-4B58-AA00-516CD7E22726} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\4.3.0\Scheduler.exe [2017-03-10] (IObit)
Task: {515D055E-8138-4034-A179-38FCA7ED28CC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-04-18] (Adobe Systems Incorporated)
Task: {5F722710-E970-44D1-91AE-00EEF7402125} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-15] (Google Inc.)
Task: {70FA23F2-84C6-45D3-BFE8-B04C3DE33996} - System32\Tasks\Opera scheduled Autoupdate 1486325203 => C:\Program Files (x86)\Opera\launcher.exe [2017-02-27] (Opera Software)
Task: {7A921398-2270-4242-BC7C-44009F7141B9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-03] (Piriform Ltd)
Task: {866BFC9B-C9B1-4212-B686-FFA2E4EA6AA4} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2016-03-28] (TechSmith Corporation)
Task: {98E942D4-47D8-47B4-8E06-1AB0E6553605} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-15] (Google Inc.)
Task: {D6F25438-15FE-4CA5-9772-5915DC03AA9E} - System32\Tasks\Driver Booster SkipUAC (TAHER) => C:\Program Files (x86)\IObit\Driver Booster\4.3.0\DriverBooster.exe [2017-03-16] (IObit)
Task: {E3988A8B-621C-43B9-85A5-4C26A75502CA} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {ED3829A0-1E5B-4095-A169-A376EE2695AF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {F63CE93F-208B-4DDA-B210-E9A1F7C5F8B9} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_25_0_0_148_pepper.exe [2017-04-18] (Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\TAHER\AppData\Local\Google\Chrome\User Data\مشغل تطبيقات Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
ShortcutWithArgument: C:\Users\TAHER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\مشغل تطبيقات Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
ShortcutWithArgument: C:\Users\TAHER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\1f691da8a68f8326\Emoji Keyboard (2016) by EmojiOne™.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=ipdjnhgkpapgippgcgkfcbpdpcgifncb
==================== Loaded Modules (Whitelisted) ==============
2015-09-14 19:58 - 2016-11-14 13:15 - 00135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-05-01 16:13 - 2014-05-01 16:13 - 00470016 _____ () C:\Users\TAHER\AppData\Local\MEGAsync\ShellExtX64.dll
2017-04-28 04:21 - 2017-04-28 04:28 - 02271520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-04-28 04:21 - 2017-04-28 04:28 - 02267600 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-04-03 09:26 - 2017-03-28 17:08 - 00442144 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2017-04-03 09:26 - 2017-03-28 17:08 - 00210720 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2017-04-03 09:26 - 2017-03-28 17:08 - 00059680 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2017-04-03 09:26 - 2017-03-28 17:09 - 00899872 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\webres.dll
2017-04-03 09:26 - 2017-03-28 17:09 - 00631072 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\ProductStatistics.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Windows:nlsPreferences [386]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\str => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\100sexlinks.com -> 100sexlinks.com
There are 4791 more sites.
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2017-04-09 14:59 - 2017-04-28 04:16 - 00000064 ____A C:\Windows\system32\Drivers\etc\hosts
0.0.0.0 keystone.mwbsys.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 =>
MSCONFIG\startupreg: CCleaner Monitoring =>
MSCONFIG\startupreg: Malwarebytes TrayApp => c:\program files\malwarebytes\anti-malware\mbamtray.exe
MSCONFIG\startupreg: ultracopier =>
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
HKLM\...\StartupApproved\Run: => "AvgUi"
HKLM\...\StartupApproved\Run32: => "WinampAgent"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "CCleaner Monitoring"
HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_DFA0042BDF6D2158D448D45A3D8E0D66"
HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\StartupApproved\Run: => "ultracopier"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{6FB3FD4C-FF67-49D3-8B47-36DAFC73F4C8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{AAA33CAB-F44C-4304-85AD-E9F1CD950BEE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{E72B3C4D-4DE9-4BA4-B165-03BA7E79B983}] => (Allow) LPort=8298
FirewallRules: [{EF0C1271-4B53-480A-8969-E4691D8DEAF7}] => (Allow) C:\Program Files (x86)\Opera\43.0.2442.991\opera.exe
FirewallRules: [{6AF50A72-0DD8-40D4-B95C-EB19E08468C0}] => (Allow) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
FirewallRules: [{4021F736-A8F1-40F3-BC8F-B6D35026AC98}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{94D01776-3A82-4CAD-BD33-CE7F7CD8CEF9}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.3.0\DriverBooster.exe
FirewallRules: [{95C8C549-E529-4B44-A410-491D6F336D26}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.3.0\DriverBooster.exe
FirewallRules: [{1A283B3A-354A-4578-AF80-0FE2C723D415}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.3.0\DBDownloader.exe
FirewallRules: [{0916CA25-33D9-4CBA-95CA-594A5B2540BE}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.3.0\DBDownloader.exe
FirewallRules: [{4D27BDA0-5E58-40C5-8D40-79865BC62C6E}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.3.0\AutoUpdate.exe
FirewallRules: [{9067DD11-3EBE-46F0-AC2F-969D4206A81E}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.3.0\AutoUpdate.exe
==================== Restore Points =========================
26-04-2017 20:04:46 Windows Update
==================== Faulty Device Manager Devices =============
Name: Broadcom USH
Description: Broadcom USH
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Error: (04/28/2017 03:58:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: فشل بدء تشغيل الخدمة AVG Service بسبب الخطأ التالي:
لم تستجب الخدمة لبدء التشغيل أو لطلب عنصر التحكم في الوقت المناسب.
Error: (04/28/2017 03:58:32 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: تم الوصول إلى نهاية المهلة (30000 مللي ثانية) أثناء انتظار اتصال الخدمة AVG Service.
Error: (04/28/2017 03:58:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: فشل بدء تشغيل الخدمة Intel AGP Bus Filter بسبب الخطأ التالي:
يتعذر بدء تشغيل الخدمة، إما لكونها معطلة أو لعدم وجود أي أجهزة ممكّنة مرفقة بها.
Error: (04/28/2017 12:27:15 PM) (Source: DCOM) (EventID: 10010) (User: TITo)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.
Error: (04/28/2017 05:02:04 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a119\??\C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\S-1-5-21-2422561113-3094125170-2170945475-1001-04282017050203486-ntuser.dat
Error: (04/28/2017 05:01:11 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a119\??\C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\S-1-5-21-2422561113-3094125170-2170945475-1001-04282017050109834-ntuser.dat
Error: (04/28/2017 04:32:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: فشل بدء تشغيل الخدمة AVG Service بسبب الخطأ التالي:
لم تستجب الخدمة لبدء التشغيل أو لطلب عنصر التحكم في الوقت المناسب.
Error: (04/28/2017 04:32:36 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: تم الوصول إلى نهاية المهلة (30000 مللي ثانية) أثناء انتظار اتصال الخدمة AVG Service.
Error: (04/28/2017 04:32:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: فشل بدء تشغيل الخدمة Intel AGP Bus Filter بسبب الخطأ التالي:
يتعذر بدء تشغيل الخدمة، إما لكونها معطلة أو لعدم وجود أي أجهزة ممكّنة مرفقة بها.
Error: (04/28/2017 04:09:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: فشل بدء تشغيل الخدمة AVG Service بسبب الخطأ التالي:
لم تستجب الخدمة لبدء التشغيل أو لطلب عنصر التحكم في الوقت المناسب.
CodeIntegrity:
===================================
Date: 2017-04-28 15:57:44.152
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\Impcd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-04-28 04:32:06.853
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\Impcd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-04-28 04:08:53.946
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\Impcd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-04-28 01:57:36.743
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\Impcd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-04-27 10:30:36.227
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\Impcd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-04-27 10:28:01.524
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\Impcd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-04-24 16:30:19.526
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\Impcd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-04-24 14:59:04.573
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\Impcd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-04-22 23:43:01.322
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\Impcd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-04-22 14:28:50.494
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\Impcd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5 CPU M 560 @ 2.67GHz
Percentage of memory in use: 27%
Total physical RAM: 3957.83 MB
Available physical RAM: 2869.27 MB
Total Virtual: 5941.83 MB
Available Virtual: 4604.19 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:48.73 GB) (Free:14.1 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:292.97 GB) (Free:41.38 GB) NTFS
Drive f: (New Volume) (Fixed) (Total:259.18 GB) (Free:109.44 GB) NTFS
Drive g: (New Volume) (Fixed) (Total:97.66 GB) (Free:45.63 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: B95575E4)
Partition 1: (Active) - (Size=99 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=48.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=552.2 GB) - (Type=OF Extended)
==================== End of Addition.txt ============================
Ran by TAHER (28-04-2017 18:54:11)
Running from C:\Users\TAHER\Desktop
Windows 8.1 Pro (Update) (X64) (2015-09-14 00:15:50)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2422561113-3094125170-2170945475-500 - Administrator - Disabled)
Guest (S-1-5-21-2422561113-3094125170-2170945475-501 - Limited - Disabled)
TAHER (S-1-5-21-2422561113-3094125170-2170945475-1001 - Administrator - Enabled) => C:\Users\TAHER
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: ESET Smart Security 10.0.390.0 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Smart Security 10.0.390.0 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: جدار الحماية الشخصي ESET (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
4Media Video Cutter 2 (HKLM-x32\...\4Media Video Cutter 2) (Version: 2.2.0.20120901 - 4Media)
7GIF (HKLM\...\{D27A1E28-51AD-4CB7-9AAD-11D8DDA3B619}_is1) (Version: 1.1.1.1020 - Xtreme-LAb®)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Adobe Flash Player 25 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
AVG (Version: 1.181.1 - AVG Technologies) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform)
Complément Microsoft Enregistrer en tant que PDF ou XPS pour programmes Microsoft Office 2007 (HKLM-x32\...\{90120000-00B2-040C-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1206.101.109 - ALPS ELECTRIC CO., LTD.)
Driver Booster 4.3 (HKLM-x32\...\Driver Booster_is1) (Version: 4.3.0 - IObit)
EagleGet version 2.0.4.9 (HKLM-x32\...\{F6D8142A-B30B-454B-9EE0-08A7B997DFE4}_is1) (Version: 2.0.4.9 - EagleGet)
ESET Smart Security (HKLM\...\{BB33F44D-E38B-4213-9136-858CB576A210}) (Version: 10.0.390.0 - ESET, spol. s r.o.)
FMW 1 (Version: 1.182.1 - AVG Technologies) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.2.1.6871 - Foxit Software Inc.)
GiliSoft Video Editor 7.1.0 (HKLM-x32\...\{3908B421-EF03-4389-A38C-DBAF6252E312}_is1) (Version: 7.1.0 - GiliSoft International LLC.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
ImageShack Uploader 2.2.0 (HKLM-x32\...\{8BCD7AE7-F713-4D50-BAB9-7839B9386870}) (Version: 2.2.0 - ImageShack Corp.)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 6.3.0.18 - IObit)
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 4.0.4.6 - PandoraTV)
Malwarebytes version 3.0.6.1458 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1458 - Malwarebytes)
MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 53.0 (x64 ar) (HKLM\...\Mozilla Firefox 53.0 (x64 ar)) (Version: 53.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.0.6312 - Mozilla)
MPC-HC 1.7.9 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.9 - MPC-HC Team)
NVIDIA برنامج نظام PhysX 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Opera Stable 43.0.2442.1144 (HKLM-x32\...\Opera 43.0.2442.1144) (Version: 43.0.2442.1144 - Opera Software)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Real GIF Optimizer v3.05 (HKLM-x32\...\Real GIF Optimizer_is1) (Version: - RealMultiMedia Development)
Snagit 13 (HKLM-x32\...\{f77be5ce-8cc7-4cbe-aac0-2164e844b4be}) (Version: 13.0.1.6326 - TechSmith Corporation)
Snagit 13 (x32 Version: 13.0.1 - TechSmith Corporation) Hidden
SnagIt 8 (HKLM-x32\...\{DA0BF7AB-88EB-4675-8FA1-531EAD938821}) (Version: 8.2.3 - TechSmith Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WhatsApp (HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\WhatsApp) (Version: 0.2.2732 - WhatsApp)
Winamp (remove only) (HKLM-x32\...\Winamp) (Version: - )
WinRAR 5.31 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.1 - win.rar GmbH)
لوحة تحكم NVIDIA 342.01 (Version: 342.01 - NVIDIA Corporation) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001_Classes\CLSID\{6d4c2238-c1b9-5d67-81d8-2cf6949997db}\InprocServer32 -> C:\Program Files (x86)\EagleGet\npEagleget64.dll (EagleGet)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {069A81EA-7E2F-4819-A90A-C6927ECCB25E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2017-04-12] (Microsoft Corporation)
Task: {209FD1F4-868D-4B58-AA00-516CD7E22726} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\4.3.0\Scheduler.exe [2017-03-10] (IObit)
Task: {515D055E-8138-4034-A179-38FCA7ED28CC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-04-18] (Adobe Systems Incorporated)
Task: {5F722710-E970-44D1-91AE-00EEF7402125} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-15] (Google Inc.)
Task: {70FA23F2-84C6-45D3-BFE8-B04C3DE33996} - System32\Tasks\Opera scheduled Autoupdate 1486325203 => C:\Program Files (x86)\Opera\launcher.exe [2017-02-27] (Opera Software)
Task: {7A921398-2270-4242-BC7C-44009F7141B9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-03] (Piriform Ltd)
Task: {866BFC9B-C9B1-4212-B686-FFA2E4EA6AA4} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2016-03-28] (TechSmith Corporation)
Task: {98E942D4-47D8-47B4-8E06-1AB0E6553605} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-15] (Google Inc.)
Task: {D6F25438-15FE-4CA5-9772-5915DC03AA9E} - System32\Tasks\Driver Booster SkipUAC (TAHER) => C:\Program Files (x86)\IObit\Driver Booster\4.3.0\DriverBooster.exe [2017-03-16] (IObit)
Task: {E3988A8B-621C-43B9-85A5-4C26A75502CA} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {ED3829A0-1E5B-4095-A169-A376EE2695AF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {F63CE93F-208B-4DDA-B210-E9A1F7C5F8B9} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_25_0_0_148_pepper.exe [2017-04-18] (Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\TAHER\AppData\Local\Google\Chrome\User Data\مشغل تطبيقات Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
ShortcutWithArgument: C:\Users\TAHER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\مشغل تطبيقات Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
ShortcutWithArgument: C:\Users\TAHER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\1f691da8a68f8326\Emoji Keyboard (2016) by EmojiOne™.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=ipdjnhgkpapgippgcgkfcbpdpcgifncb
==================== Loaded Modules (Whitelisted) ==============
2015-09-14 19:58 - 2016-11-14 13:15 - 00135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-05-01 16:13 - 2014-05-01 16:13 - 00470016 _____ () C:\Users\TAHER\AppData\Local\MEGAsync\ShellExtX64.dll
2017-04-28 04:21 - 2017-04-28 04:28 - 02271520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-04-28 04:21 - 2017-04-28 04:28 - 02267600 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-04-03 09:26 - 2017-03-28 17:08 - 00442144 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2017-04-03 09:26 - 2017-03-28 17:08 - 00210720 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2017-04-03 09:26 - 2017-03-28 17:08 - 00059680 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2017-04-03 09:26 - 2017-03-28 17:09 - 00899872 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\webres.dll
2017-04-03 09:26 - 2017-03-28 17:09 - 00631072 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\ProductStatistics.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Windows:nlsPreferences [386]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\str => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\100sexlinks.com -> 100sexlinks.com
There are 4791 more sites.
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2017-04-09 14:59 - 2017-04-28 04:16 - 00000064 ____A C:\Windows\system32\Drivers\etc\hosts
0.0.0.0 keystone.mwbsys.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 =>
MSCONFIG\startupreg: CCleaner Monitoring =>
MSCONFIG\startupreg: Malwarebytes TrayApp => c:\program files\malwarebytes\anti-malware\mbamtray.exe
MSCONFIG\startupreg: ultracopier =>
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
HKLM\...\StartupApproved\Run: => "AvgUi"
HKLM\...\StartupApproved\Run32: => "WinampAgent"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "CCleaner Monitoring"
HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_DFA0042BDF6D2158D448D45A3D8E0D66"
HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\StartupApproved\Run: => "ultracopier"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{6FB3FD4C-FF67-49D3-8B47-36DAFC73F4C8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{AAA33CAB-F44C-4304-85AD-E9F1CD950BEE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{E72B3C4D-4DE9-4BA4-B165-03BA7E79B983}] => (Allow) LPort=8298
FirewallRules: [{EF0C1271-4B53-480A-8969-E4691D8DEAF7}] => (Allow) C:\Program Files (x86)\Opera\43.0.2442.991\opera.exe
FirewallRules: [{6AF50A72-0DD8-40D4-B95C-EB19E08468C0}] => (Allow) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
FirewallRules: [{4021F736-A8F1-40F3-BC8F-B6D35026AC98}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{94D01776-3A82-4CAD-BD33-CE7F7CD8CEF9}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.3.0\DriverBooster.exe
FirewallRules: [{95C8C549-E529-4B44-A410-491D6F336D26}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.3.0\DriverBooster.exe
FirewallRules: [{1A283B3A-354A-4578-AF80-0FE2C723D415}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.3.0\DBDownloader.exe
FirewallRules: [{0916CA25-33D9-4CBA-95CA-594A5B2540BE}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.3.0\DBDownloader.exe
FirewallRules: [{4D27BDA0-5E58-40C5-8D40-79865BC62C6E}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.3.0\AutoUpdate.exe
FirewallRules: [{9067DD11-3EBE-46F0-AC2F-969D4206A81E}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.3.0\AutoUpdate.exe
==================== Restore Points =========================
26-04-2017 20:04:46 Windows Update
==================== Faulty Device Manager Devices =============
Name: Broadcom USH
Description: Broadcom USH
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Error: (04/28/2017 03:58:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: فشل بدء تشغيل الخدمة AVG Service بسبب الخطأ التالي:
لم تستجب الخدمة لبدء التشغيل أو لطلب عنصر التحكم في الوقت المناسب.
Error: (04/28/2017 03:58:32 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: تم الوصول إلى نهاية المهلة (30000 مللي ثانية) أثناء انتظار اتصال الخدمة AVG Service.
Error: (04/28/2017 03:58:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: فشل بدء تشغيل الخدمة Intel AGP Bus Filter بسبب الخطأ التالي:
يتعذر بدء تشغيل الخدمة، إما لكونها معطلة أو لعدم وجود أي أجهزة ممكّنة مرفقة بها.
Error: (04/28/2017 12:27:15 PM) (Source: DCOM) (EventID: 10010) (User: TITo)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.
Error: (04/28/2017 05:02:04 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a119\??\C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\S-1-5-21-2422561113-3094125170-2170945475-1001-04282017050203486-ntuser.dat
Error: (04/28/2017 05:01:11 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a119\??\C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\S-1-5-21-2422561113-3094125170-2170945475-1001-04282017050109834-ntuser.dat
Error: (04/28/2017 04:32:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: فشل بدء تشغيل الخدمة AVG Service بسبب الخطأ التالي:
لم تستجب الخدمة لبدء التشغيل أو لطلب عنصر التحكم في الوقت المناسب.
Error: (04/28/2017 04:32:36 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: تم الوصول إلى نهاية المهلة (30000 مللي ثانية) أثناء انتظار اتصال الخدمة AVG Service.
Error: (04/28/2017 04:32:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: فشل بدء تشغيل الخدمة Intel AGP Bus Filter بسبب الخطأ التالي:
يتعذر بدء تشغيل الخدمة، إما لكونها معطلة أو لعدم وجود أي أجهزة ممكّنة مرفقة بها.
Error: (04/28/2017 04:09:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: فشل بدء تشغيل الخدمة AVG Service بسبب الخطأ التالي:
لم تستجب الخدمة لبدء التشغيل أو لطلب عنصر التحكم في الوقت المناسب.
CodeIntegrity:
===================================
Date: 2017-04-28 15:57:44.152
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\Impcd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-04-28 04:32:06.853
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\Impcd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-04-28 04:08:53.946
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\Impcd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-04-28 01:57:36.743
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\Impcd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-04-27 10:30:36.227
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\Impcd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-04-27 10:28:01.524
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\Impcd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-04-24 16:30:19.526
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\Impcd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-04-24 14:59:04.573
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\Impcd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-04-22 23:43:01.322
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\Impcd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-04-22 14:28:50.494
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\Impcd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5 CPU M 560 @ 2.67GHz
Percentage of memory in use: 27%
Total physical RAM: 3957.83 MB
Available physical RAM: 2869.27 MB
Total Virtual: 5941.83 MB
Available Virtual: 4604.19 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:48.73 GB) (Free:14.1 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:292.97 GB) (Free:41.38 GB) NTFS
Drive f: (New Volume) (Fixed) (Total:259.18 GB) (Free:109.44 GB) NTFS
Drive g: (New Volume) (Fixed) (Total:97.66 GB) (Free:45.63 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: B95575E4)
Partition 1: (Active) - (Size=99 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=48.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=552.2 GB) - (Type=OF Extended)
==================== End of Addition.txt ============================