Publicité
Publicité
Format du document : text/plain
Prévisualisation
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-06-2017
Ran by Mr Amine (administrator) on MRAMINE-PC (03-06-2017 21:00:56)
Running from C:\Users\Mr Amine\Downloads
Loaded Profiles: Mr Amine (Available Profiles: Mr Amine & DefaultAppPool)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Performix LLC) C:\Program Files\Adguard\AdguardSvc.exe
( ) C:\Windows\System32\lxcrcoms.exe
(TechSmith Corporation) C:\Program Files\Common Files\TechSmith Shared\Uploader\UploaderService.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTF8BC.tmp
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Lamantine Software a.s.) C:\Program Files\Sticky Password\spNMHost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-09] (AVAST Software)
HKU\S-1-5-21-2541504113-2086445549-289826373-1000\...\Run: [Adguard] => C:\Program Files\Adguard\Adguard.exe [5622032 2017-03-27] (Performix LLC)
HKU\S-1-5-21-2541504113-2086445549-289826373-1000\...\Run: [StickyPassword] => C:\Program Files\Sticky Password\stpass.exe [64000 2016-11-25] (Lamantine Software a.s.)
HKU\S-1-5-21-2541504113-2086445549-289826373-1000\...\Run: [uTorrent] => C:\Users\Mr Amine\AppData\Roaming\uTorrent\uTorrent.exe [1980608 2017-05-23] (BitTorrent Inc.)
HKU\S-1-5-21-2541504113-2086445549-289826373-1000\...\MountPoints2: {4de08a00-c39f-11e6-8219-e811328ef8d5} - E:\AutoRun.exe
HKU\S-1-5-21-2541504113-2086445549-289826373-1000\...\MountPoints2: {f8278714-10ac-11e7-b1ba-e811328ef8d5} - F:\AutoRun.exe
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-05-09] (AVAST Software)
GroupPolicy: Restriction ? <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{79317865-86EA-4C74-990C-BCBA96792131}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{929D2DA8-0F07-492A-86B7-551B29C5EE65}: [DhcpNameServer] 192.168.1.1
ManualProxies:
Internet Explorer:
==================
HKU\S-1-5-21-2541504113-2086445549-289826373-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/ar-eg/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-05-17] (Intel Security)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-05-17] (Intel Security)
Toolbar: HKU\S-1-5-21-2541504113-2086445549-289826373-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\Mr Amine\AppData\Local\Google\Chrome\User Data\Default [2017-06-03]
CHR Extension: (Google Slides) - C:\Users\Mr Amine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-09]
CHR Extension: (Google Docs) - C:\Users\Mr Amine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-09]
CHR Extension: (Google Drive) - C:\Users\Mr Amine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-09]
CHR Extension: (YouTube) - C:\Users\Mr Amine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-09]
CHR Extension: (Google Sheets) - C:\Users\Mr Amine\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-09]
CHR Extension: (Google Docs Offline) - C:\Users\Mr Amine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-13]
CHR Extension: (Sticky Password Autofill Engine) - C:\Users\Mr Amine\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaafoaobjaplofpihlhbcbcjhmgnjplf [2017-02-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mr Amine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-12]
CHR Extension: (Gmail) - C:\Users\Mr Amine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-09]
CHR Extension: (Chrome Media Router) - C:\Users\Mr Amine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-16]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Adguard Service; C:\Program Files\Adguard\AdguardSvc.exe [151312 2017-03-27] (Performix LLC)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5732136 2017-05-09] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-05-09] (AVAST Software)
R2 lxcr_device; C:\Windows\system32\lxcrcoms.exe [537520 2006-12-11] ( )
R2 TechSmith Uploader Service; C:\Program Files\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3661096 2015-09-14] (TechSmith Corporation)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [998832 2017-05-10] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [17208 2017-05-10] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [73880 2017-05-10] (McAfee, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -originalversion 4.4.127.0 [X]
S4 MBAMScheduler; "C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe" [X]
S2 MBAMService; "C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 adgnetworktdidrv; C:\Windows\System32\drivers\adgnetworktdidrv.sys [59760 2017-03-22] ()
R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [73928 2017-02-04] (Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [36040 2017-02-04] (Advanced Micro Devices)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriverx.sys [258288 2017-05-09] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidshx.sys [148696 2017-05-09] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswblogx.sys [268016 2017-05-09] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbunivx.sys [41664 2017-05-09] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34136 2017-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107928 2017-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [90336 2017-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [62152 2017-05-09] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [764576 2017-05-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [482608 2017-05-09] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [115152 2017-05-13] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [279800 2017-05-09] (AVAST Software)
R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [327472 2017-02-04] (ELAN Microelectronics Corp.)
S3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [X]
S3 MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-06-03 20:59 - 2017-06-03 20:59 - 00027013 _____ C:\Users\Mr Amine\Downloads\Addition.txt
2017-06-03 20:58 - 2017-06-03 21:00 - 00010909 _____ C:\Users\Mr Amine\Downloads\FRST.txt
2017-06-03 20:58 - 2017-06-03 21:00 - 00000000 ____D C:\FRST
2017-06-03 20:55 - 2017-06-03 20:56 - 01774080 _____ (Farbar) C:\Users\Mr Amine\Downloads\FRST.exe
2017-06-03 19:11 - 2017-06-03 19:13 - 00048413 _____ C:\Users\Mr Amine\Desktop\ZHPCleaner.txt
2017-06-03 18:52 - 2017-06-03 19:13 - 00000000 ____D C:\Users\Mr Amine\AppData\Roaming\ZHP
2017-06-03 18:52 - 2017-06-03 18:52 - 00000795 _____ C:\Users\Mr Amine\Desktop\ZHPCleaner.lnk
2017-06-03 18:52 - 2017-06-03 18:52 - 00000000 ____D C:\Users\Mr Amine\AppData\Local\ZHP
2017-06-03 18:51 - 2017-06-03 18:51 - 02778112 _____ C:\Users\Mr Amine\Downloads\ZHPCleaner.exe
2017-06-03 18:42 - 2017-06-03 18:42 - 00005037 _____ C:\Users\Mr Amine\Desktop\JRT.txt
2017-06-03 18:35 - 2017-06-03 18:35 - 01663672 _____ (Malwarebytes) C:\Users\Mr Amine\Downloads\JRT.exe
2017-06-03 18:35 - 2017-06-03 18:35 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-06-03 18:09 - 2017-06-03 18:27 - 00000000 ____D C:\AdwCleaner
2017-06-03 18:09 - 2017-06-03 18:09 - 04110280 _____ C:\Users\Mr Amine\Downloads\adwcleaner_6.047.exe
2017-06-03 15:40 - 2017-06-03 15:40 - 00117312 _____ (Gibson Research Corp.) C:\Users\Mr Amine\Downloads\securable.exe
2017-06-03 15:26 - 2017-06-03 15:26 - 00016040 _____ C:\Users\Mr Amine\Desktop\تقرير.txt
2017-06-03 14:01 - 2017-06-03 14:01 - 00000000 ____D C:\Users\Mr Amine\Documents\Adobe
2017-06-03 13:59 - 2017-06-03 13:59 - 00000000 ____D C:\ProgramData\FLEXnet
2017-06-03 13:38 - 2017-06-03 13:38 - 00001277 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CS4.lnk
2017-06-03 13:34 - 2017-06-03 13:34 - 00001389 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mocha for After Effects CS4.lnk
2017-06-03 13:31 - 2017-06-03 13:31 - 00001365 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS4.lnk
2017-06-03 13:27 - 2017-06-03 13:27 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared
2017-06-03 13:11 - 2017-06-03 13:11 - 00000000 ____D C:\Users\Mr Amine\Desktop\Adobe CS4
2017-06-03 13:09 - 2017-06-03 13:11 - 00000000 ____D C:\Users\Mr Amine\Downloads\A-F-S-4
2017-06-03 12:30 - 2017-06-03 13:07 - 888155714 _____ C:\Users\Mr Amine\Downloads\A-F-S-4.zip
2017-06-03 12:16 - 2017-06-03 12:16 - 02870984 _____ (ESET) C:\Users\Mr Amine\Downloads\esetsmartinstaller_fra.exe
2017-06-03 12:16 - 2017-06-03 12:16 - 00000000 ____D C:\Program Files\ESET
2017-06-03 12:09 - 2017-06-03 12:19 - 282983526 _____ C:\Users\Mr Amine\Downloads\A-After effects CC 215.part3.rar
2017-06-03 11:49 - 2017-06-03 12:06 - 367001600 _____ C:\Users\Mr Amine\Downloads\A-After effects CC 215.part2.rar
2017-06-03 11:33 - 2017-06-03 11:47 - 367001600 _____ C:\Users\Mr Amine\Downloads\A-After effects CC 215.part1.rar
2017-06-03 02:04 - 2017-05-17 18:49 - 00000000 ____D C:\Users\Mr Amine\Desktop\انترو اهلا رمضان+ الموسيقي - خالد ميجا
2017-06-03 01:46 - 2017-06-03 01:52 - 95589014 _____ C:\Users\Mr Amine\Downloads\انترو اهلا رمضان+ الموسيقي - خالد ميجا.rar
2017-06-03 01:39 - 2017-06-03 01:44 - 48754999 _____ C:\Users\Mr Amine\Downloads\Unconfirmed 308268.crdownload
2017-05-27 17:33 - 2017-06-03 14:04 - 02789577 _____ C:\Users\Mr Amine\Downloads\انترو رمضان.mp4
2017-05-27 17:33 - 2017-05-27 17:33 - 02023558 _____ C:\Users\Mr Amine\Downloads\__www_download_gg___إنترو_رمضان_مجاني.mp4
2017-05-24 23:22 - 2017-05-25 00:10 - 38089563 _____ C:\Users\Mr Amine\Desktop\تعلم اللغة الإنجليزية من الصفر للمبتدئين - plurals of nouns -.mp4
2017-05-24 22:52 - 2017-05-24 23:22 - 293908568 _____ C:\Users\Mr Amine\Desktop\تعلم اللغة الإنجليزية من الصفر للمبتدئين - plurals of nouns -.mp4.stats.mbtree
2017-05-24 22:52 - 2017-05-24 23:22 - 03488439 _____ C:\Users\Mr Amine\Desktop\تعلم اللغة الإنجليزية من الصفر للمبتدئين - plurals of nouns -.mp4.stats
2017-05-24 22:33 - 2017-05-24 22:33 - 470125086 _____ C:\Users\Mr Amine\Desktop\VideoJoiner170524220700.mp4
2017-05-24 18:38 - 2017-05-24 21:44 - 00013684 _____ C:\Users\Mr Amine\Desktop\1.camproj
2017-05-24 18:35 - 2017-05-24 22:03 - 00000000 ____D C:\Users\Mr Amine\Desktop\plural of nouns - camtasia
2017-05-24 13:47 - 2017-05-24 18:22 - 00000000 ____D C:\Users\Mr Amine\Desktop\resize - plural of nouns
2017-05-24 13:25 - 2017-05-24 13:47 - 00000000 ____D C:\Users\Mr Amine\Desktop\plural forms of nouns
2017-05-18 03:20 - 2017-05-18 03:20 - 29750607 _____ C:\Users\Mr Amine\Desktop\intro 2.mp4
2017-05-18 03:06 - 2017-05-18 03:07 - 14722657 _____ C:\Users\Mr Amine\Downloads\blue particles project.rar
2017-05-18 02:01 - 2017-05-18 02:01 - 00054559 _____ C:\Users\Mr Amine\Downloads\blue.camproj
2017-05-18 01:52 - 2017-05-18 01:52 - 01317728 _____ C:\Users\Mr Amine\Downloads\6.rar
2017-05-17 17:39 - 2017-05-17 17:39 - 00000000 ____D C:\Users\Mr Amine\AppData\Roaming\4Media
2017-05-17 17:39 - 2017-05-17 17:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4Media
2017-05-17 17:39 - 2017-05-17 17:39 - 00000000 ____D C:\ProgramData\4Media
2017-05-17 17:39 - 2017-05-17 17:39 - 00000000 ____D C:\Program Files\4Media
2017-05-17 17:36 - 2017-05-17 17:38 - 24171128 _____ C:\Users\Mr Amine\Downloads\m-video-cutter2.exe
2017-05-17 17:18 - 2017-05-17 17:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Video Cutter
2017-05-17 17:18 - 2017-05-17 17:18 - 00000000 ____D C:\Program Files\FreeVideoCutter.exe
2017-05-17 17:17 - 2017-05-17 17:17 - 06420430 _____ (FreeVideoCutter.com ) C:\Users\Mr Amine\Downloads\freevideocutter_setup.exe
2017-05-17 15:09 - 2017-05-17 17:03 - 1020429347 _____ C:\Users\Mr Amine\Downloads\Film Marocain Youm ou Lila complet HD 2017الفيلم المغربي يوم و ليلة.mp4
2017-05-17 12:21 - 2017-06-03 18:37 - 00001151 _____ C:\Users\Public\Desktop\True Key.lnk
2017-05-10 22:02 - 2017-05-10 22:02 - 00000000 ____D C:\Users\Mr Amine\Documents\FormatFactory
2017-05-09 12:43 - 2017-05-09 12:42 - 00330768 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-05-07 15:39 - 2017-06-03 18:31 - 00000000 ____D C:\Users\Mr Amine\AppData\LocalLow\uTorrent
2017-05-07 14:39 - 2017-05-11 02:12 - 00000000 ____D C:\Users\Mr Amine\Documents\Euro Truck Simulator 2
2017-05-07 12:57 - 2017-05-07 14:12 - 1814758024 _____ (SCS Software ) C:\Users\Mr Amine\Downloads\EuroTruckSimulator2_1_27_1_6_setup.exe
2017-05-07 12:57 - 2017-05-07 12:57 - 00000000 ____D C:\Users\Mr Amine\Downloads\OF2007ARBASEMELHLAWANY_201405
2017-05-07 12:56 - 2017-05-07 12:57 - 00138863 _____ C:\Users\Mr Amine\Downloads\EuroTruckSimulator2_1_27_1_6_setup.exe.torrent
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-06-03 21:01 - 2017-02-21 12:55 - 00000000 ____D C:\ProgramData\Adguard
2017-06-03 18:38 - 2009-07-14 05:34 - 00021088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-06-03 18:38 - 2009-07-14 05:34 - 00021088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-06-03 18:37 - 2017-03-11 15:28 - 00001165 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
2017-06-03 18:37 - 2017-03-11 15:04 - 00000000 ____D C:\Program Files\TrueKey
2017-06-03 18:36 - 2017-01-31 19:01 - 00000000 ____D C:\Users\Mr Amine\AppData\Roaming\uTorrent
2017-06-03 18:35 - 2017-03-13 13:44 - 00000000 ____D C:\Program Files\McAfee
2017-06-03 18:30 - 2017-02-21 12:54 - 00000000 ____D C:\Program Files\Adguard
2017-06-03 18:29 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-03 18:29 - 2009-07-14 05:33 - 02533624 _____ C:\Windows\system32\FNTCACHE.DAT
2017-06-03 18:27 - 2016-10-09 17:06 - 00001256 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-03 18:27 - 2016-10-09 17:06 - 00001244 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-06-03 18:27 - 2016-10-09 14:40 - 00001148 _____ C:\Users\Mr Amine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-06-03 15:36 - 2017-02-03 21:11 - 00000000 ____D C:\Users\Mr Amine\AppData\Roaming\avidemux
2017-06-03 14:02 - 2017-03-11 14:54 - 00000000 ____D C:\Users\Mr Amine\AppData\Local\Adobe
2017-06-03 14:01 - 2016-10-24 16:43 - 00000000 ____D C:\Users\Mr Amine\AppData\Roaming\Adobe
2017-06-03 13:59 - 2016-10-09 15:23 - 00219192 _____ C:\Users\Mr Amine\AppData\Local\GDIPFONTCACHEV1.DAT
2017-06-03 13:38 - 2017-03-11 15:01 - 00000000 ____D C:\Program Files\Common Files\Adobe
2017-06-03 13:38 - 2017-03-11 15:00 - 00000000 ____D C:\ProgramData\Adobe
2017-06-03 13:37 - 2017-03-11 15:01 - 00000000 ____D C:\Program Files\Adobe
2017-05-17 18:01 - 2017-01-21 16:35 - 00000000 ____D C:\Users\Mr Amine\AppData\Roaming\vlc
2017-05-14 02:31 - 2016-11-22 19:40 - 00000000 ____D C:\ProgramData\McAfee
2017-05-13 14:54 - 2017-03-13 21:05 - 00000000 ____D C:\Users\Mr Amine\Documents\images
2017-05-13 14:54 - 2017-03-13 21:00 - 00000000 ____D C:\Users\Mr Amine\Documents\files
2017-05-13 14:53 - 2017-03-11 15:28 - 00000000 ____D C:\Users\Mr Amine\AppData\Local\tkdata
2017-05-13 14:50 - 2017-02-07 20:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xilisoft
2017-05-13 14:50 - 2017-02-07 20:29 - 00000000 ____D C:\ProgramData\Xilisoft
2017-05-13 14:50 - 2017-02-07 20:29 - 00000000 ____D C:\Program Files\Xilisoft
2017-05-13 14:48 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF
2017-05-13 01:31 - 2016-10-12 13:16 - 00115152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2017-05-11 02:12 - 2017-01-22 15:16 - 00000000 ____D C:\Users\Mr Amine\AppData\Local\CrashDumps
2017-05-10 02:29 - 2016-10-22 19:02 - 00803320 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-05-10 02:29 - 2016-10-22 19:02 - 00144888 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-05-10 02:29 - 2016-10-22 15:45 - 00000000 ____D C:\Windows\system32\Macromed
2017-05-09 12:43 - 2016-10-12 13:16 - 00482608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-05-09 12:43 - 2016-10-12 13:16 - 00279800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-05-09 12:43 - 2016-10-12 13:16 - 00107928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-05-09 12:43 - 2016-10-12 13:16 - 00090336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-05-09 12:43 - 2016-10-12 13:16 - 00062152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-05-09 12:43 - 2016-10-12 13:16 - 00034136 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-05-09 12:42 - 2017-03-15 22:02 - 00268016 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswblogx.sys
2017-05-09 12:42 - 2017-03-15 22:02 - 00258288 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdriverx.sys
2017-05-09 12:42 - 2017-03-15 22:02 - 00148696 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidshx.sys
2017-05-09 12:42 - 2017-03-15 22:02 - 00041664 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbunivx.sys
2017-05-09 12:42 - 2016-10-12 13:16 - 00764576 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
==================== Files in the root of some directories =======
2013-02-17 04:27 - 2013-02-17 04:27 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files\Common Files\atimpenc.dll
2017-01-24 17:35 - 2017-01-24 17:35 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2017-02-21 12:55 - 2017-02-21 12:55 - 0000259 _____ () C:\ProgramData\fontcacheev1.dat
Files to move or delete:
====================
C:\ProgramData\fontcacheev1.dat
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
Ran by Mr Amine (administrator) on MRAMINE-PC (03-06-2017 21:00:56)
Running from C:\Users\Mr Amine\Downloads
Loaded Profiles: Mr Amine (Available Profiles: Mr Amine & DefaultAppPool)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Performix LLC) C:\Program Files\Adguard\AdguardSvc.exe
( ) C:\Windows\System32\lxcrcoms.exe
(TechSmith Corporation) C:\Program Files\Common Files\TechSmith Shared\Uploader\UploaderService.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTF8BC.tmp
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Lamantine Software a.s.) C:\Program Files\Sticky Password\spNMHost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-09] (AVAST Software)
HKU\S-1-5-21-2541504113-2086445549-289826373-1000\...\Run: [Adguard] => C:\Program Files\Adguard\Adguard.exe [5622032 2017-03-27] (Performix LLC)
HKU\S-1-5-21-2541504113-2086445549-289826373-1000\...\Run: [StickyPassword] => C:\Program Files\Sticky Password\stpass.exe [64000 2016-11-25] (Lamantine Software a.s.)
HKU\S-1-5-21-2541504113-2086445549-289826373-1000\...\Run: [uTorrent] => C:\Users\Mr Amine\AppData\Roaming\uTorrent\uTorrent.exe [1980608 2017-05-23] (BitTorrent Inc.)
HKU\S-1-5-21-2541504113-2086445549-289826373-1000\...\MountPoints2: {4de08a00-c39f-11e6-8219-e811328ef8d5} - E:\AutoRun.exe
HKU\S-1-5-21-2541504113-2086445549-289826373-1000\...\MountPoints2: {f8278714-10ac-11e7-b1ba-e811328ef8d5} - F:\AutoRun.exe
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-05-09] (AVAST Software)
GroupPolicy: Restriction ? <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{79317865-86EA-4C74-990C-BCBA96792131}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{929D2DA8-0F07-492A-86B7-551B29C5EE65}: [DhcpNameServer] 192.168.1.1
ManualProxies:
Internet Explorer:
==================
HKU\S-1-5-21-2541504113-2086445549-289826373-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/ar-eg/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-05-17] (Intel Security)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-05-17] (Intel Security)
Toolbar: HKU\S-1-5-21-2541504113-2086445549-289826373-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\Mr Amine\AppData\Local\Google\Chrome\User Data\Default [2017-06-03]
CHR Extension: (Google Slides) - C:\Users\Mr Amine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-09]
CHR Extension: (Google Docs) - C:\Users\Mr Amine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-09]
CHR Extension: (Google Drive) - C:\Users\Mr Amine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-09]
CHR Extension: (YouTube) - C:\Users\Mr Amine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-09]
CHR Extension: (Google Sheets) - C:\Users\Mr Amine\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-09]
CHR Extension: (Google Docs Offline) - C:\Users\Mr Amine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-13]
CHR Extension: (Sticky Password Autofill Engine) - C:\Users\Mr Amine\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaafoaobjaplofpihlhbcbcjhmgnjplf [2017-02-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mr Amine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-12]
CHR Extension: (Gmail) - C:\Users\Mr Amine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-09]
CHR Extension: (Chrome Media Router) - C:\Users\Mr Amine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-16]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Adguard Service; C:\Program Files\Adguard\AdguardSvc.exe [151312 2017-03-27] (Performix LLC)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5732136 2017-05-09] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-05-09] (AVAST Software)
R2 lxcr_device; C:\Windows\system32\lxcrcoms.exe [537520 2006-12-11] ( )
R2 TechSmith Uploader Service; C:\Program Files\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3661096 2015-09-14] (TechSmith Corporation)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [998832 2017-05-10] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [17208 2017-05-10] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [73880 2017-05-10] (McAfee, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -originalversion 4.4.127.0 [X]
S4 MBAMScheduler; "C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe" [X]
S2 MBAMService; "C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 adgnetworktdidrv; C:\Windows\System32\drivers\adgnetworktdidrv.sys [59760 2017-03-22] ()
R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [73928 2017-02-04] (Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [36040 2017-02-04] (Advanced Micro Devices)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriverx.sys [258288 2017-05-09] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidshx.sys [148696 2017-05-09] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswblogx.sys [268016 2017-05-09] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbunivx.sys [41664 2017-05-09] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34136 2017-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107928 2017-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [90336 2017-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [62152 2017-05-09] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [764576 2017-05-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [482608 2017-05-09] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [115152 2017-05-13] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [279800 2017-05-09] (AVAST Software)
R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [327472 2017-02-04] (ELAN Microelectronics Corp.)
S3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [X]
S3 MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-06-03 20:59 - 2017-06-03 20:59 - 00027013 _____ C:\Users\Mr Amine\Downloads\Addition.txt
2017-06-03 20:58 - 2017-06-03 21:00 - 00010909 _____ C:\Users\Mr Amine\Downloads\FRST.txt
2017-06-03 20:58 - 2017-06-03 21:00 - 00000000 ____D C:\FRST
2017-06-03 20:55 - 2017-06-03 20:56 - 01774080 _____ (Farbar) C:\Users\Mr Amine\Downloads\FRST.exe
2017-06-03 19:11 - 2017-06-03 19:13 - 00048413 _____ C:\Users\Mr Amine\Desktop\ZHPCleaner.txt
2017-06-03 18:52 - 2017-06-03 19:13 - 00000000 ____D C:\Users\Mr Amine\AppData\Roaming\ZHP
2017-06-03 18:52 - 2017-06-03 18:52 - 00000795 _____ C:\Users\Mr Amine\Desktop\ZHPCleaner.lnk
2017-06-03 18:52 - 2017-06-03 18:52 - 00000000 ____D C:\Users\Mr Amine\AppData\Local\ZHP
2017-06-03 18:51 - 2017-06-03 18:51 - 02778112 _____ C:\Users\Mr Amine\Downloads\ZHPCleaner.exe
2017-06-03 18:42 - 2017-06-03 18:42 - 00005037 _____ C:\Users\Mr Amine\Desktop\JRT.txt
2017-06-03 18:35 - 2017-06-03 18:35 - 01663672 _____ (Malwarebytes) C:\Users\Mr Amine\Downloads\JRT.exe
2017-06-03 18:35 - 2017-06-03 18:35 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-06-03 18:09 - 2017-06-03 18:27 - 00000000 ____D C:\AdwCleaner
2017-06-03 18:09 - 2017-06-03 18:09 - 04110280 _____ C:\Users\Mr Amine\Downloads\adwcleaner_6.047.exe
2017-06-03 15:40 - 2017-06-03 15:40 - 00117312 _____ (Gibson Research Corp.) C:\Users\Mr Amine\Downloads\securable.exe
2017-06-03 15:26 - 2017-06-03 15:26 - 00016040 _____ C:\Users\Mr Amine\Desktop\تقرير.txt
2017-06-03 14:01 - 2017-06-03 14:01 - 00000000 ____D C:\Users\Mr Amine\Documents\Adobe
2017-06-03 13:59 - 2017-06-03 13:59 - 00000000 ____D C:\ProgramData\FLEXnet
2017-06-03 13:38 - 2017-06-03 13:38 - 00001277 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CS4.lnk
2017-06-03 13:34 - 2017-06-03 13:34 - 00001389 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mocha for After Effects CS4.lnk
2017-06-03 13:31 - 2017-06-03 13:31 - 00001365 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS4.lnk
2017-06-03 13:27 - 2017-06-03 13:27 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared
2017-06-03 13:11 - 2017-06-03 13:11 - 00000000 ____D C:\Users\Mr Amine\Desktop\Adobe CS4
2017-06-03 13:09 - 2017-06-03 13:11 - 00000000 ____D C:\Users\Mr Amine\Downloads\A-F-S-4
2017-06-03 12:30 - 2017-06-03 13:07 - 888155714 _____ C:\Users\Mr Amine\Downloads\A-F-S-4.zip
2017-06-03 12:16 - 2017-06-03 12:16 - 02870984 _____ (ESET) C:\Users\Mr Amine\Downloads\esetsmartinstaller_fra.exe
2017-06-03 12:16 - 2017-06-03 12:16 - 00000000 ____D C:\Program Files\ESET
2017-06-03 12:09 - 2017-06-03 12:19 - 282983526 _____ C:\Users\Mr Amine\Downloads\A-After effects CC 215.part3.rar
2017-06-03 11:49 - 2017-06-03 12:06 - 367001600 _____ C:\Users\Mr Amine\Downloads\A-After effects CC 215.part2.rar
2017-06-03 11:33 - 2017-06-03 11:47 - 367001600 _____ C:\Users\Mr Amine\Downloads\A-After effects CC 215.part1.rar
2017-06-03 02:04 - 2017-05-17 18:49 - 00000000 ____D C:\Users\Mr Amine\Desktop\انترو اهلا رمضان+ الموسيقي - خالد ميجا
2017-06-03 01:46 - 2017-06-03 01:52 - 95589014 _____ C:\Users\Mr Amine\Downloads\انترو اهلا رمضان+ الموسيقي - خالد ميجا.rar
2017-06-03 01:39 - 2017-06-03 01:44 - 48754999 _____ C:\Users\Mr Amine\Downloads\Unconfirmed 308268.crdownload
2017-05-27 17:33 - 2017-06-03 14:04 - 02789577 _____ C:\Users\Mr Amine\Downloads\انترو رمضان.mp4
2017-05-27 17:33 - 2017-05-27 17:33 - 02023558 _____ C:\Users\Mr Amine\Downloads\__www_download_gg___إنترو_رمضان_مجاني.mp4
2017-05-24 23:22 - 2017-05-25 00:10 - 38089563 _____ C:\Users\Mr Amine\Desktop\تعلم اللغة الإنجليزية من الصفر للمبتدئين - plurals of nouns -.mp4
2017-05-24 22:52 - 2017-05-24 23:22 - 293908568 _____ C:\Users\Mr Amine\Desktop\تعلم اللغة الإنجليزية من الصفر للمبتدئين - plurals of nouns -.mp4.stats.mbtree
2017-05-24 22:52 - 2017-05-24 23:22 - 03488439 _____ C:\Users\Mr Amine\Desktop\تعلم اللغة الإنجليزية من الصفر للمبتدئين - plurals of nouns -.mp4.stats
2017-05-24 22:33 - 2017-05-24 22:33 - 470125086 _____ C:\Users\Mr Amine\Desktop\VideoJoiner170524220700.mp4
2017-05-24 18:38 - 2017-05-24 21:44 - 00013684 _____ C:\Users\Mr Amine\Desktop\1.camproj
2017-05-24 18:35 - 2017-05-24 22:03 - 00000000 ____D C:\Users\Mr Amine\Desktop\plural of nouns - camtasia
2017-05-24 13:47 - 2017-05-24 18:22 - 00000000 ____D C:\Users\Mr Amine\Desktop\resize - plural of nouns
2017-05-24 13:25 - 2017-05-24 13:47 - 00000000 ____D C:\Users\Mr Amine\Desktop\plural forms of nouns
2017-05-18 03:20 - 2017-05-18 03:20 - 29750607 _____ C:\Users\Mr Amine\Desktop\intro 2.mp4
2017-05-18 03:06 - 2017-05-18 03:07 - 14722657 _____ C:\Users\Mr Amine\Downloads\blue particles project.rar
2017-05-18 02:01 - 2017-05-18 02:01 - 00054559 _____ C:\Users\Mr Amine\Downloads\blue.camproj
2017-05-18 01:52 - 2017-05-18 01:52 - 01317728 _____ C:\Users\Mr Amine\Downloads\6.rar
2017-05-17 17:39 - 2017-05-17 17:39 - 00000000 ____D C:\Users\Mr Amine\AppData\Roaming\4Media
2017-05-17 17:39 - 2017-05-17 17:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4Media
2017-05-17 17:39 - 2017-05-17 17:39 - 00000000 ____D C:\ProgramData\4Media
2017-05-17 17:39 - 2017-05-17 17:39 - 00000000 ____D C:\Program Files\4Media
2017-05-17 17:36 - 2017-05-17 17:38 - 24171128 _____ C:\Users\Mr Amine\Downloads\m-video-cutter2.exe
2017-05-17 17:18 - 2017-05-17 17:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Video Cutter
2017-05-17 17:18 - 2017-05-17 17:18 - 00000000 ____D C:\Program Files\FreeVideoCutter.exe
2017-05-17 17:17 - 2017-05-17 17:17 - 06420430 _____ (FreeVideoCutter.com ) C:\Users\Mr Amine\Downloads\freevideocutter_setup.exe
2017-05-17 15:09 - 2017-05-17 17:03 - 1020429347 _____ C:\Users\Mr Amine\Downloads\Film Marocain Youm ou Lila complet HD 2017الفيلم المغربي يوم و ليلة.mp4
2017-05-17 12:21 - 2017-06-03 18:37 - 00001151 _____ C:\Users\Public\Desktop\True Key.lnk
2017-05-10 22:02 - 2017-05-10 22:02 - 00000000 ____D C:\Users\Mr Amine\Documents\FormatFactory
2017-05-09 12:43 - 2017-05-09 12:42 - 00330768 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-05-07 15:39 - 2017-06-03 18:31 - 00000000 ____D C:\Users\Mr Amine\AppData\LocalLow\uTorrent
2017-05-07 14:39 - 2017-05-11 02:12 - 00000000 ____D C:\Users\Mr Amine\Documents\Euro Truck Simulator 2
2017-05-07 12:57 - 2017-05-07 14:12 - 1814758024 _____ (SCS Software ) C:\Users\Mr Amine\Downloads\EuroTruckSimulator2_1_27_1_6_setup.exe
2017-05-07 12:57 - 2017-05-07 12:57 - 00000000 ____D C:\Users\Mr Amine\Downloads\OF2007ARBASEMELHLAWANY_201405
2017-05-07 12:56 - 2017-05-07 12:57 - 00138863 _____ C:\Users\Mr Amine\Downloads\EuroTruckSimulator2_1_27_1_6_setup.exe.torrent
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-06-03 21:01 - 2017-02-21 12:55 - 00000000 ____D C:\ProgramData\Adguard
2017-06-03 18:38 - 2009-07-14 05:34 - 00021088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-06-03 18:38 - 2009-07-14 05:34 - 00021088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-06-03 18:37 - 2017-03-11 15:28 - 00001165 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
2017-06-03 18:37 - 2017-03-11 15:04 - 00000000 ____D C:\Program Files\TrueKey
2017-06-03 18:36 - 2017-01-31 19:01 - 00000000 ____D C:\Users\Mr Amine\AppData\Roaming\uTorrent
2017-06-03 18:35 - 2017-03-13 13:44 - 00000000 ____D C:\Program Files\McAfee
2017-06-03 18:30 - 2017-02-21 12:54 - 00000000 ____D C:\Program Files\Adguard
2017-06-03 18:29 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-03 18:29 - 2009-07-14 05:33 - 02533624 _____ C:\Windows\system32\FNTCACHE.DAT
2017-06-03 18:27 - 2016-10-09 17:06 - 00001256 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-03 18:27 - 2016-10-09 17:06 - 00001244 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-06-03 18:27 - 2016-10-09 14:40 - 00001148 _____ C:\Users\Mr Amine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-06-03 15:36 - 2017-02-03 21:11 - 00000000 ____D C:\Users\Mr Amine\AppData\Roaming\avidemux
2017-06-03 14:02 - 2017-03-11 14:54 - 00000000 ____D C:\Users\Mr Amine\AppData\Local\Adobe
2017-06-03 14:01 - 2016-10-24 16:43 - 00000000 ____D C:\Users\Mr Amine\AppData\Roaming\Adobe
2017-06-03 13:59 - 2016-10-09 15:23 - 00219192 _____ C:\Users\Mr Amine\AppData\Local\GDIPFONTCACHEV1.DAT
2017-06-03 13:38 - 2017-03-11 15:01 - 00000000 ____D C:\Program Files\Common Files\Adobe
2017-06-03 13:38 - 2017-03-11 15:00 - 00000000 ____D C:\ProgramData\Adobe
2017-06-03 13:37 - 2017-03-11 15:01 - 00000000 ____D C:\Program Files\Adobe
2017-05-17 18:01 - 2017-01-21 16:35 - 00000000 ____D C:\Users\Mr Amine\AppData\Roaming\vlc
2017-05-14 02:31 - 2016-11-22 19:40 - 00000000 ____D C:\ProgramData\McAfee
2017-05-13 14:54 - 2017-03-13 21:05 - 00000000 ____D C:\Users\Mr Amine\Documents\images
2017-05-13 14:54 - 2017-03-13 21:00 - 00000000 ____D C:\Users\Mr Amine\Documents\files
2017-05-13 14:53 - 2017-03-11 15:28 - 00000000 ____D C:\Users\Mr Amine\AppData\Local\tkdata
2017-05-13 14:50 - 2017-02-07 20:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xilisoft
2017-05-13 14:50 - 2017-02-07 20:29 - 00000000 ____D C:\ProgramData\Xilisoft
2017-05-13 14:50 - 2017-02-07 20:29 - 00000000 ____D C:\Program Files\Xilisoft
2017-05-13 14:48 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF
2017-05-13 01:31 - 2016-10-12 13:16 - 00115152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2017-05-11 02:12 - 2017-01-22 15:16 - 00000000 ____D C:\Users\Mr Amine\AppData\Local\CrashDumps
2017-05-10 02:29 - 2016-10-22 19:02 - 00803320 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-05-10 02:29 - 2016-10-22 19:02 - 00144888 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-05-10 02:29 - 2016-10-22 15:45 - 00000000 ____D C:\Windows\system32\Macromed
2017-05-09 12:43 - 2016-10-12 13:16 - 00482608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-05-09 12:43 - 2016-10-12 13:16 - 00279800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-05-09 12:43 - 2016-10-12 13:16 - 00107928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-05-09 12:43 - 2016-10-12 13:16 - 00090336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-05-09 12:43 - 2016-10-12 13:16 - 00062152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-05-09 12:43 - 2016-10-12 13:16 - 00034136 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-05-09 12:42 - 2017-03-15 22:02 - 00268016 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswblogx.sys
2017-05-09 12:42 - 2017-03-15 22:02 - 00258288 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdriverx.sys
2017-05-09 12:42 - 2017-03-15 22:02 - 00148696 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidshx.sys
2017-05-09 12:42 - 2017-03-15 22:02 - 00041664 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbunivx.sys
2017-05-09 12:42 - 2016-10-12 13:16 - 00764576 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
==================== Files in the root of some directories =======
2013-02-17 04:27 - 2013-02-17 04:27 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files\Common Files\atimpenc.dll
2017-01-24 17:35 - 2017-01-24 17:35 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2017-02-21 12:55 - 2017-02-21 12:55 - 0000259 _____ () C:\ProgramData\fontcacheev1.dat
Files to move or delete:
====================
C:\ProgramData\fontcacheev1.dat
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed