Publicité
Publicité
Format du document : text/plain
Prévisualisation
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-11-2017
Ran by رياض (administrator) on رياض-PC (29-11-2017 16:05:52)
Running from C:\Users\رياض\Desktop
Loaded Profiles: رياض (Available Profiles: رياض)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: العربية (السعودية)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(Arcai.com) C:\Program Files\NetCutDefender\services\aips.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Realtek Semiconductor Corp.) C:\Windows\SOUNDMAN.EXE
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Foxit Software Inc.) C:\Program Files\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
(Ralink Technology, Corp.) C:\Program Files\Ralink\Common\RaUI.exe
(Ralink Technology, Corp.) C:\Program Files\Ralink\Common\RaRegistry.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
() C:\Program Files\My WIFI Router\bmser.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(ESET) C:\Program Files\ESET\ESET Security\egui.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SoundMan] => C:\Windows\SOUNDMAN.EXE [604704 2009-04-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmdS.exe [297592 2017-10-26] (ESET)
HKU\S-1-5-21-3488952640-1886036067-2608822963-1000\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [3994736 2016-10-12] (Tonec Inc.)
HKU\S-1-5-21-3488952640-1886036067-2608822963-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7814600 2017-11-08] (Piriform Ltd)
HKU\S-1-5-21-3488952640-1886036067-2608822963-1000\...\Policies\Explorer: [NoInstrumentation] 0
HKU\S-1-5-21-3488952640-1886036067-2608822963-1000\...\Policies\Explorer: [TaskbarNoNotification] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk [2017-11-24]
ShortcutTarget: Ralink Wireless Utility.lnk -> C:\Program Files\Ralink\Common\RaUI.exe (Ralink Technology, Corp.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{44FDC2AD-20F2-4EC2-874F-154E3B793A34}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7E01097D-C29C-4596-B3F3-D58438E4A0B2}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A87500A5-B0DF-44E5-84D7-9E341A1FF32D}: [NameServer] 77.88.8.7,77.88.8.3
Tcpip\..\Interfaces\{A87500A5-B0DF-44E5-84D7-9E341A1FF32D}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-3488952640-1886036067-2608822963-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/ar-eg/?ocid=iehp
URLSearchHook: [S-1-5-21-3488952640-1886036067-2608822963-1000] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-3488952640-1886036067-2608822963-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3488952640-1886036067-2608822963-1000 -> {9AD09901-06DD-4DDD-A62D-6D2243B771AB} URL = hxxp://start.myplaycity.com/results.php?category=web&s={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2016-09-06] (Internet Download Manager, Tonec Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-04-22] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-22] (Oracle Corporation)
DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} hxxp://fichiers2.touslesdrivers.com/maconfig/MaConfig_6_5_1_1.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-04-08] (Skype Technologies)
FireFox:
========
FF HKU\S-1-5-21-3488952640-1886036067-2608822963-1000\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2016-09-21] [Lagacy]
FF HKU\S-1-5-21-3488952640-1886036067-2608822963-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-3488952640-1886036067-2608822963-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\رياض\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\رياض\AppData\Roaming\IDM\idmmzcc5 [2017-11-29] [Lagacy] [not signed]
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-04-06] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-04-06] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-04-06] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-04-06] (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-22] (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\رياض\AppData\Local\Google\Chrome\User Data\Default [2017-11-29]
CHR Extension: (العروض التقديمية) - C:\Users\رياض\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-29]
CHR Extension: (المستندات) - C:\Users\رياض\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-29]
CHR Extension: (Google Drive) - C:\Users\رياض\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-11-29]
CHR Extension: (Youtube) - C:\Users\رياض\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-29]
CHR Extension: (جداول البيانات) - C:\Users\رياض\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-29]
CHR Extension: (مستندات Google في وضع عدم الاتصال) - C:\Users\رياض\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-11-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\رياض\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-11-29]
CHR Extension: (Gmail) - C:\Users\رياض\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-11-29]
CHR Extension: (Chrome Media Router) - C:\Users\رياض\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-29]
CHR Profile: C:\Users\رياض\AppData\Local\Google\Chrome\User Data\Guest Profile [2016-05-13]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] -
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2016-10-01]
CHR HKU\S-1-5-21-3488952640-1886036067-2608822963-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AIPS; C:\Program Files\NetCutDefender\services\AIPS.exe [262144 2011-07-28] (Arcai.com) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2089176 2017-10-26] (ESET)
R2 FoxitReaderService; C:\Program Files\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659592 2017-04-13] (Foxit Software Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4430792 2017-08-07] (Malwarebytes)
R2 RalinkRegistryWriter; C:\Program Files\Ralink\Common\RaRegistry.exe [374112 2010-11-11] (Ralink Technology, Corp.)
S3 RaMediaServer; C:\Program Files\Ralink\Common\RaMediaServer.exe [619872 2010-12-31] ()
R2 WIFIGXENDHCPSER; C:\Program Files\My WIFI Router\bmser.exe [1656416 2014-04-23] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 ALCXWDM; C:\Windows\System32\drivers\RTKVAC.SYS [4172832 2009-06-18] (Realtek Semiconductor Corp.)
R1 BIOS; C:\Windows\system32\drivers\BIOS.sys [13696 2005-03-16] (BIOSTAR Group) [File not signed]
R1 BS_I2cIo; C:\Windows\system32\drivers\BS_I2cIo.sys [6272 2010-05-17] (BIOSTAR Group) [File not signed]
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [113544 2017-10-26] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [90656 2017-03-09] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [141480 2017-10-26] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [43920 2017-03-09] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [69304 2017-03-09] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [52680 2017-03-09] (ESET)
R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [87528 2017-10-26] (ESET)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [221112 2017-11-29] (Malwarebytes)
R1 ndiskhaz; C:\Windows\System32\DRIVERS\ndiskhaz.sys [25416 2012-12-07] (Khalil Azzouzi)
R1 ndisrd; C:\Windows\System32\DRIVERS\ndisrd.sys [37408 2014-08-14] (NT Kernel Resources)
R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [1174880 2010-12-28] (Ralink Technology Corp.)
S3 NPF; C:\Users\رياض\Desktop\Selfishnet win 7\npf.sys [42000 2007-01-25] (CACE Technologies)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [17160 2015-03-05] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [13064 2016-11-24] ()
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-05-12] ()
S1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [113904 2016-11-21] (Oracle Corporation)
S3 eapihdrv; \??\C:\Users\99DA~1\AppData\Local\Temp\ehdrv.sys [X]
U2 ERSvc; no ImagePath
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
U2 IAStorDataMgrsvc; no ImagePath
S2 memudrv; \??\D:\Program Files\Microvirt\MEmuHyperv\MEmuDrv.sys [X]
U2 NIHardwareService; no ImagePath
S3 NSNDIS5; \??\C:\Windows\system32\NSNDIS5.SYS [X]
U2 NVSvc; no ImagePath
S3 Ser2pl; system32\DRIVERS\ser2pl.sys [X]
S3 SliceDisk5; \??\C:\Program Files\A-FF Find and Mount\slicedisk.sys [X]
U2 srService; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-11-29 16:05 - 2017-11-29 16:10 - 000013540 _____ C:\Users\رياض\Desktop\FRST.txt
2017-11-29 16:01 - 2017-11-29 16:05 - 000000000 ____D C:\FRST
2017-11-29 15:51 - 2017-11-29 15:54 - 001752064 _____ (Farbar) C:\Users\رياض\Desktop\FRST.exe
2017-11-29 11:52 - 2017-11-29 11:54 - 000797760 _____ C:\Users\رياض\Downloads\delfix_1.013.exe
2017-11-29 11:27 - 2017-11-29 11:30 - 000747851 _____ C:\Users\رياض\Downloads\لم يتم تأكيده 500918.crdownload
2017-11-29 10:03 - 2017-11-29 10:03 - 000000020 ___SH C:\Users\رياض\ntuser.ini
2017-11-29 06:49 - 2017-11-29 06:36 - 000024064 _____ C:\Windows\zoek-delete.exe
2017-11-28 21:53 - 2017-11-28 21:53 - 000000019 _____ C:\Users\رياض\Desktop\اغلاق الجهاز.txt
2017-11-26 19:07 - 2017-11-26 19:07 - 000000000 ____D C:\Users\رياض\Desktop\Quarantine
2017-11-25 22:40 - 2017-11-25 22:40 - 000000000 ____D C:\ProgramData\PC Faster
2017-11-25 22:30 - 2017-11-25 22:30 - 000000000 ____D C:\Users\رياض\Desktop\Selfishnet win 7
2017-11-25 21:59 - 2017-11-29 15:32 - 000221112 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2017-11-24 22:42 - 2017-11-24 22:42 - 000000000 ____D C:\Users\رياض\Desktop\BaiduWifi
2017-11-24 22:14 - 2017-11-24 22:14 - 000000000 ____D C:\Users\رياض\AppData\Roaming\Baidu
2017-11-24 22:13 - 2017-11-26 18:39 - 000000000 ____D C:\Program Files\Baidu WiFiHotspot
2017-11-24 22:13 - 2017-11-24 22:14 - 000001065 _____ C:\Users\رياض\Desktop\Baidu WiFi Hotspot.lnk
2017-11-24 22:13 - 2017-11-24 22:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu WiFi Hotspot
2017-11-24 21:56 - 2017-11-24 21:56 - 000000929 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-11-24 21:56 - 2017-11-24 21:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-11-24 21:56 - 2017-11-24 21:56 - 000000000 ____D C:\Program Files\CCleaner
2017-11-24 21:02 - 2017-11-24 21:02 - 000103128 _____ C:\Users\رياض\AppData\Local\GDIPFONTCACHEV1.DAT
2017-11-24 18:54 - 2017-11-24 20:41 - 000000000 ____D C:\ProgramData\Ralink
2017-11-24 18:53 - 2017-11-24 18:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ralink Wireless
2017-11-24 18:53 - 2010-12-28 19:43 - 000238944 _____ (Ralink Technology, Inc.) C:\Windows\system32\RaCoInst.dll
2017-11-24 18:52 - 2017-11-24 18:52 - 000000000 ____D C:\ProgramData\Ralink Driver
2017-11-24 18:52 - 2017-11-24 18:52 - 000000000 ____D C:\Program Files\Cisco
2017-11-24 18:52 - 2010-12-28 19:55 - 001174880 _____ (Ralink Technology Corp.) C:\Windows\system32\Drivers\netr28u.sys
2017-11-24 18:52 - 2010-12-28 19:43 - 000014051 ____R C:\Windows\system32\RaCoInst.dat
2017-11-24 18:51 - 2017-11-24 18:51 - 000000000 ____D C:\Windows\system32\RaLanguages
2017-11-24 18:51 - 2017-11-24 18:51 - 000000000 ____D C:\Program Files\Ralink
2017-11-24 18:51 - 2010-10-01 18:28 - 000796000 _____ (Ralink Technology, Corp.) C:\Windows\system32\RAIHV.dll
2017-11-24 18:51 - 2010-07-01 17:45 - 000119648 _____ (Ralink Technology, Corp.) C:\Windows\system32\RAEXTUI.dll
2017-11-24 18:51 - 2010-07-01 17:29 - 001607008 _____ (Ralink Technology, Corp.) C:\Windows\system32\RaCertMgr.dll
2017-11-24 18:51 - 2010-06-29 10:34 - 000480608 _____ C:\Windows\system32\DiagFunc.dll
2017-11-24 18:51 - 2010-01-27 11:54 - 000000451 _____ C:\Windows\system32\DiagFunc.ini
2017-11-24 18:51 - 2009-09-03 21:59 - 000000072 _____ C:\Windows\system32\RaCertMgr.ini
2017-11-24 18:03 - 2017-11-24 18:03 - 000000000 ____D C:\Users\رياض\AppData\Local\ElevatedDiagnostics
2017-11-24 10:42 - 2017-11-24 10:43 - 000388264 _____ C:\Windows\system32\FNTCACHE.DAT
2017-11-23 21:18 - 2017-11-24 18:24 - 000000000 ____D C:\Program Files\My WIFI Router
2017-11-21 22:06 - 2017-11-21 22:06 - 000000000 ____D C:\KVRT_Data
2017-11-21 19:08 - 2012-12-07 10:34 - 000025416 _____ (Khalil Azzouzi) C:\Windows\system32\Drivers\ndiskhaz.sys
2017-11-21 07:52 - 2017-11-21 07:52 - 000000093 _____ C:\Windows\wininit.ini
2017-11-21 07:10 - 2017-11-21 10:57 - 000000000 ____D C:\Users\رياض\AppData\LocalLow\Mozilla
2017-11-21 07:10 - 2017-11-21 07:15 - 000000000 ____D C:\Users\رياض\AppData\Local\Mozilla
2017-11-20 22:56 - 2017-11-20 22:56 - 000000000 ____D C:\c31a7175b7858676775878e5
2017-11-20 22:51 - 2017-11-20 22:51 - 000000000 ____D C:\ProgramData\Connectify
2017-11-13 22:24 - 2017-11-13 22:24 - 007649280 _____ C:\Program Files\GUT24A7.tmp
2017-11-13 06:37 - 2017-11-13 06:37 - 000001984 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-11-13 06:37 - 2017-11-13 06:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-11-13 06:35 - 2017-10-04 13:15 - 000059904 _____ C:\Windows\system32\Drivers\mbae.sys
2017-11-13 06:33 - 2017-11-13 06:33 - 000000000 ____D C:\Program Files\Malwarebytes
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-11-29 15:46 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\system32\NDF
2017-11-29 15:45 - 2009-07-14 05:34 - 000013760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-11-29 15:45 - 2009-07-14 05:34 - 000013760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-11-29 15:31 - 2009-07-14 05:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-11-29 13:30 - 2016-11-10 12:30 - 000000000 ____D C:\Users\رياض\AppData\Roaming\DMCache
2017-11-29 11:59 - 2016-05-14 18:08 - 000000560 _____ C:\DelFix.txt
2017-11-29 11:02 - 2016-11-11 22:04 - 000000000 ____D C:\Users\رياض\AppData\Roaming\IDM
2017-11-29 10:56 - 2017-10-04 22:47 - 000006463 _____ C:\Users\رياض\Desktop\WNetWatcher.cfg
2017-11-29 10:03 - 2011-07-11 09:23 - 000000000 ____D C:\Users\رياض
2017-11-29 07:31 - 2011-07-11 09:32 - 001838086 _____ C:\Windows\system32\PerfStringBackup.INI
2017-11-29 07:31 - 2009-12-14 18:14 - 000050874 _____ C:\Windows\system32\perfh01F.dat
2017-11-29 07:31 - 2009-12-14 18:14 - 000025622 _____ C:\Windows\system32\perfc01F.dat
2017-11-29 07:31 - 2009-12-14 18:00 - 000058070 _____ C:\Windows\system32\perfh019.dat
2017-11-29 07:31 - 2009-12-14 18:00 - 000029832 _____ C:\Windows\system32\perfc019.dat
2017-11-29 07:31 - 2009-12-14 17:53 - 000064600 _____ C:\Windows\system32\perfh013.dat
2017-11-29 07:31 - 2009-12-14 17:53 - 000032576 _____ C:\Windows\system32\perfc013.dat
2017-11-29 07:31 - 2009-12-14 17:46 - 000062296 _____ C:\Windows\system32\perfh010.dat
2017-11-29 07:31 - 2009-12-14 17:46 - 000031778 _____ C:\Windows\system32\perfc010.dat
2017-11-29 07:31 - 2009-12-14 17:39 - 000062698 _____ C:\Windows\system32\perfh00E.dat
2017-11-29 07:31 - 2009-12-14 17:39 - 000036462 _____ C:\Windows\system32\perfc00E.dat
2017-11-29 07:31 - 2009-12-14 17:29 - 000066138 _____ C:\Windows\system32\perfh007.dat
2017-11-29 07:31 - 2009-12-14 17:29 - 000036374 _____ C:\Windows\system32\perfc007.dat
2017-11-29 07:31 - 2009-12-14 17:23 - 000407608 _____ C:\Windows\system32\perfh00C.dat
2017-11-29 07:31 - 2009-12-14 17:23 - 000371514 _____ C:\Windows\system32\perfh001.dat
2017-11-29 07:31 - 2009-12-14 17:23 - 000078052 _____ C:\Windows\system32\perfc001.dat
2017-11-29 07:31 - 2009-12-14 17:23 - 000069630 _____ C:\Windows\system32\perfc00C.dat
2017-11-29 07:31 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\inf
2017-11-28 07:24 - 2014-01-01 13:46 - 000000000 ____D C:\Users\رياض\AppData\Roaming\ZHP
2017-11-28 07:07 - 2017-05-03 17:23 - 000000000 ____D C:\Users\رياض\AppData\Local\ZHP
2017-11-27 22:31 - 2014-06-20 11:01 - 000000375 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2017-11-27 07:13 - 2016-12-05 09:15 - 000000000 ____D C:\Users\رياض\AppData\Local\CrashDumps
2017-11-27 07:13 - 2011-10-21 16:38 - 000000000 ____D C:\Windows\Minidump
2017-11-25 20:07 - 2013-10-11 08:10 - 000000000 __RSD C:\Program Files\Golden Filter Premium
2017-11-25 15:57 - 2012-09-24 12:34 - 000000000 ____D C:\ProgramData\TEMP
2017-11-25 13:24 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\Web
2017-11-24 18:51 - 2011-07-11 09:38 - 000000000 ___HD C:\Program Files\InstallShield Installation Information
2017-11-20 22:21 - 2017-02-27 07:08 - 000000000 ____D C:\Users\رياض\AppData\Roaming\vlc
2017-11-20 15:58 - 2016-12-07 19:59 - 000000000 ____D C:\Users\رياض\Downloads\Compressed
2017-11-18 19:54 - 2014-07-23 10:40 - 000000000 ____D C:\Users\رياض\Desktop\الهحوم
2017-11-17 11:10 - 2017-05-04 09:19 - 000000000 ____D C:\Program Files\ESET
2017-11-16 09:11 - 2017-05-03 22:42 - 000002101 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-09 15:08 - 2017-02-09 09:48 - 000032594 _____ C:\Windows\Tasks\SCHEDLGU.TXT
==================== Files in the root of some directories =======
2013-11-02 11:22 - 2013-11-02 11:22 - 000000001 ___RS () C:\Program Files\GeniusXXAddon
2017-11-13 22:24 - 2017-11-13 22:24 - 007649280 _____ () C:\Program Files\GUT24A7.tmp
2013-11-02 11:22 - 2013-11-02 11:22 - 000000001 ___RS () C:\Program Files\onewebsearch
2014-03-14 14:42 - 2014-07-30 14:32 - 000004608 _____ () C:\Users\رياض\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-10-05 23:21 - 2011-10-05 23:21 - 000000001 _____ () C:\Users\رياض\AppData\Local\llftool.4.12.agreement
2013-03-25 21:24 - 2013-03-25 21:24 - 000000001 _____ () C:\Users\رياض\AppData\Local\llftool.4.25.agreement
2013-03-25 21:24 - 2013-03-25 21:24 - 000000019 _____ () C:\Users\رياض\AppData\Local\llftool.license
2013-02-06 11:09 - 2013-02-06 11:09 - 000000017 _____ () C:\Users\رياض\AppData\Local\resmon.resmoncfg
2011-09-25 17:57 - 2011-09-25 17:57 - 000017408 _____ () C:\Users\رياض\AppData\Local\WebpageIcons.db
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-16 06:50
==================== End of FRST.txt ============================
Ran by رياض (administrator) on رياض-PC (29-11-2017 16:05:52)
Running from C:\Users\رياض\Desktop
Loaded Profiles: رياض (Available Profiles: رياض)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: العربية (السعودية)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(Arcai.com) C:\Program Files\NetCutDefender\services\aips.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Realtek Semiconductor Corp.) C:\Windows\SOUNDMAN.EXE
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Foxit Software Inc.) C:\Program Files\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
(Ralink Technology, Corp.) C:\Program Files\Ralink\Common\RaUI.exe
(Ralink Technology, Corp.) C:\Program Files\Ralink\Common\RaRegistry.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
() C:\Program Files\My WIFI Router\bmser.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(ESET) C:\Program Files\ESET\ESET Security\egui.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SoundMan] => C:\Windows\SOUNDMAN.EXE [604704 2009-04-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmdS.exe [297592 2017-10-26] (ESET)
HKU\S-1-5-21-3488952640-1886036067-2608822963-1000\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [3994736 2016-10-12] (Tonec Inc.)
HKU\S-1-5-21-3488952640-1886036067-2608822963-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7814600 2017-11-08] (Piriform Ltd)
HKU\S-1-5-21-3488952640-1886036067-2608822963-1000\...\Policies\Explorer: [NoInstrumentation] 0
HKU\S-1-5-21-3488952640-1886036067-2608822963-1000\...\Policies\Explorer: [TaskbarNoNotification] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk [2017-11-24]
ShortcutTarget: Ralink Wireless Utility.lnk -> C:\Program Files\Ralink\Common\RaUI.exe (Ralink Technology, Corp.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{44FDC2AD-20F2-4EC2-874F-154E3B793A34}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7E01097D-C29C-4596-B3F3-D58438E4A0B2}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A87500A5-B0DF-44E5-84D7-9E341A1FF32D}: [NameServer] 77.88.8.7,77.88.8.3
Tcpip\..\Interfaces\{A87500A5-B0DF-44E5-84D7-9E341A1FF32D}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-3488952640-1886036067-2608822963-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/ar-eg/?ocid=iehp
URLSearchHook: [S-1-5-21-3488952640-1886036067-2608822963-1000] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-3488952640-1886036067-2608822963-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3488952640-1886036067-2608822963-1000 -> {9AD09901-06DD-4DDD-A62D-6D2243B771AB} URL = hxxp://start.myplaycity.com/results.php?category=web&s={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2016-09-06] (Internet Download Manager, Tonec Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-04-22] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-22] (Oracle Corporation)
DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} hxxp://fichiers2.touslesdrivers.com/maconfig/MaConfig_6_5_1_1.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-04-08] (Skype Technologies)
FireFox:
========
FF HKU\S-1-5-21-3488952640-1886036067-2608822963-1000\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2016-09-21] [Lagacy]
FF HKU\S-1-5-21-3488952640-1886036067-2608822963-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-3488952640-1886036067-2608822963-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\رياض\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\رياض\AppData\Roaming\IDM\idmmzcc5 [2017-11-29] [Lagacy] [not signed]
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-04-06] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-04-06] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-04-06] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-04-06] (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-22] (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\رياض\AppData\Local\Google\Chrome\User Data\Default [2017-11-29]
CHR Extension: (العروض التقديمية) - C:\Users\رياض\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-29]
CHR Extension: (المستندات) - C:\Users\رياض\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-29]
CHR Extension: (Google Drive) - C:\Users\رياض\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-11-29]
CHR Extension: (Youtube) - C:\Users\رياض\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-29]
CHR Extension: (جداول البيانات) - C:\Users\رياض\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-29]
CHR Extension: (مستندات Google في وضع عدم الاتصال) - C:\Users\رياض\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-11-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\رياض\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-11-29]
CHR Extension: (Gmail) - C:\Users\رياض\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-11-29]
CHR Extension: (Chrome Media Router) - C:\Users\رياض\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-29]
CHR Profile: C:\Users\رياض\AppData\Local\Google\Chrome\User Data\Guest Profile [2016-05-13]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] -
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2016-10-01]
CHR HKU\S-1-5-21-3488952640-1886036067-2608822963-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AIPS; C:\Program Files\NetCutDefender\services\AIPS.exe [262144 2011-07-28] (Arcai.com) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2089176 2017-10-26] (ESET)
R2 FoxitReaderService; C:\Program Files\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659592 2017-04-13] (Foxit Software Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4430792 2017-08-07] (Malwarebytes)
R2 RalinkRegistryWriter; C:\Program Files\Ralink\Common\RaRegistry.exe [374112 2010-11-11] (Ralink Technology, Corp.)
S3 RaMediaServer; C:\Program Files\Ralink\Common\RaMediaServer.exe [619872 2010-12-31] ()
R2 WIFIGXENDHCPSER; C:\Program Files\My WIFI Router\bmser.exe [1656416 2014-04-23] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 ALCXWDM; C:\Windows\System32\drivers\RTKVAC.SYS [4172832 2009-06-18] (Realtek Semiconductor Corp.)
R1 BIOS; C:\Windows\system32\drivers\BIOS.sys [13696 2005-03-16] (BIOSTAR Group) [File not signed]
R1 BS_I2cIo; C:\Windows\system32\drivers\BS_I2cIo.sys [6272 2010-05-17] (BIOSTAR Group) [File not signed]
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [113544 2017-10-26] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [90656 2017-03-09] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [141480 2017-10-26] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [43920 2017-03-09] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [69304 2017-03-09] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [52680 2017-03-09] (ESET)
R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [87528 2017-10-26] (ESET)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [221112 2017-11-29] (Malwarebytes)
R1 ndiskhaz; C:\Windows\System32\DRIVERS\ndiskhaz.sys [25416 2012-12-07] (Khalil Azzouzi)
R1 ndisrd; C:\Windows\System32\DRIVERS\ndisrd.sys [37408 2014-08-14] (NT Kernel Resources)
R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [1174880 2010-12-28] (Ralink Technology Corp.)
S3 NPF; C:\Users\رياض\Desktop\Selfishnet win 7\npf.sys [42000 2007-01-25] (CACE Technologies)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [17160 2015-03-05] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [13064 2016-11-24] ()
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-05-12] ()
S1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [113904 2016-11-21] (Oracle Corporation)
S3 eapihdrv; \??\C:\Users\99DA~1\AppData\Local\Temp\ehdrv.sys [X]
U2 ERSvc; no ImagePath
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
U2 IAStorDataMgrsvc; no ImagePath
S2 memudrv; \??\D:\Program Files\Microvirt\MEmuHyperv\MEmuDrv.sys [X]
U2 NIHardwareService; no ImagePath
S3 NSNDIS5; \??\C:\Windows\system32\NSNDIS5.SYS [X]
U2 NVSvc; no ImagePath
S3 Ser2pl; system32\DRIVERS\ser2pl.sys [X]
S3 SliceDisk5; \??\C:\Program Files\A-FF Find and Mount\slicedisk.sys [X]
U2 srService; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-11-29 16:05 - 2017-11-29 16:10 - 000013540 _____ C:\Users\رياض\Desktop\FRST.txt
2017-11-29 16:01 - 2017-11-29 16:05 - 000000000 ____D C:\FRST
2017-11-29 15:51 - 2017-11-29 15:54 - 001752064 _____ (Farbar) C:\Users\رياض\Desktop\FRST.exe
2017-11-29 11:52 - 2017-11-29 11:54 - 000797760 _____ C:\Users\رياض\Downloads\delfix_1.013.exe
2017-11-29 11:27 - 2017-11-29 11:30 - 000747851 _____ C:\Users\رياض\Downloads\لم يتم تأكيده 500918.crdownload
2017-11-29 10:03 - 2017-11-29 10:03 - 000000020 ___SH C:\Users\رياض\ntuser.ini
2017-11-29 06:49 - 2017-11-29 06:36 - 000024064 _____ C:\Windows\zoek-delete.exe
2017-11-28 21:53 - 2017-11-28 21:53 - 000000019 _____ C:\Users\رياض\Desktop\اغلاق الجهاز.txt
2017-11-26 19:07 - 2017-11-26 19:07 - 000000000 ____D C:\Users\رياض\Desktop\Quarantine
2017-11-25 22:40 - 2017-11-25 22:40 - 000000000 ____D C:\ProgramData\PC Faster
2017-11-25 22:30 - 2017-11-25 22:30 - 000000000 ____D C:\Users\رياض\Desktop\Selfishnet win 7
2017-11-25 21:59 - 2017-11-29 15:32 - 000221112 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2017-11-24 22:42 - 2017-11-24 22:42 - 000000000 ____D C:\Users\رياض\Desktop\BaiduWifi
2017-11-24 22:14 - 2017-11-24 22:14 - 000000000 ____D C:\Users\رياض\AppData\Roaming\Baidu
2017-11-24 22:13 - 2017-11-26 18:39 - 000000000 ____D C:\Program Files\Baidu WiFiHotspot
2017-11-24 22:13 - 2017-11-24 22:14 - 000001065 _____ C:\Users\رياض\Desktop\Baidu WiFi Hotspot.lnk
2017-11-24 22:13 - 2017-11-24 22:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu WiFi Hotspot
2017-11-24 21:56 - 2017-11-24 21:56 - 000000929 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-11-24 21:56 - 2017-11-24 21:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-11-24 21:56 - 2017-11-24 21:56 - 000000000 ____D C:\Program Files\CCleaner
2017-11-24 21:02 - 2017-11-24 21:02 - 000103128 _____ C:\Users\رياض\AppData\Local\GDIPFONTCACHEV1.DAT
2017-11-24 18:54 - 2017-11-24 20:41 - 000000000 ____D C:\ProgramData\Ralink
2017-11-24 18:53 - 2017-11-24 18:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ralink Wireless
2017-11-24 18:53 - 2010-12-28 19:43 - 000238944 _____ (Ralink Technology, Inc.) C:\Windows\system32\RaCoInst.dll
2017-11-24 18:52 - 2017-11-24 18:52 - 000000000 ____D C:\ProgramData\Ralink Driver
2017-11-24 18:52 - 2017-11-24 18:52 - 000000000 ____D C:\Program Files\Cisco
2017-11-24 18:52 - 2010-12-28 19:55 - 001174880 _____ (Ralink Technology Corp.) C:\Windows\system32\Drivers\netr28u.sys
2017-11-24 18:52 - 2010-12-28 19:43 - 000014051 ____R C:\Windows\system32\RaCoInst.dat
2017-11-24 18:51 - 2017-11-24 18:51 - 000000000 ____D C:\Windows\system32\RaLanguages
2017-11-24 18:51 - 2017-11-24 18:51 - 000000000 ____D C:\Program Files\Ralink
2017-11-24 18:51 - 2010-10-01 18:28 - 000796000 _____ (Ralink Technology, Corp.) C:\Windows\system32\RAIHV.dll
2017-11-24 18:51 - 2010-07-01 17:45 - 000119648 _____ (Ralink Technology, Corp.) C:\Windows\system32\RAEXTUI.dll
2017-11-24 18:51 - 2010-07-01 17:29 - 001607008 _____ (Ralink Technology, Corp.) C:\Windows\system32\RaCertMgr.dll
2017-11-24 18:51 - 2010-06-29 10:34 - 000480608 _____ C:\Windows\system32\DiagFunc.dll
2017-11-24 18:51 - 2010-01-27 11:54 - 000000451 _____ C:\Windows\system32\DiagFunc.ini
2017-11-24 18:51 - 2009-09-03 21:59 - 000000072 _____ C:\Windows\system32\RaCertMgr.ini
2017-11-24 18:03 - 2017-11-24 18:03 - 000000000 ____D C:\Users\رياض\AppData\Local\ElevatedDiagnostics
2017-11-24 10:42 - 2017-11-24 10:43 - 000388264 _____ C:\Windows\system32\FNTCACHE.DAT
2017-11-23 21:18 - 2017-11-24 18:24 - 000000000 ____D C:\Program Files\My WIFI Router
2017-11-21 22:06 - 2017-11-21 22:06 - 000000000 ____D C:\KVRT_Data
2017-11-21 19:08 - 2012-12-07 10:34 - 000025416 _____ (Khalil Azzouzi) C:\Windows\system32\Drivers\ndiskhaz.sys
2017-11-21 07:52 - 2017-11-21 07:52 - 000000093 _____ C:\Windows\wininit.ini
2017-11-21 07:10 - 2017-11-21 10:57 - 000000000 ____D C:\Users\رياض\AppData\LocalLow\Mozilla
2017-11-21 07:10 - 2017-11-21 07:15 - 000000000 ____D C:\Users\رياض\AppData\Local\Mozilla
2017-11-20 22:56 - 2017-11-20 22:56 - 000000000 ____D C:\c31a7175b7858676775878e5
2017-11-20 22:51 - 2017-11-20 22:51 - 000000000 ____D C:\ProgramData\Connectify
2017-11-13 22:24 - 2017-11-13 22:24 - 007649280 _____ C:\Program Files\GUT24A7.tmp
2017-11-13 06:37 - 2017-11-13 06:37 - 000001984 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-11-13 06:37 - 2017-11-13 06:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-11-13 06:35 - 2017-10-04 13:15 - 000059904 _____ C:\Windows\system32\Drivers\mbae.sys
2017-11-13 06:33 - 2017-11-13 06:33 - 000000000 ____D C:\Program Files\Malwarebytes
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-11-29 15:46 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\system32\NDF
2017-11-29 15:45 - 2009-07-14 05:34 - 000013760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-11-29 15:45 - 2009-07-14 05:34 - 000013760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-11-29 15:31 - 2009-07-14 05:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-11-29 13:30 - 2016-11-10 12:30 - 000000000 ____D C:\Users\رياض\AppData\Roaming\DMCache
2017-11-29 11:59 - 2016-05-14 18:08 - 000000560 _____ C:\DelFix.txt
2017-11-29 11:02 - 2016-11-11 22:04 - 000000000 ____D C:\Users\رياض\AppData\Roaming\IDM
2017-11-29 10:56 - 2017-10-04 22:47 - 000006463 _____ C:\Users\رياض\Desktop\WNetWatcher.cfg
2017-11-29 10:03 - 2011-07-11 09:23 - 000000000 ____D C:\Users\رياض
2017-11-29 07:31 - 2011-07-11 09:32 - 001838086 _____ C:\Windows\system32\PerfStringBackup.INI
2017-11-29 07:31 - 2009-12-14 18:14 - 000050874 _____ C:\Windows\system32\perfh01F.dat
2017-11-29 07:31 - 2009-12-14 18:14 - 000025622 _____ C:\Windows\system32\perfc01F.dat
2017-11-29 07:31 - 2009-12-14 18:00 - 000058070 _____ C:\Windows\system32\perfh019.dat
2017-11-29 07:31 - 2009-12-14 18:00 - 000029832 _____ C:\Windows\system32\perfc019.dat
2017-11-29 07:31 - 2009-12-14 17:53 - 000064600 _____ C:\Windows\system32\perfh013.dat
2017-11-29 07:31 - 2009-12-14 17:53 - 000032576 _____ C:\Windows\system32\perfc013.dat
2017-11-29 07:31 - 2009-12-14 17:46 - 000062296 _____ C:\Windows\system32\perfh010.dat
2017-11-29 07:31 - 2009-12-14 17:46 - 000031778 _____ C:\Windows\system32\perfc010.dat
2017-11-29 07:31 - 2009-12-14 17:39 - 000062698 _____ C:\Windows\system32\perfh00E.dat
2017-11-29 07:31 - 2009-12-14 17:39 - 000036462 _____ C:\Windows\system32\perfc00E.dat
2017-11-29 07:31 - 2009-12-14 17:29 - 000066138 _____ C:\Windows\system32\perfh007.dat
2017-11-29 07:31 - 2009-12-14 17:29 - 000036374 _____ C:\Windows\system32\perfc007.dat
2017-11-29 07:31 - 2009-12-14 17:23 - 000407608 _____ C:\Windows\system32\perfh00C.dat
2017-11-29 07:31 - 2009-12-14 17:23 - 000371514 _____ C:\Windows\system32\perfh001.dat
2017-11-29 07:31 - 2009-12-14 17:23 - 000078052 _____ C:\Windows\system32\perfc001.dat
2017-11-29 07:31 - 2009-12-14 17:23 - 000069630 _____ C:\Windows\system32\perfc00C.dat
2017-11-29 07:31 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\inf
2017-11-28 07:24 - 2014-01-01 13:46 - 000000000 ____D C:\Users\رياض\AppData\Roaming\ZHP
2017-11-28 07:07 - 2017-05-03 17:23 - 000000000 ____D C:\Users\رياض\AppData\Local\ZHP
2017-11-27 22:31 - 2014-06-20 11:01 - 000000375 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2017-11-27 07:13 - 2016-12-05 09:15 - 000000000 ____D C:\Users\رياض\AppData\Local\CrashDumps
2017-11-27 07:13 - 2011-10-21 16:38 - 000000000 ____D C:\Windows\Minidump
2017-11-25 20:07 - 2013-10-11 08:10 - 000000000 __RSD C:\Program Files\Golden Filter Premium
2017-11-25 15:57 - 2012-09-24 12:34 - 000000000 ____D C:\ProgramData\TEMP
2017-11-25 13:24 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\Web
2017-11-24 18:51 - 2011-07-11 09:38 - 000000000 ___HD C:\Program Files\InstallShield Installation Information
2017-11-20 22:21 - 2017-02-27 07:08 - 000000000 ____D C:\Users\رياض\AppData\Roaming\vlc
2017-11-20 15:58 - 2016-12-07 19:59 - 000000000 ____D C:\Users\رياض\Downloads\Compressed
2017-11-18 19:54 - 2014-07-23 10:40 - 000000000 ____D C:\Users\رياض\Desktop\الهحوم
2017-11-17 11:10 - 2017-05-04 09:19 - 000000000 ____D C:\Program Files\ESET
2017-11-16 09:11 - 2017-05-03 22:42 - 000002101 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-09 15:08 - 2017-02-09 09:48 - 000032594 _____ C:\Windows\Tasks\SCHEDLGU.TXT
==================== Files in the root of some directories =======
2013-11-02 11:22 - 2013-11-02 11:22 - 000000001 ___RS () C:\Program Files\GeniusXXAddon
2017-11-13 22:24 - 2017-11-13 22:24 - 007649280 _____ () C:\Program Files\GUT24A7.tmp
2013-11-02 11:22 - 2013-11-02 11:22 - 000000001 ___RS () C:\Program Files\onewebsearch
2014-03-14 14:42 - 2014-07-30 14:32 - 000004608 _____ () C:\Users\رياض\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-10-05 23:21 - 2011-10-05 23:21 - 000000001 _____ () C:\Users\رياض\AppData\Local\llftool.4.12.agreement
2013-03-25 21:24 - 2013-03-25 21:24 - 000000001 _____ () C:\Users\رياض\AppData\Local\llftool.4.25.agreement
2013-03-25 21:24 - 2013-03-25 21:24 - 000000019 _____ () C:\Users\رياض\AppData\Local\llftool.license
2013-02-06 11:09 - 2013-02-06 11:09 - 000000017 _____ () C:\Users\رياض\AppData\Local\resmon.resmoncfg
2011-09-25 17:57 - 2011-09-25 17:57 - 000017408 _____ () C:\Users\رياض\AppData\Local\WebpageIcons.db
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-16 06:50
==================== End of FRST.txt ============================