Publicité
Publicité
Format du document : text/plain
Prévisualisation
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-11-2017
Ran by TAHER (administrator) on TITO (09-12-2017 05:43:54)
Running from C:\Users\TAHER\Desktop
Loaded Profiles: TAHER (Available Profiles: TAHER)
Platform: Windows 8.1 Pro (Update) (X64) Language: العربية (السعودية)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\ecmdS.exe [324216 2017-11-24] (ESET)
HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9856176 2017-09-20] (Piriform Ltd)
HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4035696 2017-10-17] (Tonec Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SnagIt 8.lnk [2017-10-19]
ShortcutTarget: SnagIt 8.lnk -> C:\Program Files (x86)\TechSmith\SnagIt 8\SnagIt32.exe (TechSmith Corporation)
GroupPolicy: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{62857839-62F3-4A1A-A628-07796BA66EB4}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{62857839-62F3-4A1A-A628-07796BA66EB4}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/ar-eg/?ocid=iehp
URLSearchHook: [S-1-5-21-2422561113-3094125170-2170945475-1001] ATTENTION => Default URLSearchHook is missing
BHO: No Name -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> No File
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2017-05-22] (IObit)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
Toolbar: HKLM-x32 - SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItIEAddin.dll [2007-05-16] (TechSmith Corporation)
FireFox:
========
FF DefaultProfile: 9p5cqg9n.default-1508462493704
FF ProfilePath: C:\Users\TAHER\AppData\Roaming\Mozilla\Firefox\Profiles\9p5cqg9n.default-1508462493704 [2017-12-09]
FF Extension: (ZenMate Security, Privacy & Unblock VPN) - C:\Users\TAHER\AppData\Roaming\Mozilla\Firefox\Profiles\9p5cqg9n.default-1508462493704\Extensions\firefox@zenmate.com.xpi [2017-10-20] [Lagacy]
FF Extension: (Popup blocker for FireFox: Poper Blocker) - C:\Users\TAHER\AppData\Roaming\Mozilla\Firefox\Profiles\9p5cqg9n.default-1508462493704\Extensions\{bee8b1f2-823a-424c-959c-f8f76c8b2306}.xpi [2017-11-25]
FF Extension: (Disable Media WMF NV12 format) - C:\Users\TAHER\AppData\Roaming\Mozilla\Firefox\Profiles\9p5cqg9n.default-1508462493704\features\{6dc2e371-871d-4263-8ec2-26be9bc2cd38}\disable-media-wmf-nv12@mozilla.org.xpi [2017-11-25] [Lagacy]
FF HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\Firefox\Extensions: [mozilla_cc3@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi
FF Extension: (No Name) - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi [2017-10-06]
FF HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-01-26] [Lagacy]
FF HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\TAHER\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\TAHER\AppData\Roaming\IDM\idmmzcc5 [2017-09-23] [Lagacy] [not signed]
FF HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll [2017-09-13] ()
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-13] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-01-19] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-01-19] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-01-19] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-01-19] (Foxit Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-07] (Google Inc.)
Chrome:
=======
CHR DefaultSearchKeyword: Default -> lp
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\TAHER\AppData\Local\Google\Chrome\User Data\Default [2017-12-09]
CHR Extension: (ترجمة Google) - C:\Users\TAHER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-12-07]
CHR Extension: (العروض التقديمية) - C:\Users\TAHER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-07]
CHR Extension: (المستندات) - C:\Users\TAHER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-07]
CHR Extension: (Google Drive) - C:\Users\TAHER\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-12-07]
CHR Extension: (Pop up blocker for Chrome™ - Poper Blocker) - C:\Users\TAHER\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2017-12-07]
CHR Extension: (Youtube) - C:\Users\TAHER\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-07]
CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\TAHER\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2017-12-07]
CHR Extension: (جداول البيانات) - C:\Users\TAHER\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-07]
CHR Extension: (مستندات Google في وضع عدم الاتصال) - C:\Users\TAHER\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-12-07]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\TAHER\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-12-07]
CHR Extension: (Emoji Keyboard (2016) by EmojiOne™) - C:\Users\TAHER\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipdjnhgkpapgippgcgkfcbpdpcgifncb [2017-12-07]
CHR Extension: (InstaG Downloader) - C:\Users\TAHER\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnkdcmgmnegofdddphijckfagibepdlb [2017-12-08]
CHR Extension: (IDM Integration Module) - C:\Users\TAHER\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2017-12-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\TAHER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-12-07]
CHR Extension: (دفعة Fatkun تحميل صورة) - C:\Users\TAHER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnjjahlikiabnchcpehcpkdeckfgnohf [2017-12-08]
CHR Extension: (Gmail) - C:\Users\TAHER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-12-07]
CHR Extension: (Chrome Media Router) - C:\Users\TAHER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-07]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-10-06]
Opera:
=======
OPR Extension: (AdBlock) - C:\Users\TAHER\AppData\Roaming\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj [2017-02-16]
OPR Extension: (Ghostery) - C:\Users\TAHER\AppData\Roaming\Opera Software\Opera Stable\Extensions\bbkekonodcdmedgffkkbgmnnekbainbg [2017-12-07]
OPR Extension: (Translator) - C:\Users\TAHER\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnbpedcoekjafichoehopgaaldogogch [2017-06-11]
OPR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\TAHER\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnhbkkedmelfmalgjpkngiaoifpdfcnl [2017-08-04]
OPR Extension: (SurfEasy Proxy, an Opera Software Company) - C:\Users\TAHER\AppData\Roaming\Opera Software\Opera Stable\Extensions\ebpielhlnnpkiddeeacoephkilopgblc [2017-11-10]
OPR Extension: (LastPass: Free Password Manager) - C:\Users\TAHER\AppData\Roaming\Opera Software\Opera Stable\Extensions\hnjalnkldgigidggphhmacmimbdlafdo [2017-06-28]
OPR Extension: (History Eraser) - C:\Users\TAHER\AppData\Roaming\Opera Software\Opera Stable\Extensions\lfpoajlbkhlfoeeokbppmecpplmieedm [2017-10-16]
OPR Extension: (IDM Integration Module) - C:\Users\TAHER\AppData\Roaming\Opera Software\Opera Stable\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2017-07-15]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [87384 2015-09-16] (Alps Electric Co., Ltd.)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2648184 2017-11-24] (ESET)
R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659592 2017-02-24] (Foxit Software Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [132848 2017-11-24] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [107344 2017-05-04] (ESET)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [15392 2017-11-24] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [180088 2017-11-24] (ESET)
R2 ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [50752 2017-05-04] (ESET)
R1 epfw; C:\Windows\system32\DRIVERS\epfw.sys [78192 2017-05-04] (ESET)
R1 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [102160 2017-11-24] (ESET)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77432 2017-11-01] ()
R3 ETDSMBus; C:\Windows\System32\drivers\ETDSMBus.sys [32840 2017-07-11] (ELAN Microelectronic Corp.)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-07-17] (REALiX(tm))
S3 Impcd; C:\Windows\System32\drivers\Impcd.sys [158976 2015-11-29] (Intel Corporation) [File not signed]
R3 IUFileFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUFileFilter.sys [21928 2017-06-06] (IObit.com)
R3 IURegProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IURegProcessFilter.sys [27048 2017-06-13] (IObit.com)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193464 2017-12-09] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\DRIVERS\farflt.sys [110016 2017-12-09] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [46008 2017-12-09] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2017-12-09] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [94144 2017-12-09] (Malwarebytes)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew01.sys [3354384 2015-09-16] (Intel Corporation)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
S3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33960 2016-07-09] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-12-09 05:43 - 2017-12-09 05:43 - 000025043 _____ C:\Users\TAHER\Desktop\Addition.txt
2017-12-09 05:41 - 2017-12-09 05:44 - 000015412 _____ C:\Users\TAHER\Desktop\FRST.txt
2017-12-09 05:41 - 2017-12-09 05:41 - 000001407 _____ C:\Users\TAHER\Desktop\24129793_2026599370918718_6055838492710908580_n.lnk
2017-12-09 05:40 - 2017-12-09 05:43 - 000000000 ____D C:\FRST
2017-12-09 05:36 - 2017-12-09 05:36 - 000094144 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-12-09 05:32 - 2017-12-09 05:32 - 000006916 _____ C:\Users\TAHER\Desktop\mal.txt
2017-12-09 05:31 - 2017-12-09 05:31 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2017-12-09 05:31 - 2017-12-09 05:31 - 000193464 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2017-12-09 05:31 - 2017-12-09 05:31 - 000110016 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-12-09 05:31 - 2017-12-09 05:31 - 000046008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-12-09 05:21 - 2017-12-09 05:21 - 000142140 _____ C:\Users\TAHER\Desktop\ZHPDiag.txt
2017-12-08 18:03 - 2017-12-08 18:03 - 000003128 _____ C:\Users\TAHER\Downloads\license.conf
2017-12-08 17:57 - 2017-12-08 17:57 - 000001891 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-12-08 17:57 - 2017-12-08 17:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-12-08 17:57 - 2017-11-01 08:54 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-12-08 17:55 - 2017-12-08 17:55 - 000000000 ____D C:\ProgramData\MB3CoreBackup
2017-12-07 17:47 - 2017-12-07 17:47 - 000002293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-07 17:47 - 2017-12-07 17:47 - 000002281 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-12-07 17:36 - 2017-12-07 17:37 - 001129816 _____ (Google Inc.) C:\Users\TAHER\Desktop\ChromeSetup.exe
2017-12-07 17:33 - 2017-12-07 17:33 - 001129816 _____ (Google Inc.) C:\Users\TAHER\Downloads\ChromeSetup.exe
2017-12-07 16:44 - 2017-12-07 16:50 - 000003274 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-12-07 16:44 - 2017-12-07 16:50 - 000003146 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-12-06 20:47 - 2017-12-06 20:47 - 004940442 _____ C:\Users\TAHER\Desktop\اسراء.psd
2017-12-06 15:29 - 2017-12-06 15:29 - 032341213 _____ C:\Users\TAHER\Downloads\EaseUS Data Recovery Wizard All Editions 11.8.rar
2017-12-06 15:29 - 2017-09-26 04:40 - 000000000 ____D C:\Users\TAHER\Downloads\EaseUS Data Recovery Wizard All Editions 11.8
2017-12-06 15:07 - 2017-11-06 12:55 - 000000000 ____D C:\Users\TAHER\Downloads\EaseUS Activation
2017-12-06 15:01 - 2017-12-06 15:01 - 000647433 _____ C:\Users\TAHER\Downloads\EaseUSActivation.rar
2017-12-05 04:58 - 2017-12-05 04:58 - 000000000 ____D C:\ProgramData\SystemAcCrux
2017-12-05 04:55 - 2017-12-07 20:06 - 000000000 ____D C:\Program Files\EaseUS
2017-12-05 04:52 - 2017-12-05 04:52 - 032691824 _____ (EaseUS ) C:\Users\TAHER\Downloads\drw_trial.exe
2017-12-03 15:33 - 2017-12-03 15:33 - 000000347 _____ C:\Users\TAHER\Desktop\key file.txt
2017-12-03 15:30 - 2017-12-03 15:30 - 006598205 _____ C:\Users\TAHER\Desktop\Malwarebytes Anti-Malware 3.3.1 Serial Key 2017 - YouTube.MP4
2017-12-03 04:54 - 2017-12-03 04:57 - 078346672 _____ (Malwarebytes ) C:\Users\TAHER\Desktop\mb3-setup-consumer-3.3.1.2183.exe
2017-12-03 04:50 - 2017-12-03 04:50 - 002391552 _____ (Farbar) C:\Users\TAHER\Desktop\FRST64.exe
2017-12-02 21:59 - 2017-12-02 21:59 - 001622528 _____ C:\Users\TAHER\Desktop\ResetBrowser.exe
2017-12-02 15:49 - 2017-12-02 15:51 - 000000000 ____D C:\AdwCleaner
2017-12-02 15:47 - 2017-12-02 15:48 - 008187336 _____ (Malwarebytes) C:\Users\TAHER\Desktop\adwcleaner_7.0.5.0.exe
2017-12-02 15:46 - 2017-12-02 15:46 - 002940288 _____ C:\Users\TAHER\Desktop\ZHPDiag3.exe
2017-12-02 14:22 - 2017-12-02 14:22 - 000000901 _____ C:\DelFix.txt
2017-12-01 20:41 - 2017-12-01 20:41 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-11-30 00:08 - 2017-11-30 00:08 - 009130453 _____ C:\Users\TAHER\Desktop\الاء.psd
2017-11-29 02:21 - 2017-11-29 02:21 - 005348656 _____ (Avira Operations GmbH & Co. KG) C:\Users\TAHER\Desktop\avira_en_vpnb0_5a1dfd563454d__ws.exe
2017-11-29 00:19 - 2017-11-29 00:19 - 000038994 _____ C:\Users\TAHER\Desktop\23906877_1790698677895986_7531764665852887040_n.mp4
2017-11-26 22:21 - 2017-11-26 22:21 - 005104535 _____ C:\Users\TAHER\Desktop\هابي بيرث ريم.psd
2017-11-26 22:19 - 2017-11-26 22:19 - 005046369 _____ C:\Users\TAHER\Desktop\هابي بيرث رنيم.psd
2017-11-23 22:37 - 2017-11-23 22:37 - 000003838 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1486325203
2017-11-23 22:37 - 2017-11-23 22:37 - 000001063 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2017-11-17 17:28 - 2017-11-17 17:28 - 001474832 _____ C:\Users\TAHER\Desktop\sama.MP4
2017-11-17 02:49 - 2017-11-17 06:47 - 000000000 ____D C:\Users\TAHER\Desktop\تجربة
2017-11-16 21:51 - 2017-11-16 21:51 - 005180565 _____ C:\Users\TAHER\Desktop\هابي بيرث.psd
2017-11-16 11:31 - 2017-11-04 02:41 - 000835568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-11-16 11:31 - 2017-11-04 02:41 - 000177648 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-16 11:29 - 2017-10-17 21:11 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2017-11-16 11:29 - 2017-10-16 20:38 - 002013016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-11-16 11:29 - 2017-10-14 15:04 - 001548624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-11-16 11:29 - 2017-10-14 10:38 - 025731584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-11-16 11:29 - 2017-10-14 10:23 - 004168704 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-11-16 11:29 - 2017-10-14 10:13 - 002903552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-11-16 11:29 - 2017-10-14 10:11 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-11-16 11:29 - 2017-10-14 10:09 - 005979648 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-11-16 11:29 - 2017-10-14 10:01 - 000816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-11-16 11:29 - 2017-10-14 09:36 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-11-16 11:29 - 2017-10-14 09:31 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-11-16 11:29 - 2017-10-14 09:30 - 015266816 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-11-16 11:29 - 2017-10-14 09:30 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-11-16 11:29 - 2017-10-14 09:30 - 000380416 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-11-16 11:29 - 2017-10-14 09:29 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-11-16 11:29 - 2017-10-14 09:27 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-11-16 11:29 - 2017-10-14 09:21 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-11-16 11:29 - 2017-10-14 09:14 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-11-16 11:29 - 2017-10-14 09:09 - 001544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-11-16 11:29 - 2017-10-14 09:05 - 015431680 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2017-11-16 11:29 - 2017-10-14 08:58 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-11-16 11:29 - 2017-10-14 08:53 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-11-16 11:29 - 2017-10-14 08:50 - 002293760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-11-16 11:29 - 2017-10-14 08:45 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-11-16 11:29 - 2017-10-14 08:33 - 004542464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-11-16 11:29 - 2017-10-14 08:28 - 013680128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-11-16 11:29 - 2017-10-14 08:28 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-11-16 11:29 - 2017-10-14 08:25 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-11-16 11:29 - 2017-10-14 08:24 - 000694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-11-16 11:29 - 2017-10-14 08:24 - 000331776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-11-16 11:29 - 2017-10-14 08:23 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-11-16 11:29 - 2017-10-14 08:14 - 013317632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2017-11-16 11:29 - 2017-10-14 08:10 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-11-16 11:29 - 2017-10-14 08:07 - 001314304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-11-16 11:29 - 2017-10-14 08:04 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-11-16 11:29 - 2017-10-10 18:36 - 000124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys
2017-11-16 11:29 - 2017-10-10 17:38 - 003631616 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-11-16 11:29 - 2017-10-10 17:38 - 000425984 _____ (Microsoft Corporation) C:\Windows\system32\PCPTpm12.dll
2017-11-16 11:29 - 2017-10-10 17:11 - 002749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-11-16 11:29 - 2017-10-10 17:08 - 000367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCPTpm12.dll
2017-11-16 11:27 - 2017-10-11 09:35 - 000143016 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-11-16 11:27 - 2017-10-10 17:21 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2017-11-16 11:27 - 2017-10-10 15:18 - 002023936 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2017-11-16 11:27 - 2017-10-10 15:18 - 001570304 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-11-16 11:27 - 2017-10-10 15:18 - 000670208 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-11-16 11:27 - 2017-10-10 15:18 - 000605184 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-11-16 11:27 - 2017-10-10 15:18 - 000603648 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-11-16 11:27 - 2017-10-10 15:18 - 000402944 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-11-16 11:27 - 2017-10-10 15:18 - 000370688 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-11-16 11:27 - 2017-10-10 15:18 - 000241664 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-11-16 11:27 - 2017-10-10 15:18 - 000181760 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-12-09 05:20 - 2015-09-18 03:41 - 000000000 ____D C:\Users\TAHER\AppData\Roaming\ZHP
2017-12-09 05:19 - 2017-04-08 09:46 - 000000000 ____D C:\Users\TAHER\AppData\Local\ZHP
2017-12-09 05:18 - 2017-09-23 03:06 - 000000000 ____D C:\Users\TAHER\AppData\Roaming\DMCache
2017-12-09 02:58 - 2016-11-18 17:57 - 000000000 ____D C:\Users\TAHER\AppData\LocalLow\Mozilla
2017-12-09 01:36 - 2015-10-12 17:35 - 000008581 _____ C:\Users\TAHER\Desktop\tt.m3u
2017-12-09 00:27 - 2017-09-23 03:05 - 000000000 ____D C:\Users\TAHER\AppData\Roaming\IDM
2017-12-08 22:54 - 2017-05-09 02:37 - 000003902 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{9EF4CA9D-8A4B-4D65-904A-E9E4C19D26D5}
2017-12-08 20:27 - 2015-09-14 02:22 - 000003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2422561113-3094125170-2170945475-1001
2017-12-08 17:56 - 2015-09-14 21:36 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-12-08 09:12 - 2013-08-22 17:20 - 000000000 ____D C:\Windows\CbsTemp
2017-12-08 09:11 - 2015-10-21 21:05 - 000000000 ____D C:\Users\TAHER\AppData\Local\CrashDumps
2017-12-08 09:11 - 2013-08-22 15:36 - 000000000 ____D C:\Windows\Inf
2017-12-07 20:02 - 2013-08-22 16:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-12-07 19:47 - 2015-09-14 02:15 - 000000000 ____D C:\Users\TAHER
2017-12-07 17:46 - 2015-09-15 14:48 - 000000000 ____D C:\Program Files (x86)\Google
2017-12-05 07:31 - 2015-09-15 14:47 - 000000000 ___RD C:\Users\TAHER\AppData\Local\Google
2017-12-04 17:01 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2017-12-03 22:37 - 2017-02-05 22:06 - 000000000 ____D C:\Program Files (x86)\Opera
2017-12-03 15:11 - 2017-04-02 19:38 - 000000000 ____D C:\Program Files\Malwarebytes
2017-12-01 14:51 - 2013-08-22 15:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2017-12-01 14:50 - 2015-09-15 20:19 - 000000000 ____D C:\Users\TAHER\AppData\Roaming\IObit
2017-12-01 14:50 - 2015-09-15 20:16 - 000000000 ____D C:\ProgramData\IObit
2017-11-29 03:14 - 2015-09-14 13:01 - 000000000 ____D C:\Users\TAHER\Downloads\Compressed
2017-11-28 19:38 - 2017-04-08 23:08 - 000000000 ____D C:\ProgramData\ProductData
2017-11-28 11:12 - 2017-06-27 10:33 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-11-28 11:12 - 2017-06-27 10:33 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-11-25 03:19 - 2015-09-14 21:44 - 000000000 ____D C:\Users\TAHER\AppData\Roaming\Mozilla
2017-11-25 03:18 - 2017-09-12 19:06 - 000000942 _____ C:\Users\TAHER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-11-25 03:18 - 2017-06-27 10:33 - 000000954 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-11-25 03:18 - 2017-04-22 07:28 - 000002211 _____ C:\Windows\wininit.ini
2017-11-24 02:44 - 2017-01-17 09:15 - 000180088 _____ (ESET) C:\Windows\system32\Drivers\ehdrv.sys
2017-11-24 02:44 - 2017-01-17 09:15 - 000132848 _____ (ESET) C:\Windows\system32\Drivers\eamonm.sys
2017-11-24 02:44 - 2017-01-17 09:15 - 000102160 _____ (ESET) C:\Windows\system32\Drivers\epfwwfp.sys
2017-11-24 02:44 - 2017-01-17 09:15 - 000015392 _____ (ESET) C:\Windows\system32\Drivers\eelam.sys
2017-11-17 18:08 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\rescache
2017-11-16 12:09 - 2015-09-14 21:08 - 000000000 ____D C:\Windows\system32\appraiser
2017-11-16 11:38 - 2015-09-14 13:15 - 000000000 ____D C:\Windows\system32\MRT
2017-11-16 11:32 - 2017-10-12 15:02 - 127017032 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2017-11-16 11:32 - 2015-09-14 13:14 - 127017032 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
==================== Files in the root of some directories =======
2016-02-20 19:32 - 2017-09-13 20:47 - 000000056 _____ () C:\Users\TAHER\AppData\Roaming\coreavc.ini
Some files in TEMP:
====================
2017-12-07 20:06 - 2017-12-06 15:08 - 000259622 _____ () C:\Users\TAHER\AppData\Local\Temp\Uninstall.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-12-06 14:52
==================== End of FRST.txt ============================
Ran by TAHER (administrator) on TITO (09-12-2017 05:43:54)
Running from C:\Users\TAHER\Desktop
Loaded Profiles: TAHER (Available Profiles: TAHER)
Platform: Windows 8.1 Pro (Update) (X64) Language: العربية (السعودية)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\ecmdS.exe [324216 2017-11-24] (ESET)
HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9856176 2017-09-20] (Piriform Ltd)
HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4035696 2017-10-17] (Tonec Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SnagIt 8.lnk [2017-10-19]
ShortcutTarget: SnagIt 8.lnk -> C:\Program Files (x86)\TechSmith\SnagIt 8\SnagIt32.exe (TechSmith Corporation)
GroupPolicy: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{62857839-62F3-4A1A-A628-07796BA66EB4}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{62857839-62F3-4A1A-A628-07796BA66EB4}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/ar-eg/?ocid=iehp
URLSearchHook: [S-1-5-21-2422561113-3094125170-2170945475-1001] ATTENTION => Default URLSearchHook is missing
BHO: No Name -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> No File
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2017-05-22] (IObit)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
Toolbar: HKLM-x32 - SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItIEAddin.dll [2007-05-16] (TechSmith Corporation)
FireFox:
========
FF DefaultProfile: 9p5cqg9n.default-1508462493704
FF ProfilePath: C:\Users\TAHER\AppData\Roaming\Mozilla\Firefox\Profiles\9p5cqg9n.default-1508462493704 [2017-12-09]
FF Extension: (ZenMate Security, Privacy & Unblock VPN) - C:\Users\TAHER\AppData\Roaming\Mozilla\Firefox\Profiles\9p5cqg9n.default-1508462493704\Extensions\firefox@zenmate.com.xpi [2017-10-20] [Lagacy]
FF Extension: (Popup blocker for FireFox: Poper Blocker) - C:\Users\TAHER\AppData\Roaming\Mozilla\Firefox\Profiles\9p5cqg9n.default-1508462493704\Extensions\{bee8b1f2-823a-424c-959c-f8f76c8b2306}.xpi [2017-11-25]
FF Extension: (Disable Media WMF NV12 format) - C:\Users\TAHER\AppData\Roaming\Mozilla\Firefox\Profiles\9p5cqg9n.default-1508462493704\features\{6dc2e371-871d-4263-8ec2-26be9bc2cd38}\disable-media-wmf-nv12@mozilla.org.xpi [2017-11-25] [Lagacy]
FF HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\Firefox\Extensions: [mozilla_cc3@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi
FF Extension: (No Name) - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi [2017-10-06]
FF HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-01-26] [Lagacy]
FF HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\TAHER\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\TAHER\AppData\Roaming\IDM\idmmzcc5 [2017-09-23] [Lagacy] [not signed]
FF HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll [2017-09-13] ()
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-13] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-01-19] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-01-19] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-01-19] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-01-19] (Foxit Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-07] (Google Inc.)
Chrome:
=======
CHR DefaultSearchKeyword: Default -> lp
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\TAHER\AppData\Local\Google\Chrome\User Data\Default [2017-12-09]
CHR Extension: (ترجمة Google) - C:\Users\TAHER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-12-07]
CHR Extension: (العروض التقديمية) - C:\Users\TAHER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-07]
CHR Extension: (المستندات) - C:\Users\TAHER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-07]
CHR Extension: (Google Drive) - C:\Users\TAHER\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-12-07]
CHR Extension: (Pop up blocker for Chrome™ - Poper Blocker) - C:\Users\TAHER\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2017-12-07]
CHR Extension: (Youtube) - C:\Users\TAHER\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-07]
CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\TAHER\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2017-12-07]
CHR Extension: (جداول البيانات) - C:\Users\TAHER\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-07]
CHR Extension: (مستندات Google في وضع عدم الاتصال) - C:\Users\TAHER\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-12-07]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\TAHER\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-12-07]
CHR Extension: (Emoji Keyboard (2016) by EmojiOne™) - C:\Users\TAHER\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipdjnhgkpapgippgcgkfcbpdpcgifncb [2017-12-07]
CHR Extension: (InstaG Downloader) - C:\Users\TAHER\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnkdcmgmnegofdddphijckfagibepdlb [2017-12-08]
CHR Extension: (IDM Integration Module) - C:\Users\TAHER\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2017-12-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\TAHER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-12-07]
CHR Extension: (دفعة Fatkun تحميل صورة) - C:\Users\TAHER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnjjahlikiabnchcpehcpkdeckfgnohf [2017-12-08]
CHR Extension: (Gmail) - C:\Users\TAHER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-12-07]
CHR Extension: (Chrome Media Router) - C:\Users\TAHER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-07]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-10-06]
Opera:
=======
OPR Extension: (AdBlock) - C:\Users\TAHER\AppData\Roaming\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj [2017-02-16]
OPR Extension: (Ghostery) - C:\Users\TAHER\AppData\Roaming\Opera Software\Opera Stable\Extensions\bbkekonodcdmedgffkkbgmnnekbainbg [2017-12-07]
OPR Extension: (Translator) - C:\Users\TAHER\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnbpedcoekjafichoehopgaaldogogch [2017-06-11]
OPR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\TAHER\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnhbkkedmelfmalgjpkngiaoifpdfcnl [2017-08-04]
OPR Extension: (SurfEasy Proxy, an Opera Software Company) - C:\Users\TAHER\AppData\Roaming\Opera Software\Opera Stable\Extensions\ebpielhlnnpkiddeeacoephkilopgblc [2017-11-10]
OPR Extension: (LastPass: Free Password Manager) - C:\Users\TAHER\AppData\Roaming\Opera Software\Opera Stable\Extensions\hnjalnkldgigidggphhmacmimbdlafdo [2017-06-28]
OPR Extension: (History Eraser) - C:\Users\TAHER\AppData\Roaming\Opera Software\Opera Stable\Extensions\lfpoajlbkhlfoeeokbppmecpplmieedm [2017-10-16]
OPR Extension: (IDM Integration Module) - C:\Users\TAHER\AppData\Roaming\Opera Software\Opera Stable\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2017-07-15]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [87384 2015-09-16] (Alps Electric Co., Ltd.)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2648184 2017-11-24] (ESET)
R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659592 2017-02-24] (Foxit Software Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [132848 2017-11-24] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [107344 2017-05-04] (ESET)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [15392 2017-11-24] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [180088 2017-11-24] (ESET)
R2 ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [50752 2017-05-04] (ESET)
R1 epfw; C:\Windows\system32\DRIVERS\epfw.sys [78192 2017-05-04] (ESET)
R1 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [102160 2017-11-24] (ESET)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77432 2017-11-01] ()
R3 ETDSMBus; C:\Windows\System32\drivers\ETDSMBus.sys [32840 2017-07-11] (ELAN Microelectronic Corp.)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-07-17] (REALiX(tm))
S3 Impcd; C:\Windows\System32\drivers\Impcd.sys [158976 2015-11-29] (Intel Corporation) [File not signed]
R3 IUFileFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUFileFilter.sys [21928 2017-06-06] (IObit.com)
R3 IURegProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IURegProcessFilter.sys [27048 2017-06-13] (IObit.com)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193464 2017-12-09] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\DRIVERS\farflt.sys [110016 2017-12-09] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [46008 2017-12-09] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2017-12-09] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [94144 2017-12-09] (Malwarebytes)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew01.sys [3354384 2015-09-16] (Intel Corporation)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
S3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33960 2016-07-09] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-12-09 05:43 - 2017-12-09 05:43 - 000025043 _____ C:\Users\TAHER\Desktop\Addition.txt
2017-12-09 05:41 - 2017-12-09 05:44 - 000015412 _____ C:\Users\TAHER\Desktop\FRST.txt
2017-12-09 05:41 - 2017-12-09 05:41 - 000001407 _____ C:\Users\TAHER\Desktop\24129793_2026599370918718_6055838492710908580_n.lnk
2017-12-09 05:40 - 2017-12-09 05:43 - 000000000 ____D C:\FRST
2017-12-09 05:36 - 2017-12-09 05:36 - 000094144 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-12-09 05:32 - 2017-12-09 05:32 - 000006916 _____ C:\Users\TAHER\Desktop\mal.txt
2017-12-09 05:31 - 2017-12-09 05:31 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2017-12-09 05:31 - 2017-12-09 05:31 - 000193464 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2017-12-09 05:31 - 2017-12-09 05:31 - 000110016 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-12-09 05:31 - 2017-12-09 05:31 - 000046008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-12-09 05:21 - 2017-12-09 05:21 - 000142140 _____ C:\Users\TAHER\Desktop\ZHPDiag.txt
2017-12-08 18:03 - 2017-12-08 18:03 - 000003128 _____ C:\Users\TAHER\Downloads\license.conf
2017-12-08 17:57 - 2017-12-08 17:57 - 000001891 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-12-08 17:57 - 2017-12-08 17:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-12-08 17:57 - 2017-11-01 08:54 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-12-08 17:55 - 2017-12-08 17:55 - 000000000 ____D C:\ProgramData\MB3CoreBackup
2017-12-07 17:47 - 2017-12-07 17:47 - 000002293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-07 17:47 - 2017-12-07 17:47 - 000002281 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-12-07 17:36 - 2017-12-07 17:37 - 001129816 _____ (Google Inc.) C:\Users\TAHER\Desktop\ChromeSetup.exe
2017-12-07 17:33 - 2017-12-07 17:33 - 001129816 _____ (Google Inc.) C:\Users\TAHER\Downloads\ChromeSetup.exe
2017-12-07 16:44 - 2017-12-07 16:50 - 000003274 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-12-07 16:44 - 2017-12-07 16:50 - 000003146 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-12-06 20:47 - 2017-12-06 20:47 - 004940442 _____ C:\Users\TAHER\Desktop\اسراء.psd
2017-12-06 15:29 - 2017-12-06 15:29 - 032341213 _____ C:\Users\TAHER\Downloads\EaseUS Data Recovery Wizard All Editions 11.8.rar
2017-12-06 15:29 - 2017-09-26 04:40 - 000000000 ____D C:\Users\TAHER\Downloads\EaseUS Data Recovery Wizard All Editions 11.8
2017-12-06 15:07 - 2017-11-06 12:55 - 000000000 ____D C:\Users\TAHER\Downloads\EaseUS Activation
2017-12-06 15:01 - 2017-12-06 15:01 - 000647433 _____ C:\Users\TAHER\Downloads\EaseUSActivation.rar
2017-12-05 04:58 - 2017-12-05 04:58 - 000000000 ____D C:\ProgramData\SystemAcCrux
2017-12-05 04:55 - 2017-12-07 20:06 - 000000000 ____D C:\Program Files\EaseUS
2017-12-05 04:52 - 2017-12-05 04:52 - 032691824 _____ (EaseUS ) C:\Users\TAHER\Downloads\drw_trial.exe
2017-12-03 15:33 - 2017-12-03 15:33 - 000000347 _____ C:\Users\TAHER\Desktop\key file.txt
2017-12-03 15:30 - 2017-12-03 15:30 - 006598205 _____ C:\Users\TAHER\Desktop\Malwarebytes Anti-Malware 3.3.1 Serial Key 2017 - YouTube.MP4
2017-12-03 04:54 - 2017-12-03 04:57 - 078346672 _____ (Malwarebytes ) C:\Users\TAHER\Desktop\mb3-setup-consumer-3.3.1.2183.exe
2017-12-03 04:50 - 2017-12-03 04:50 - 002391552 _____ (Farbar) C:\Users\TAHER\Desktop\FRST64.exe
2017-12-02 21:59 - 2017-12-02 21:59 - 001622528 _____ C:\Users\TAHER\Desktop\ResetBrowser.exe
2017-12-02 15:49 - 2017-12-02 15:51 - 000000000 ____D C:\AdwCleaner
2017-12-02 15:47 - 2017-12-02 15:48 - 008187336 _____ (Malwarebytes) C:\Users\TAHER\Desktop\adwcleaner_7.0.5.0.exe
2017-12-02 15:46 - 2017-12-02 15:46 - 002940288 _____ C:\Users\TAHER\Desktop\ZHPDiag3.exe
2017-12-02 14:22 - 2017-12-02 14:22 - 000000901 _____ C:\DelFix.txt
2017-12-01 20:41 - 2017-12-01 20:41 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-11-30 00:08 - 2017-11-30 00:08 - 009130453 _____ C:\Users\TAHER\Desktop\الاء.psd
2017-11-29 02:21 - 2017-11-29 02:21 - 005348656 _____ (Avira Operations GmbH & Co. KG) C:\Users\TAHER\Desktop\avira_en_vpnb0_5a1dfd563454d__ws.exe
2017-11-29 00:19 - 2017-11-29 00:19 - 000038994 _____ C:\Users\TAHER\Desktop\23906877_1790698677895986_7531764665852887040_n.mp4
2017-11-26 22:21 - 2017-11-26 22:21 - 005104535 _____ C:\Users\TAHER\Desktop\هابي بيرث ريم.psd
2017-11-26 22:19 - 2017-11-26 22:19 - 005046369 _____ C:\Users\TAHER\Desktop\هابي بيرث رنيم.psd
2017-11-23 22:37 - 2017-11-23 22:37 - 000003838 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1486325203
2017-11-23 22:37 - 2017-11-23 22:37 - 000001063 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2017-11-17 17:28 - 2017-11-17 17:28 - 001474832 _____ C:\Users\TAHER\Desktop\sama.MP4
2017-11-17 02:49 - 2017-11-17 06:47 - 000000000 ____D C:\Users\TAHER\Desktop\تجربة
2017-11-16 21:51 - 2017-11-16 21:51 - 005180565 _____ C:\Users\TAHER\Desktop\هابي بيرث.psd
2017-11-16 11:31 - 2017-11-04 02:41 - 000835568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-11-16 11:31 - 2017-11-04 02:41 - 000177648 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-16 11:29 - 2017-10-17 21:11 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2017-11-16 11:29 - 2017-10-16 20:38 - 002013016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-11-16 11:29 - 2017-10-14 15:04 - 001548624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-11-16 11:29 - 2017-10-14 10:38 - 025731584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-11-16 11:29 - 2017-10-14 10:23 - 004168704 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-11-16 11:29 - 2017-10-14 10:13 - 002903552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-11-16 11:29 - 2017-10-14 10:11 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-11-16 11:29 - 2017-10-14 10:09 - 005979648 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-11-16 11:29 - 2017-10-14 10:01 - 000816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-11-16 11:29 - 2017-10-14 09:36 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-11-16 11:29 - 2017-10-14 09:31 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-11-16 11:29 - 2017-10-14 09:30 - 015266816 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-11-16 11:29 - 2017-10-14 09:30 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-11-16 11:29 - 2017-10-14 09:30 - 000380416 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-11-16 11:29 - 2017-10-14 09:29 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-11-16 11:29 - 2017-10-14 09:27 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-11-16 11:29 - 2017-10-14 09:21 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-11-16 11:29 - 2017-10-14 09:14 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-11-16 11:29 - 2017-10-14 09:09 - 001544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-11-16 11:29 - 2017-10-14 09:05 - 015431680 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2017-11-16 11:29 - 2017-10-14 08:58 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-11-16 11:29 - 2017-10-14 08:53 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-11-16 11:29 - 2017-10-14 08:50 - 002293760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-11-16 11:29 - 2017-10-14 08:45 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-11-16 11:29 - 2017-10-14 08:33 - 004542464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-11-16 11:29 - 2017-10-14 08:28 - 013680128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-11-16 11:29 - 2017-10-14 08:28 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-11-16 11:29 - 2017-10-14 08:25 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-11-16 11:29 - 2017-10-14 08:24 - 000694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-11-16 11:29 - 2017-10-14 08:24 - 000331776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-11-16 11:29 - 2017-10-14 08:23 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-11-16 11:29 - 2017-10-14 08:14 - 013317632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2017-11-16 11:29 - 2017-10-14 08:10 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-11-16 11:29 - 2017-10-14 08:07 - 001314304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-11-16 11:29 - 2017-10-14 08:04 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-11-16 11:29 - 2017-10-10 18:36 - 000124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys
2017-11-16 11:29 - 2017-10-10 17:38 - 003631616 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-11-16 11:29 - 2017-10-10 17:38 - 000425984 _____ (Microsoft Corporation) C:\Windows\system32\PCPTpm12.dll
2017-11-16 11:29 - 2017-10-10 17:11 - 002749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-11-16 11:29 - 2017-10-10 17:08 - 000367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCPTpm12.dll
2017-11-16 11:27 - 2017-10-11 09:35 - 000143016 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-11-16 11:27 - 2017-10-10 17:21 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2017-11-16 11:27 - 2017-10-10 15:18 - 002023936 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2017-11-16 11:27 - 2017-10-10 15:18 - 001570304 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-11-16 11:27 - 2017-10-10 15:18 - 000670208 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-11-16 11:27 - 2017-10-10 15:18 - 000605184 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-11-16 11:27 - 2017-10-10 15:18 - 000603648 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-11-16 11:27 - 2017-10-10 15:18 - 000402944 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-11-16 11:27 - 2017-10-10 15:18 - 000370688 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-11-16 11:27 - 2017-10-10 15:18 - 000241664 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-11-16 11:27 - 2017-10-10 15:18 - 000181760 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-12-09 05:20 - 2015-09-18 03:41 - 000000000 ____D C:\Users\TAHER\AppData\Roaming\ZHP
2017-12-09 05:19 - 2017-04-08 09:46 - 000000000 ____D C:\Users\TAHER\AppData\Local\ZHP
2017-12-09 05:18 - 2017-09-23 03:06 - 000000000 ____D C:\Users\TAHER\AppData\Roaming\DMCache
2017-12-09 02:58 - 2016-11-18 17:57 - 000000000 ____D C:\Users\TAHER\AppData\LocalLow\Mozilla
2017-12-09 01:36 - 2015-10-12 17:35 - 000008581 _____ C:\Users\TAHER\Desktop\tt.m3u
2017-12-09 00:27 - 2017-09-23 03:05 - 000000000 ____D C:\Users\TAHER\AppData\Roaming\IDM
2017-12-08 22:54 - 2017-05-09 02:37 - 000003902 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{9EF4CA9D-8A4B-4D65-904A-E9E4C19D26D5}
2017-12-08 20:27 - 2015-09-14 02:22 - 000003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2422561113-3094125170-2170945475-1001
2017-12-08 17:56 - 2015-09-14 21:36 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-12-08 09:12 - 2013-08-22 17:20 - 000000000 ____D C:\Windows\CbsTemp
2017-12-08 09:11 - 2015-10-21 21:05 - 000000000 ____D C:\Users\TAHER\AppData\Local\CrashDumps
2017-12-08 09:11 - 2013-08-22 15:36 - 000000000 ____D C:\Windows\Inf
2017-12-07 20:02 - 2013-08-22 16:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-12-07 19:47 - 2015-09-14 02:15 - 000000000 ____D C:\Users\TAHER
2017-12-07 17:46 - 2015-09-15 14:48 - 000000000 ____D C:\Program Files (x86)\Google
2017-12-05 07:31 - 2015-09-15 14:47 - 000000000 ___RD C:\Users\TAHER\AppData\Local\Google
2017-12-04 17:01 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2017-12-03 22:37 - 2017-02-05 22:06 - 000000000 ____D C:\Program Files (x86)\Opera
2017-12-03 15:11 - 2017-04-02 19:38 - 000000000 ____D C:\Program Files\Malwarebytes
2017-12-01 14:51 - 2013-08-22 15:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2017-12-01 14:50 - 2015-09-15 20:19 - 000000000 ____D C:\Users\TAHER\AppData\Roaming\IObit
2017-12-01 14:50 - 2015-09-15 20:16 - 000000000 ____D C:\ProgramData\IObit
2017-11-29 03:14 - 2015-09-14 13:01 - 000000000 ____D C:\Users\TAHER\Downloads\Compressed
2017-11-28 19:38 - 2017-04-08 23:08 - 000000000 ____D C:\ProgramData\ProductData
2017-11-28 11:12 - 2017-06-27 10:33 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-11-28 11:12 - 2017-06-27 10:33 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-11-25 03:19 - 2015-09-14 21:44 - 000000000 ____D C:\Users\TAHER\AppData\Roaming\Mozilla
2017-11-25 03:18 - 2017-09-12 19:06 - 000000942 _____ C:\Users\TAHER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-11-25 03:18 - 2017-06-27 10:33 - 000000954 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-11-25 03:18 - 2017-04-22 07:28 - 000002211 _____ C:\Windows\wininit.ini
2017-11-24 02:44 - 2017-01-17 09:15 - 000180088 _____ (ESET) C:\Windows\system32\Drivers\ehdrv.sys
2017-11-24 02:44 - 2017-01-17 09:15 - 000132848 _____ (ESET) C:\Windows\system32\Drivers\eamonm.sys
2017-11-24 02:44 - 2017-01-17 09:15 - 000102160 _____ (ESET) C:\Windows\system32\Drivers\epfwwfp.sys
2017-11-24 02:44 - 2017-01-17 09:15 - 000015392 _____ (ESET) C:\Windows\system32\Drivers\eelam.sys
2017-11-17 18:08 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\rescache
2017-11-16 12:09 - 2015-09-14 21:08 - 000000000 ____D C:\Windows\system32\appraiser
2017-11-16 11:38 - 2015-09-14 13:15 - 000000000 ____D C:\Windows\system32\MRT
2017-11-16 11:32 - 2017-10-12 15:02 - 127017032 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2017-11-16 11:32 - 2015-09-14 13:14 - 127017032 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
==================== Files in the root of some directories =======
2016-02-20 19:32 - 2017-09-13 20:47 - 000000056 _____ () C:\Users\TAHER\AppData\Roaming\coreavc.ini
Some files in TEMP:
====================
2017-12-07 20:06 - 2017-12-06 15:08 - 000259622 _____ () C:\Users\TAHER\AppData\Local\Temp\Uninstall.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-12-06 14:52
==================== End of FRST.txt ============================