Publicité
Publicité
Format du document : text/plain
Prévisualisation
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04.03.2018
Ran by TAHER (04-03-2018 07:45:44)
Running from C:\Users\TAHER\Desktop
Windows 8.1 Pro (Update) (X64) (2015-09-14 00:15:50)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2422561113-3094125170-2170945475-500 - Administrator - Disabled)
Guest (S-1-5-21-2422561113-3094125170-2170945475-501 - Limited - Disabled)
TAHER (S-1-5-21-2422561113-3094125170-2170945475-1001 - Administrator - Enabled) => C:\Users\TAHER
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Internet Security (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Internet Security (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET جدار حماية (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7GIF (HKLM\...\{D27A1E28-51AD-4CB7-9AAD-11D8DDA3B619}_is1) (Version: 1.1.1.1020 - Xtreme-LAb®)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
ALLPlayer V7.X (HKLM-x32\...\ALLPlayer_is1) (Version: - ALLPlayer Group, Ltd.)
AVG (HKLM\...\{63E181FF-AC11-4910-A35E-3C6FD94332BC}) (Version: 1.181.1 - AVG Technologies) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.38 - Piriform)
Complément Microsoft Enregistrer en tant que PDF ou XPS pour programmes Microsoft Office 2007 (HKLM-x32\...\{90120000-00B2-040C-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1206.101.109 - ALPS ELECTRIC CO., LTD.)
ESET Security (HKLM\...\{79AE1BDC-BD8A-4186-96FF-F893108DB7D9}) (Version: 11.0.154.0 - ESET, spol. s r.o.)
FMW 1 (HKLM\...\{91079213-6155-4062-96E1-DFF570DE80C4}) (Version: 1.182.1 - AVG Technologies) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.2.1.6871 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.186 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 4.2.2.7 - PandoraTV)
Microsoft ISO Downloader Pro v1.0 (HKLM-x32\...\{EB841479-9966-4573-9D96-32AADA99D719}) (Version: 1.0 - BestProSoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 58.0.2 (x64 ar) (HKLM\...\Mozilla Firefox 58.0.2 (x64 ar)) (Version: 58.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0 - Mozilla)
MPC-HC 1.7.9 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.9 - MPC-HC Team)
NVIDIA برنامج نظام PhysX 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Opera Stable 51.0.2830.40 (HKLM-x32\...\Opera 51.0.2830.40) (Version: 51.0.2830.40 - Opera Software)
PatchCleaner (HKLM-x32\...\{727DA176-50BB-452C-8DB5-96EE0A573ED4}) (Version: 1.4.20 - HomeDev)
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
RogueKiller version 12.12.6.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.6.0 - Adlice Software)
Smarty Uninstaller 4 (HKLM\...\{8C93EE3B-3DC3-46A8-92D5-DE0B7F185722}_is1) (Version: 4.8.0.0 - OneSmarty)
SnagIt 8 (HKLM-x32\...\{DA0BF7AB-88EB-4675-8FA1-531EAD938821}) (Version: 8.2.3 - TechSmith Corporation)
Winamp (remove only) (HKLM-x32\...\Winamp) (Version: - )
WinRAR 5.31 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.1 - win.rar GmbH)
لوحة تحكم NVIDIA 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 342.01 - NVIDIA Corporation) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2017-06-23] (Tonec Inc.)
ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => -> No File
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-12-21] (ESET)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-02-15] (Foxit Software Inc.)
ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => -> No File
ContextMenuHandlers1: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files (x86)\TechSmith\SnagIt 8\DLLx64\SnagItShellExt64.dll [2007-05-16] (TechSmith Corporation)
ContextMenuHandlers1: [SpyEmergency] -> {2E9FFF5C-4375-494d-951F-098BAA42239E} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-01-03] (Alexander Roshal)
ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => -> No File
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-12-21] (ESET)
ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => -> No File
ContextMenuHandlers4: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files (x86)\TechSmith\SnagIt 8\DLLx64\SnagItShellExt64.dll [2007-05-16] (TechSmith Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-11-14] (NVIDIA Corporation)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-12-21] (ESET)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-02-15] (Foxit Software Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-01-03] (Alexander Roshal)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {01F9ED39-2382-416A-B9E0-095BC60DAEA4} - System32\Tasks\SmartyUninstallerLauncher => C:\Program Files\Smarty Uninstaller 4\SmartyUninstaller.exe [2017-11-08] (OneSmarty)
Task: {069A81EA-7E2F-4819-A90A-C6927ECCB25E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2018-02-13] (Microsoft Corporation)
Task: {0DFA46B5-6A76-465A-902B-58F09B541472} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-20] (Google Inc.)
Task: {2AC8BF21-8088-4043-9A72-2B7B4C50FC43} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-11-28] (AVAST Software)
Task: {515D055E-8138-4034-A179-38FCA7ED28CC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-12-11] (Adobe Systems Incorporated)
Task: {7A921398-2270-4242-BC7C-44009F7141B9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-12-01] (Piriform Ltd)
Task: {901FF8CA-4106-45E0-BC1E-CE47B1AD3528} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-20] (Google Inc.)
Task: {DBE829D6-0BAE-4717-833C-7F58E6F3BCD6} - System32\Tasks\Opera scheduled Autoupdate 1486325203 => C:\Program Files (x86)\Opera\launcher.exe [2018-02-22] (Opera Software)
Task: {ED3829A0-1E5B-4095-A169-A376EE2695AF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {F63CE93F-208B-4DDA-B210-E9A1F7C5F8B9} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_187_pepper.exe [2017-12-11] (Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\TAHER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\1f691da8a68f8326\Emoji Keyboard (2016) by EmojiOne™.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=ipdjnhgkpapgippgcgkfcbpdpcgifncb
==================== Loaded Modules (Whitelisted) ==============
2015-09-14 19:58 - 2016-11-14 13:15 - 000135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Windows:nlsPreferences [386]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\str => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\100sexlinks.com -> 100sexlinks.com
There are 4791 more sites.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2017-04-09 14:59 - 2018-02-18 22:35 - 000003808 _____ C:\Windows\system32\Drivers\etc\hosts
0.0.0.0serius.mwbsys.com
0.0.0.0keystone.mwbsys.com
127.0.0.1activation.easeus.com
127.0.0.1track.easeus.com
127.0.0.166.39.112.91
127.0.0.1216.92.151.227
127.0.0.1216.92.61.7
127.0.0.1www.easeus.com
0.0.0.012finance.com
0.0.0.012kotov.ru
0.0.0.0144.76.201.175
0.0.0.01dnscontrol.com
0.0.0.0adsrvr.org
0.0.0.0advertising.com
0.0.0.0akisho.ru
0.0.0.0altocloudmedia.com
0.0.0.0amtomil.ru
0.0.0.0appchucklegift.com
0.0.0.0asedownloadgate.com
0.0.0.0backupcdn.com
0.0.0.0bestapps4ever161.download
0.0.0.0bywinners.men
0.0.0.0cdndepot.com
0.0.0.0champlaintechnology.com
0.0.0.0chromesearch.win
0.0.0.0clapflab.ru
0.0.0.0click-now-on.me
0.0.0.0corulu.com
0.0.0.0coupplayoffgame.com
0.0.0.0d3jx96othz2l8y.cloudfront.net
There are 123 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme2\img11.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 =>
MSCONFIG\startupreg: CCleaner Monitoring =>
MSCONFIG\startupreg: GUDelayStartup =>
MSCONFIG\startupreg: Malwarebytes TrayApp =>
MSCONFIG\startupreg: ultracopier =>
HKLM\...\StartupApproved\Run: => "AvgUi"
HKLM\...\StartupApproved\Run32: => "WinampAgent"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "CCleaner Monitoring"
HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\StartupApproved\Run: => "ultracopier"
HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\StartupApproved\Run: => "GUDelayStartup"
HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\StartupApproved\Run: => "ALLPlayer WiFi Remote"
HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\StartupApproved\Run: => "Advanced SystemCare 11"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{73A8A5DC-9EFB-4EE2-BF47-AB8E7F61561C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{A7627598-B676-4848-8D52-2E5563405E40}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{F553175B-6FF7-4DFC-9DE3-FD355104831E}] => (Allow) C:\Program Files (x86)\Opera\50.0.2762.67\opera.exe
FirewallRules: [{B1187025-4C00-43DA-8B27-2917748C6D51}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{911D9072-650F-48FE-8EA2-FE17002708CA}] => (Allow) C:\Program Files (x86)\Opera\51.0.2830.40\opera.exe
==================== Restore Points =========================
01-03-2018 03:52:08 Scheduled Checkpoint
==================== Faulty Device Manager Devices =============
Name: Broadcom USH
Description: Broadcom USH
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Error: (03/04/2018 07:14:49 AM) (Source: DCOM) (EventID: 10010) (User: TITo)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.
Error: (03/04/2018 07:14:19 AM) (Source: DCOM) (EventID: 10010) (User: TITo)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.
Windows Defender:
===================================
Date: 2015-10-17 13:36:29.424
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted: Current
Error Code: 0x80073aba
Error description: المورد قديم للغاية ولا يمكن أن يكون متوافقاً.
Signature version: 1.155.266.0;1.155.266.0
Engine version: 1.1.9700.0
Date: 2015-09-14 12:47:07.488
Description:
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x80070002
Error description: يتعذر على النظام العثور على الملف المحدد.
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
CodeIntegrity:
===================================
Date: 2018-03-02 13:41:50.574
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\Impcd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-02-25 15:54:29.183
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\Impcd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-02-25 07:49:21.730
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\Impcd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-02-25 07:38:45.120
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\Impcd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-02-25 07:33:53.214
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\Impcd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-02-24 06:34:40.684
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\Impcd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-02-23 12:03:51.356
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\Impcd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-02-23 12:01:36.962
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\Impcd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5 CPU M 560 @ 2.67GHz
Percentage of memory in use: 28%
Total physical RAM: 3957.83 MB
Available physical RAM: 2833.77 MB
Total Virtual: 5501.39 MB
Available Virtual: 4343.6 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:48.73 GB) (Free:17.98 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:48.94 GB) (Free:48.84 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:292.97 GB) (Free:36.71 GB) NTFS
Drive f: (New Volume) (Fixed) (Total:259.18 GB) (Free:2.81 GB) NTFS
Drive g: (New Volume) (Fixed) (Total:48.72 GB) (Free:36.24 GB) NTFS
\\?\Volume{2e588769-5a74-11e5-824e-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.03 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 698.6 GB) (Disk ID: B95575E4)
Partition 1: (Active) - (Size=99 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=48.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=48.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=600.9 GB) - (Type=0F Extended)
==================== End of Addition.txt ============================
Ran by TAHER (04-03-2018 07:45:44)
Running from C:\Users\TAHER\Desktop
Windows 8.1 Pro (Update) (X64) (2015-09-14 00:15:50)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2422561113-3094125170-2170945475-500 - Administrator - Disabled)
Guest (S-1-5-21-2422561113-3094125170-2170945475-501 - Limited - Disabled)
TAHER (S-1-5-21-2422561113-3094125170-2170945475-1001 - Administrator - Enabled) => C:\Users\TAHER
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Internet Security (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Internet Security (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET جدار حماية (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7GIF (HKLM\...\{D27A1E28-51AD-4CB7-9AAD-11D8DDA3B619}_is1) (Version: 1.1.1.1020 - Xtreme-LAb®)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
ALLPlayer V7.X (HKLM-x32\...\ALLPlayer_is1) (Version: - ALLPlayer Group, Ltd.)
AVG (HKLM\...\{63E181FF-AC11-4910-A35E-3C6FD94332BC}) (Version: 1.181.1 - AVG Technologies) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.38 - Piriform)
Complément Microsoft Enregistrer en tant que PDF ou XPS pour programmes Microsoft Office 2007 (HKLM-x32\...\{90120000-00B2-040C-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1206.101.109 - ALPS ELECTRIC CO., LTD.)
ESET Security (HKLM\...\{79AE1BDC-BD8A-4186-96FF-F893108DB7D9}) (Version: 11.0.154.0 - ESET, spol. s r.o.)
FMW 1 (HKLM\...\{91079213-6155-4062-96E1-DFF570DE80C4}) (Version: 1.182.1 - AVG Technologies) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.2.1.6871 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.186 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 4.2.2.7 - PandoraTV)
Microsoft ISO Downloader Pro v1.0 (HKLM-x32\...\{EB841479-9966-4573-9D96-32AADA99D719}) (Version: 1.0 - BestProSoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 58.0.2 (x64 ar) (HKLM\...\Mozilla Firefox 58.0.2 (x64 ar)) (Version: 58.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0 - Mozilla)
MPC-HC 1.7.9 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.9 - MPC-HC Team)
NVIDIA برنامج نظام PhysX 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Opera Stable 51.0.2830.40 (HKLM-x32\...\Opera 51.0.2830.40) (Version: 51.0.2830.40 - Opera Software)
PatchCleaner (HKLM-x32\...\{727DA176-50BB-452C-8DB5-96EE0A573ED4}) (Version: 1.4.20 - HomeDev)
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
RogueKiller version 12.12.6.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.6.0 - Adlice Software)
Smarty Uninstaller 4 (HKLM\...\{8C93EE3B-3DC3-46A8-92D5-DE0B7F185722}_is1) (Version: 4.8.0.0 - OneSmarty)
SnagIt 8 (HKLM-x32\...\{DA0BF7AB-88EB-4675-8FA1-531EAD938821}) (Version: 8.2.3 - TechSmith Corporation)
Winamp (remove only) (HKLM-x32\...\Winamp) (Version: - )
WinRAR 5.31 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.1 - win.rar GmbH)
لوحة تحكم NVIDIA 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 342.01 - NVIDIA Corporation) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2017-06-23] (Tonec Inc.)
ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => -> No File
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-12-21] (ESET)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-02-15] (Foxit Software Inc.)
ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => -> No File
ContextMenuHandlers1: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files (x86)\TechSmith\SnagIt 8\DLLx64\SnagItShellExt64.dll [2007-05-16] (TechSmith Corporation)
ContextMenuHandlers1: [SpyEmergency] -> {2E9FFF5C-4375-494d-951F-098BAA42239E} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-01-03] (Alexander Roshal)
ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => -> No File
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-12-21] (ESET)
ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => -> No File
ContextMenuHandlers4: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files (x86)\TechSmith\SnagIt 8\DLLx64\SnagItShellExt64.dll [2007-05-16] (TechSmith Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-11-14] (NVIDIA Corporation)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-12-21] (ESET)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-02-15] (Foxit Software Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-01-03] (Alexander Roshal)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {01F9ED39-2382-416A-B9E0-095BC60DAEA4} - System32\Tasks\SmartyUninstallerLauncher => C:\Program Files\Smarty Uninstaller 4\SmartyUninstaller.exe [2017-11-08] (OneSmarty)
Task: {069A81EA-7E2F-4819-A90A-C6927ECCB25E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2018-02-13] (Microsoft Corporation)
Task: {0DFA46B5-6A76-465A-902B-58F09B541472} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-20] (Google Inc.)
Task: {2AC8BF21-8088-4043-9A72-2B7B4C50FC43} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-11-28] (AVAST Software)
Task: {515D055E-8138-4034-A179-38FCA7ED28CC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-12-11] (Adobe Systems Incorporated)
Task: {7A921398-2270-4242-BC7C-44009F7141B9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-12-01] (Piriform Ltd)
Task: {901FF8CA-4106-45E0-BC1E-CE47B1AD3528} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-20] (Google Inc.)
Task: {DBE829D6-0BAE-4717-833C-7F58E6F3BCD6} - System32\Tasks\Opera scheduled Autoupdate 1486325203 => C:\Program Files (x86)\Opera\launcher.exe [2018-02-22] (Opera Software)
Task: {ED3829A0-1E5B-4095-A169-A376EE2695AF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {F63CE93F-208B-4DDA-B210-E9A1F7C5F8B9} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_187_pepper.exe [2017-12-11] (Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\TAHER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\1f691da8a68f8326\Emoji Keyboard (2016) by EmojiOne™.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=ipdjnhgkpapgippgcgkfcbpdpcgifncb
==================== Loaded Modules (Whitelisted) ==============
2015-09-14 19:58 - 2016-11-14 13:15 - 000135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Windows:nlsPreferences [386]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\str => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\100sexlinks.com -> 100sexlinks.com
There are 4791 more sites.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2017-04-09 14:59 - 2018-02-18 22:35 - 000003808 _____ C:\Windows\system32\Drivers\etc\hosts
0.0.0.0serius.mwbsys.com
0.0.0.0keystone.mwbsys.com
127.0.0.1activation.easeus.com
127.0.0.1track.easeus.com
127.0.0.166.39.112.91
127.0.0.1216.92.151.227
127.0.0.1216.92.61.7
127.0.0.1www.easeus.com
0.0.0.012finance.com
0.0.0.012kotov.ru
0.0.0.0144.76.201.175
0.0.0.01dnscontrol.com
0.0.0.0adsrvr.org
0.0.0.0advertising.com
0.0.0.0akisho.ru
0.0.0.0altocloudmedia.com
0.0.0.0amtomil.ru
0.0.0.0appchucklegift.com
0.0.0.0asedownloadgate.com
0.0.0.0backupcdn.com
0.0.0.0bestapps4ever161.download
0.0.0.0bywinners.men
0.0.0.0cdndepot.com
0.0.0.0champlaintechnology.com
0.0.0.0chromesearch.win
0.0.0.0clapflab.ru
0.0.0.0click-now-on.me
0.0.0.0corulu.com
0.0.0.0coupplayoffgame.com
0.0.0.0d3jx96othz2l8y.cloudfront.net
There are 123 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme2\img11.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 =>
MSCONFIG\startupreg: CCleaner Monitoring =>
MSCONFIG\startupreg: GUDelayStartup =>
MSCONFIG\startupreg: Malwarebytes TrayApp =>
MSCONFIG\startupreg: ultracopier =>
HKLM\...\StartupApproved\Run: => "AvgUi"
HKLM\...\StartupApproved\Run32: => "WinampAgent"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "CCleaner Monitoring"
HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\StartupApproved\Run: => "ultracopier"
HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\StartupApproved\Run: => "GUDelayStartup"
HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\StartupApproved\Run: => "ALLPlayer WiFi Remote"
HKU\S-1-5-21-2422561113-3094125170-2170945475-1001\...\StartupApproved\Run: => "Advanced SystemCare 11"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{73A8A5DC-9EFB-4EE2-BF47-AB8E7F61561C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{A7627598-B676-4848-8D52-2E5563405E40}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{F553175B-6FF7-4DFC-9DE3-FD355104831E}] => (Allow) C:\Program Files (x86)\Opera\50.0.2762.67\opera.exe
FirewallRules: [{B1187025-4C00-43DA-8B27-2917748C6D51}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{911D9072-650F-48FE-8EA2-FE17002708CA}] => (Allow) C:\Program Files (x86)\Opera\51.0.2830.40\opera.exe
==================== Restore Points =========================
01-03-2018 03:52:08 Scheduled Checkpoint
==================== Faulty Device Manager Devices =============
Name: Broadcom USH
Description: Broadcom USH
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Error: (03/04/2018 07:14:49 AM) (Source: DCOM) (EventID: 10010) (User: TITo)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.
Error: (03/04/2018 07:14:19 AM) (Source: DCOM) (EventID: 10010) (User: TITo)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.
Windows Defender:
===================================
Date: 2015-10-17 13:36:29.424
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted: Current
Error Code: 0x80073aba
Error description: المورد قديم للغاية ولا يمكن أن يكون متوافقاً.
Signature version: 1.155.266.0;1.155.266.0
Engine version: 1.1.9700.0
Date: 2015-09-14 12:47:07.488
Description:
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x80070002
Error description: يتعذر على النظام العثور على الملف المحدد.
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
CodeIntegrity:
===================================
Date: 2018-03-02 13:41:50.574
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\Impcd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-02-25 15:54:29.183
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\Impcd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-02-25 07:49:21.730
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\Impcd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-02-25 07:38:45.120
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\Impcd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-02-25 07:33:53.214
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\Impcd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-02-24 06:34:40.684
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\Impcd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-02-23 12:03:51.356
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\Impcd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-02-23 12:01:36.962
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\Impcd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5 CPU M 560 @ 2.67GHz
Percentage of memory in use: 28%
Total physical RAM: 3957.83 MB
Available physical RAM: 2833.77 MB
Total Virtual: 5501.39 MB
Available Virtual: 4343.6 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:48.73 GB) (Free:17.98 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:48.94 GB) (Free:48.84 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:292.97 GB) (Free:36.71 GB) NTFS
Drive f: (New Volume) (Fixed) (Total:259.18 GB) (Free:2.81 GB) NTFS
Drive g: (New Volume) (Fixed) (Total:48.72 GB) (Free:36.24 GB) NTFS
\\?\Volume{2e588769-5a74-11e5-824e-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.03 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 698.6 GB) (Disk ID: B95575E4)
Partition 1: (Active) - (Size=99 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=48.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=48.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=600.9 GB) - (Type=0F Extended)
==================== End of Addition.txt ============================