Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-03-2017 Ran by منير (01-04-2017 21:38:07) Running from C:\Users\منير\Desktop Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2017-01-09 16:57:04) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-4218572008-491887988-1106255587-500 - Administrator - Disabled) Guest (S-1-5-21-4218572008-491887988-1106255587-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-4218572008-491887988-1106255587-1002 - Limited - Enabled) منير (S-1-5-21-4218572008-491887988-1106255587-1000 - Administrator - Enabled) => C:\Users\منير ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Disabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Desktop (Disabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Ashampoo Photo Commander 14 v.14.0.0 (HKLM\...\{C92AB6F1-616B-A905-B3D2-3B7C238851DC}_is1) (Version: 14.0.0 - Ashampoo GmbH & Co. KG) Avira Internet Security (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira) CCleaner (HKLM\...\CCleaner) (Version: 5.10 - Piriform) Cela.C.M (HKLM\...\Cela.C.M) (Version: 100.001.010.016 - Huawei Technologies Co.,Ltd) FormatFactory 3.7.5.0 (HKLM\...\FormatFactory) (Version: 3.7.5.0 - Free Time) Google Chrome (HKLM\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc‎.‎) Google Update Helper (Version: 1.3.32.7 - Google Inc.) Hidden HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118) (Version: - ) K-Lite Mega Codec Pack 11.5.0 (HKLM\...\KLiteCodecPack_is1) (Version: 11.5.0 - ) Malwarebytes Anti-Malware النسخة 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Maxthon Cloud Browser (HKLM\...\Maxthon3) (Version: 4.9.4.3000 - Maxthon International Limited) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 (العربية) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1025) (Version: 4.6.01055 - Microsoft Corporation) PicosmosTools 1.8.0.0 (HKLM\...\PicosmosTools) (Version: 1.8.0.0 - Free Time) PS TO PC CONVERTER (HKLM\...\{A483F88A-41E9-45B2-AAC9-A823DD9B4873}) (Version: 2007.01.01 - ) Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform) Twin USB Gamepad (HKLM\...\{0AD1F05D-15F6-476D-A3BE-E3D5E3E0E023}) (Version: 1.00.0000 - yanglx) Unlocker 1.9.1 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb) WinRAR 5.30 (32-بت) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-4218572008-491887988-1106255587-1000_Classes\CLSID\{0002DF01-0000-0000-C000-000000000046}\localserver32 -> C:\Program Files\Maxthon\Bin\Maxthon.exe (Maxthon International ltd.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {05C45442-B42F-4967-8287-276784D3923A} - System32\Tasks\Maxthon Update => C:\Program Files\Maxthon\Bin\MxStart.exe [2017-01-06] (Maxthon International ltd.) Task: {0630B25C-BBBA-4FE8-BBC7-5D570139BFE0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-01-09] (Google Inc.) Task: {1A3460E8-D31A-42E5-BA87-C9DED0540C86} - System32\Tasks\{1F6757B9-3ED4-49F3-BE35-CC91BF519F58} => pcalua.exe -a D:\pes06\pro-evolution-soccer-6----by------Algerian4orever-----\Konami_PES6_PC_DEMO.exe -d D:\pes06\pro-evolution-soccer-6----by------Algerian4orever----- Task: {2B04B2AF-9AB5-4192-8DDA-452611CB1A81} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-09-16] (Piriform Ltd) Task: {3BE1572D-5508-4055-8D28-25A8F44E3BCA} - System32\Tasks\{FABDF878-50E5-4970-A1A2-71E9D3D11988} => pcalua.exe -a "C:\Pro Evolution Soccer 6 RIP HAMZA MEBARKI®\Install\kitserver\setup.exe" -d "C:\Pro Evolution Soccer 6 RIP HAMZA MEBARKI®\Install\kitserver" Task: {886A8560-E523-421F-9C54-2BBB4B3DB2C1} - System32\Tasks\{8F5667CB-5196-47CF-9340-5A3D9E11995E} => pcalua.exe -a "D:\PES 2016\[PES16] PTE PATCH 6.0 Final Version\Setup 1.exe" -d "D:\PES 2016\[PES16] PTE PATCH 6.0 Final Version" Task: {EB6ED3F9-DFC0-444D-88D1-DB389E9DB43D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-01-09] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2010-07-05 00:32 - 2010-07-05 00:32 - 00004608 _____ () C:\Program Files\Unlocker\UnlockerHook.dll 2010-07-05 00:32 - 2010-07-05 00:32 - 00010752 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll 2010-07-04 22:51 - 2010-07-04 22:51 - 00017408 _____ () C:\Program Files\Unlocker\UnlockerAssistant.exe 2017-01-09 20:00 - 2007-09-30 09:29 - 00014848 _____ () C:\Program Files\Cela.C.M_HW\isaputrace.dll 2017-03-27 19:12 - 2007-11-15 07:01 - 00098304 _____ () C:\Program Files\Cela.C.M_HW\DeviceMgrPlugin.dll 2017-03-27 19:12 - 2009-08-05 15:14 - 00131072 _____ () C:\Program Files\Cela.C.M_HW\DetectDev.dll 2017-03-27 19:12 - 2009-08-05 15:14 - 00466944 _____ () C:\Program Files\Cela.C.M_HW\atcomm.dll 2017-03-27 19:12 - 2009-08-05 15:14 - 00053248 _____ () C:\Program Files\Cela.C.M_HW\XCodec.dll 2017-03-27 19:12 - 2007-11-15 07:02 - 00057344 _____ () C:\Program Files\Cela.C.M_HW\ConfigFilePlugin.dll 2017-03-27 19:12 - 2007-11-15 07:05 - 00126976 _____ () C:\Program Files\Cela.C.M_HW\LocaleMgrPlugin.dll 2017-03-27 19:12 - 2010-06-18 11:07 - 00311296 _____ () C:\Program Files\Cela.C.M_HW\libxvi010.dll 2017-03-27 19:12 - 2010-10-29 18:36 - 01109504 _____ () C:\Program Files\Cela.C.M_HW\eap_supplicant.dll 2017-03-27 19:12 - 2009-05-05 10:13 - 00023552 _____ () C:\Program Files\Cela.C.M_HW\NotifyServicePlugin.dll 2017-01-10 11:33 - 2016-09-06 12:00 - 05197312 _____ () C:\Users\منير\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll 2017-01-10 11:33 - 2016-09-06 12:00 - 00147456 _____ () C:\Users\منير\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 05:04 - 2009-06-11 00:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4218572008-491887988-1106255587-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\منير\AppData\Local\Ashampoo\Ashampoo Photo Commander 14\APCWallpaper.bmp DNS Servers: 8.8.8.8 - 8.8.4.4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{89D51991-33F2-4357-8F74-B7D5955067FD}] => (Allow) C:\Program Files\Maxthon\Bin\MxUp.exe FirewallRules: [{BE1DE10D-746B-43BD-A8D8-DE39189419E8}] => (Allow) C:\Program Files\Maxthon\Bin\MxUp.exe FirewallRules: [{5CCC8F90-5639-4B7A-8CDF-3184112DFA7C}] => (Allow) C:\Program Files\Maxthon\Bin\Maxthon.exe FirewallRules: [{302B4EBE-8A92-4664-B111-C3B668DEDD5A}] => (Allow) C:\Program Files\Maxthon\Bin\Maxthon.exe FirewallRules: [{52318E19-6A22-4CD7-BDAB-98AD93FB35CF}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe FirewallRules: [{72B00809-7D4D-47AD-AA00-5D341F47ED5F}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe FirewallRules: [{0F531460-93DC-4DCB-9A1F-4646D59AD0E7}] => (Allow) C:\Program Files\FormatFactory\FFModules\Package\PFInstOnline.exe FirewallRules: [{6E9BBC0D-7F4A-4CB0-9EB3-3AD4B38EDC0A}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe FirewallRules: [{438C131F-7D40-4D00-AEAA-1972E77271FA}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 10-01-2006 01:05:56 عملية الاستعادة 26-03-2017 14:21:10 Windows Update 28-03-2017 19:57:19 ComboFix created restore point 31-03-2017 14:22:43 Windows Update 31-03-2017 23:35:55 Windows Update 01-04-2017 00:00:50 Windows Update 01-04-2017 11:13:51 Windows Update ==================== Faulty Device Manager Devices ============= Name: ‏‏وحدة تحكم التخزين كبير السعة Description: ‏‏وحدة تحكم التخزين كبير السعة Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (04/01/2017 07:16:37 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: ‏‏اسم ‏‏التطبيق الذي يحتوي على أخطاء: pes6.exe، الإصدار: 1.0.0.1، الطابع الزمني: 0x4502a65a اسم الوحدة النمطية التي تحتوي على أخطاء: pes6.exe، الإصدار: 1.0.0.1، الطابع الزمني: 0x4502a65a رمز الاستثناء: 0xc0000005 إزاحة الخطأ: 0x004d160c معرّف العملية التي تحتوي على خطأ: 0x93c وقت بدء تشغيل التطبيق الذي يحتوي على خطأ: 0x01d2ab00872d14f3 مسار التطبيق الذي يحتوي على خطأ: D:\Pro Evolution Soccer 6 RIP\Install\pes6.exe مسار الوحدة النمطية التي تحتوي على خطأ: D:\Pro Evolution Soccer 6 RIP\Install\pes6.exe معرف التقرير: 944b3e18-16f6-11e7-9903-001d722bff12 System errors: ============= ==================== Memory info =========================== Processor: Intel(R) Celeron(R) CPU 550 @ 2.00GHz Percentage of memory in use: 90% Total physical RAM: 1014.43 MB Available physical RAM: 93.68 MB Total Virtual: 2304 MB Available Virtual: 269.97 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:120.37 GB) (Free:100.45 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive d: (برامج منوعه) (Fixed) (Total:177.62 GB) (Free:128.56 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 8530BB91) Partition 1: (Not Active) - (Size=86 MB) - (Type=05) Partition 2: (Active) - (Size=120.4 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=177.6 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================