cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-01-2017
Ran by win7 (administrator) on WIN7-PC (31-01-2017 01:52:25)
Running from C:\Users\win7\Videos
Loaded Profiles: win7 (Available Profiles: win7)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: العربية (السعودية)‏
Internet Explorer Version 8 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Elex do Brasil Participações Ltda) C:\Program Files\Elex-tech\YAC\iSafeSvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files\Elex-tech\YAC\iSafeSvc2.exe
(Elex do Brasil Participações Ltda) C:\Program Files\Elex-tech\YAC\iSafeTray.exe
() C:\Program Files\bb26c896-d52e-4141-8a09-5d25b9ca27df1485549062\protbb26c896-d52e-4141-8a09-5d25b9ca27df.tmpfs
() C:\Program Files\bb26c896-d52e-4141-8a09-5d25b9ca27df1485549062\kns4C9B.tmp
() C:\Program Files\UCBrowser\Application\UCService.exe
() C:\Users\win7\AppData\Local\00000000-1485818482-0000-0000-50E549F2978C\qnsm9F7C.tmp
() C:\Program Files\Winamp\winampa.exe
() C:\Windows\sservice controller\service.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe
() C:\Program Files\UCBrowser\Application\6.0.1471.813\UCAgent.exe
(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe
(SurfRight B.V.) C:\Users\win7\Downloads\Programs\HitmanPro.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [WinampAgent] => C:\Program Files\Winamp\winampa.exe [35328 2005-12-08] ()
HKLM\...\Run: [dictionnary] => C:\Windows\sservice controller\service.exe [2955776 2016-11-11] ()
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-1175016655-2442003890-1713799225-1000\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [3985464 2016-11-11] (Tonec Inc.)
HKU\S-1-5-21-1175016655-2442003890-1713799225-1000\...\Run: [Viber] => C:\Users\win7\AppData\Local\Viber\Viber.exe [45518928 2016-11-18] (Viber Media S.à r.l.)
HKU\S-1-5-21-1175016655-2442003890-1713799225-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27250144 2016-12-20] (Skype Technologies S.A.)
HKU\S-1-5-21-1175016655-2442003890-1713799225-1000\...\Run: [_-LO#onç9J.exe] => C:\ProgramData\{c8a-ba-11-d8496-88bdb-c8bd-95a6c}\_-LO#onç9J.exe [1118720 2017-01-27] ()
HKU\S-1-5-21-1175016655-2442003890-1713799225-1000\...\Run: [kdLu+RsoHc.exe] => C:\ProgramData\{c8a-ba-11-d8496-88bdb-c8bd-95a6c}\kdLu+RsoHc.exe [1363456 2017-01-27] ()
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2016-09-08] (Microsoft Corporation)
HKLM\...\Providers\7mgicj7n: C:\Program Files\Qiaseferdusp Engine\local32spl.dll [275968 2017-01-12] ()
ShellExecuteHooks: No Name - {F97757C6-D3F6-11E6-A8B4-64006A5CFC35} - C:\Users\win7\AppData\Roaming\Griberse\Grtotherariha.dll -> No File
ShellExecuteHooks: No Name - {7FBEA058-DE40-11E6-83E9-64006A5CFC23} - C:\Users\win7\AppData\Roaming\Kowelystzother\Ghikuy.dll [123392 2017-01-27] ()
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2015-08-14] (Tonec Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 197.39.242.222 197.39.242.222
Tcpip\..\Interfaces\{180DC0B1-2FC8-4E59-8C7D-BE47D8DF09CD}: [DhcpNameServer] 197.39.242.222 197.39.242.222

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1175016655-2442003890-1713799225-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1175016655-2442003890-1713799225-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-1175016655-2442003890-1713799225-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-1175016655-2442003890-1713799225-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-1175016655-2442003890-1713799225-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2016-11-09] (Internet Download Manager, Tonec Inc.)

FireFox:
========
FF DefaultProfile: gtbfj5kl.default
FF DefaultProfile: 99u85z92.default
FF ProfilePath: C:\Users\win7\AppData\Roaming\Mozilla\SeaMonkey\Profiles\gtbfj5kl.default [2017-01-30]
FF Extension: (DOM Inspector) - C:\Users\win7\AppData\Roaming\Mozilla\SeaMonkey\Profiles\gtbfj5kl.default\Extensions\inspector@mozilla.org [2016-11-24]
FF Extension: (ChatZilla) - C:\Users\win7\AppData\Roaming\Mozilla\SeaMonkey\Profiles\gtbfj5kl.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2016-11-24]
FF ProfilePath: C:\Users\win7\AppData\Roaming\Mozilla\Firefox\Profiles\99u85z92.default [2017-01-31]
FF NewTab: Mozilla\Firefox\Profiles\99u85z92.default -> hxxp://www.youndoo.com/?z=dcdd6a82e63d5840e8b4bf8g9z6b8w3wbz9t3gbgdq&from=wak&uid=WDCXWD5000AADS-00S9B0_WD-WCAV9S42679326793&type=hp
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\99u85z92.default -> youndoo
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\99u85z92.default -> youndoo
FF Homepage: Mozilla\Firefox\Profiles\99u85z92.default -> hxxp://www.youndoo.com/?z=dcdd6a82e63d5840e8b4bf8g9z6b8w3wbz9t3gbgdq&from=wak&uid=WDCXWD5000AADS-00S9B0_WD-WCAV9S42679326793&type=hp
FF Extension: (Firefox Hotfix) - C:\Users\win7\AppData\Roaming\Mozilla\Firefox\Profiles\99u85z92.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-13]
FF Extension: (IDM integration) - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2016-11-16]
FF SearchPlugin: C:\Users\win7\AppData\Roaming\Mozilla\Firefox\Profiles\99u85z92.default\searchplugins\7mgicj7n.xml [2017-01-12]
FF SearchPlugin: C:\Users\win7\AppData\Roaming\Mozilla\Firefox\Profiles\99u85z92.default\searchplugins\findit.xml [2017-01-12]
FF SearchPlugin: C:\Users\win7\AppData\Roaming\Mozilla\Firefox\Profiles\99u85z92.default\searchplugins\h9kafbc6.xml [2017-01-27]
FF ProfilePath: C:\Users\win7\AppData\Roaming\Firefox\Firefox\Profiles\99u85z92.default [2017-01-19]
FF NewTab: Firefox\Firefox\Profiles\99u85z92.default -> C:\\ProgramData\\Zaamlas\\ff.NT
FF DefaultSearchEngine: Firefox\Firefox\Profiles\99u85z92.default -> trotux
FF SelectedSearchEngine: Firefox\Firefox\Profiles\99u85z92.default -> trotux
FF Homepage: Firefox\Firefox\Profiles\99u85z92.default -> hxxp://www.searchinme.com/?type=hp&ts=1484828798808&z=&from=official&uid=WDCXWD5000AADS-00S9B0_WD-WCAV9S42679326793
FF Extension: (FF Adr) - C:\Users\win7\AppData\Roaming\Firefox\Firefox\Profiles\99u85z92.default\Extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi [2017-01-19] [not signed]
FF Extension: (English (US) Language Pack) - C:\Users\win7\AppData\Roaming\Firefox\Firefox\Profiles\99u85z92.default\Extensions\langpack-en-US@firefox.mozilla.org.xpi [2017-01-19] [not signed]
FF SearchPlugin: C:\Users\win7\AppData\Roaming\Firefox\Firefox\Profiles\99u85z92.default\searchplugins\7mgicj7n.xml [2017-01-12]
FF SearchPlugin: C:\Users\win7\AppData\Roaming\Firefox\Firefox\Profiles\99u85z92.default\searchplugins\findit.xml [2017-01-12]
FF SearchPlugin: C:\Users\win7\AppData\Roaming\Firefox\Firefox\Profiles\99u85z92.default\searchplugins\searchinme.xml [2017-01-19]
FF HKU\S-1-5-21-1175016655-2442003890-1713799225-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-10] ()
FF Plugin: @videolan.org/vlc,version=3.0.0-git -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-12-27] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: ChromeDefaultData2
CHR HomePage: ChromeDefaultData2 -> hxxp://www.youndoo.com/?z=dcdd6a82e63d5840e8b4bf8g9z6b8w3wbz9t3gbgdq&from=wak&uid=WDCXWD5000AADS-00S9B0_WD-WCAV9S42679326793&type=hp
CHR StartupUrls: ChromeDefaultData2 -> "hxxp://www.youndoo.com/?z=dcdd6a82e63d5840e8b4bf8g9z6b8w3wbz9t3gbgdq&from=wak&uid=WDCXWD5000AADS-00S9B0_WD-WCAV9S42679326793&type=hp"
CHR DefaultSearchURL: ChromeDefaultData2 -> hxxp://www.youndoo.com/search/?q={searchTerms}&z=dcdd6a82e63d5840e8b4bf8g9z6b8w3wbz9t3gbgdq&from=wak&uid=WDCXWD5000AADS-00S9B0_WD-WCAV9S42679326793&type=sp
CHR DefaultSearchKeyword: ChromeDefaultData2 -> youndoo
CHR Profile: C:\Users\win7\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2 [2017-01-14] <==== ATTENTION
CHR Extension: (Local SWF Player) - C:\Users\win7\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\kdmbckedabpbgjagmkgcejooabcdnone [2016-09-02]
CHR Extension: (Flash® Player for YouTube™) - C:\Users\win7\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\lajdkhdcndkniopfefocbgbkofflagpm [2016-09-02]
CHR Extension: (Messenger (Unofficial)) - C:\Users\win7\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\mdapmeleikeppmfgadilffngabfpibok [2016-09-10]
CHR Extension: (IDM Integration Module) - C:\Users\win7\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-09-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\win7\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-02]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2016-11-16]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 goryzufe; C:\Program Files\bb26c896-d52e-4141-8a09-5d25b9ca27df1485549062\kns4C9B.tmp [439296 2017-01-31] () [File not signed]
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [113632 2017-01-31] (SurfRight B.V.)
R2 InternetDownloadManageriWebcam; C:\Program Files\iWebcam\InternetDownloadManageriWebcam.dll [224768 2017-01-12] () [File not signed]
R2 iSafeService; C:\Program Files\Elex-tech\YAC\iSafeSvc.exe [131024 2016-08-19] (Elex do Brasil Participações Ltda)
S2 MSLN; C:\ProgramData\Microsoft\IdentityCRL\ppcrlconf.dll [443392 2017-01-19] () [File not signed]
R2 Qibely; C:\Program Files\Weloied\Drjcache.dll [179200 2017-01-12] () [File not signed]
R2 UCBrowserSvc; C:\Program Files\UCBrowser\Application\UCService.exe [930704 2017-01-16] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 zigipyro; C:\Users\win7\AppData\Local\00000000-1485818482-0000-0000-50E549F2978C\qnsm9F7C.tmp [158720 2015-12-26] () [File not signed]
R2 gemeloki; C:\Program Files\bb26c896-d52e-4141-8a09-5d25b9ca27df1485549062\protbb26c896-d52e-4141-8a09-5d25b9ca27df.tmpfs [X]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BazisVirtualCDBus; C:\Windows\System32\DRIVERS\BazisVirtualCDBus.sys [117584 2011-08-08] (SysProgs.org)
R3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [47056 2017-01-31] ()
R1 iSafeKrnl; C:\Program Files\Elex-tech\YAC\iSafeKrnl.sys [227776 2016-05-23] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files\Elex-tech\YAC\iSafeKrnlKit.sys [97912 2016-05-23] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlMon; C:\Program Files\Elex-tech\YAC\iSafeKrnlMon.sys [45032 2016-05-23] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files\Elex-tech\YAC\iSafeKrnlR3.sys [73232 2016-05-23] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [59152 2016-05-19] (Elex do Brasil Participações Ltda)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x86.sys [110280 2013-11-29] (Qualcomm Atheros Co., Ltd.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R1 ucdrv; C:\Program Files\UCBrowser\Security:ucdrv-x86.sys [19812 ] (UC Web Inc.) <==== ATTENTION
S3 catchme; \??\C:\Users\win7\AppData\Local\Temp\catchme.sys [X]
S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U3 mbr; \??\C:\Users\win7\AppData\Local\Temp\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-31 01:41 - 2017-01-31 01:41 - 00047056 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2017-01-31 01:41 - 2017-01-31 01:41 - 00001919 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2017-01-31 01:41 - 2017-01-31 01:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2017-01-31 01:41 - 2017-01-31 01:41 - 00000000 ____D C:\ProgramData\HitmanPro
2017-01-31 01:41 - 2017-01-31 01:41 - 00000000 ____D C:\Program Files\HitmanPro
2017-01-31 01:13 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2017-01-31 01:13 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2017-01-31 01:13 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-01-31 01:13 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-01-31 01:13 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-01-31 01:13 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2017-01-31 01:13 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2017-01-31 01:13 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2017-01-31 01:12 - 2017-01-31 01:25 - 00000000 ____D C:\ComboFix
2017-01-31 01:11 - 2016-05-19 08:42 - 00059152 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys
2017-01-31 01:02 - 2017-01-31 01:12 - 00000000 ____D C:\Qoobox
2017-01-31 01:01 - 2017-01-31 01:22 - 00000000 ____D C:\Windows\erdnt
2017-01-31 01:00 - 2017-01-31 01:00 - 05659775 ____R (Swearware) C:\Users\win7\Desktop\ComboFix.exe
2017-01-31 00:37 - 2017-01-31 00:37 - 00000669 _____ C:\RstHosts.txt
2017-01-30 23:27 - 2017-01-31 01:52 - 00000000 ____D C:\FRST
2017-01-30 23:21 - 2017-01-30 23:21 - 00000000 ____D C:\Users\win7\AppData\Local\00000000-1485818482-0000-0000-50E549F2978C
2017-01-30 23:08 - 2017-01-30 23:08 - 00007945 _____ C:\Users\win7\Desktop\JRT.txt
2017-01-30 23:06 - 2017-01-30 23:06 - 01663040 _____ (Malwarebytes) C:\Users\win7\Desktop\JRT.exe
2017-01-30 22:56 - 2017-01-31 01:23 - 00000278 _____ C:\Windows\Tasks\UCBrowserUpdaterCore.job
2017-01-30 22:53 - 2017-01-30 22:57 - 00002065 _____ C:\Users\win7\Desktop\22.txt
2017-01-30 22:29 - 2017-01-30 22:31 - 00004572 _____ C:\Users\win7\Desktop\Rkill.txt
2017-01-30 22:09 - 2017-01-30 22:09 - 00001469 _____ C:\Users\Public\Desktop\UC超级返.lnk
2017-01-30 19:11 - 2017-01-30 19:11 - 00000000 ____D C:\Users\win7\Desktop\سوبر سينما
2017-01-30 19:11 - 2016-01-05 18:47 - 00000000 ____D C:\Users\win7\Desktop\ملف قنوات استرنج نايل سات عربى بلفلاشة 1- 1 - 2016
2017-01-30 19:11 - 2009-09-01 02:00 - 00046395 _____ C:\Users\win7\Desktop\20090901-020017.CNDF
2017-01-28 21:32 - 2017-01-28 21:32 - 198860051 _____ C:\Windows\MEMORY.DMP
2017-01-28 17:23 - 2017-01-28 17:23 - 00390737 _____ C:\Users\win7\Desktop\Selfishnet win 7.zip
2017-01-28 17:23 - 2017-01-28 17:23 - 00000000 ____D C:\Users\win7\Desktop\Selfishnet win 7
2017-01-28 17:21 - 2017-01-28 17:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2017-01-28 17:21 - 2017-01-28 17:21 - 00000000 ____D C:\Program Files\WinPcap
2017-01-27 22:48 - 2017-01-27 22:48 - 00000000 ____D C:\Program Files\؟ىر¹
2017-01-27 22:37 - 2017-01-27 22:37 - 00000000 ____D C:\Program Files\Maoha
2017-01-27 22:35 - 2017-01-27 22:39 - 00000000 ____D C:\ProgramData\{c8a-ba-11-d8496-88bdb-c8bd-95a6c}
2017-01-27 22:31 - 2017-01-27 23:02 - 00000000 ____D C:\Program Files\Casution
2017-01-27 22:31 - 2017-01-27 22:33 - 00000000 ____D C:\Users\win7\AppData\Roaming\Kowelystzother
2017-01-27 22:31 - 2017-01-27 22:32 - 00000000 ____D C:\Users\win7\AppData\Local\Gofaentdrezient
2017-01-27 22:31 - 2017-01-27 22:31 - 00000000 ____D C:\Program Files\Juqgehuwuk Cache
2017-01-27 22:30 - 2017-01-31 00:51 - 00000000 ____D C:\Program Files\bb26c896-d52e-4141-8a09-5d25b9ca27df1485549062
2017-01-26 11:55 - 2017-01-13 12:19 - 00038356 _____ C:\Users\win7\Desktop\20170113-121938.CNDF
2017-01-25 08:00 - 2017-01-25 08:00 - 00000000 ____D C:\Program Files\amuleC3
2017-01-24 12:32 - 2017-01-24 12:32 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2017-01-23 07:47 - 2016-12-27 16:14 - 03277056 _____ C:\Users\win7\Desktop\gx6605S_super_Qmax_Salik-H1_V2.06_27122016.bin
2017-01-22 15:05 - 2017-01-22 15:06 - 00000000 ____D C:\Users\win7\Desktop\hosnyGX6605_HD_DatabaseV66.05_2
2017-01-20 21:55 - 2017-01-31 01:08 - 00000000 ____D C:\Users\win7\AppData\Roaming\vlc
2017-01-20 21:55 - 2017-01-20 21:55 - 00001028 _____ C:\Users\Public\Desktop\VLC media player.lnk
2017-01-20 21:55 - 2017-01-20 21:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2017-01-20 21:55 - 2017-01-20 21:55 - 00000000 ____D C:\Program Files\VideoLAN
2017-01-20 21:33 - 2017-01-20 21:33 - 00000000 _____ C:\Program Files\metadata
2017-01-19 14:26 - 2017-01-19 14:41 - 00000000 ____D C:\Users\win7\AppData\LocalLow\Mozilla
2017-01-19 14:26 - 2017-01-19 14:26 - 00000000 ____D C:\Users\win7\AppData\Local\Firefox
2017-01-19 14:25 - 2017-01-28 21:31 - 00001008 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-01-19 14:25 - 2017-01-19 14:25 - 00000000 ____D C:\Users\win7\AppData\Roaming\Firefox
2017-01-19 14:24 - 2017-01-28 21:31 - 00001350 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-19 14:24 - 2017-01-28 21:31 - 00001280 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-01-19 14:18 - 2017-01-19 14:18 - 00000000 ____D C:\Users\win7\AppData\Roaming\Elex-tech
2017-01-19 14:18 - 2017-01-19 14:18 - 00000000 ____D C:\Program Files\Elex-tech
2017-01-19 14:12 - 2017-01-19 14:12 - 00000000 ____D C:\Program Files\amuleC2
2017-01-19 14:11 - 2017-01-28 21:31 - 00001271 _____ C:\Users\win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-01-19 14:11 - 2017-01-28 21:31 - 00001153 _____ C:\Users\Public\Desktop\Internet Explorer.lnk
2017-01-19 14:10 - 2017-01-31 01:11 - 00000017 _____ C:\Users\Public\Documents\temp.dat
2017-01-19 14:10 - 2017-01-27 22:39 - 00000000 _____ C:\Users\Public\Documents\report.dat
2017-01-18 23:11 - 2017-01-17 13:32 - 02859822 _____ C:\Users\win7\Desktop\HERSHmAN HD-1000 Senator_V1.09.17817_17012017.bin
2017-01-18 17:02 - 2017-01-18 23:11 - 00000000 ____D C:\Users\win7\Desktop\OSCAM 11297
2017-01-18 15:43 - 2017-01-18 15:43 - 00000000 ____D C:\Users\win7\AppData\Local\CEF
2017-01-17 17:00 - 2017-01-10 09:55 - 07733304 _____ C:\Users\win7\Desktop\SRT4950H_V4.13p_10012017.bin
2017-01-17 16:59 - 2017-01-17 17:00 - 06472984 _____ C:\Users\win7\Desktop\SRT4950H_V4.13p_10012017.zip
2017-01-17 09:23 - 2017-01-17 09:23 - 00000000 ____D C:\Users\win7\Desktop\keydata_170116
2017-01-17 09:22 - 2017-01-17 09:22 - 00000000 ____D C:\Users\win7\Desktop\Mcas_160810
2017-01-17 09:21 - 2017-01-17 09:21 - 00555597 _____ C:\Users\win7\Desktop\Mcas_160810.rar
2017-01-14 17:24 - 2017-01-14 17:24 - 00000000 ____D C:\Users\win7\Desktop\‫oscam-1.20-HDSC-526-EMU-355-732-SB-11272-sh4_stapi - نسخة
2017-01-14 17:24 - 2017-01-14 17:24 - 00000000 ____D C:\Users\win7\Desktop\oscam-1.20-HDSC-526-EMU-355-732-SB-11272-sh4_stapi
2017-01-14 16:27 - 2017-01-30 22:48 - 00000000 ____D C:\AdwCleaner
2017-01-14 09:25 - 2017-01-14 09:25 - 00000000 ____D C:\ProgramData\vpconfig
2017-01-13 12:51 - 2017-01-22 18:10 - 00000000 ____D C:\Program Files\7mgicj7n
2017-01-12 17:16 - 2017-01-31 00:56 - 00000442 _____ C:\Windows\Tasks\UCBrowserUpdater.job
2017-01-12 17:16 - 2017-01-12 17:16 - 00000000 ____D C:\Users\win7\AppData\Local\UCBrowser
2017-01-12 17:15 - 2017-01-18 09:27 - 00000000 ____D C:\Program Files\UCBrowser
2017-01-12 17:11 - 2017-01-12 22:51 - 00000000 ____D C:\Program Files\Common Files\BamQvotip
2017-01-12 17:10 - 2017-01-12 17:10 - 01907854 _____ C:\Users\win7\AppData\Roaming\Santop.tst
2017-01-12 16:57 - 2017-01-27 22:48 - 00000994 _____ C:\Users\win7\AppData\Roaming\Microsoft\Windows\Start Menu\؟ىر¹.lnk
2017-01-12 16:57 - 2017-01-27 22:48 - 00000970 _____ C:\Users\win7\Desktop\؟ىر¹.lnk
2017-01-12 16:42 - 2017-01-12 16:42 - 00000000 ____D C:\ProgramData\Avira
2017-01-12 16:42 - 2017-01-12 16:42 - 00000000 ____D C:\ProgramData\Avg
2017-01-12 16:42 - 2017-01-12 16:42 - 00000000 ____D C:\ProgramData\AVAST Software
2017-01-12 16:42 - 2017-01-12 16:42 - 00000000 ____D C:\Program Files\Qiaseferdusp Engine
2017-01-12 16:41 - 2017-01-23 07:31 - 00000000 ____D C:\Program Files\Weloied
2017-01-12 16:41 - 2017-01-13 08:34 - 00000000 ____D C:\Users\win7\AppData\Roaming\Griberse
2017-01-12 16:41 - 2017-01-12 16:41 - 00000000 ____D C:\Users\win7\AppData\Local\Vomitain
2017-01-12 16:39 - 2017-01-12 16:39 - 00000334 _____ C:\Users\win7\Desktop\Booking.com.url
2017-01-12 16:38 - 2017-01-27 22:32 - 00000000 ____D C:\Program Files\baidu
2017-01-06 20:01 - 2017-01-06 20:01 - 00084613 _____ C:\Users\win7\Desktop\Channels1000-2200-4400arabic-2017 (1).rar
2017-01-06 20:01 - 2016-12-30 20:04 - 00084508 _____ C:\Users\win7\Desktop\11.sdx
2017-01-06 11:59 - 2016-12-30 05:47 - 07733304 _____ C:\Users\win7\Desktop\SRT4950H_V4.10p_30122016.bin

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-31 01:36 - 2016-12-09 15:30 - 00000000 ____D C:\Users\win7\AppData\Roaming\Skype
2017-01-31 01:32 - 2009-07-14 06:34 - 00016352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-31 01:32 - 2009-07-14 06:34 - 00016352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-31 01:29 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
2017-01-31 01:25 - 2016-12-09 12:51 - 00000000 ____D C:\Users\win7\AppData\Roaming\ViberPC
2017-01-31 01:24 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2017-01-31 01:23 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-31 01:22 - 2009-07-14 04:03 - 35389440 _____ C:\Windows\system32\config\SOFTWARE.bak
2017-01-31 01:22 - 2009-07-14 04:03 - 13369344 _____ C:\Windows\system32\config\SYSTEM.bak
2017-01-31 01:22 - 2009-07-14 04:03 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2017-01-31 01:22 - 2009-07-14 04:03 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2017-01-31 01:22 - 2009-07-14 04:03 - 00262144 _____ C:\Windows\system32\config\DEFAULT.bak
2017-01-31 01:11 - 2016-09-08 01:18 - 00000000 ____D C:\Users\win7\AppData\Roaming\DMCache
2017-01-31 01:08 - 2016-03-03 22:30 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-30 19:08 - 2016-03-03 22:37 - 00681814 _____ C:\Windows\system32\perfh00C.dat
2017-01-30 19:08 - 2016-03-03 22:37 - 00478274 _____ C:\Windows\system32\perfh001.dat
2017-01-30 19:08 - 2016-03-03 22:37 - 00129486 _____ C:\Windows\system32\perfc00C.dat
2017-01-30 19:08 - 2016-03-03 22:37 - 00094100 _____ C:\Windows\system32\perfc001.dat
2017-01-30 19:08 - 2016-03-03 22:24 - 02154000 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-30 19:08 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\inf
2017-01-30 17:15 - 2016-09-08 01:18 - 00000000 ____D C:\Users\win7\Downloads\Video
2017-01-28 21:33 - 2016-09-08 13:10 - 00000000 ____D C:\Windows\Minidump
2017-01-28 21:29 - 2016-09-17 22:10 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-01-28 17:23 - 2016-03-03 22:31 - 00000000 ____D C:\Users\win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-01-28 17:23 - 2016-03-03 22:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-01-28 17:23 - 2016-03-03 22:31 - 00000000 ____D C:\Program Files\WinRAR
2017-01-28 17:10 - 2009-07-14 04:37 - 00000000 ____D C:\Program Files\Common Files\Services
2017-01-28 01:02 - 2016-09-08 01:18 - 00000000 ____D C:\Users\win7\Downloads\Compressed
2017-01-28 00:45 - 2016-03-03 22:30 - 00000000 ____D C:\Users\win7\AppData\Local\Google
2017-01-27 22:39 - 2016-12-09 15:52 - 00000000 ____D C:\Program Files\Slimjet
2017-01-27 22:33 - 2016-12-12 01:45 - 00000000 ____D C:\Program Files\Easy File Opener
2017-01-27 22:33 - 2016-09-17 08:54 - 00000000 ____D C:\Program Files\GUM6AE2.tmp
2017-01-27 22:33 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-01-27 22:19 - 2016-11-25 19:49 - 00000000 ____D C:\Users\win7\AppData\Roaming\IDM
2017-01-20 21:31 - 2009-07-14 09:48 - 00000000 ___RD C:\Users\Public\Recorded TV
2017-01-17 19:51 - 2016-12-09 15:29 - 00000000 ____D C:\ProgramData\Skype
2017-01-12 16:42 - 2016-12-30 09:04 - 00000000 ____D C:\Program Files\Adobe
2017-01-12 16:42 - 2016-09-17 22:22 - 00000000 ____D C:\Program Files\iWebcam
2017-01-12 15:00 - 2009-07-14 04:04 - 00000466 _____ C:\Windows\win.ini
2017-01-12 08:39 - 2016-12-30 09:04 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2017-01-11 20:27 - 2009-07-14 06:53 - 00032570 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-01-10 17:12 - 2016-03-03 22:30 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-01-10 17:12 - 2016-03-03 22:30 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-01-10 17:12 - 2016-03-03 22:30 - 00000000 ____D C:\Windows\system32\Macromed

==================== Files in the root of some directories =======

2017-01-20 21:33 - 2017-01-20 21:33 - 0000000 _____ () C:\Program Files\metadata
2017-01-12 17:10 - 2017-01-12 17:10 - 1907854 _____ () C:\Users\win7\AppData\Roaming\Santop.tst
2017-01-12 17:11 - 2017-01-12 17:11 - 0032038 _____ () C:\Users\win7\AppData\Roaming\uninstall_temp.ico

Some files in TEMP:
====================
2017-01-31 01:24 - 2017-01-31 01:24 - 0053248 _____ () C:\Users\win7\AppData\Local\temp\catchme.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-11-15 15:15

==================== End of FRST.txt ============================

Publicité


Signaler le contenu de ce document

Publicité