Format du document : text/plain
Prévisualisation
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-05-2017
Ran by hassan (27-05-2017 09:50:42)
Running from C:\Users\hassan\Desktop
Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2017-05-10 14:15:35)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1796275782-4292205373-2313263118-500 - Administrator - Disabled)
Guest (S-1-5-21-1796275782-4292205373-2313263118-501 - Limited - Disabled)
hassan (S-1-5-21-1796275782-4292205373-2313263118-1001 - Administrator - Enabled) => C:\Users\hassan
HomeGroupUser$ (S-1-5-21-1796275782-4292205373-2313263118-1002 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: ESET Smart Security (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Smart Security (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: جدار الحماية الشخصي ESET (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM\...\Adobe Shockwave Player) (Version: 12.2.8.198 - Adobe Systems, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.29 - Piriform)
ESET Smart Security (HKLM\...\{F0947421-BAE4-4B7D-AE30-7FE45945845B}) (Version: 10.1.204.2 - ESET, spol. s r.o.)
f.lux (HKU\S-1-5-21-1796275782-4292205373-2313263118-1001\...\Flux) (Version: - )
FastStone Capture 8.5 (HKLM\...\FastStone Capture) (Version: 8.5 - FastStone Soft)
Google Chrome (HKLM\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Update Helper (Version: 1.3.33.5 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation)
Internet Download Manager (HKLM\...\IDM 6.28.9 Final) (Version: - )
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft .NET Framework 4.7 (HKLM\...\{2A842F3F-CE6D-3DFD-9ECB-9CC3C5150A67}) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Mozilla Firefox 53.0.2 (x86 ar) (HKLM\...\Mozilla Firefox 53.0.2 (x86 ar)) (Version: 53.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0.2 - Mozilla)
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PowerISO (HKLM\...\PowerISO) (Version: 6.8 - Power Software Ltd)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6526 - Realtek Semiconductor Corp.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
ZHPFix 2015 (HKLM\...\ZHPFix_is1) (Version: 2015 - Nicolas Coolman)
حزمة اللغة العربية لـ Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1025) (Version: 4.5.50709 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {977F0BEF-3E8D-4926-A71F-0DE79FE31BD2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-04-11] (Piriform Ltd)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION
ShortcutWithArgument: C:\Users\hassan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome (2).lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\hassan\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://www.yeadesktop.com/
ShortcutWithArgument: C:\Users\hassan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\hassan\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://www.yeadesktop.com/
ShortcutWithArgument: C:\Users\hassan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7eacadfa43776aec\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=ChromeDefaultData2
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\hassan\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://www.yeadesktop.com/
==================== Loaded Modules (Whitelisted) ==============
2017-05-18 21:13 - 2017-05-09 16:38 - 01728456 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-04-07 08:41 - 2017-04-07 08:41 - 00060632 _____ () C:\Program Files\CCleaner\branding.dll
2017-04-10 23:57 - 2017-04-10 23:57 - 00061440 _____ () C:\Program Files\CCleaner\lang\lang-1025.dll
2017-05-11 12:47 - 2017-05-09 09:12 - 02864984 _____ () C:\Program Files\Google\Chrome\Application\58.0.3029.110\libglesv2.dll
2017-05-11 12:47 - 2017-05-09 09:12 - 00087384 _____ () C:\Program Files\Google\Chrome\Application\58.0.3029.110\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:04 - 2017-05-19 00:25 - 00000176 __RSH C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 telemetry.malwarebytes.com
127.0.0.1 skipittok.com
0.0.0.0 data.service.malwarebytes.org
0.0.0.0 keystone.mwbsys.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1796275782-4292205373-2313263118-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\hassan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{F8A3D95B-B057-49AA-A4A0-B5B58C6CF3FF}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{0F6FD3EF-1EE3-4DB8-BB35-C2AC502CB770}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{60A415CF-6946-47B8-ADE9-31C1A4A58A17}] => (Allow) C:\Users\hassan\Desktop\EmbratoriaG7\EmbratoriaG7\libs.exe
FirewallRules: [{A311B4C3-E9EB-4955-BFFA-B27077669FEE}] => (Allow) C:\Users\hassan\Desktop\EmbratoriaG7\EmbratoriaG7\libs.exe
FirewallRules: [{6AF22629-1E1F-4DC7-987C-20CD86347FD4}] => (Allow) LPort=5000
FirewallRules: [{37D789E4-9628-459D-9DB3-0AED60397DBB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{F3DD6D08-79D7-42D4-9CC3-9079B8CB5A6B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Restore Points =========================
11-05-2017 15:24:58 DriverPack 17.7.48
11-05-2017 23:13:29 Removed DriversCloud.com
11-05-2017 23:49:51 Windows Defender Checkpoint
12-05-2017 08:08:38 Installed Microsoft .NET Framework 4.7
13-05-2017 22:24:23 Removed AlphaGo
15-05-2017 13:56:28 JRT Pre-Junkware Removal
17-05-2017 23:28:51 Restore Point Created by FRST
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: محول الاتصال النفقي لـ Microsoft Teredo
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/27/2017 09:25:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (05/26/2017 10:48:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (05/26/2017 02:12:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (05/26/2017 11:51:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (05/26/2017 10:36:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (05/26/2017 08:07:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: اسم التطبيق الذي يحتوي على أخطاء: gmer.exe، الإصدار: 2.2.19882.0، الطابع الزمني: 0x56e2cdca
اسم الوحدة النمطية التي تحتوي على أخطاء: gmer.exe، الإصدار: 2.2.19882.0، الطابع الزمني: 0x56e2cdca
رمز الاستثناء: 0xc0000409
إزاحة الخطأ: 0x00072d16
معرّف العملية التي تحتوي على خطأ: 0xd7c
وقت بدء تشغيل التطبيق الذي يحتوي على خطأ: 0x01d2d5ec9d3a6318
مسار التطبيق الذي يحتوي على خطأ: C:\Users\hassan\Desktop\gmer.exe
مسار الوحدة النمطية التي تحتوي على خطأ: C:\Users\hassan\Desktop\gmer.exe
معرف التقرير: 011d4106-41e2-11e7-8119-00e04c9dfb9d
Error: (05/26/2017 07:49:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (05/25/2017 11:32:57 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: تعذّر تهيئة الفهرس.
التفاصيل:
دليل فهرس المحتوى تالف. (HRESULT : 0xc0041801) (0xc0041801)
Error: (05/25/2017 11:32:57 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: تعذّرت تهيئة التطبيق.
السياق: التطبيق Windows
التفاصيل:
دليل فهرس المحتوى تالف. (HRESULT : 0xc0041801) (0xc0041801)
Error: (05/25/2017 11:32:57 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: تعذّرت تهيئة كائن المجمّع.
السياق: Windows التطبيق، SystemIndex الكتالوج
التفاصيل:
دليل فهرس المحتوى تالف. (HRESULT : 0xc0041801) (0xc0041801)
System errors:
=============
Error: (05/26/2017 02:13:27 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: لم يتم بدء تشغيل الخدمة 'WMPNetworkSvc' بشكلٍ صحيح لأن CoCreateInstance(CLSID_UPnPDeviceFinder) واجه الخطأ '0x80004005'. تحقق من تشغيل خدمة UPnPHost ومن تثبيت مكون UPnPHost لـ Windows بشكلٍ صحيح.
Error: (05/26/2017 11:50:17 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:48:46 on 26/05/2017 was unexpected.
Error: (05/25/2017 11:45:18 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: تم الوصول إلى نهاية المهلة (30000 مللي ثانية) أثناء انتظار اتصال الخدمة Windows Error Reporting Service.
Error: (05/25/2017 11:32:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: تم إنهاء الخدمة Windows Search بشكل غير متوقع. حدث هذا 1 مرة. سيتم اتخاذ الإجراء التصحيحي التالي في غضون 30000 مللي ثانية: أعد تشغيل الخدمة.
Error: (05/25/2017 11:32:59 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: تم إنهاء خدمة Windows Search بسبب الخطأ الخاص بالخدمة %%-1073473535.
CodeIntegrity:
===================================
Date: 2017-05-16 14:29:30.255
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET Security\Modules\em023_32\10213\em023_32.dll.raw because the set of per-page image hashes could not be found on the system.
Date: 2017-05-16 14:29:29.502
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET Security\Modules\em023_32\10213\em023_32.dll.raw because the set of per-page image hashes could not be found on the system.
Date: 2017-05-16 14:29:28.155
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET Security\Modules\em023_32\10213\em023_32.dll.raw because the set of per-page image hashes could not be found on the system.
Date: 2017-05-16 14:29:26.895
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET Security\Modules\em023_32\10213\em023_32.dll.raw because the set of per-page image hashes could not be found on the system.
Date: 2017-05-16 14:29:25.788
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET Security\Modules\em023_32\10213\em023_32.dll.raw because the set of per-page image hashes could not be found on the system.
Date: 2017-05-16 14:29:24.517
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET Security\Modules\em023_32\10213\em023_32.dll.raw because the set of per-page image hashes could not be found on the system.
Date: 2017-05-16 14:29:21.246
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET Security\Modules\em023_32\10203\em023_32.dll.raw because the set of per-page image hashes could not be found on the system.
Date: 2017-05-16 14:29:20.339
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET Security\Modules\em023_32\10203\em023_32.dll.raw because the set of per-page image hashes could not be found on the system.
Date: 2017-05-16 14:29:19.619
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET Security\Modules\em023_32\10203\em023_32.dll.raw because the set of per-page image hashes could not be found on the system.
Date: 2017-05-16 14:29:18.245
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET Security\Modules\em023_32\10203\em023_32.dll.raw because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) 4 CPU 3.40GHz
Percentage of memory in use: 66%
Total physical RAM: 2012.49 MB
Available physical RAM: 669.55 MB
Total Virtual: 4024.98 MB
Available Virtual: 2387.76 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:107.32 GB) (Free:86.43 GB) NTFS
Drive d: () (Fixed) (Total:95.33 GB) (Free:48.88 GB) NTFS
Drive e: () (Fixed) (Total:95.33 GB) (Free:79.95 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 41B941B8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=107.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=95.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=95.3 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================