cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-11-2017
Ran by رياض (29-11-2017 16:20:17)
Running from C:\Users\رياض\Desktop
Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2011-07-11 08:23:06)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3488952640-1886036067-2608822963-500 - Administrator - Disabled)
Guest (S-1-5-21-3488952640-1886036067-2608822963-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3488952640-1886036067-2608822963-1006 - Limited - Enabled)
رياض (S-1-5-21-3488952640-1886036067-2608822963-1000 - Administrator - Enabled) => C:\Users\رياض

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Smart Security (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Smart Security (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: جدار الحماية الشخصي ESET (Disabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 23 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Baidu WiFi Hotspot (HKLM\...\Baidu WiFi Hotspot) (Version: 5.1.4.124910 - Baidu, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.37 - Piriform)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
ESET Smart Security (HKLM\...\{F0947421-BAE4-4B7D-AE30-7FE45945845B}) (Version: 10.1.204.2 - ESET, spol. s r.o.)
F.lux (HKU\S-1-5-21-3488952640-1886036067-2608822963-1000\...\Flux) (Version: - )
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 8.3.0.14878 - Foxit Software Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc‎.‎)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Internet Download Manager (HKLM\...\Internet Download Manager) (Version: - Tonec Inc.)
Java 8 Update 131 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110401-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Ralink RT2870 Wireless LAN Card (HKLM\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.11.0 - Ralink)
Realtek AC'97 Audio (HKLM\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version: - )
Realtek PCI Fast Ethernet Controller Driver (HKLM\...\{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}) (Version: 6.112.123.2014 - Realtek)
TuneUp Utilities 2014 (en-US) (HKLM\...\{14C8CE46-C68C-461B-BCA9-E276A85851C6}) (Version: 14.0.1000.221 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (en-US) (HKLM\...\{A6F5703D-A4B1-4857-9EDD-DC0ABBBB0D96}) (Version: 13.0.3020.7 - TuneUp Software) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
حزمة التوافق لنظام Office 2007 (HKLM\...\{90120000-0020-0401-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3488952640-1886036067-2608822963-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3488952640-1886036067-2608822963-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3488952640-1886036067-2608822963-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3488952640-1886036067-2608822963-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3488952640-1886036067-2608822963-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3488952640-1886036067-2608822963-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2015-08-14] (Tonec Inc.)
ContextMenuHandlers1: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-10-26] (ESET)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x86.dll [2017-03-31] (Foxit Software Inc.)
ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-10-26] (ESET)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-10-26] (ESET)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x86.dll [2017-03-31] (Foxit Software Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0163AEAE-7C31-472F-BCDF-3F29AEC39A0D} - \{AF16D54E-4F96-4C7F-BA20-6BFE7AFD3FB0} -> No File <==== ATTENTION
Task: {033B8299-7942-4201-892C-A2353BB1EBAD} - \{9A0F40E0-12B6-472C-A1B0-D6014F1DE58E} -> No File <==== ATTENTION
Task: {0F6C9246-A962-4902-9905-72902CADD37E} - \{5A31C8BC-9B44-4E3D-AE18-E620C4C7206D} -> No File <==== ATTENTION
Task: {18263BC2-698D-4259-892C-E1F52B10A775} - \{03473F93-B3D8-41DB-807C-961C16A96BF9} -> No File <==== ATTENTION
Task: {1C0FBFE1-483A-40F8-8E27-D86F23398601} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3488952640-1886036067-2608822963-1000
Task: {22563144-C73A-484F-9BE1-25597A833D13} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-05-03] (Google Inc.)
Task: {2C3FAF1F-3CC8-44D0-BFDC-B8A80FC5E1B7} - \{941D2BF0-F5F5-4B7F-B318-8CD8E53796F5} -> No File <==== ATTENTION
Task: {37E331EA-7B28-4EA9-82F0-F58B478DA335} - System32\Tasks\{657AFAFA-6AB9-4359-B81C-E79D2823BD89} => msiexec.exe /package "C:\Users\رياض\Downloads\Programs\BlueStacks_HD_AppPlayerPro_setup_0.7.4.786_REL.msi"
Task: {3C2C3CE2-EBF2-4CAF-9FA7-FD098F95CB4A} - \{322CDE2D-2D0F-4690-88EC-7E8229618D7F} -> No File <==== ATTENTION
Task: {424EFAC2-E2A3-43E4-AAD6-5E84888D0D88} - System32\Tasks\{ABE190F5-B82D-4E0A-86E4-C7C8F7E8719A} => C:\Program Files\Nox\bin\Nox.exe
Task: {45FB95C0-C286-4C9C-9F72-2C4897D0AB2B} - \{E761DA40-2737-419C-9C88-2D5DF6869B18} -> No File <==== ATTENTION
Task: {4D959301-2C26-4BC1-883E-BC6691B13F26} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-11-08] (Piriform Ltd)
Task: {4DF652BD-C02D-4B1E-B19C-E437BECB9536} - \{8AC063A1-0D9A-4C1F-950E-1156970A53C7} -> No File <==== ATTENTION
Task: {50CAC92A-3AA9-459E-9201-3E9B64682094} - System32\Tasks\{16F715E6-D8E5-42C9-9FF0-335C149C2F8C} => C:\Program Files\Nox\bin\Nox.exe
Task: {53947287-F61E-439B-ABC8-BD9182A0641E} - \{4F9BB62C-7C66-4FCB-96BB-F6805B21C68A} -> No File <==== ATTENTION
Task: {53CEF070-C81E-4700-92AD-819AA4BAFC3D} - \{ED5BADB1-F00F-4EA3-B6F1-9B386C3291E4} -> No File <==== ATTENTION
Task: {5733AF9A-5B67-49BD-9E7E-EBABCF2F9E1A} - System32\Tasks\{633971A3-B0AB-4A9E-87D7-8C41E7BA7B83} => C:\Windows\system32\pcalua.exe -a "C:\Users\رياض\Desktop\Tech 4 All Wi-Fi Hack\2jumpstart.exe" -d "C:\Users\رياض\Desktop\Tech 4 All Wi-Fi Hack"
Task: {593B0447-33BB-47BB-8127-005BA0F850D7} - \{CC96062A-BA16-46B6-9444-CC764E8AEC3E} -> No File <==== ATTENTION
Task: {5B2BAA8B-F86E-4001-A605-6D866FC62EE4} - System32\Tasks\{659D5E10-10E2-4462-B254-B258EB876CF5} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Nox\bin\Nox_unload.exe"
Task: {5C11522D-1C9C-4D0E-9B7A-5BA72D35130E} - \{032BC8D1-E903-442C-AD3D-663C978C3C89} -> No File <==== ATTENTION
Task: {61976A89-9FD1-4956-93B7-BC295A6CD108} - \{70A75179-EB46-4F0D-819C-1C5675BA0FCE} -> No File <==== ATTENTION
Task: {67094BA2-FECA-4F2B-A9C2-0EB45C849065} - System32\Tasks\{6D782A5C-9D63-4AC6-BAC0-13D6D060679B} => C:\Users\رياض\Desktop\Waircut V1.4\wAirCut.exe
Task: {691B6565-A31E-49C3-BFAC-E709BB6233EF} - \Java Update Scheduler -> No File <==== ATTENTION
Task: {6BA3813A-99F9-40BE-B2EA-55C636564D8C} - \{C4E1086F-5C8F-4B83-BCEF-AC2CE2C46D0C} -> No File <==== ATTENTION
Task: {6EDCEEB2-661F-4ABE-A892-7F16031A40EF} - \{78A82B56-A6F7-43AF-95BD-0A3A5936D939} -> No File <==== ATTENTION
Task: {727E3B41-3F56-42A8-BDE3-ED665791842C} - \{2B935064-2C4B-4E94-80BF-6CF1A8A59467} -> No File <==== ATTENTION
Task: {7419B812-D7A8-4E8B-ADD6-EBB1F4D63D22} - \SidebarExecute -> No File <==== ATTENTION
Task: {7D149F7C-3187-4F41-9863-CC2E40E4B11C} - \{D113C49F-8720-4AA8-92B2-01EB670E53D3} -> No File <==== ATTENTION
Task: {7E70318B-72DA-4E63-B71C-6971C11134CF} - \Google Updater and Installer -> No File <==== ATTENTION
Task: {81AF2E46-1AAF-4B4F-B693-4D950B505C86} - System32\Tasks\{0C2C8CD4-12CA-45B5-AD17-5838C1E65043} => C:\Windows\system32\pcalua.exe -a "C:\Users\رياض\Desktop\VGA Customized for QT10\IEGD_10_3_Windows\Utilities\Setup.exe" -d "C:\Users\رياض\Desktop\VGA Customized for QT10\IEGD_10_3_Windows\Utilities"
Task: {866EEBF8-A99C-4062-8549-B19F969320DF} - \{EF85664F-207D-4D40-85E1-988E27142DF7} -> No File <==== ATTENTION
Task: {8984E04A-8DF6-4366-8DF0-BEDFAE2BA1B5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-05-03] (Google Inc.)
Task: {89C86EB4-E708-49ED-944F-A82221AEF84C} - System32\Tasks\{AD245F7F-327B-4308-B637-3523FC182F92} => C:\Users\رياض\Desktop\airsnort-0.2.7e\bin\airsnort.exe
Task: {8F2181C5-0845-4C9C-957C-D925EE7D96B9} - \{56F02A15-328D-4EFF-BD66-44E861C19F7E} -> No File <==== ATTENTION
Task: {91316D64-78EC-4B95-8394-0607A0E7DA11} - \{3F83C32F-1F4D-4235-978A-3DF6E5AE9118} -> No File <==== ATTENTION
Task: {950E37CD-E8A8-45D6-8FB8-267286DB2B10} - \RealUpgradeScheduledTaskS-1-5-21-3488952640-1886036067-2608822963-1000 -> No File <==== ATTENTION
Task: {9AA37960-4D7B-4720-A11E-64A98E8F7A75} - \GlaryInitialize 5 -> No File <==== ATTENTION
Task: {A74C8925-0585-47EE-A3C6-1F33DEE428BC} - System32\Tasks\{606AEC81-1C21-46F2-8E01-DDC3A6F8CDBB} => C:\Users\رياض\Desktop\airsnort-0.2.7e\bin\airsnort.exe
Task: {AF484173-4666-4DBC-AE09-0EDDA6C5083F} - \{5204BD87-6A94-4F10-BD57-4A27EA6FECEF} -> No File <==== ATTENTION
Task: {B4FB8BE8-804A-4E62-95F7-75DEABC68E81} - System32\Tasks\Baidu LiveUpdate => C:\Program [Argument = Files\Baidu WiFiHotspot\liveupdate.exe]
Task: {B6C19619-952D-495E-AD1F-E53F6AE7B672} - \{21C72A91-079A-457A-8A16-327722DE3683} -> No File <==== ATTENTION
Task: {BADD67F3-0CF0-4B7E-94C8-85776DC02456} - System32\Tasks\{12D2E961-61E3-44C9-9F89-ACB4ECD23563} => C:\Program Files\Baidu WiFiHotspot\WifiHotspot.exe [2015-04-30] (Baidu, Inc.)
Task: {BCB8E5C0-9F28-40DB-B737-F9BFED18D568} - \{7DE0E98D-6DCC-43CD-A5E7-30B48962E5CD} -> No File <==== ATTENTION
Task: {BEE93C25-6F8D-4441-A021-2B3556BB1F37} - System32\Tasks\{3395D4F3-55A2-4E54-B11D-AC96738BBF0E} => C:\Windows\system32\pcalua.exe -a C:\Users\رياض\Downloads\Programs\DuOSInstaller.exe -d C:\Users\رياض\Downloads\Programs
Task: {BFDF6117-D59F-4CA8-B7F3-9946316A8641} - \{EB525EF4-EB7F-4AE1-80B1-17D7A17F20E1} -> No File <==== ATTENTION
Task: {C19B2E10-84D2-4C34-85A7-313571EBCEE0} - \{87896E32-7C92-4925-8FF9-08B7CAA383E6} -> No File <==== ATTENTION
Task: {C6888691-8AB5-480E-92A3-F2686FB51415} - \{A4A2A960-6BA9-4C49-A9F7-3C6BD32C586B} -> No File <==== ATTENTION
Task: {C89AF671-18F9-4DDA-B51E-95C733BD6D5E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-11-08] (Piriform Ltd)
Task: {CB8987FA-6DAA-4FBF-B810-AF5971D6327B} - \{5E5884D6-511D-476D-8FEE-4679E36B0AC4} -> No File <==== ATTENTION
Task: {CBC43EF5-11FA-48A5-9ED3-E50055688824} - \Real Player online update program -> No File <==== ATTENTION
Task: {D29BABA6-BB1C-467A-A19D-D031155C7902} - \{12EBF2BF-6DCF-470D-99E5-D35ABA35B42F} -> No File <==== ATTENTION
Task: {DA85C48F-6551-4776-A3A3-F7043908F799} - \{00F73461-0287-403E-9622-4686C1943159} -> No File <==== ATTENTION
Task: {DF1D2133-485C-4353-9219-1C9D87F841B9} - \{D5DBDEB0-62D0-4F6A-9F7C-3D322CBA4D41} -> No File <==== ATTENTION
Task: {E1424965-1DCD-4E92-BBE3-A9C09C1CD331} - \{4899A4A0-C77E-4243-9A11-7827047D88B0} -> No File <==== ATTENTION
Task: {E2FC7307-2C97-4A9D-A2BA-22C2486D6D66} - \{932CA38C-4745-468D-8D9A-798CAAA92E7B} -> No File <==== ATTENTION
Task: {EC244750-1DF3-4BC2-AA1D-BB6207D92644} - \{AD2250DA-7DD2-407F-A264-4D21856C57BA} -> No File <==== ATTENTION
Task: {EE11092A-EEAF-4C5F-BF87-69986E492855} - \{CF5B3E65-61BE-4798-9B18-DD90DA1970EB} -> No File <==== ATTENTION
Task: {F246901B-6DDD-4E15-937E-456CD736AF2C} - \SparkUpdater -> No File <==== ATTENTION
Task: {F2A7A843-563D-44D4-A8D7-A90E206581CB} - \{AD37C9E0-B25F-44AD-AFCA-B26DC87226A3} -> No File <==== ATTENTION
Task: {F961B6A0-7727-4A60-B24C-DB7D088E8629} - \{FCA782C9-EFC9-49C3-832C-5E30CC6D57CB} -> No File <==== ATTENTION
Task: {FF3E7136-D107-4E93-AC4A-93789813C025} - \{366537CB-DA3C-4D77-BD12-848353C22F91} -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2012-09-20 15:09 - 2010-03-15 10:28 - 000141824 _____ () C:\Program Files\WinRAR\rarext.dll
2017-11-24 18:53 - 2010-12-30 15:46 - 001033568 _____ () C:\Program Files\Ralink\Common\RaWLAPI.dll
2014-04-23 03:58 - 2014-04-23 03:58 - 001656416 _____ () C:\Program Files\My WIFI Router\bmser.exe
2014-04-23 03:58 - 2014-04-23 03:58 - 000193392 _____ () C:\Program Files\My WIFI Router\bmupdex.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\34106999.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\34106999.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7690 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2014-04-05 19:15 - 2017-11-25 17:13 - 000000168 __RSH C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 0.0.0.0 keystone-prod.elasticbeanstalk.com
127.0.0.1 0.0.0.0 serius.mwbsys.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3488952640-1886036067-2608822963-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\رياض\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 77.88.8.7 - 77.88.8.3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A8DC8E4B-ECE8-4D42-A351-78AC99663ED3}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{849A153F-E24F-436B-8DB1-B91A92795A0C}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{6A31D732-9108-459B-BA96-F94DB97D52BB}] => (Allow) C:\Program Files\Baidu WiFiHotspot\WifiHotspot.exe
FirewallRules: [{9178B321-FBC5-48C7-A52A-84BA99B23CD5}] => (Allow) C:\Program Files\Baidu WiFiHotspot\WifiHotspot.exe

==================== Restore Points =========================

18-08-2017 07:05:47 Removed Jumpstart Installation Program
18-08-2017 07:09:56 Removed Ralink Wireless LAN
18-08-2017 07:22:28 Installed Jumpstart Installation Program
18-08-2017 07:29:06 Removed Jumpstart Installation Program
18-08-2017 10:17:03 Installed Jumpstart Installation Program
18-08-2017 11:00:31 Removed Jumpstart Installation Program
28-08-2017 17:28:20 Installed Jumpstart Installation Program
28-08-2017 17:42:42 Removed Jumpstart Installation Program
04-09-2017 23:32:18 Installed DriversCloud.com
05-09-2017 08:23:59 اعادة النضام
05-09-2017 08:34:54 تثبيت حزمة برنامج تشغيل الأجهزة: Intel Corporation محولات شاشة العرض
05-09-2017 08:37:28 Installed Realtek PCI Fast Ethernet Controller Driver
05-09-2017 17:21:50 Removed DriversCloud.com
07-09-2017 06:39:54 Installed Jumpstart Installation Program
07-09-2017 17:02:08 Installed BlueStacks
08-09-2017 07:23:57 Installed BlueStacks
09-09-2017 22:14:55 Removed Jumpstart Installation Program
11-09-2017 17:23:45 Installed Jumpstart Installation Program
11-09-2017 17:28:43 Removed Jumpstart Installation Program
18-09-2017 09:04:35 Installed Ralink Wireless LAN
19-10-2017 12:14:01 Installed Node.js
19-10-2017 15:59:38 Installed MalvaStyle Disk Repair.
19-10-2017 16:30:28 Removed MalvaStyle Disk Repair.
19-10-2017 20:20:51 Installed Oracle VM VirtualBox 5.1.10
20-10-2017 21:27:22 Removed Oracle VM VirtualBox 5.1.10
20-10-2017 21:33:51 Removed Node.js
26-10-2017 05:38:27 Removed Ralink Wireless LAN
26-10-2017 07:17:15 Installed Ralink Wireless LAN
08-11-2017 21:20:38 Installed Jumpstart Installation Program
09-11-2017 06:27:39 Removed Jumpstart Installation Program
15-11-2017 06:30:17 Installed Jumpstart Installation Program
15-11-2017 18:28:01 Removed Jumpstart Installation Program
21-11-2017 19:09:47 تثبيت حزمة برنامج تشغيل الأجهزة: Khalil Azzouzi Network Service
21-11-2017 20:24:51 Removed Ralink Wireless LAN
22-11-2017 06:37:42 Installed Ralink Wireless LAN
24-11-2017 18:16:36 Removed Ralink Wireless LAN
24-11-2017 18:50:00 Installed Ralink Wireless LAN
24-11-2017 20:56:23 Installed Maryfi - Arabic
24-11-2017 21:30:12 Removed Maryfi - Arabic
29-11-2017 06:39:53 zoek.exe restore point

==================== Faulty Device Manager Devices =============

Name: memudrv
Description: memudrv
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: memudrv
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/29/2017 03:57:15 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: ‏‏فشل إنشاء سياق التنشيط لـ "C:\Users\رياض\Downloads\delfix_1.013.exe". حدث خطأ في ملف البيان أو ملف النهج C:\Users\رياض\Downloads\delfix_1.013.exe في السطر 0.
بناء جملة Xml غير صحيح.

Error: (11/29/2017 03:49:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ‏‏اسم ‏‏التطبيق الذي يحتوي على أخطاء: mbamservice.exe، الإصدار: 3.1.0.556، الطابع الزمني: 0x5988be8a
اسم الوحدة النمطية التي تحتوي على أخطاء: mbamservice.exe، الإصدار: 3.1.0.556، الطابع الزمني: 0x5988be8a
رمز الاستثناء: 0x40000015
إزاحة الخطأ: 0x0022f878
معرّف العملية التي تحتوي على خطأ: 0x8e8
وقت بدء تشغيل التطبيق الذي يحتوي على خطأ: 0x01d3691ed37792b1
مسار التطبيق الذي يحتوي على خطأ: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
مسار الوحدة النمطية التي تحتوي على خطأ: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
معرف التقرير: 7c9a4ccf-d514-11e7-ab4a-d8b6d67f26a5

Error: (11/28/2017 12:37:20 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={294C2F45-A410-4FBD-9255-C1ECD4841E48}: The user رياض-PC\رياض dialed a connection named اتصال واسع النطاق which has failed. The error code returned on failure is 651.

Error: (11/28/2017 06:09:37 AM) (Source: ESENT) (EventID: 454) (User: )
Description: taskhost (1888) WebCacheLocal: Database recovery/restore failed with unexpected error -551.

Error: (11/28/2017 06:09:37 AM) (Source: ESENT) (EventID: 517) (User: )
Description: taskhost (1888) WebCacheLocal: Database recovery failed with error -551 because it encountered references to a database, 'C:\Users\رياض\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat', which does not match the current set of logs. The database engine will not permit recovery to complete for this instance until the mismatching database is re-instated. If the database is truly no longer available or no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message.

Error: (11/28/2017 06:09:37 AM) (Source: ESENT) (EventID: 465) (User: )
Description: taskhost (1888) WebCacheLocal: Corruption was detected during soft recovery in logfile C:\Users\رياض\AppData\Local\Microsoft\Windows\WebCache\V01.log. The failing checksum record is located at position END. Data not matching the log-file fill pattern first appeared in sector 155 (0x0000009B). This logfile has been damaged and is unusable.

Error: (11/28/2017 06:09:37 AM) (Source: ESENT) (EventID: 465) (User: )
Description: taskhost (1888) WebCacheLocal: Corruption was detected during soft recovery in logfile C:\Users\رياض\AppData\Local\Microsoft\Windows\WebCache\V01.log. The failing checksum record is located at position END. Data not matching the log-file fill pattern first appeared in sector 155 (0x0000009B). This logfile has been damaged and is unusable.

Error: (11/28/2017 06:09:36 AM) (Source: ESENT) (EventID: 465) (User: )
Description: taskhost (1888) WebCacheLocal: Corruption was detected during soft recovery in logfile C:\Users\رياض\AppData\Local\Microsoft\Windows\WebCache\V01.log. The failing checksum record is located at position END. Data not matching the log-file fill pattern first appeared in sector 155 (0x0000009B). This logfile has been damaged and is unusable.

Error: (11/28/2017 05:59:00 AM) (Source: ESENT) (EventID: 492) (User: )
Description: DllHost (3088) WebCacheLocal: The logfile sequence in "C:\Users\رياض\AppData\Local\Microsoft\Windows\WebCache\" has been halted due to a fatal error. No further updates are possible for the databases that use this logfile sequence. Please correct the problem and restart or restore from backup.

Error: (11/28/2017 05:59:00 AM) (Source: ESENT) (EventID: 413) (User: )
Description: DllHost (3088) WebCacheLocal: Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.


System errors:
=============
Error: (11/29/2017 03:34:36 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: ‏‏لم يتم بدء تشغيل الخدمة 'WMPNetworkSvc' بشكلٍ صحيح لأن CoCreateInstance(CLSID_UPnPDeviceFinder)‎ واجه الخطأ '0x80070422'. تحقق من تشغيل خدمة UPnPHost ومن تثبيت مكون UPnPHost لـ Windows بشكلٍ صحيح.

Error: (11/29/2017 03:33:16 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: ‏‏تم الوصول إلى نهاية المهلة (30000 مللي ثانية) أثناء انتظار استجابة معاملة من الخدمة Browser.

Error: (11/29/2017 03:32:09 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ‏‏فشل تحميل برنامج التشغيل التالي الخاص ببدء تشغيل النظام أو تمهيد للتشغيل:
VBoxNetAdp

Error: (11/29/2017 03:31:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: ‏‏فشل بدء تشغيل الخدمة memudrv بسبب الخطأ التالي:
‏‏يتعذر على النظام العثور على المسار المحدد.

Error: (11/29/2017 03:31:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: ‏‏فشل بدء تشغيل الخدمة Intel AGP Bus Filter بسبب الخطأ التالي:
‏‏يتعذر بدء تشغيل الخدمة، إما لكونها معطلة أو لعدم وجود أي أجهزة ممكّنة مرفقة بها.

Error: (11/29/2017 12:03:54 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: ‏‏لم يتم بدء تشغيل الخدمة 'WMPNetworkSvc' بشكلٍ صحيح لأن CoCreateInstance(CLSID_UPnPDeviceFinder)‎ واجه الخطأ '0x80070422'. تحقق من تشغيل خدمة UPnPHost ومن تثبيت مكون UPnPHost لـ Windows بشكلٍ صحيح.

Error: (11/29/2017 12:02:55 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: ‏‏تم الوصول إلى نهاية المهلة (30000 مللي ثانية) أثناء انتظار استجابة معاملة من الخدمة Browser.

Error: (11/29/2017 12:01:50 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ‏‏فشل تحميل برنامج التشغيل التالي الخاص ببدء تشغيل النظام أو تمهيد للتشغيل:
VBoxNetAdp

Error: (11/29/2017 12:01:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: ‏‏فشل بدء تشغيل الخدمة memudrv بسبب الخطأ التالي:
‏‏يتعذر على النظام العثور على المسار المحدد.

Error: (11/29/2017 12:01:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: ‏‏فشل بدء تشغيل الخدمة Intel AGP Bus Filter بسبب الخطأ التالي:
‏‏يتعذر بدء تشغيل الخدمة، إما لكونها معطلة أو لعدم وجود أي أجهزة ممكّنة مرفقة بها.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz
Percentage of memory in use: 71%
Total physical RAM: 1014.49 MB
Available physical RAM: 293.22 MB
Total Virtual: 2632.35 MB
Available Virtual: 1004.55 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:78.13 GB) (Free:15 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:78.13 GB) (Free:77.98 GB) NTFS
Drive e: () (Fixed) (Total:78.13 GB) (Free:72.08 GB) NTFS
Drive f: () (Fixed) (Total:231.37 GB) (Free:227.05 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 18931892)
Partition 1: (Active) - (Size=78.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=387.6 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================

Publicité


Signaler le contenu de ce document

Publicité