Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-12-2015 Ran by MOHAMED (administrator) on MOHAMED-PC (02-12-2015 15:57:24) Running from C:\Users\MOHAMED\Desktop Loaded Profiles: MOHAMED (Available Profiles: MOHAMED) Platform: Microsoft Windows 7 Édition Starter (X86) Language: Français (France) Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avgnt.exe (© 2015 Microsoft Corporation) C:\Users\MOHAMED\AppData\Local\Microsoft\BingSvc\BingSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avshadow.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Microsoft Corporation) C:\Windows\System32\mmc.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation) HKLM\...\Run: [avgnt] => C:\Program Files\Avira\Antivirus\avgnt.exe [788176 2015-10-28] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-11-03] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-3701903417-2408125319-1798861659-1000\...\Run: [BingSvc] => C:\Users\MOHAMED\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-29] (© 2015 Microsoft Corporation) HKU\S-1-5-21-3701903417-2408125319-1798861659-1000\...\MountPoints2: {0b5fe1ff-6dc8-11e5-9277-3cd92b242aaa} - G:\InstallerUniversalis2012.exe HKU\S-1-5-21-3701903417-2408125319-1798861659-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [878592 2009-07-14] (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{7BDC559C-2EFA-4228-AF69-1EAF97E826EE}: [DhcpNameServer] 192.168.2.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q= HKU\S-1-5-21-3701903417-2408125319-1798861659-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SL5M&ocid=SL5MDHP&osmkt=fr-fr HKU\S-1-5-21-3701903417-2408125319-1798861659-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q= HKU\S-1-5-21-3701903417-2408125319-1798861659-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q= HKU\S-1-5-21-3701903417-2408125319-1798861659-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://search.avira.net/#web/result?source=art&q= SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3701903417-2408125319-1798861659-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3701903417-2408125319-1798861659-1000 -> {D9771667-EC10-41E9-AA9E-D692111367CC} URL = hxxp://www.bing.com/search?FORM=SL5MDF&PC=SL5M&q={searchTerms}&src=IE-SearchBox BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation) Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\MOHAMED\AppData\Roaming\Mozilla\Firefox\Profiles\q946ll2b.default FF SearchEngineOrder.3: Bing FF SelectedSearchEngine: Bing FF Homepage: hxxp://www.msn.com/?pc=SL5M&ocid=SL5MDHP&osmkt=fr-fr FF Keyword.URL: hxxp://www.bing.com/search?FORM=SL5MDF&PC=SL5M&q= FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPSWF32.dll [2006-01-02] () FF SearchPlugin: C:\Users\MOHAMED\AppData\Roaming\Mozilla\Firefox\Profiles\q946ll2b.default\searchplugins\bing-.xml [2015-11-28] FF Extension: EPUBReader - C:\Users\MOHAMED\AppData\Roaming\Mozilla\Firefox\Profiles\q946ll2b.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2015-10-26] FF Extension: RADIO PLAYER - C:\Users\MOHAMED\AppData\Roaming\Mozilla\Firefox\Profiles\q946ll2b.default\extensions\radio@radioplayer.fr.xpi [2015-11-14] FF Extension: Avira Browser Safety - C:\Users\MOHAMED\AppData\Roaming\Mozilla\Firefox\Profiles\q946ll2b.default\Extensions\abs@avira.com [2015-11-21] [not signed] FF Extension: Bing Search - C:\Users\MOHAMED\AppData\Roaming\Mozilla\Firefox\Profiles\q946ll2b.default\Extensions\bingsearch.full@microsoft.com.xpi [2015-11-28] FF Extension: mp3it - C:\Users\MOHAMED\AppData\Roaming\Mozilla\Firefox\Profiles\q946ll2b.default\Extensions\info@mp3it.eu.xpi [2015-10-12] FF Extension: Discover Treasure - C:\Users\MOHAMED\AppData\Roaming\Mozilla\Firefox\Profiles\q946ll2b.default\Extensions\{f2946686-f9e9-480e-a42e-fa7351bd720c}.xpi [2015-11-21] [not signed] FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\!7A8D88F6C2113928B54F491A53369C4A7A8D.js [2015-11-21] Chrome: ======= CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirMailService; C:\Program Files\Avira\Antivirus\avmailc7.exe [936544 2015-10-28] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files\Avira\Antivirus\sched.exe [466408 2015-10-28] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\Antivirus\avguard.exe [466408 2015-10-28] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files\Avira\Antivirus\avwebg7.exe [1105952 2015-10-28] (Avira Operations GmbH & Co. KG) R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [250136 2015-11-03] (Avira Operations GmbH & Co. KG) R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [24888 2015-07-26] (Hewlett-Packard Company) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108448 2015-10-28] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136728 2015-10-28] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37896 2015-10-28] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [55912 2015-10-28] (Avira Operations GmbH & Co. KG) R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2014-12-20] (Elaborate Bytes AG) R3 RTL8192Ce; C:\Windows\System32\DRIVERS\rtl8192Ce.sys [1035368 2011-04-22] (Realtek Semiconductor Corporation ) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [31848 2015-10-28] (Avira Operations GmbH & Co. KG) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-12-02 15:57 - 2015-12-02 15:58 - 00010318 _____ C:\Users\MOHAMED\Desktop\FRST.txt 2015-12-02 15:56 - 2015-12-02 15:57 - 00000000 ____D C:\FRST 2015-12-02 15:56 - 2015-12-02 15:55 - 01721344 _____ (Farbar) C:\Users\MOHAMED\Desktop\FRST.exe 2015-12-02 15:55 - 2015-12-02 15:55 - 01721344 _____ (Farbar) C:\Users\MOHAMED\Downloads\FRST.exe 2015-12-02 11:13 - 2015-12-02 11:13 - 00001216 _____ C:\Users\MOHAMED\Desktop\ZHPFixReport.txt 2015-12-02 11:10 - 2015-12-02 11:10 - 00001799 _____ C:\Users\Public\Desktop\ZHPFix.lnk 2015-12-02 11:10 - 2015-12-02 11:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP 2015-12-02 00:00 - 2015-12-02 11:21 - 00059890 _____ C:\Users\MOHAMED\Desktop\ZHPDiag.txt 2015-12-01 23:54 - 2015-12-02 11:15 - 00000824 _____ C:\Users\MOHAMED\Desktop\ZHPDiag.lnk 2015-12-01 23:52 - 2015-12-01 23:52 - 00001849 _____ C:\Users\MOHAMED\Desktop\ZHPCleaner.txt 2015-12-01 23:14 - 2015-11-28 21:52 - 01977856 _____ C:\Users\MOHAMED\Desktop\ZHPDiag3.exe 2015-12-01 23:11 - 2015-12-02 11:17 - 00000000 ____D C:\Users\MOHAMED\AppData\Roaming\ZHP 2015-12-01 23:11 - 2015-12-01 23:11 - 00000834 _____ C:\Users\MOHAMED\Desktop\ZHPCleaner.lnk 2015-12-01 22:56 - 2015-12-01 22:56 - 00075434 _____ C:\Users\MOHAMED\Desktop\Pierre Bourdieu, Ce que parler veut dire. L'économie des échanges linguistiques. - Persée.htm 2015-12-01 22:56 - 2015-12-01 22:56 - 00000000 ____D C:\Users\MOHAMED\Desktop\Pierre Bourdieu, Ce que parler veut dire. L'économie des échanges linguistiques. - Persée_fichiers 2015-12-01 22:54 - 2015-12-01 22:54 - 00068992 _____ C:\Users\MOHAMED\Desktop\À propos de ce que parler veut dire.htm 2015-12-01 22:54 - 2015-12-01 22:54 - 00000000 ____D C:\Users\MOHAMED\Desktop\À propos de ce que parler veut dire_fichiers 2015-12-01 22:52 - 2015-12-01 22:53 - 00023411 _____ C:\Users\MOHAMED\Desktop\Les échanges linguistiques, 'Ce que parler veut dire'.htm 2015-12-01 22:52 - 2015-12-01 22:52 - 00000000 ____D C:\Users\MOHAMED\Desktop\Les échanges linguistiques, 'Ce que parler veut dire'_fichiers 2015-12-01 14:50 - 2015-12-01 14:50 - 00092710 _____ C:\Users\MOHAMED\Desktop\Esprit critique - Revue internationale de sociologie et de sciences sociales.htm 2015-12-01 14:50 - 2015-12-01 14:50 - 00000000 ____D C:\Users\MOHAMED\Desktop\Esprit critique - Revue internationale de sociologie et de sciences sociales_fichiers 2015-12-01 14:49 - 2015-12-01 14:50 - 00439332 ____H C:\Users\MOHAMED\Desktop\dictionnaire.GID 2015-12-01 14:47 - 2015-12-01 14:47 - 00086703 _____ C:\Users\MOHAMED\Desktop\Politique linguistique, politique scolaire  la situation du Maroc - Cairn.info.htm 2015-12-01 14:45 - 2015-12-01 14:47 - 00000000 ____D C:\Users\MOHAMED\Desktop\Politique linguistique, politique scolaire  la situation du Maroc - Cairn.info_fichiers 2015-11-30 16:04 - 2015-11-30 16:05 - 00044748 _____ C:\Users\MOHAMED\Downloads\séquences 4-5-6.zip 2015-11-29 21:47 - 2015-11-29 21:47 - 02754255 _____ C:\Users\MOHAMED\Downloads\000303_PartieVIII.pdf 2015-11-29 21:28 - 2015-11-29 21:28 - 00091590 _____ C:\Users\MOHAMED\Downloads\Approche_sur_la_politique_linguistique_a.pdf 2015-11-29 20:35 - 2015-11-30 11:53 - 00000000 ____D C:\Users\MOHAMED\Desktop\NOTES 2015-11-29 17:36 - 2015-11-29 17:36 - 00358378 _____ C:\Users\MOHAMED\Downloads\License-W7+.exe 2015-11-29 17:22 - 2015-11-29 17:22 - 80249168 _____ C:\Users\MOHAMED\Downloads\malwarebyte(1).rar 2015-11-29 16:56 - 2015-11-29 16:57 - 03521617 _____ (Nicolas Coolman ) C:\Users\MOHAMED\Downloads\ZHPFix(1).exe 2015-11-29 16:46 - 2015-12-02 11:10 - 00000000 ____D C:\Program Files\ZHPFix 2015-11-29 16:43 - 2015-11-29 16:43 - 03521617 _____ (Nicolas Coolman ) C:\Users\MOHAMED\Desktop\ZHPFix.exe 2015-11-29 15:49 - 2015-11-29 15:49 - 01903104 _____ C:\Users\MOHAMED\Downloads\ZHPCleaner.exe 2015-11-28 22:31 - 2015-11-28 22:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-11-28 22:31 - 2015-11-28 22:31 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-11-28 22:29 - 2015-11-28 22:29 - 07018720 _____ (Microsoft Corporation) C:\Users\MOHAMED\Downloads\Silverlight.exe 2015-11-28 21:51 - 2015-11-28 21:52 - 01977856 _____ C:\Users\MOHAMED\Downloads\ZHPDiag3.exe 2015-11-26 14:25 - 2015-11-13 05:48 - 00657334 _____ C:\Users\MOHAMED\Desktop\LL23_139_142.pdf 2015-11-25 23:04 - 2015-11-25 23:04 - 01306147 _____ C:\Users\MOHAMED\Downloads\42-3.pdf 2015-11-24 10:03 - 2015-11-24 10:04 - 01733632 _____ C:\Users\MOHAMED\Downloads\adwcleaner_5.022.exe 2015-11-21 23:53 - 2015-11-21 23:53 - 00000098 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat 2015-11-21 23:34 - 2015-11-21 23:35 - 23671486 _____ C:\Users\MOHAMED\Downloads\Encyclopaedia.Universalis.NO-DVD.edition.2012_CRKEXE-FFF.rar 2015-11-21 22:56 - 2015-11-21 22:56 - 00249992 _____ C:\Users\MOHAMED\Downloads\LangCog2-print.pdf 2015-11-21 08:11 - 2010-04-02 02:05 - 37346150 _____ C:\Users\MOHAMED\Desktop\Le Bon Usage - grammaire française.djvu 2015-11-21 08:08 - 2015-11-21 08:10 - 37345957 _____ C:\Users\MOHAMED\Downloads\Le Bon Usage - gr fr .rar 2015-11-21 08:05 - 2015-11-21 08:05 - 00000000 ____D C:\Users\MOHAMED\AppData\Roaming\Avira 2015-11-21 07:50 - 2015-11-21 07:54 - 69144917 _____ C:\Users\MOHAMED\Desktop\Grammaire-Methodique-du-Francais.pdf 2015-11-21 07:42 - 2015-10-28 18:21 - 00136728 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2015-11-21 07:42 - 2015-10-28 18:21 - 00108448 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2015-11-21 07:42 - 2015-10-28 18:21 - 00055912 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2015-11-21 07:42 - 2015-10-28 18:21 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2015-11-21 07:42 - 2015-10-28 18:21 - 00031848 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\ssmdrv.sys 2015-11-21 07:33 - 2015-11-29 20:37 - 00000000 ____D C:\Users\MOHAMED\Desktop\sclgst 2015-11-21 07:26 - 2015-11-26 07:03 - 00001136 _____ C:\Users\Public\Desktop\Avira Launcher.lnk 2015-11-21 07:26 - 2015-11-21 07:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-11-21 07:26 - 2015-11-21 07:41 - 00000000 ____D C:\ProgramData\Avira 2015-11-21 07:26 - 2015-11-21 07:41 - 00000000 ____D C:\Program Files\Avira 2015-11-21 07:26 - 2015-11-21 07:26 - 00000000 ____D C:\ProgramData\Package Cache 2015-11-21 07:17 - 2015-11-21 07:17 - 04584344 _____ (Avira Operations GmbH & Co. KG) C:\Users\MOHAMED\Downloads\avira_en_av_4446297808__ws.exe 2015-11-21 07:09 - 2015-11-28 22:35 - 00000000 ____D C:\AdwCleaner 2015-11-21 07:00 - 2015-11-21 07:01 - 01732096 _____ C:\Users\MOHAMED\Downloads\adwcleaner_5.021.exe 2015-11-21 06:48 - 2015-11-21 06:48 - 00007605 _____ C:\Users\MOHAMED\AppData\Local\Resmon.ResmonCfg 2015-11-21 06:15 - 2015-11-21 06:15 - 00000000 ____D C:\ProgramData\Loaris 2015-11-20 12:03 - 2015-11-20 12:03 - 00000000 ___SD C:\Windows\system32\CompatTel 2015-11-20 12:03 - 2015-11-20 12:03 - 00000000 ____D C:\Windows\system32\appraiser 2015-11-20 11:32 - 2015-11-20 11:33 - 01472475 _____ C:\Users\MOHAMED\Downloads\module1_1.pdf 2015-11-20 10:54 - 2015-11-20 10:54 - 01394981 _____ C:\Users\MOHAMED\Downloads\mots_0243-6450_1997_num_52_1_2467.pdf 2015-11-20 10:44 - 2015-09-18 16:32 - 00023384 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2015-11-20 10:44 - 2015-09-18 16:30 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-11-20 10:44 - 2015-09-18 16:30 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-11-20 10:44 - 2015-09-18 16:30 - 00587776 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-11-20 10:44 - 2015-09-18 16:30 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-11-20 10:44 - 2015-09-18 16:30 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-11-20 10:44 - 2015-09-18 16:25 - 00999936 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-11-20 10:44 - 2015-05-21 13:18 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-11-20 10:44 - 2015-03-19 02:57 - 03963320 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2015-11-20 10:44 - 2015-03-19 02:57 - 03908024 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-11-20 10:44 - 2015-01-27 23:28 - 01167520 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2015-11-20 10:44 - 2014-09-15 00:42 - 02377216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-11-20 10:44 - 2013-03-19 04:54 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-11-20 10:44 - 2013-03-19 02:50 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-11-20 10:44 - 2010-12-18 05:29 - 00541184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-11-20 10:38 - 2015-06-23 12:27 - 00246952 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-11-20 10:37 - 2015-11-20 10:37 - 00000000 ____D C:\Users\Public\Foxit Software 2015-11-20 10:35 - 2015-11-26 07:03 - 00002089 _____ C:\Users\Public\Desktop\Foxit Reader.lnk 2015-11-20 10:35 - 2015-11-20 10:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader 2015-11-20 10:17 - 2012-06-02 22:19 - 01933848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-11-20 10:17 - 2012-06-02 22:19 - 00053784 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-11-20 10:17 - 2012-06-02 22:19 - 00045080 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-11-20 10:17 - 2012-06-02 22:12 - 02422272 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-11-20 10:16 - 2012-06-02 22:19 - 00577048 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-11-20 10:16 - 2012-06-02 22:19 - 00035864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-11-20 10:16 - 2012-06-02 22:12 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-11-20 10:16 - 2012-06-02 15:19 - 00171904 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-11-20 10:16 - 2012-06-02 15:12 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-11-19 19:53 - 2015-11-26 07:03 - 00002611 _____ C:\Users\Public\Desktop\MEDIADICO pour votre PC.lnk 2015-11-19 19:53 - 2015-11-19 19:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LAventure 2015-11-19 19:53 - 2015-11-19 19:53 - 00000000 ____D C:\Program Files\LAventure 2015-11-19 19:51 - 2015-11-19 19:51 - 01159168 _____ C:\Users\MOHAMED\Downloads\dictionnaire mediadico.msi 2015-11-19 12:03 - 2015-11-19 12:03 - 00069873 _____ C:\Users\MOHAMED\Downloads\Sociolang.pdf 2015-11-18 11:41 - 2015-11-18 11:42 - 04935350 _____ C:\Users\MOHAMED\Downloads\eset_ess_8_userguide_fra(1).pdf 2015-11-18 11:41 - 2015-11-18 11:41 - 04935350 _____ C:\Users\MOHAMED\Downloads\eset_ess_8_userguide_fra.pdf 2015-11-17 10:25 - 2015-11-17 10:26 - 00139373 _____ C:\Users\MOHAMED\Downloads\praxematique-3063-28-henri-boyer-ed-sociolinguistique-territoire-et-objets.pdf 2015-11-12 10:40 - 2015-11-12 10:40 - 00127296 _____ C:\Users\MOHAMED\Downloads\Dialnet-SociolonguistiquePolitiqueLinguistiqueEtFonctionna-4411584.pdf 2015-11-12 10:34 - 2015-11-12 10:34 - 00677195 _____ C:\Users\MOHAMED\Downloads\2003-Diglossies_en_question_Cahiers_.pdf 2015-11-12 10:29 - 2015-11-12 10:29 - 00275284 _____ C:\Users\MOHAMED\Downloads\Variation_linguistique....pdf 2015-11-12 01:45 - 2015-11-12 01:46 - 75032577 _____ C:\Users\MOHAMED\Downloads\__rar_0.568 2015-11-12 01:26 - 2015-11-12 01:26 - 80249168 _____ C:\Users\MOHAMED\Downloads\malwarebyte.rar 2015-11-12 00:38 - 2015-11-29 17:42 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-11-12 00:36 - 2015-11-29 17:43 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware 2015-11-12 00:36 - 2015-11-26 07:03 - 00001058 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-11-12 00:36 - 2015-11-12 00:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-11-12 00:36 - 2015-11-12 00:36 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-11-12 00:36 - 2015-10-05 09:50 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-11-12 00:36 - 2015-10-05 09:50 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-11-12 00:36 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2015-11-12 00:31 - 2015-11-12 00:35 - 22908888 _____ (Malwarebytes ) C:\Users\MOHAMED\Downloads\mbam-setup-techspot.31794-2.2.0.1024.exe 2015-11-11 20:33 - 2015-11-21 23:52 - 00000000 ____D C:\Program Files\Mozilla Firefox 2015-11-11 17:10 - 2015-11-12 12:53 - 00000004 _____ C:\Windows\system32\029B560A371F4E00AB32838EBC01B9E7 2015-11-11 17:09 - 2015-11-11 17:09 - 00000000 ____D C:\Users\MOHAMED\AppData\Local\Opera Software 2015-11-11 17:08 - 2015-11-11 17:08 - 00000000 ____D C:\Users\MOHAMED\AppData\Roaming\Opera Software 2015-11-11 17:05 - 2015-11-21 08:16 - 00000000 ____D C:\Program Files\Opera 2015-11-11 17:05 - 2015-11-18 11:48 - 00000000 ____D C:\Program Files\Common Files\Warmlax 2015-11-11 17:04 - 2015-11-11 17:04 - 00000187 _____ C:\Users\MOHAMED\AppData\Local\Doublebase.exe.config 2015-11-05 06:15 - 2015-11-05 06:55 - 00000000 ____D C:\Users\MOHAMED\Desktop\séquence 4 2015-11-05 06:12 - 2015-11-05 06:12 - 00942435 _____ C:\Users\MOHAMED\Downloads\nouvel-espace.rar 2015-11-04 11:18 - 2015-11-04 11:18 - 00000000 ____D C:\Users\MOHAMED\AppData\Local\ElevatedDiagnostics 2015-11-03 15:15 - 2015-11-03 15:15 - 00000000 ____D C:\Users\MOHAMED\Desktop\sociolinguistique 2015-11-03 15:15 - 2015-11-03 15:15 - 00000000 ____D C:\Users\MOHAMED\Desktop\petite poucette 2015-11-02 16:54 - 2015-11-02 16:54 - 00000000 ____D C:\Program Files\Hewlett-Packard 2015-11-02 16:46 - 2015-11-02 16:48 - 03774136 _____ (Oleg N. Scherbakov) C:\Users\MOHAMED\Downloads\HPSupportSolutionsFramework-12.0.30.81.exe 2015-11-02 16:40 - 2015-11-04 11:12 - 00000000 ____D C:\Program Files\Driver Downloader 2015-11-02 16:11 - 2015-11-02 16:11 - 00040492 _____ C:\Users\MOHAMED\Downloads\Module_1.pdf 2015-11-02 15:47 - 2015-11-02 15:47 - 00085471 _____ C:\Users\MOHAMED\Downloads\PSP1125-Partie4bis.pdf ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-12-02 15:58 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\inf 2015-12-02 15:56 - 2009-07-14 02:37 - 00000000 ____D C:\Windows 2015-12-02 15:48 - 2009-07-14 04:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-12-02 11:42 - 2009-07-14 04:34 - 00014400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-12-02 11:42 - 2009-07-14 04:34 - 00014400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-11-30 15:42 - 2015-10-01 06:56 - 00704480 _____ C:\Windows\system32\perfh00C.dat 2015-11-30 15:42 - 2015-10-01 06:56 - 00130754 _____ C:\Windows\system32\perfc00C.dat 2015-11-30 15:42 - 2015-10-01 04:06 - 01549700 _____ C:\Windows\system32\PerfStringBackup.INI 2015-11-26 14:00 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\system32\NDF 2015-11-26 07:04 - 2015-10-01 04:00 - 00001393 _____ C:\Users\MOHAMED\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-11-26 07:04 - 2015-09-30 22:15 - 00001109 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-11-26 07:04 - 2009-07-14 04:46 - 00001479 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2015-11-26 07:04 - 2009-07-14 04:42 - 00001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk 2015-11-26 07:04 - 2009-07-14 04:42 - 00001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk 2015-11-26 07:04 - 2009-07-14 04:42 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk 2015-11-26 07:04 - 2009-07-14 04:42 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk 2015-11-26 07:03 - 2015-10-25 23:57 - 00001162 _____ C:\Users\Public\Desktop\LG PC Suite.lnk 2015-11-26 07:03 - 2015-10-08 14:32 - 00001124 _____ C:\Users\Public\Desktop\Le Petit Robert 2014.lnk 2015-11-26 07:03 - 2015-10-08 14:21 - 00001206 _____ C:\Users\Public\Desktop\Virtual CloneDrive.lnk 2015-11-26 07:03 - 2015-10-01 14:24 - 00000963 _____ C:\Users\Public\Desktop\CCleaner.lnk 2015-11-26 07:03 - 2015-09-30 22:15 - 00001103 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-11-26 07:03 - 2009-07-14 04:46 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk 2015-11-26 07:03 - 2009-07-14 04:37 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk 2015-11-26 07:02 - 2015-10-08 21:10 - 00001425 _____ C:\Users\MOHAMED\Desktop\Encyclopaedia Universalis 2012.lnk 2015-11-26 07:02 - 2015-10-01 14:30 - 00000999 _____ C:\Users\MOHAMED\Desktop\Le Grand Robert.lnk 2015-11-26 07:02 - 2015-09-30 22:56 - 00000458 _____ C:\Users\MOHAMED\Desktop\Local Disk (D) - Shortcut.lnk 2015-11-25 22:35 - 2009-07-14 04:53 - 00032548 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-11-22 00:04 - 2015-10-08 21:25 - 00000000 ____D C:\Users\MOHAMED\.Universalis 2015-11-22 00:02 - 2015-10-08 21:25 - 00000000 ____D C:\Users\MOHAMED\.JxBrowser 2015-11-21 06:19 - 2009-07-14 04:52 - 00000000 ____D C:\Windows\Performance 2015-11-21 05:50 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\AppCompat 2015-11-20 23:07 - 2009-07-14 04:33 - 00449472 _____ C:\Windows\system32\FNTCACHE.DAT 2015-11-13 05:47 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\ModemLogs 2015-11-12 10:14 - 2015-09-30 22:15 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2015-11-03 12:43 - 2015-09-30 21:50 - 00120976 _____ C:\Users\MOHAMED\AppData\Local\GDIPFONTCACHEV1.DAT ==================== Files in the root of some directories ======= 2015-11-11 17:04 - 2015-11-11 17:04 - 0000187 _____ () C:\Users\MOHAMED\AppData\Local\Doublebase.exe.config 2015-11-21 06:48 - 2015-11-21 06:48 - 0007605 _____ () C:\Users\MOHAMED\AppData\Local\Resmon.ResmonCfg 2015-11-21 23:53 - 2015-11-21 23:53 - 0000098 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat Files to move or delete: ==================== C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat Some files in TEMP: ==================== C:\Users\MOHAMED\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed