Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD and STOP:c0000135 file %hs Error. Please help !! No boot !!


  • This topic is locked This topic is locked
11 replies to this topic

#1 feyd_be

feyd_be

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 10 February 2013 - 05:24 AM

Hello everybody...

 

I'm running DELL laptop Studio 1747. i7,4Go,2x320Go, win7home

 

and lots of thanks in advance... !!!     So :

 

I just made an update of McAfee, and then, no way to boot anymore : allways the BSOD and STOP:c0000135 file %hs Error.

 

F8 : all possibilities lead to the same BSOD and STOP:c0000135 file %hs Error

Means : NO safe mode available etc...

 

PS : since almost 1 year, I couldn't have access to McAfee updates anymore. I thought this was happening because I created, and used, many new users(windows session's profiles) after the 1st McAfee instalation , and I (still) think that I couldnt update because I was logged within another user than the installer's user. (maybe I'm totally wrong...)

And I think I made the update while triing to enter back an old user, in order to bypass this (fantasy in my brain...maybe) limitation. In the end : I dont have my CPU anymore...

 

could someone help me ? Please ?

 

 

Here is the Farbar scan result :

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-02-2013
Ran by Système at 09-02-2013 04:53:42
Running from G:\
Windows 7 Home Premium   (X64) OS Language: French Standard
The current controlset is ControlSet001


 

==================== Registry (Whitelisted) ===================


 

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1812776 2009-06-25] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [450048 2009-07-15] (IDT, Inc.)
HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-16] (Dell Inc.)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x]
HKLM\...\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-08-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m [1807680 2010-02-09] ()
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [x]
HKLM-x32\...\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [205336 2011-08-12] (Logitech Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-24] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [41208 2012-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2012-11-13] ()
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1263512 2012-11-29] ()
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" [542104 2012-12-11] (Lavasoft)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1535112 2012-09-12] (McAfee, Inc.)
HKU\help\...\Run: [Google Update] "C:\Users\help\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-09-15] (Google Inc.)
HKU\Invité\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-24] (Apple Inc.)
HKU\Invité\...\Run: [tsmon.exe] C:\Program Files (x86)\PhTtlSpSPh Manager\tsmon.exe [909824 2012-09-15] ()
HKU\le nouvo 23 05 2011\...\Run: [Google Update] "C:\Users\le nouvo 23 05 2011\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-06-19] (Google Inc.)
HKU\le nouvo 23 05 2011\...\Run: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode [5915480 2010-10-29] (Logitech Inc.)
HKU\le nouvo 23 05 2011\...\Run: [DriverScanner] "C:\Program Files (x86)\Uniblue\DriverScanner\launcher.exe" delay 20000  [x]
HKU\le nouvo 23 05 2011\...\Run: [tsmon.exe] C:\Program Files (x86)\TSS Manager\tsmon.exe [909824 2012-09-15] ()
HKU\le nouvo 23 05 2011\...\Run: [vlzmujxfuufbsch] C:\ProgramData\vlzmujxf.exe [x]
HKU\le nouvo 23 05 2011\...\Run: [freeklogger.exe] C:\Program Files (x86)\KLGR 1209 nstl FK_Monitor\freeklogger.exe [794624 2011-10-12] ()
HKU\nono\...\Run: []  [x]
HKU\nono\...\Run: [GBMLite8AgentLaCie] C:\Program Files (x86)\LaCie\Genie Backup Assistant\GBMAgent.exe [189056 2008-09-18] (Genie-soft)
HKU\nono\...\Run: [Google Update] "C:\Users\nono\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-10-11] (Google Inc.)
HKU\nono\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [9728 2009-07-13] (Microsoft Corporation)
HKU\nono\...\Run: [kqAIrvwyxLeS] C:\ProgramData\kqAIrvwyxLeS.exe [x]
HKU\nono\...\Policies\system: [DisableTaskMgr] 1
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
SubSystems: [Windows] ATTENTION! ====> ZeroAccess
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\MOTU Pedal Service.lnk
ShortcutTarget: MOTU Pedal Service.lnk -> C:\Program Files (x86)\MOTU\Audio\MFWAKeys.exe ()
Startup: C:\Users\All Users\Start Menu\Programs\Startup\SetPoint.lnk
ShortcutTarget: SetPoint.lnk -> C:\Program Files\SetPoint\SetPoint.exe (Logitech, Inc.)


 

==================== Services (Whitelisted) ===================


 

2 0182511360373899mcinstcleanup; C:\Users\201302~1\AppData\Local\Temp\018251~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [1705 2013-02-08] ()
3 Adobe LM Service; "C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" [72704 2011-12-23] (Adobe Systems)
2 hasplms; C:\Windows\system32\hasplms.exe  -run [4941768 2012-06-27] (SafeNet Inc.)
4 ipMonitorRpt; "C:\Program Files (x86)\SolarWinds\ipMonitor\ipmrptsrv.exe" [446464 2009-11-04] (SolarWinds)
4 ipMonitorSrv; "C:\Program Files (x86)\SolarWinds\ipMonitor\ipmservice.exe" [2576384 2009-11-04] (SolarWinds)
2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe" [235216 2013-02-05] (McAfee, Inc.)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [383608 2012-11-16] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [241016 2012-12-26] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [218320 2012-12-26] (McAfee, Inc.)
2 mfevtp; "C:\Windows\system32\mfevtps.exe" [182312 2012-12-26] (McAfee, Inc.)
2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
2 RetroLauncher; "C:\Program Files (x86)\Retrospect\Retrospect 7.5\retrorun.exe" [95776 2007-01-24] (EMC Corporation)
3 SolarWinds Discovery Service; "C:\Program Files (x86)\SolarWinds\ipMonitor\SWDiscoveryEngine12.exe" [122880 2008-02-09] (SolarWinds)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_fd9b60625db011f9\STacSV64.exe [240128 2009-07-15] (IDT, Inc.)
4 rpcapd; "C:\Program Files (x86)\WinPcap\rpcapd.exe" -d -f "C:\Program Files (x86)\WinPcap\rpcapd.ini" [x]


 

==================== Drivers (Whitelisted) =====================


 

3 61883; C:\Windows\System32\Drivers\61883.sys [60288 2009-07-13] (Microsoft Corporation)
3 akshhl; C:\Windows\System32\Drivers\akshhl.sys [57088 2011-08-25] (SafeNet Inc.)
3 aksusb; C:\Windows\System32\Drivers\aksusb.sys [296576 2012-06-06] (SafeNet Inc.)
3 BEHRINGER_PT_MIDI; C:\Windows\System32\drivers\bhrngr_m.sys [43584 2009-12-15] (Ploytec GmbH)
3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [69672 2012-12-26] (McAfee, Inc.)
2 cpuz133; \??\C:\Windows\system32\drivers\cpuz133_x64.sys [20968 2010-05-11] (Windows ® Win 7 DDK provider)
0 gfibto; C:\Windows\System32\Drivers\gfibto.sys [14456 2013-01-30] (GFI Software)
2 hardlock; C:\Windows\System32\Drivers\hardlock.sys [321536 2011-09-28] (SafeNet Inc.)
3 HipShieldK; C:\Windows\System32\Drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
3 LVPr2M64; C:\Windows\System32\Drivers\LVPr2M64.sys [30304 2010-05-07] ()
3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [178840 2012-12-26] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [309400 2012-12-26] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [515528 2012-12-26] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [771096 2012-12-26] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [106112 2012-12-26] (McAfee, Inc.)
0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [339776 2012-12-26] (McAfee, Inc.)
3 MFWAMIDI64; C:\Windows\System32\Drivers\MFWAMIDI64.sys [33392 2010-09-20] (Mark of the Unicorn)
3 MFWAWAVE64; C:\Windows\System32\Drivers\MFWAWAVE64.sys [83568 2010-09-20] (Mark of the Unicorn)
3 motubus; C:\Windows\System32\drivers\MotuBus64.sys [29808 2010-09-20] (Mark of the Unicorn)
3 MotuFWA64; C:\Windows\System32\Drivers\MotuFWA64.sys [590960 2010-09-20] (Mark of the Unicorn)
2 NPF; C:\Windows\System32\Drivers\NPF.sys [35344 2010-06-25] (CACE Technologies, Inc.)
3 OXSDIDRV_x64; C:\Windows\System32\Drivers\OXSDIDRV_x64.sys [51760 2009-09-28] ()
3 cpuz132; \??\C:\Users\nono\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [x]
3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]
3 mfeapfk01;  [x]
3 mfeavfk01;  [x]
3 mfehidk01;  [x]
3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x]


 

==================== NetSvcs (Whitelisted) ====================


 


==================== One Month Created Files and Folders ========


 

2013-02-09 04:53 - 2013-02-09 04:53 - 00000000 ____D C:\FRST
2013-02-08 19:56 - 2013-02-08 19:56 - 00262144 ____A C:\Windows\System32\config\ELAM
2013-02-08 19:54 - 2013-02-08 19:54 - 00001906 ____A C:\Users\Public\Desktop\McAfee Security Center.lnk
2013-02-08 19:54 - 2013-02-08 19:54 - 00001906 ____A C:\Users\All Users\Desktop\McAfee Security Center.lnk
2013-02-08 19:53 - 2012-04-20 09:40 - 00196440 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\HipShieldK.sys
2013-02-08 19:51 - 2012-12-26 02:55 - 00069672 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\cfwids.sys
2013-02-08 19:51 - 2012-12-26 02:51 - 00106112 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mferkdet.sys
2013-02-08 19:51 - 2012-12-26 02:51 - 00010288 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfeclnk.sys
2013-02-08 19:51 - 2012-12-26 02:49 - 00515528 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfefirek.sys
2013-02-08 19:51 - 2012-12-26 02:49 - 00309400 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfeavfk.sys
2013-02-08 19:48 - 2013-02-09 03:16 - 00000000 ____D C:\Users\2013 02 05\Application Data\vlc
2013-02-08 19:48 - 2013-02-09 03:16 - 00000000 ____D C:\Users\2013 02 05\AppData\Roaming\vlc
2013-02-08 19:47 - 2013-02-08 19:47 - 00002008 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-02-08 19:47 - 2013-02-08 19:47 - 00002008 ____A C:\Users\All Users\Desktop\McAfee Security Scan Plus.lnk
2013-02-08 19:43 - 2012-12-26 02:52 - 00182312 ____A (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
2013-02-08 19:31 - 2013-02-08 19:31 - 04876456 ____A (McAfee, Inc.) C:\Users\2013 02 05\Downloads\McAfeeSetup.exe
2013-02-08 19:29 - 2013-02-08 19:29 - 00000000 ____D C:\Users\2013 02 05\Local Settings\Mozilla
2013-02-08 19:29 - 2013-02-08 19:29 - 00000000 ____D C:\Users\2013 02 05\Local Settings\Macromedia
2013-02-08 19:29 - 2013-02-08 19:29 - 00000000 ____D C:\Users\2013 02 05\Local Settings\Application Data\Mozilla
2013-02-08 19:29 - 2013-02-08 19:29 - 00000000 ____D C:\Users\2013 02 05\Local Settings\Application Data\Macromedia
2013-02-08 19:29 - 2013-02-08 19:29 - 00000000 ____D C:\Users\2013 02 05\Application Data\Mozilla
2013-02-08 19:29 - 2013-02-08 19:29 - 00000000 ____D C:\Users\2013 02 05\AppData\Roaming\Mozilla
2013-02-08 19:29 - 2013-02-08 19:29 - 00000000 ____D C:\Users\2013 02 05\AppData\Local\Mozilla
2013-02-08 19:29 - 2013-02-08 19:29 - 00000000 ____D C:\Users\2013 02 05\AppData\Local\Macromedia
2013-02-08 19:25 - 2013-02-08 19:25 - 00000000 ____D C:\Users\2013 02 05\Local Settings\Google
2013-02-08 19:25 - 2013-02-08 19:25 - 00000000 ____D C:\Users\2013 02 05\Local Settings\Application Data\Google
2013-02-08 19:25 - 2013-02-08 19:25 - 00000000 ____D C:\Users\2013 02 05\AppData\Local\Google
2013-02-08 19:24 - 2013-02-08 19:24 - 00000000 ____D C:\Users\2013 02 05\Local Settings\Logitech® Webcam Software
2013-02-08 19:24 - 2013-02-08 19:24 - 00000000 ____D C:\Users\2013 02 05\Local Settings\Application Data\Logitech® Webcam Software
2013-02-08 19:24 - 2013-02-08 19:24 - 00000000 ____D C:\Users\2013 02 05\AppData\Local\Logitech® Webcam Software
2013-02-08 19:22 - 2013-02-08 19:22 - 00074320 ____A C:\Users\2013 02 05\Local Settings\GDIPFONTCACHEV1.DAT
2013-02-08 19:22 - 2013-02-08 19:22 - 00074320 ____A C:\Users\2013 02 05\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-02-08 19:22 - 2013-02-08 19:22 - 00074320 ____A C:\Users\2013 02 05\AppData\Local\GDIPFONTCACHEV1.DAT
2013-02-08 19:22 - 2013-02-08 19:22 - 00000000 ____D C:\Users\2013 02 05\Local Settings\DataSafeOnline
2013-02-08 19:22 - 2013-02-08 19:22 - 00000000 ____D C:\Users\2013 02 05\Local Settings\Broadcom
2013-02-08 19:22 - 2013-02-08 19:22 - 00000000 ____D C:\Users\2013 02 05\Local Settings\ATI
2013-02-08 19:22 - 2013-02-08 19:22 - 00000000 ____D C:\Users\2013 02 05\Local Settings\Application Data\DataSafeOnline
2013-02-08 19:22 - 2013-02-08 19:22 - 00000000 ____D C:\Users\2013 02 05\Local Settings\Application Data\Broadcom
2013-02-08 19:22 - 2013-02-08 19:22 - 00000000 ____D C:\Users\2013 02 05\Local Settings\Application Data\ATI
2013-02-08 19:22 - 2013-02-08 19:22 - 00000000 ____D C:\Users\2013 02 05\Local Settings\Application Data\adawarebp
2013-02-08 19:22 - 2013-02-08 19:22 - 00000000 ____D C:\Users\2013 02 05\Local Settings\adawarebp
2013-02-08 19:22 - 2013-02-08 19:22 - 00000000 ____D C:\Users\2013 02 05\Documents\Dossier Echanges Bluetooth
2013-02-08 19:22 - 2013-02-08 19:22 - 00000000 ____D C:\Users\2013 02 05\Application Data\Logitech
2013-02-08 19:22 - 2013-02-08 19:22 - 00000000 ____D C:\Users\2013 02 05\Application Data\ATI
2013-02-08 19:22 - 2013-02-08 19:22 - 00000000 ____D C:\Users\2013 02 05\Application Data\Apple Computer
2013-02-08 19:22 - 2013-02-08 19:22 - 00000000 ____D C:\Users\2013 02 05\Application Data\Adobe
2013-02-08 19:22 - 2013-02-08 19:22 - 00000000 ____D C:\Users\2013 02 05\AppData\Roaming\Logitech
2013-02-08 19:22 - 2013-02-08 19:22 - 00000000 ____D C:\Users\2013 02 05\AppData\Roaming\ATI
2013-02-08 19:22 - 2013-02-08 19:22 - 00000000 ____D C:\Users\2013 02 05\AppData\Roaming\Apple Computer
2013-02-08 19:22 - 2013-02-08 19:22 - 00000000 ____D C:\Users\2013 02 05\AppData\Roaming\Adobe
2013-02-08 19:22 - 2013-02-08 19:22 - 00000000 ____D C:\Users\2013 02 05\AppData\Local\DataSafeOnline
2013-02-08 19:22 - 2013-02-08 19:22 - 00000000 ____D C:\Users\2013 02 05\AppData\Local\Broadcom
2013-02-08 19:22 - 2013-02-08 19:22 - 00000000 ____D C:\Users\2013 02 05\AppData\Local\ATI
2013-02-08 19:22 - 2013-02-08 19:22 - 00000000 ____D C:\Users\2013 02 05\AppData\Local\adawarebp
2013-02-08 19:21 - 2013-02-08 19:25 - 00002221 ____A C:\Users\2013 02 05\Desktop\Google Chrome.lnk
2013-02-08 19:20 - 2013-02-09 03:16 - 00000000 ____D C:\users\2013 02 05
2013-02-08 19:20 - 2013-02-08 19:20 - 00000020 ___SH C:\Users\2013 02 05\ntuser.ini
2013-02-08 19:20 - 2013-02-08 19:20 - 00000000 __SHD C:\Users\2013 02 05\Voisinage réseau
2013-02-08 19:20 - 2013-02-08 19:20 - 00000000 __SHD C:\Users\2013 02 05\Voisinage d'impression
2013-02-08 19:20 - 2013-02-08 19:20 - 00000000 __SHD C:\Users\2013 02 05\Modèles
2013-02-08 19:20 - 2013-02-08 19:20 - 00000000 __SHD C:\Users\2013 02 05\Menu Démarrer
2013-02-08 19:20 - 2013-02-08 19:20 - 00000000 __SHD C:\Users\2013 02 05\Local Settings\Historique
2013-02-08 19:20 - 2013-02-08 19:20 - 00000000 __SHD C:\Users\2013 02 05\Local Settings\Application Data\Historique
2013-02-08 19:20 - 2013-02-08 19:20 - 00000000 __SHD C:\Users\2013 02 05\Documents\Mes vidéos
2013-02-08 19:20 - 2013-02-08 19:20 - 00000000 __SHD C:\Users\2013 02 05\Documents\Mes images
2013-02-08 19:20 - 2013-02-08 19:20 - 00000000 __SHD C:\Users\2013 02 05\Documents\Ma musique
2013-02-08 19:20 - 2013-02-08 19:20 - 00000000 __SHD C:\Users\2013 02 05\AppData\Local\Historique
2013-02-08 19:20 - 2010-09-11 23:57 - 00000000 ____D C:\Users\2013 02 05\Application Data\Macromedia
2013-02-08 19:20 - 2010-09-11 23:57 - 00000000 ____D C:\Users\2013 02 05\AppData\Roaming\Macromedia
2013-02-08 19:20 - 2010-03-26 20:03 - 00000000 ____D C:\Users\2013 02 05\Local Settings\Microsoft Help
2013-02-08 19:20 - 2010-03-26 20:03 - 00000000 ____D C:\Users\2013 02 05\Local Settings\Application Data\Microsoft Help
2013-02-08 19:20 - 2010-03-26 20:03 - 00000000 ____D C:\Users\2013 02 05\AppData\Local\Microsoft Help
2013-02-08 19:20 - 2010-02-19 23:30 - 00000000 ____D C:\Users\2013 02 05\Local Settings\SoftThinks
2013-02-08 19:20 - 2010-02-19 23:30 - 00000000 ____D C:\Users\2013 02 05\Local Settings\Application Data\SoftThinks
2013-02-08 19:20 - 2010-02-19 23:30 - 00000000 ____D C:\Users\2013 02 05\AppData\Local\SoftThinks
2013-02-08 19:15 - 2013-02-08 19:15 - 00525240 ____A C:\Users\Invité\Downloads\mousegestures_x64.exe
2013-02-08 19:13 - 2013-02-08 19:13 - 00000000 ____D C:\Users\Invité\Application Data\McAfee
2013-02-08 19:13 - 2013-02-08 19:13 - 00000000 ____D C:\Users\Invité\AppData\Roaming\McAfee
2013-02-08 19:11 - 2013-02-08 19:11 - 00565400 ____A (McAfee, Inc.) C:\Users\Invité\Downloads\MVTInstaller.exe
2013-02-08 19:10 - 2013-02-08 19:11 - 00000000 ____D C:\Users\Invité\Application Data\Mozilla
2013-02-08 19:10 - 2013-02-08 19:11 - 00000000 ____D C:\Users\Invité\AppData\Roaming\Mozilla
2013-02-08 19:10 - 2013-02-08 19:10 - 00000000 ____D C:\Users\Invité\Local Settings\Mozilla
2013-02-08 19:10 - 2013-02-08 19:10 - 00000000 ____D C:\Users\Invité\Local Settings\Application Data\Mozilla
2013-02-08 19:10 - 2013-02-08 19:10 - 00000000 ____D C:\Users\Invité\AppData\Local\Mozilla
2013-02-08 19:09 - 2013-02-08 19:09 - 00000000 ____D C:\Users\Invité\Local Settings\Application Data\adawarebp
2013-02-08 19:09 - 2013-02-08 19:09 - 00000000 ____D C:\Users\Invité\Local Settings\adawarebp
2013-02-08 19:09 - 2013-02-08 19:09 - 00000000 ____D C:\Users\Invité\Application Data\Apple Computer
2013-02-08 19:09 - 2013-02-08 19:09 - 00000000 ____D C:\Users\Invité\AppData\Roaming\Apple Computer
2013-02-08 19:09 - 2013-02-08 19:09 - 00000000 ____D C:\Users\Invité\AppData\Local\adawarebp
2013-02-07 18:48 - 2013-02-08 15:52 - 00000266 ____A C:\Users\help\Desktop\MU AD scdp 3102.txt
2013-02-06 18:32 - 2013-02-06 18:32 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
2013-02-06 18:32 - 2013-02-06 18:32 - 00002515 ____A C:\Users\All Users\Desktop\Skype.lnk
2013-02-06 17:59 - 2013-02-06 17:59 - 00315624 ____A (RightClick) C:\Users\help\Downloads\Rebelle 2012 FRENCH DVDRiP XviD - BLOW.exe
2013-02-05 14:29 - 2013-01-15 09:53 - 00158128 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2013-02-05 14:29 - 2013-01-15 09:53 - 00149936 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2013-02-05 14:29 - 2013-01-15 09:52 - 00149936 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2013-02-05 14:27 - 2013-02-05 14:29 - 00003547 ____A C:\Windows\SysWOW64\jupdate-1.6.0_39-b04.log
2013-02-05 14:20 - 2013-02-05 14:20 - 00000363 ____A C:\Users\help\Desktop\Ordinateur - Raccourci.lnk
2013-01-31 21:27 - 2013-01-31 21:27 - 00000000 ____D C:\Users\help\Local Settings\TechSmith
2013-01-31 21:27 - 2013-01-31 21:27 - 00000000 ____D C:\Users\help\Local Settings\Application Data\TechSmith
2013-01-31 21:27 - 2013-01-31 21:27 - 00000000 ____D C:\Users\help\AppData\Local\TechSmith
2013-01-30 21:38 - 2013-01-30 21:38 - 00007334 ____A C:\Users\help\Desktop\Nouveau OpenDocument Text (3).odt
2013-01-30 21:37 - 2013-02-07 20:27 - 00000000 ____D C:\Users\help\Desktop\Ph 2013
2013-01-30 12:55 - 2013-01-30 12:55 - 00000000 ____D C:\Users\help\Local Settings\Application Data\adawarebp
2013-01-30 12:55 - 2013-01-30 12:55 - 00000000 ____D C:\Users\help\Local Settings\adawarebp
2013-01-30 12:55 - 2013-01-30 12:55 - 00000000 ____D C:\Users\help\AppData\Local\adawarebp
2013-01-30 12:54 - 2013-01-30 12:55 - 00000000 ____D C:\Program Files (x86)\adawaretb
2013-01-27 00:02 - 2013-01-27 00:02 - 00000000 ____D C:\Users\help\Downloads\backups
2013-01-26 23:36 - 2013-01-26 23:36 - 00030910 ____A C:\Users\help\Downloads\hijackthis.log
2013-01-26 23:35 - 2013-01-26 23:35 - 00388608 ____A (Trend Micro Inc.) C:\Users\help\Downloads\HijackThis.exe
2013-01-26 23:35 - 2013-01-26 23:35 - 00388608 ____A (Trend Micro Inc.) C:\Users\help\Downloads\HijackThis (1).exe
2013-01-26 22:49 - 2013-01-30 12:55 - 00047496 ____A (GFI Software) C:\Windows\System32\sbbd.exe
2013-01-26 22:49 - 2013-01-30 12:55 - 00014456 ____A (GFI Software) C:\Windows\System32\Drivers\gfibto.sys
2013-01-26 22:49 - 2013-01-26 22:49 - 00000000 ____D C:\Users\help\Local Settings\Downloaded Installations
2013-01-26 22:49 - 2013-01-26 22:49 - 00000000 ____D C:\Users\help\Local Settings\Application Data\Downloaded Installations
2013-01-26 22:49 - 2013-01-26 22:49 - 00000000 ____D C:\Users\help\AppData\Local\Downloaded Installations
2013-01-26 22:48 - 2013-02-09 03:17 - 00000000 ____D C:\Users\All Users\Application Data\Ad-Aware Browsing Protection
2013-01-26 22:48 - 2013-02-09 03:17 - 00000000 ____D C:\Users\All Users\Ad-Aware Browsing Protection
2013-01-26 22:48 - 2013-01-26 22:48 - 00000000 ____D C:\Users\All Users\blekko toolbars
2013-01-26 22:48 - 2013-01-26 22:48 - 00000000 ____D C:\Users\All Users\Application Data\blekko toolbars
2013-01-26 22:48 - 2013-01-26 22:48 - 00000000 ____D C:\Program Files (x86)\Toolbar Cleaner
2013-01-21 22:33 - 2013-01-21 22:33 - 00000000 ____D C:\Users\help\Desktop\A METTRE REAKTOR
2013-01-19 18:59 - 2013-01-19 18:59 - 00801360 ____A (Babylon Ltd.) C:\Users\help\Downloads\Babylon10_setup.exe
2013-01-18 22:20 - 2013-01-18 22:20 - 00007334 ____A C:\Users\help\Desktop\Nouveau OpenDocument Text (2).odt
2013-01-18 22:15 - 2013-02-06 18:26 - 00001875 ____A C:\Users\help\Desktop\notepad++.exe - Raccourci.lnk
2013-01-18 22:14 - 2013-01-18 22:14 - 04763794 ____A C:\Users\help\Downloads\npp.6.2.3.bin.zip
2013-01-18 22:14 - 2013-01-18 22:14 - 00000000 ____D C:\Users\help\Downloads\notepap.6.2.3.bin
2013-01-18 00:07 - 2013-01-18 00:07 - 00001807 ____A C:\Users\help\Desktop\QuickTime Player.lnk
2013-01-17 18:44 - 2013-01-17 18:44 - 00000056 ____A C:\Users\help\Application Data\MOTU FireWire SMPTE Prefs.prefs
2013-01-17 18:44 - 2013-01-17 18:44 - 00000056 ____A C:\Users\help\AppData\Roaming\MOTU FireWire SMPTE Prefs.prefs
2013-01-17 18:42 - 2013-01-17 18:42 - 00000000 ____D C:\Users\help\Local Settings\MOTU
2013-01-17 18:42 - 2013-01-17 18:42 - 00000000 ____D C:\Users\help\Local Settings\Application Data\MOTU
2013-01-17 18:42 - 2013-01-17 18:42 - 00000000 ____D C:\Users\help\AppData\Local\MOTU
2013-01-14 20:41 - 2013-01-14 20:41 - 00001370 ___AH C:\Users\help\Downloads\Nouveau dossier - Raccourci.lnk
2013-01-14 14:16 - 2013-01-18 23:17 - 00002851 ____A C:\Users\help\Desktop\pH trip 2013 01.txt
2013-01-12 23:10 - 2013-01-12 23:12 - 00001976 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2013-01-12 23:10 - 2013-01-12 23:12 - 00001976 ____A C:\Users\All Users\Desktop\Adobe Reader 9.lnk


 

==================== One Month Modified Files and Folders =======


 

2013-02-09 04:53 - 2013-02-09 04:53 - 00000000 ____D C:\FRST
2013-02-09 03:17 - 2013-01-26 22:48 - 00000000 ____D C:\Users\All Users\Application Data\Ad-Aware Browsing Protection
2013-02-09 03:17 - 2013-01-26 22:48 - 00000000 ____D C:\Users\All Users\Ad-Aware Browsing Protection
2013-02-09 03:17 - 2012-11-10 17:49 - 00000000 ____D C:\users\help
2013-02-09 03:17 - 2011-12-05 17:13 - 00000000 ____D C:\users\Invité
2013-02-09 03:17 - 2010-03-22 18:09 - 00000000 ___RD C:\ARNOOOOO
2013-02-09 03:17 - 2010-03-16 12:20 - 00000000 ____D C:\Users\All Users\McAfee Security Scan
2013-02-09 03:17 - 2010-03-16 12:20 - 00000000 ____D C:\Users\All Users\Application Data\McAfee Security Scan
2013-02-09 03:17 - 2010-03-16 12:20 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan
2013-02-09 03:17 - 2010-02-19 23:07 - 00000000 ____D C:\Program Files\SetPoint
2013-02-09 03:16 - 2013-02-08 19:48 - 00000000 ____D C:\Users\2013 02 05\Application Data\vlc
2013-02-09 03:16 - 2013-02-08 19:48 - 00000000 ____D C:\Users\2013 02 05\AppData\Roaming\vlc
2013-02-09 03:16 - 2013-02-08 19:20 - 00000000 ____D C:\users\2013 02 05
2013-02-09 03:16 - 2012-11-19 16:51 - 00000000 ____D C:\Users\help\Application Data\vlc
2013-02-09 03:16 - 2012-11-19 16:51 - 00000000 ____D C:\Users\help\AppData\Roaming\vlc
2013-02-09 03:16 - 2010-03-05 18:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-02-09 03:16 - 2010-03-05 18:35 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-02-09 03:16 - 2010-03-05 18:35 - 00000000 ____D C:\Users\All Users\Skype
2013-02-09 03:16 - 2010-03-05 18:35 - 00000000 ____D C:\Users\All Users\Application Data\Skype
2013-02-09 03:16 - 2010-03-02 06:54 - 00000000 ____D C:\users\nono
2013-02-09 03:16 - 2010-02-19 23:24 - 00000000 ____D C:\Users\All Users\McAfee
2013-02-09 03:16 - 2010-02-19 23:24 - 00000000 ____D C:\Users\All Users\Application Data\McAfee
2013-02-09 03:16 - 2010-02-19 23:24 - 00000000 ____D C:\Program Files\McAfee
2013-02-09 03:16 - 2010-02-19 23:24 - 00000000 ____D C:\Program Files\Common Files\McAfee
2013-02-09 03:16 - 2009-07-13 21:20 - 00000000 __RSD C:\Windows\Media
2013-02-09 03:16 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\Msdtc
2013-02-09 03:16 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\IME
2013-02-09 03:16 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\Cursors
2013-02-08 20:01 - 2011-08-13 03:00 - 00031098 ____A C:\Windows\PFRO.log
2013-02-08 19:58 - 2011-07-10 15:01 - 00000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2013-02-08 19:56 - 2013-02-08 19:56 - 00262144 ____A C:\Windows\System32\config\ELAM
2013-02-08 19:54 - 2013-02-08 19:54 - 00001906 ____A C:\Users\Public\Desktop\McAfee Security Center.lnk
2013-02-08 19:54 - 2013-02-08 19:54 - 00001906 ____A C:\Users\All Users\Desktop\McAfee Security Center.lnk
2013-02-08 19:53 - 2010-02-19 23:24 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-02-08 19:53 - 2009-07-13 22:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-02-08 19:53 - 2009-07-13 22:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-02-08 19:52 - 2010-10-11 04:07 - 00001074 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2320139745-3362237427-3734117442-1000UA.job
2013-02-08 19:50 - 2011-08-10 21:22 - 01473778 ____A C:\Windows\WindowsUpdate.log
2013-02-08 19:49 - 2009-07-14 09:24 - 03691000 ____A C:\Windows\System32\perfh00C.dat
2013-02-08 19:49 - 2009-07-14 09:24 - 01174486 ____A C:\Windows\System32\perfc00C.dat
2013-02-08 19:49 - 2009-07-13 23:13 - 00006272 ____A C:\Windows\System32\PerfStringBackup.INI
2013-02-08 19:47 - 2013-02-08 19:47 - 00002008 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-02-08 19:47 - 2013-02-08 19:47 - 00002008 ____A C:\Users\All Users\Desktop\McAfee Security Scan Plus.lnk
2013-02-08 19:42 - 2010-05-27 14:15 - 00001060 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-02-08 19:41 - 2012-09-05 15:25 - 00000368 ____A C:\Windows\Tasks\DriverScanner.job
2013-02-08 19:41 - 2011-08-10 21:22 - 00118890 ____A C:\Windows\setupact.log
2013-02-08 19:41 - 2009-07-13 23:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-02-08 19:41 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration
2013-02-08 19:37 - 2011-03-04 19:03 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2013-02-08 19:37 - 2011-03-04 19:03 - 00000000 ____D C:\Users\All Users\Application Data\Spybot - Search & Destroy
2013-02-08 19:37 - 2011-03-04 19:03 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2013-02-08 19:31 - 2013-02-08 19:31 - 04876456 ____A (McAfee, Inc.) C:\Users\2013 02 05\Downloads\McAfeeSetup.exe
2013-02-08 19:30 - 2012-04-26 18:28 - 00001002 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-02-08 19:29 - 2013-02-08 19:29 - 00000000 ____D C:\Users\2013 02 05\Local Settings\Mozilla
2013-02-08 19:29 - 2013-02-08 19:29 - 00000000 ____D C:\Users\2013 02 05\Local Settings\Macromedia
2013-02-08 19:29 - 2013-02-08 19:29 - 00000000 ____D C:\Users\2013 02 05\Local Settings\Application Data\Mozilla
2013-02-08 19:29 - 2013-02-08 19:29 - 00000000 ____D C:\Users\2013 02 05\Local Settings\Application Data\Macromedia
2013-02-08 19:29 - 2013-02-08 19:29 - 00000000 ____D C:\Users\2013 02 05\Application Data\Mozilla
2013-02-08 19:29 - 2013-02-08 19:29 - 00000000 ____D C:\Users\2013 02 05\AppData\Roaming\Mozilla
2013-02-08 19:29 - 2013-02-08 19:29 - 00000000 ____D C:\Users\2013 02 05\AppData\Local\Mozilla
2013-02-08 19:29 - 2013-02-08 19:29 - 00000000 ____D C:\Users\2013 02 05\AppData\Local\Macromedia
2013-02-08 19:27 - 2011-06-19 15:07 - 00001134 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2320139745-3362237427-3734117442-1003UA.job
2013-02-08 19:26 - 2010-05-27 14:15 - 00001064 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-02-08 19:25 - 2013-02-08 19:25 - 00000000 ____D C:\Users\2013 02 05\Local Settings\Google
2013-02-08 19:25 - 2013-02-08 19:25 - 00000000 ____D C:\Users\2013 02 05\Local Settings\Application Data\Google
2013-02-08 19:25 - 2013-02-08 19:25 - 00000000 ____D C:\Users\2013 02 05\AppData\Local\Google
2013-02-08 19:25 - 2013-02-08 19:21 - 00002221 ____A C:\Users\2013 02 05\Desktop\Google Chrome.lnk
2013-02-08 19:24 - 2013-02-08 19:24 - 00000000 ____D C:\Users\2013 02 05\Local Settings\Logitech® Webcam Software
2013-02-08 19:24 - 2013-02-08 19:24 - 00000000 ____D C:\Users\2013 02 05\Local Settings\Application Data\Logitech® Webcam Software
2013-02-08 19:24 - 2013-02-08 19:24 - 00000000 ____D C:\Users\2013 02 05\AppData\Local\Logitech® Webcam Software
2013-02-08 19:22 - 2013-02-08 19:22 - 00074320 ____A C:\Users\2013 02 05\Local Settings\GDIPFONTCACHEV1.DAT
2013-02-08 19:22 - 2013-02-08 19:22 - 00074320 ____A C:\Users\2013 02 05\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-02-08 19:22 - 2013-02-08 19:22 - 00074320 ____A C:\Users\2013 02 05\AppData\Local\GDIPFONTCACHEV1.DAT
2013-02-08 19:22 - 2013-02-08 19:22 - 00000000 ____D C:\Users\2013 02 05\Local Settings\DataSafeOnline
2013-02-08 19:22 - 2013-02-08 19:22 - 00000000 ____D C:\Users\2013 02 05\Local Settings\Broadcom
2013-02-08 19:22 - 2013-02-08 19:22 - 00000000 ____D C:\Users\2013 02 05\Local Settings\ATI
2013-02-08 19:22 - 2013-02-08 19:22 - 00000000 ____D C:\Users\2013 02 05\Local Settings\Application Data\DataSafeOnline
2013-02-08 19:22 - 2013-02-08 19:22 - 00000000 ____D C:\Users\2013 02 05\Local Settings\Application Data\Broadcom
2013-02-08 19:22 - 2013-02-08 19:22 - 00000000 ____D C:\Users\2013 02 05\Local Settings\Application Data\ATI
2013-02-08 19:22 - 2013-02-08 19:22 - 00000000 ____D C:\Users\2013 02 05\Local Settings\Application Data\adawarebp
2013-02-08 19:22 - 2013-02-08 19:22 - 00000000 ____D C:\Users\2013 02 05\Local Settings\adawarebp
2013-02-08 19:22 - 2013-02-08 19:22 - 00000000 ____D C:\Users\2013 02 05\Documents\Dossier Echanges Bluetooth
2013-02-08 19:22 - 2013-02-08 19:22 - 00000000 ____D C:\Users\2013 02 05\Application Data\Logitech
2013-02-08 19:22 - 2013-02-08 19:22 - 00000000 ____D C:\Users\2013 02 05\Application Data\ATI
2013-02-08 19:22 - 2013-02-08 19:22 - 00000000 ____D C:\Users\2013 02 05\Application Data\Apple Computer
2013-02-08 19:22 - 2013-02-08 19:22 - 00000000 ____D C:\Users\2013 02 05\Application Data\Adobe
2013-02-08 19:22 - 2013-02-08 19:22 - 00000000 ____D C:\Users\2013 02 05\AppData\Roaming\Logitech
2013-02-08 19:22 - 2013-02-08 19:22 - 00000000 ____D C:\Users\2013 02 05\AppData\Roaming\ATI
2013-02-08 19:22 - 2013-02-08 19:22 - 00000000 ____D C:\Users\2013 02 05\AppData\Roaming\Apple Computer
2013-02-08 19:22 - 2013-02-08 19:22 - 00000000 ____D C:\Users\2013 02 05\AppData\Roaming\Adobe
2013-02-08 19:22 - 2013-02-08 19:22 - 00000000 ____D C:\Users\2013 02 05\AppData\Local\DataSafeOnline
2013-02-08 19:22 - 2013-02-08 19:22 - 00000000 ____D C:\Users\2013 02 05\AppData\Local\Broadcom
2013-02-08 19:22 - 2013-02-08 19:22 - 00000000 ____D C:\Users\2013 02 05\AppData\Local\ATI
2013-02-08 19:22 - 2013-02-08 19:22 - 00000000 ____D C:\Users\2013 02 05\AppData\Local\adawarebp
2013-02-08 19:20 - 2013-02-08 19:20 - 00000020 ___SH C:\Users\2013 02 05\ntuser.ini
2013-02-08 19:20 - 2013-02-08 19:20 - 00000000 __SHD C:\Users\2013 02 05\Voisinage réseau
2013-02-08 19:20 - 2013-02-08 19:20 - 00000000 __SHD C:\Users\2013 02 05\Voisinage d'impression
2013-02-08 19:20 - 2013-02-08 19:20 - 00000000 __SHD C:\Users\2013 02 05\Modèles
2013-02-08 19:20 - 2013-02-08 19:20 - 00000000 __SHD C:\Users\2013 02 05\Menu Démarrer
2013-02-08 19:20 - 2013-02-08 19:20 - 00000000 __SHD C:\Users\2013 02 05\Local Settings\Historique
2013-02-08 19:20 - 2013-02-08 19:20 - 00000000 __SHD C:\Users\2013 02 05\Local Settings\Application Data\Historique
2013-02-08 19:20 - 2013-02-08 19:20 - 00000000 __SHD C:\Users\2013 02 05\Documents\Mes vidéos
2013-02-08 19:20 - 2013-02-08 19:20 - 00000000 __SHD C:\Users\2013 02 05\Documents\Mes images
2013-02-08 19:20 - 2013-02-08 19:20 - 00000000 __SHD C:\Users\2013 02 05\Documents\Ma musique
2013-02-08 19:20 - 2013-02-08 19:20 - 00000000 __SHD C:\Users\2013 02 05\AppData\Local\Historique
2013-02-08 19:15 - 2013-02-08 19:15 - 00525240 ____A C:\Users\Invité\Downloads\mousegestures_x64.exe
2013-02-08 19:13 - 2013-02-08 19:13 - 00000000 ____D C:\Users\Invité\Application Data\McAfee
2013-02-08 19:13 - 2013-02-08 19:13 - 00000000 ____D C:\Users\Invité\AppData\Roaming\McAfee
2013-02-08 19:11 - 2013-02-08 19:11 - 00565400 ____A (McAfee, Inc.) C:\Users\Invité\Downloads\MVTInstaller.exe
2013-02-08 19:11 - 2013-02-08 19:10 - 00000000 ____D C:\Users\Invité\Application Data\Mozilla
2013-02-08 19:11 - 2013-02-08 19:10 - 00000000 ____D C:\Users\Invité\AppData\Roaming\Mozilla
2013-02-08 19:10 - 2013-02-08 19:10 - 00000000 ____D C:\Users\Invité\Local Settings\Mozilla
2013-02-08 19:10 - 2013-02-08 19:10 - 00000000 ____D C:\Users\Invité\Local Settings\Application Data\Mozilla
2013-02-08 19:10 - 2013-02-08 19:10 - 00000000 ____D C:\Users\Invité\AppData\Local\Mozilla
2013-02-08 19:09 - 2013-02-08 19:09 - 00000000 ____D C:\Users\Invité\Local Settings\Application Data\adawarebp
2013-02-08 19:09 - 2013-02-08 19:09 - 00000000 ____D C:\Users\Invité\Local Settings\adawarebp
2013-02-08 19:09 - 2013-02-08 19:09 - 00000000 ____D C:\Users\Invité\Application Data\Apple Computer
2013-02-08 19:09 - 2013-02-08 19:09 - 00000000 ____D C:\Users\Invité\AppData\Roaming\Apple Computer
2013-02-08 19:09 - 2013-02-08 19:09 - 00000000 ____D C:\Users\Invité\AppData\Local\adawarebp
2013-02-08 19:09 - 2012-11-06 22:01 - 00002217 ____A C:\Users\Invité\Desktop\Google Chrome.lnk
2013-02-08 19:07 - 2012-11-10 19:02 - 00001074 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2320139745-3362237427-3734117442-1004UA.job
2013-02-08 19:07 - 2012-11-10 19:02 - 00001022 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2320139745-3362237427-3734117442-1004Core.job
2013-02-08 15:52 - 2013-02-07 18:48 - 00000266 ____A C:\Users\help\Desktop\MU AD scdp 3102.txt
2013-02-07 20:27 - 2013-01-30 21:37 - 00000000 ____D C:\Users\help\Desktop\Ph 2013
2013-02-07 17:25 - 2012-11-10 18:50 - 00000000 ____D C:\Users\help\Application Data\Skype
2013-02-07 17:25 - 2012-11-10 18:50 - 00000000 ____D C:\Users\help\AppData\Roaming\Skype
2013-02-07 13:09 - 2011-07-05 16:27 - 00000494 ____A C:\Windows\Tasks\ParetoLogic Registration.job
2013-02-07 13:09 - 2011-06-19 15:07 - 00001082 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2320139745-3362237427-3734117442-1003Core.job
2013-02-07 13:09 - 2010-10-11 04:07 - 00001022 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2320139745-3362237427-3734117442-1000Core.job
2013-02-07 04:50 - 2012-11-29 15:45 - 00000000 ____D C:\Users\help\Application Data\Dropbox
2013-02-07 04:50 - 2012-11-29 15:45 - 00000000 ____D C:\Users\help\AppData\Roaming\Dropbox
2013-02-07 04:49 - 2011-06-20 12:38 - 00000000 ___RD C:\Users\le nouvo 23 05 2011\Dropbox
2013-02-06 18:32 - 2013-02-06 18:32 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
2013-02-06 18:32 - 2013-02-06 18:32 - 00002515 ____A C:\Users\All Users\Desktop\Skype.lnk
2013-02-06 18:26 - 2013-01-18 22:15 - 00001875 ____A C:\Users\help\Desktop\notepad++.exe - Raccourci.lnk
2013-02-06 17:59 - 2013-02-06 17:59 - 00315624 ____A (RightClick) C:\Users\help\Downloads\Rebelle 2012 FRENCH DVDRiP XviD - BLOW.exe
2013-02-05 16:08 - 2012-11-10 18:33 - 00000000 ____D C:\Users\help\Application Data\Mozilla
2013-02-05 16:08 - 2012-11-10 18:33 - 00000000 ____D C:\Users\help\AppData\Roaming\Mozilla
2013-02-05 14:29 - 2013-02-05 14:27 - 00003547 ____A C:\Windows\SysWOW64\jupdate-1.6.0_39-b04.log
2013-02-05 14:29 - 2010-02-19 23:01 - 00000000 ____D C:\Program Files (x86)\Java
2013-02-05 14:20 - 2013-02-05 14:20 - 00000363 ____A C:\Users\help\Desktop\Ordinateur - Raccourci.lnk
2013-02-05 13:21 - 2013-02-05 13:13 - 1997820814 ____A C:\Users\help\Desktop\Poney_Satan_04_02_2013.wav
2013-01-31 21:27 - 2013-01-31 21:27 - 00000000 ____D C:\Users\help\Local Settings\TechSmith
2013-01-31 21:27 - 2013-01-31 21:27 - 00000000 ____D C:\Users\help\Local Settings\Application Data\TechSmith
2013-01-31 21:27 - 2013-01-31 21:27 - 00000000 ____D C:\Users\help\AppData\Local\TechSmith
2013-01-31 00:05 - 2012-12-15 15:51 - 00000000 ____D C:\Users\help\Application Data\TSS Manager
2013-01-31 00:05 - 2012-12-15 15:51 - 00000000 ____D C:\Users\help\AppData\Roaming\TSS Manager
2013-01-30 21:38 - 2013-01-30 21:38 - 00007334 ____A C:\Users\help\Desktop\Nouveau OpenDocument Text (3).odt
2013-01-30 17:12 - 2012-09-30 14:58 - 00000000 ____D C:\Users\le nouvo 23 05 2011\Desktop\RC50 drop 10 2012
2013-01-30 12:55 - 2013-01-30 12:55 - 00000000 ____D C:\Users\help\Local Settings\Application Data\adawarebp
2013-01-30 12:55 - 2013-01-30 12:55 - 00000000 ____D C:\Users\help\Local Settings\adawarebp
2013-01-30 12:55 - 2013-01-30 12:55 - 00000000 ____D C:\Users\help\AppData\Local\adawarebp
2013-01-30 12:55 - 2013-01-30 12:54 - 00000000 ____D C:\Program Files (x86)\adawaretb
2013-01-30 12:55 - 2013-01-26 22:49 - 00047496 ____A (GFI Software) C:\Windows\System32\sbbd.exe
2013-01-30 12:55 - 2013-01-26 22:49 - 00014456 ____A (GFI Software) C:\Windows\System32\Drivers\gfibto.sys
2013-01-27 00:02 - 2013-01-27 00:02 - 00000000 ____D C:\Users\help\Downloads\backups
2013-01-26 23:36 - 2013-01-26 23:36 - 00030910 ____A C:\Users\help\Downloads\hijackthis.log
2013-01-26 23:35 - 2013-01-26 23:35 - 00388608 ____A (Trend Micro Inc.) C:\Users\help\Downloads\HijackThis.exe
2013-01-26 23:35 - 2013-01-26 23:35 - 00388608 ____A (Trend Micro Inc.) C:\Users\help\Downloads\HijackThis (1).exe
2013-01-26 23:22 - 2012-12-11 16:29 - 00000000 ____D C:\Users\help\Local Settings\Conduit
2013-01-26 23:22 - 2012-12-11 16:29 - 00000000 ____D C:\Users\help\Local Settings\Application Data\Conduit
2013-01-26 23:22 - 2012-12-11 16:29 - 00000000 ____D C:\Users\help\AppData\Local\Conduit
2013-01-26 23:06 - 2012-11-10 18:57 - 06133368 ____A (Lavasoft Limited) C:\Users\help\Downloads\Adaware_Installer.exe
2013-01-26 22:49 - 2013-01-26 22:49 - 00000000 ____D C:\Users\help\Local Settings\Downloaded Installations
2013-01-26 22:49 - 2013-01-26 22:49 - 00000000 ____D C:\Users\help\Local Settings\Application Data\Downloaded Installations
2013-01-26 22:49 - 2013-01-26 22:49 - 00000000 ____D C:\Users\help\AppData\Local\Downloaded Installations
2013-01-26 22:48 - 2013-01-26 22:48 - 00000000 ____D C:\Users\All Users\blekko toolbars
2013-01-26 22:48 - 2013-01-26 22:48 - 00000000 ____D C:\Users\All Users\Application Data\blekko toolbars
2013-01-26 22:48 - 2013-01-26 22:48 - 00000000 ____D C:\Program Files (x86)\Toolbar Cleaner
2013-01-26 22:27 - 2010-03-30 17:44 - 00000000 ____D C:\Users\All Users\DivX
2013-01-26 22:27 - 2010-03-30 17:44 - 00000000 ____D C:\Users\All Users\Application Data\DivX
2013-01-26 22:26 - 2012-11-15 15:42 - 00000000 ____D C:\Users\help\Application Data\DivX
2013-01-26 22:26 - 2012-11-15 15:42 - 00000000 ____D C:\Users\help\AppData\Roaming\DivX
2013-01-26 22:26 - 2010-03-30 17:47 - 00000000 ____D C:\Program Files\DivX
2013-01-26 22:26 - 2010-03-30 17:45 - 00000000 ____D C:\Program Files (x86)\DivX
2013-01-26 08:52 - 2011-05-23 14:54 - 00000000 ____D C:\users\le nouvo 23 05 2011
2013-01-21 22:33 - 2013-01-21 22:33 - 00000000 ____D C:\Users\help\Desktop\A METTRE REAKTOR
2013-01-20 03:18 - 2012-12-11 16:23 - 00000000 ____D C:\Users\help\Application Data\BitTorrent
2013-01-20 03:18 - 2012-12-11 16:23 - 00000000 ____D C:\Users\help\AppData\Roaming\BitTorrent
2013-01-19 18:59 - 2013-01-19 18:59 - 00801360 ____A (Babylon Ltd.) C:\Users\help\Downloads\Babylon10_setup.exe
2013-01-19 16:59 - 2012-12-11 16:28 - 00000000 ____D C:\Program Files (x86)\BitTorrent
2013-01-18 23:17 - 2013-01-14 14:16 - 00002851 ____A C:\Users\help\Desktop\pH trip 2013 01.txt
2013-01-18 22:20 - 2013-01-18 22:20 - 00007334 ____A C:\Users\help\Desktop\Nouveau OpenDocument Text (2).odt
2013-01-18 22:14 - 2013-01-18 22:14 - 04763794 ____A C:\Users\help\Downloads\npp.6.2.3.bin.zip
2013-01-18 22:14 - 2013-01-18 22:14 - 00000000 ____D C:\Users\help\Downloads\notepap.6.2.3.bin
2013-01-18 00:07 - 2013-01-18 00:07 - 00001807 ____A C:\Users\help\Desktop\QuickTime Player.lnk
2013-01-17 18:44 - 2013-01-17 18:44 - 00000056 ____A C:\Users\help\Application Data\MOTU FireWire SMPTE Prefs.prefs
2013-01-17 18:44 - 2013-01-17 18:44 - 00000056 ____A C:\Users\help\AppData\Roaming\MOTU FireWire SMPTE Prefs.prefs
2013-01-17 18:42 - 2013-01-17 18:42 - 00000000 ____D C:\Users\help\Local Settings\MOTU
2013-01-17 18:42 - 2013-01-17 18:42 - 00000000 ____D C:\Users\help\Local Settings\Application Data\MOTU
2013-01-17 18:42 - 2013-01-17 18:42 - 00000000 ____D C:\Users\help\AppData\Local\MOTU
2013-01-15 09:56 - 2012-04-26 18:47 - 00477616 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2013-01-15 09:56 - 2010-06-10 03:08 - 00473520 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2013-01-15 09:53 - 2013-02-05 14:29 - 00158128 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2013-01-15 09:53 - 2013-02-05 14:29 - 00149936 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2013-01-15 09:52 - 2013-02-05 14:29 - 00149936 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2013-01-14 22:02 - 2012-11-13 16:00 - 00000000 ____D C:\Users\help\dwhelper
2013-01-14 20:41 - 2013-01-14 20:41 - 00001370 ___AH C:\Users\help\Downloads\Nouveau dossier - Raccourci.lnk
2013-01-14 18:03 - 2012-12-25 16:14 - 00000000 ____D C:\Users\help\Desktop\MASQUES GARY RAFI
2013-01-13 02:41 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2013-01-12 23:12 - 2013-01-12 23:10 - 00001976 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2013-01-12 23:12 - 2013-01-12 23:10 - 00001976 ____A C:\Users\All Users\Desktop\Adobe Reader 9.lnk
2013-01-12 23:10 - 2012-11-12 18:18 - 00000000 ____D C:\Users\help\Local Settings\Application Data\Adobe
2013-01-12 23:10 - 2012-11-12 18:18 - 00000000 ____D C:\Users\help\Local Settings\Adobe
2013-01-12 23:10 - 2012-11-12 18:18 - 00000000 ____D C:\Users\help\AppData\Local\Adobe
2013-01-12 23:10 - 2010-02-19 23:09 - 00000000 ____D C:\Users\All Users\Application Data\Adobe
2013-01-12 23:10 - 2010-02-19 23:09 - 00000000 ____D C:\Users\All Users\Adobe
2013-01-12 23:05 - 2012-11-15 16:02 - 00002221 ____A C:\Users\help\Desktop\Google Chrome.lnk
2013-01-12 23:04 - 2009-07-13 22:45 - 00337752 ____A C:\Windows\System32\FNTCACHE.DAT
2013-01-12 22:50 - 2010-02-19 23:10 - 00000000 ____D C:\Users\All Users\Microsoft Help
2013-01-12 22:50 - 2010-02-19 23:10 - 00000000 ____D C:\Users\All Users\Application Data\Microsoft Help
2013-01-12 22:31 - 2010-03-29 14:17 - 67599240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-01-11 21:54 - 2013-01-08 17:49 - 01308732 ____A C:\Users\help\Documents\arno room garde robe trip reverse.sh3d


 

ZeroAccess:
C:\Windows\assembly\temp
C:\Windows\assembly\temp\@
C:\Windows\assembly\temp\cfg.ini
C:\Windows\assembly\temp\L
C:\Windows\assembly\temp\U
C:\Windows\assembly\temp\L\00000004.@
C:\Windows\assembly\temp\L\201d3dde
C:\Windows\assembly\temp\L\76603ac3
C:\Windows\assembly\temp\U\00000001.@
C:\Windows\assembly\temp\U\00000004.@
C:\Windows\assembly\temp\U\000000c0.@
C:\Windows\assembly\temp\U\000000cb.@
C:\Windows\assembly\temp\U\000000cf.@
C:\Windows\assembly\temp\U\80000000.@
C:\Windows\assembly\temp\U\80000004.@
C:\Windows\assembly\temp\U\800000c0.@
C:\Windows\assembly\temp\U\800000cb.@
C:\Windows\assembly\temp\U\800000cf.@


 

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini


 

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini


 

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2320139745-3362237427-3734117442-1003\$b72ba0df48bcc4fd8afe7c83fb8ec291
C:\$Recycle.Bin\S-1-5-21-2320139745-3362237427-3734117442-1003\$b72ba0df48bcc4fd8afe7c83fb8ec291\@
C:\$Recycle.Bin\S-1-5-21-2320139745-3362237427-3734117442-1003\$b72ba0df48bcc4fd8afe7c83fb8ec291\L
C:\$Recycle.Bin\S-1-5-21-2320139745-3362237427-3734117442-1003\$b72ba0df48bcc4fd8afe7c83fb8ec291\n
C:\$Recycle.Bin\S-1-5-21-2320139745-3362237427-3734117442-1003\$b72ba0df48bcc4fd8afe7c83fb8ec291\U
C:\$Recycle.Bin\S-1-5-21-2320139745-3362237427-3734117442-1003\$b72ba0df48bcc4fd8afe7c83fb8ec291\U\00000004.@
C:\$Recycle.Bin\S-1-5-21-2320139745-3362237427-3734117442-1003\$b72ba0df48bcc4fd8afe7c83fb8ec291\U\00000008.@
C:\$Recycle.Bin\S-1-5-21-2320139745-3362237427-3734117442-1003\$b72ba0df48bcc4fd8afe7c83fb8ec291\U\000000cb.@
C:\$Recycle.Bin\S-1-5-21-2320139745-3362237427-3734117442-1003\$b72ba0df48bcc4fd8afe7c83fb8ec291\U\80000000.@
C:\$Recycle.Bin\S-1-5-21-2320139745-3362237427-3734117442-1003\$b72ba0df48bcc4fd8afe7c83fb8ec291\U\80000032.@
C:\$Recycle.Bin\S-1-5-21-2320139745-3362237427-3734117442-1003\$b72ba0df48bcc4fd8afe7c83fb8ec291\U\80000064.@


 

==================== Known DLLs (Whitelisted) =================


 


==================== Bamital & volsnap Check =================


 

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


 

==================== EXE ASSOCIATION =====================


 

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK


 

==================== Restore Points  =========================


 

Restore point made on: 2013-01-21 04:23:37
Restore point made on: 2013-01-27 00:21:20
Restore point made on: 2013-02-04 04:01:02
Restore point made on: 2013-02-05 14:27:23


 

==================== Memory info ===========================


 

Percentage of memory in use: 16%
Total physical RAM: 4084.51 MB
Available physical RAM: 3422.92 MB
Total Pagefile: 4082.66 MB
Available Pagefile: 3405.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB


 

==================== Partitions =============================


 

1 Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:41.19 GB) NTFS
2 Drive d: (DATAPART1) (Fixed) (Total:298.09 GB) (Free:93.42 GB) NTFS
4 Drive f: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:4.95 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive g: (USB DISK) (Removable) (Total:3.72 GB) (Free:3.52 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS


 

  Nø disque  Statut         Taille   Libre    Dyn  GPT
  ---------  -------------  -------  -------  ---  ---
  Disque 0    En ligne        298 G octets      0 octets        
  Disque 1    En ligne        298 G octets      0 octets        
  Disque 2    En ligne       3820 M octets      0 octets        


 

Partitions of Disk 0:
===============


 

ID du disqueÿ: CDA0B641


 

  Nø partition   Type              Taille   D‚calage
  -------------  ----------------  -------  --------
  Partition 1    OEM                 39 M      31 K
  Partition 2    Principale          14 G      40 M
  Partition 3    Principale         283 G      14 G


 

==================================================================================


 

Disk: 0
Partition 1
Type   : DE
Masqu‚ : Oui
Active : Non
D‚calage en octets : 32256


 

  Nø volume   Ltr  Nom          Fs     Type        Taille   Statut     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 5                      FAT    Partition     39 M   Sain       Masqu‚ 


 

=========================================================


 

Disk: 0
Partition 2
Type   : 07
Masqu‚ : Non
Active : Oui
D‚calage en octets : 41943040


 

  Nø volume   Ltr  Nom          Fs     Type        Taille   Statut     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     F   RECOVERY     NTFS   Partition     14 G   Sain              


 

=========================================================


 

Disk: 0
Partition 3
Type   : 07
Masqu‚ : Non
Active : Non
D‚calage en octets : 15770583040


 

  Nø volume   Ltr  Nom          Fs     Type        Taille   Statut     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     C   OS           NTFS   Partition    283 G   Sain              


 

=========================================================


 

Partitions of Disk 1:
===============


 

ID du disqueÿ: 8134C3EC


 

  Nø partition   Type              Taille   D‚calage
  -------------  ----------------  -------  --------
  Partition 1    Principale         298 G    1024 K


 

==================================================================================


 

Disk: 1
Partition 1
Type   : 07
Masqu‚ : Non
Active : Non
D‚calage en octets : 1048576


 

  Nø volume   Ltr  Nom          Fs     Type        Taille   Statut     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3     D   DATAPART1    NTFS   Partition    298 G   Sain              


 

=========================================================


 

Partitions of Disk 2:
===============


 

ID du disqueÿ: A5596E1A


 

  Nø partition   Type              Taille   D‚calage
  -------------  ----------------  -------  --------
  Partition 1    Principale        3816 M    4032 K


 

==================================================================================


 

Disk: 2
Partition 1
Type   : 0C
Masqu‚ : Non
Active : Non
D‚calage en octets : 4128768


 

  Nø volume   Ltr  Nom          Fs     Type        Taille   Statut     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 4     G   USB DISK     FAT32  Amovible    3816 M   Sain              


 

=========================================================


 

Last Boot: 2013-02-02 19:09


 

==================== End Of Log =============================


Edited by hamluis, 10 February 2013 - 08:41 AM.
Moved from Win 7 to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 feyd_be

feyd_be
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 10 February 2013 - 05:34 AM

PS PS : of course no recovery possible nor available and no way to find any "last working config"... 

 

PS PS PS : now I'm running AVG USB rescue tool....but 54% scanned only...and I'll need my CPU as soon as possible...so....

I'm beging your precious help....

thanks guys....

 



#3 feyd_be

feyd_be
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 11 February 2013 - 08:12 PM

Please !!!!!!

 

 

I really need my CPU !!!!

 

 

Who could try to help me ??????

 

 

 



#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 9,988 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:24 AM

Posted 15 February 2013 - 02:20 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

:step1: In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/484862 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

:step2: If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#5 jntkwx

jntkwx

  • Malware Response Team
  • 4,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:09:24 AM

Posted 15 February 2013 - 05:52 PM

Hello feyd_be,

welcome.gif to BleepingComputer.
We sincerely apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Do you still need help? If so, continue to follow these instructions:


My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.

Some things to remember while we are working together.
  • Do not run any other tool untill instructed to do so!
  • Please do not attach logs or put logs in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can also help.
  • Do not run anything while running a fix.
  • If you don't understand a step, please ask for clarification before continuing with any future steps.
Click on the Follow this Topic button and select Receive Notification Immediately. This will help you to get notified faster when I have replied and make the cleaning process faster.

 

Rerun FRST
Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt
 
start
HKU\le nouvo 23 05 2011\...\Run: [vlzmujxfuufbsch] C:\ProgramData\vlzmujxf.exe
HKU\nono\...\Run: [kqAIrvwyxLeS] C:\ProgramData\kqAIrvwyxLeS.exe [x]
HKU\nono\...\Policies\system: [DisableTaskMgr]
C:\ProgramData\vlzmujxf.exe
C:\ProgramData\kqAIrvwyxLeS.exe
C:\Windows\assembly\temp
C:\Windows\assembly\temp\@
C:\Windows\assembly\temp\cfg.ini
C:\Windows\assembly\temp\L
C:\Windows\assembly\temp\U
C:\Windows\assembly\temp\L\00000004.@
C:\Windows\assembly\temp\L\201d3dde
C:\Windows\assembly\temp\L\76603ac3
C:\Windows\assembly\temp\U\00000001.@
C:\Windows\assembly\temp\U\00000004.@
C:\Windows\assembly\temp\U\000000c0.@
C:\Windows\assembly\temp\U\000000cb.@
C:\Windows\assembly\temp\U\000000cf.@
C:\Windows\assembly\temp\U\80000000.@
C:\Windows\assembly\temp\U\80000004.@
C:\Windows\assembly\temp\U\800000c0.@
C:\Windows\assembly\temp\U\800000cb.@
C:\Windows\assembly\temp\U\800000cf.@
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\$Recycle.Bin\S-1-5-21-2320139745-3362237427-3734117442-1003\$b72ba0df48bcc4fd8afe7c83fb8ec291
C:\$Recycle.Bin\S-1-5-21-2320139745-3362237427-3734117442-1003\$b72ba0df48bcc4fd8afe7c83fb8ec291\@
C:\$Recycle.Bin\S-1-5-21-2320139745-3362237427-3734117442-1003\$b72ba0df48bcc4fd8afe7c83fb8ec291\L
C:\$Recycle.Bin\S-1-5-21-2320139745-3362237427-3734117442-1003\$b72ba0df48bcc4fd8afe7c83fb8ec291\n
C:\$Recycle.Bin\S-1-5-21-2320139745-3362237427-3734117442-1003\$b72ba0df48bcc4fd8afe7c83fb8ec291\U
C:\$Recycle.Bin\S-1-5-21-2320139745-3362237427-3734117442-1003\$b72ba0df48bcc4fd8afe7c83fb8ec291\U\00000004.@
C:\$Recycle.Bin\S-1-5-21-2320139745-3362237427-3734117442-1003\$b72ba0df48bcc4fd8afe7c83fb8ec291\U\00000008.@
C:\$Recycle.Bin\S-1-5-21-2320139745-3362237427-3734117442-1003\$b72ba0df48bcc4fd8afe7c83fb8ec291\U\000000cb.@
C:\$Recycle.Bin\S-1-5-21-2320139745-3362237427-3734117442-1003\$b72ba0df48bcc4fd8afe7c83fb8ec291\U\80000000.@
C:\$Recycle.Bin\S-1-5-21-2320139745-3362237427-3734117442-1003\$b72ba0df48bcc4fd8afe7c83fb8ec291\U\80000032.@
C:\$Recycle.Bin\S-1-5-21-2320139745-3362237427-3734117442-1003\$b72ba0df48bcc4fd8afe7c83fb8ec291\U\80000064.@
SubSystems: [Windows] ATTENTION! ====> ZeroAccess
end
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options and select Command Prompt.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
 
Also restart, let it boot normally and tell me how it went.

Regards,
Jason


Simple and easy ways to keep your computer safe and secure on the Internet

My help is free... however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <-- (every little bit helps)


#6 jntkwx

jntkwx

  • Malware Response Team
  • 4,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:09:24 AM

Posted 18 February 2013 - 11:24 AM

feyd_be,

It has been three days since my last post. Do you still need help?

If you do, please follow my previous instructions. :thumbup2:

Regards,
Jason


Simple and easy ways to keep your computer safe and secure on the Internet

My help is free... however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <-- (every little bit helps)


#7 feyd_be

feyd_be
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 18 February 2013 - 08:22 PM

hello ! super thanks for this, i'll try tomorow, because now i just passed some holidays away from my sick computer !

i'll let you know....

 

many thanks in advance !



#8 feyd_be

feyd_be
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 19 February 2013 - 02:47 PM

hello,

 

I just tried your FIX,

and now I'm able to boot again !!!!

 

when i came to windows, it said to me that recovery was impossible etc...

BUT ! i have access again to windows !

 

I REALLY thank you my friend !

 

Could you please give me some informations what about the problem was ?

 

I'm interesting....

 

Anyway, even a bit late ! I really thank you A LOT !!

 

arno

 



#9 jntkwx

jntkwx

  • Malware Response Team
  • 4,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:09:24 AM

Posted 19 February 2013 - 05:10 PM

feyd_be,

Your computer was infected with an infection known as ZeroAccess.

We're not quite done fixing this computer.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.


Regards,
Jason


Simple and easy ways to keep your computer safe and secure on the Internet

My help is free... however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <-- (every little bit helps)


#10 feyd_be

feyd_be
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 19 February 2013 - 05:46 PM

ok...

 

i sent you the fixlog.txt

 

also, while the period i left my 1st post, and before I got your answer, it's true : i managed some things by myself...

like : delete some 00000000x.@

 

etc...

 

if you want i can do again one full scan and send you the result....

 

I did things by myself because i felt totally lost and i need(ed) this computer to work...

 

tell me what....

 

Best regards

 

arnoAttached File  Fixlog.txt   2.96KB   1 downloads

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-02-2013
Ran by Système at 2013-02-19 11:37:32 Run:1
Running from G:\

==============================================

HKEY_USERS\le nouvo 23 05 2011\Software\Microsoft\Windows\CurrentVersion\Run\\vlzmujxfuufbsch Value deleted successfully.
HKEY_USERS\nono\Software\Microsoft\Windows\CurrentVersion\Run\\kqAIrvwyxLeS Value deleted successfully.
HKEY_USERS\nono\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableTaskMgr Value deleted successfully.
C:\ProgramData\vlzmujxf.exe not found.
C:\ProgramData\kqAIrvwyxLeS.exe not found.
C:\Windows\assembly\temp moved successfully.
C:\Windows\assembly\temp\@ not found.
C:\Windows\assembly\temp\cfg.ini not found.
C:\Windows\assembly\temp\L not found.
C:\Windows\assembly\temp\U not found.
C:\Windows\assembly\temp\L\00000004.@ not found.
C:\Windows\assembly\temp\L\201d3dde not found.
C:\Windows\assembly\temp\L\76603ac3 not found.
C:\Windows\assembly\temp\U\00000001.@ not found.
C:\Windows\assembly\temp\U\00000004.@ not found.
C:\Windows\assembly\temp\U\000000c0.@ not found.
C:\Windows\assembly\temp\U\000000cb.@ not found.
C:\Windows\assembly\temp\U\000000cf.@ not found.
C:\Windows\assembly\temp\U\80000000.@ not found.
C:\Windows\assembly\temp\U\80000004.@ not found.
C:\Windows\assembly\temp\U\800000c0.@ not found.
C:\Windows\assembly\temp\U\800000cb.@ not found.
C:\Windows\assembly\temp\U\800000cf.@ not found.
C:\Windows\assembly\GAC_32\Desktop.ini not found.
C:\Windows\assembly\GAC_64\Desktop.ini not found.
C:\$Recycle.Bin\S-1-5-21-2320139745-3362237427-3734117442-1003\$b72ba0df48bcc4fd8afe7c83fb8ec291 moved successfully.
C:\$Recycle.Bin\S-1-5-21-2320139745-3362237427-3734117442-1003\$b72ba0df48bcc4fd8afe7c83fb8ec291\@ not found.
C:\$Recycle.Bin\S-1-5-21-2320139745-3362237427-3734117442-1003\$b72ba0df48bcc4fd8afe7c83fb8ec291\L not found.
C:\$Recycle.Bin\S-1-5-21-2320139745-3362237427-3734117442-1003\$b72ba0df48bcc4fd8afe7c83fb8ec291\n not found.
C:\$Recycle.Bin\S-1-5-21-2320139745-3362237427-3734117442-1003\$b72ba0df48bcc4fd8afe7c83fb8ec291\U not found.
C:\$Recycle.Bin\S-1-5-21-2320139745-3362237427-3734117442-1003\$b72ba0df48bcc4fd8afe7c83fb8ec291\U\00000004.@ not found.
C:\$Recycle.Bin\S-1-5-21-2320139745-3362237427-3734117442-1003\$b72ba0df48bcc4fd8afe7c83fb8ec291\U\00000008.@ not found.
C:\$Recycle.Bin\S-1-5-21-2320139745-3362237427-3734117442-1003\$b72ba0df48bcc4fd8afe7c83fb8ec291\U\000000cb.@ not found.
C:\$Recycle.Bin\S-1-5-21-2320139745-3362237427-3734117442-1003\$b72ba0df48bcc4fd8afe7c83fb8ec291\U\80000000.@ not found.
C:\$Recycle.Bin\S-1-5-21-2320139745-3362237427-3734117442-1003\$b72ba0df48bcc4fd8afe7c83fb8ec291\U\80000032.@ not found.
C:\$Recycle.Bin\S-1-5-21-2320139745-3362237427-3734117442-1003\$b72ba0df48bcc4fd8afe7c83fb8ec291\U\80000064.@ not found.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored successfully .

==== End of Fixlog ====


Edited by jntkwx, 19 February 2013 - 08:02 PM.
Including log in post (easier to read)


#11 jntkwx

jntkwx

  • Malware Response Team
  • 4,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:09:24 AM

Posted 19 February 2013 - 08:07 PM

feyd_be,

Please do not make changes to this computer without following my instructions, as this could cause worse problems for your computer!



warningh.gif One or more of the identified infections (ZeroAccess) is a backdoor trojan and password stealer.
 

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.

I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.


Combofix:

Please download Combofix from one of these links, and save it to your Desktop1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. If you do not know how to do this you can find out here.
3. Double click on Combofix.exe & follow the prompts.

Notes:
  • Combofix may need to reboot your computer more than once to do its job. This is normal.
  • When finished, it will produce a report for you.
Important:
  • Do not mouseclick combofix's window while it's running. That may cause it to stall.
  • If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer
In your next reply, please include:
  • Combofix log
  • How is your computer running now? Please be as descriptive as possible. Include any word-for-word error messages that you may have, and/or screenshots of strange behavior.

Regards,
Jason


Simple and easy ways to keep your computer safe and secure on the Internet

My help is free... however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <-- (every little bit helps)


#12 jntkwx

jntkwx

  • Malware Response Team
  • 4,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:09:24 AM

Posted 03 March 2013 - 07:38 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Regards,
Jason


Simple and easy ways to keep your computer safe and secure on the Internet

My help is free... however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <-- (every little bit helps)





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users