Zeroaccess Trojan Infection

Mhaskym · August 26, 2013

Hi everyone

After some analysis made with Malwarbyte, it becomes clear that I'm infected with the zeroaccess trojan.

It has been identified by Mawarebyte, but there no way to get rid of it.

As I already had roguekiller installed on my computer and as I couldn't download any other software even in safe mode , I directly ran it and obtaind the report pasted below

Can you help me with this please

Thanks a lot

RogueKiller V8.6.6 [Aug 19 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : http://www.adlice.com/forum/
Site Web : http://www.sur-la-to...om/RogueKiller/
Blog : http://tigzyrk.blogspot.com/

Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Demarrage : Mode normal
Utilisateur : mbernard [Droits d'admin]
Mode : Recherche -- Date : 08/26/2013 09:49:44
| ARK || FAK || MBR |

¤¤¤ Processus malicieux : 1 ¤¤¤
[ZeroAccess][sERVICE] ???etadpug -- "C:\Program Files\Google\Desktop\Install\{914eb99c-c9ed-42c2-aa95-e815e23f5d5e}\ \...\???ﯹ๛\{914eb99c-c9ed-42c2-aa95-e815e23f5d5e}\GoogleUpdate.exe" < [x] -> STOPPÉ

¤¤¤ Entrees de registre : 8 ¤¤¤
[sERVICE][ZeroAccess] HKLM\[...]\CCSet\[...]\Services : ???etadpug ("C:\Program Files\Google\Desktop\Install\{914eb99c-c9ed-42c2-aa95-e815e23f5d5e}\ \...\???ﯹ๛\{914eb99c-c9ed-42c2-aa95-e815e23f5d5e}\GoogleUpdate.exe" < [x]) -> TROUVÉ
[sERVICE][ZeroAccess] HKLM\[...]\CS001\[...]\Services : ???etadpug ("C:\Program Files\Google\Desktop\Install\{914eb99c-c9ed-42c2-aa95-e815e23f5d5e}\ \...\???ﯹ๛\{914eb99c-c9ed-42c2-aa95-e815e23f5d5e}\GoogleUpdate.exe" < [x]) -> TROUVÉ
[sERVICE][ZeroAccess] HKLM\[...]\CS002\[...]\Services : ???etadpug ("C:\Program Files\Google\Desktop\Install\{914eb99c-c9ed-42c2-aa95-e815e23f5d5e}\ \...\???ﯹ๛\{914eb99c-c9ed-42c2-aa95-e815e23f5d5e}\GoogleUpdate.exe" < [x]) -> TROUVÉ
[HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> TROUVÉ
[HJ POL] HKLM\[...]\System : EnableLUA (0) -> TROUVÉ
[HID SVC][Masqué de l'API] HKLM\[...]\CCSet\[...]\Services : . e () -> TROUVÉ
[HID SVC][Masqué de l'API] HKLM\[...]\CS001\[...]\Services : . e () -> TROUVÉ
[HID SVC][Masqué de l'API] HKLM\[...]\CS002\[...]\Services : . e () -> TROUVÉ

¤¤¤ Tâches planifiées : 1 ¤¤¤
[V2][sUSP PATH] Test TimeTrigger : C:\Users\mbernard\AppData\Local\Temp\Runner.exe - C:\Users\mbernard\AppData\Local\Temp\DNS.exe [x][x] -> TROUVÉ

¤¤¤ Entrées Startup : 2 ¤¤¤
[mbernard][sUSP PATH] jimtviphqpxrqjbpqhj.lnk : C:\Users\mbernard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jimtviphqpxrqjbpqhj.lnk @C:\Windows\System32\rundll32.exe C:\Users\mbernard\AppData\Local\Temp\jhqpbjqrxpqhpivtmij.bfg,OKL00 [-][7][x] -> TROUVÉ
[mbernard][Rans.Gendarm] msconfig.lnk : C:\Users\mbernard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk @C:\Windows\System32\rundll32.exe C:\PROGRA~2\08jer.dat,FG00 [-][7][x] -> TROUVÉ

¤¤¤ Navigateurs web : 1 ¤¤¤
[FF][PROXY] 36i1lbm6.default : user_pref("network.proxy.type", 4); -> TROUVÉ

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
[ZeroAccess][Jonction] fr-FR : C:\Program Files\Windows Defender\fr-FR >> \systemroot\system32\config [-] --> TROUVÉ
[ZeroAccess][Jonction] MpAsDesc.dll : C:\Program Files\Windows Defender\MpAsDesc.dll >> \systemroot\system32\config [-] --> TROUVÉ
[ZeroAccess][Jonction] MpClient.dll : C:\Program Files\Windows Defender\MpClient.dll >> \systemroot\system32\config [-] --> TROUVÉ
[ZeroAccess][Jonction] MpCmdRun.exe : C:\Program Files\Windows Defender\MpCmdRun.exe >> \systemroot\system32\config [-] --> TROUVÉ
[ZeroAccess][Jonction] MpCommu.dll : C:\Program Files\Windows Defender\MpCommu.dll >> \systemroot\system32\config [-] --> TROUVÉ
[ZeroAccess][Jonction] MpEvMsg.dll : C:\Program Files\Windows Defender\MpEvMsg.dll >> \systemroot\system32\config [-] --> TROUVÉ
[ZeroAccess][Jonction] MpOAV.dll : C:\Program Files\Windows Defender\MpOAV.dll >> \systemroot\system32\config [-] --> TROUVÉ
[ZeroAccess][Jonction] MpRTP.dll : C:\Program Files\Windows Defender\MpRTP.dll >> \systemroot\system32\config [-] --> TROUVÉ
[ZeroAccess][Jonction] MpSvc.dll : C:\Program Files\Windows Defender\MpSvc.dll >> \systemroot\system32\config [-] --> TROUVÉ
[ZeroAccess][Jonction] MSASCui.exe : C:\Program Files\Windows Defender\MSASCui.exe >> \systemroot\system32\config [-] --> TROUVÉ
[ZeroAccess][Jonction] MsMpCom.dll : C:\Program Files\Windows Defender\MsMpCom.dll >> \systemroot\system32\config [-] --> TROUVÉ
[ZeroAccess][Jonction] MsMpLics.dll : C:\Program Files\Windows Defender\MsMpLics.dll >> \systemroot\system32\config [-] --> TROUVÉ
[ZeroAccess][Jonction] MsMpRes.dll : C:\Program Files\Windows Defender\MsMpRes.dll >> \systemroot\system32\config [-] --> TROUVÉ
[ZeroAccess][Repertoire] Install : C:\Users\mbernard\AppData\Local\Google\Desktop\Install [-] --> TROUVÉ
[ZeroAccess][Repertoire] Install : C:\Program Files\Google\Desktop\Install [-] --> TROUVÉ

¤¤¤ Driver : [CHARGE] ¤¤¤
[Address] SSDT[70] : NtCreateKey @ 0x8324FFFB -> HOOKED (Unknown @ 0x97572104)
[Address] SSDT[74] : NtCreateMutant @ 0x8325F34C -> HOOKED (Unknown @ 0x9756DCAC)
[Address] SSDT[79] : NtCreateProcess @ 0x8332B1D9 -> HOOKED (Unknown @ 0x975426CC)
[Address] SSDT[80] : NtCreateProcessEx @ 0x8332B224 -> HOOKED (Unknown @ 0x97571B94)
[Address] SSDT[86] : NtCreateSymbolicLinkObject @ 0x832509C6 -> HOOKED (Unknown @ 0x97579284)
[Address] SSDT[87] : NtCreateThread @ 0x8332AFE2 -> HOOKED (Unknown @ 0x9756DD6C)
[Address] SSDT[88] : NtCreateThreadEx @ 0x832BF49B -> HOOKED (Unknown @ 0x9756DD2C)
[Address] SSDT[93] : NtCreateUserProcess @ 0x832BD3CD -> HOOKED (Unknown @ 0x8787252C)
[Address] SSDT[103] : NtDeleteKey @ 0x8323AA4A -> HOOKED (Unknown @ 0x97577C0C)
[Address] SSDT[106] : NtDeleteValueKey @ 0x8322C453 -> HOOKED (Unknown @ 0x97577E24)
[Address] SSDT[111] : NtDuplicateObject @ 0x83280761 -> HOOKED (Unknown @ 0x97579244)
[Address] SSDT[155] : NtLoadDriver @ 0x83214C32 -> HOOKED (Unknown @ 0x9756DCEC)
[Address] SSDT[190] : NtOpenProcess @ 0x83260B93 -> HOOKED (Unknown @ 0x975714F4)
[Address] SSDT[194] : NtOpenSection @ 0x832B89EB -> HOOKED (Unknown @ 0x97577DE4)
[Address] SSDT[290] : NtRenameKey @ 0x832EB0BB -> HOOKED (Unknown @ 0x97577EA4)
[Address] SSDT[302] : NtRestoreKey @ 0x832E0C72 -> HOOKED (Unknown @ 0x97577E64)
[Address] SSDT[350] : NtSetSystemInformation @ 0x8329D37A -> HOOKED (Unknown @ 0x9756DC6C)
[Address] SSDT[358] : NtSetValueKey @ 0x832595F8 -> HOOKED (Unknown @ 0x97577C4C)
[Address] SSDT[370] : NtTerminateProcess @ 0x832A9D86 -> HOOKED (Unknown @ 0x9757130C)
[Address] SSDT[371] : NtTerminateThread @ 0x832C769B -> HOOKED (Unknown @ 0x97572144)
[Address] SSDT[399] : NtWriteVirtualMemory @ 0x832AEA83 -> HOOKED (Unknown @ 0x9756DDAC)
[Address] Shadow SSDT[584] : NtUserSetWindowsHookAW -> HOOKED (Unknown @ 0xAA2D4474)
[Address] Shadow SSDT[585] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x88065DEC)

¤¤¤ Ruches Externes: ¤¤¤

¤¤¤ Infection : ZeroAccess|Rans.Gendarm ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500BEKT-75PVMT1 +++++
--- User ---
[MBR] efbc3f103919fa6ab16058e5b3bdb916
[bSP] 0cf2be6e7180b5f48c5776193846cf77 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 102400 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 209717248 | Size: 135762 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 487757824 | Size: 300 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Termine : << RKreport[0]_S_08262013_094944.txt >>

MrCharlie · August 26, 2013

Recovery Scan Tool and save it to a folder. (use correct version for your system)

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

MrC

Mhaskym · August 26, 2013

Hi MrC and thanks for your quick answer.

Below are paste the two report.

addition.txt

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-08-2013
Ran by mbernard at 2013-08-26 15:49:48
Running from D:\mbernard\Desktop\MB
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================

7-Zip 9.20
ABBYY FineReader 9.0 Sprint (Version: 9.01.513.58212)
AccelerometerP11 (Version: 2.00.10.33)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (Version: 11.8.800.94)
Adobe Reader X (10.1.2) MUI (Version: 10.1.2)
Adobe Shockwave Player 11.6 (Version: 11.6.4.634)
BlackBerry App World Browser Plugin (Version: 4.2.0.11)
BlackBerry Desktop Software 7.1 (Version: 7.1.0.41)
CCleaner (Version: 3.08)
CDex - Open Source Digital Audio CD Extractor (Version: 1.70.4.2009)
Citrix Online Launcher (Version: 1.0.109)
Citrix Online Plug-in (DV) (Version: 12.1.0.30)
Citrix Online Plug-in (HDX) (Version: 12.1.0.30)
Citrix Online Plug-in (PNA) (Version: 12.1.0.30)
Citrix Online Plug-in (SSON) (Version: 12.1.0.30)
Citrix online plug-in (USB) (Version: 12.1.0.30)
Citrix Online Plug-in (Version: 12.1.0.30)
Citrix Online Plug-in (Web) (Version: 12.1.0.30)
Classic Menu for Office Standard 2010 (Version: 4.00)
Dell Mobile Broadband Manager (Version: 7.0.0.4)
Dell System Manager (Version: 1.7.10000)
Dell Touchpad (Version: 7.1208.101.124)
Dell Wireless HSPA Mini-Card Drivers (Version: 7.0.0.4)
Download Navigator (Version: 1.1.0)
Epson Connect Printer Setup (Version: 1.1.1)
Epson Easy Photo Print 2 (Version: 2.3.2.0)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (Version: 1.00.0000)
Epson Event Manager (Version: 3.01.0000)
EPSON Scan
EPSON XP-302 303 305 306 Series Printer Uninstall
EpsonNet Print (Version: 2.6.0)
Eureqa (Version: 0.99.0.1270)
FileOpen Client (Version: 3.0.35.879)
FileOpen Plug-in for Adobe Acrobat® and Adobe Reader® (Version: 1.0.0.852)
FileZilla Client 3.5.3 (Version: 3.5.3)
FreeMind (Version: 0.9.0)
GIMP 2.8.6 (Version: 2.8.6)
Google Chrome (Version: 29.0.1547.57)
Google Earth Plug-in (Version: 7.1.1.1888)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4413.1752)
Google Update Helper (Version: 1.3.21.153)
GoToMeeting 5.4.0.1082 (HKCU Version: 5.4.0.1082)
Guide des opérations de base EPSON XP-302 303 305 306 Series
Guide d'utilisation EPSON XP-302 303 305 306 Series
Guide réseau EPSON XP-302 303 305 306 Series
Imager (Version: 2.0.2020)
IrfanView (remove only) (Version: 4.30)
Java Auto Updater (Version: 2.0.7.1)
Java 6 Update 31 (Version: 6.0.310)
Lotus Notes 8.5.2 fr (Version: 8.52.10245)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Matheo Patent 9.4
MATLAB R2012b (Version: 8.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Excel MUI (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Arabic) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Dutch) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Standard 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (French) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.0.61118.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 21.0 (x86 fr) (Version: 21.0)
Mozilla Maintenance Service (Version: 21.0)
Notilus Offline 3.0 (Version: 3.0)
Optris Connect (Version: 2.0.5)
PDFCreator (Version: 1.4.3)
pdfsam (Version: 2.2.1)
Picasa 3 (Version: 3.8)
PrtScr 1.5
Qt 5.1.0 (HKCU Version: 5.1.0)
Roxio Creator Audio (Version: 3.7.0)
Roxio Creator Copy (Version: 3.7.0)
Roxio Creator Data (Version: 3.7.0)
Roxio Creator DE 10.3 (Version: 10.3)
Roxio Creator DE 10.3 (Version: 3.7.0)
Roxio Creator Tools (Version: 3.7.0)
Roxio Express Labeler 3 (Version: 3.2.2)
Roxio Update Manager (Version: 6.0.0)
SketchUp 8 (Version: 3.0.16846)
Skype Click to Call (Version: 6.3.11079)
Skype™ 6.6 (Version: 6.6.106)
SolidWorks eDrawings 2012 (Version: 12.4.108)
Spotify (HKCU Version: 0.9.1.57.ge7405149)
Sweet Home 3D version 4.1
TeamViewer 7 (Version: 7.0.13989)
TomTom HOME (Version: 2.9.3)
TomTom HOME Visual Studio Merge Modules (Version: 1.0.2)
Trend Micro OfficeScan Client (Version: 10.5)
UltraVNC 1.0.8.2 (Version: 1.0.8.2)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
VLC media player 2.0.6 (Version: 2.0.6)
Warning
ZHPDiag 1.31 (Version: 1.31)
Zotero Standalone 3.0.8 (x86 en-US) (Version: 3.0.8)

==================== Restore Points =========================

==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0C431C32-D371-4E29-8C0A-30CB60199014} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-09-03] (Google Inc.)
Task: {14596FFA-CCF2-444E-87B5-A9EC3A20AB2C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-09-03] (Google Inc.)
Task: {2B0E8B40-8F6F-4705-BB10-24028EB30847} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] ()
Task: {2FCDF127-D0E2-4AC1-A6A2-98CF769D0781} - System32\Tasks\{2B16465A-D57D-455D-96AF-AC58A975D36E} => C:\Program Files\VideoLAN\VLC\vlc.exe [2013-04-14] (VideoLAN)
Task: {63F81996-2CC9-40E5-A2A9-57BD1B3A9DA9} - System32\Tasks\{AE8EF312-6A70-44A9-BF23-118FF54BB971} => C:\Program Files\VideoLAN\VLC\vlc.exe [2013-04-14] (VideoLAN)
Task: {708DD797-0BA7-40CE-8211-16F74FAF1507} - System32\Tasks\User_Feed_Synchronization-{5704A618-FAF6-408F-A094-2273536F702F} => C:\Windows\system32\msfeedssync.exe [2012-06-28] (Microsoft Corporation)
Task: {71B9132C-1B26-4671-A80C-405DD72ECC0C} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {72D22726-779D-4161-ADFC-8329CBA04F12} - System32\Tasks\Test TimeTrigger => C:\Users\mbernard\AppData\Local\Temp\Runner.exe No File
Task: {AF7F3EDC-1D01-4A69-9500-5E98C7D636E5} - System32\Tasks\MATLAB R2012b Startup Accelerator => C:\Program Files\MATLAB\R2012b\bin\win32\MATLABStartupAccelerator.exe [2012-07-20] ()
Task: {BE43EFF7-001A-4DA4-AEB6-1FFA7578B440} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-20] (Adobe Systems Incorporated)
Task: {C256357D-6F12-4732-97AA-CC609A2C51EE} - System32\Tasks\{4A749816-FC25-4DC7-A877-6D99EE81F101} => C:\Program Files\VideoLAN\VLC\vlc.exe [2013-04-14] (VideoLAN)
Task: {D7A58657-F943-4336-BDF5-C0BF56214F41} - System32\Tasks\{4FD0590F-FB06-4EC1-84EC-6119738B29D6} => C:\Program Files\VideoLAN\VLC\vlc.exe [2013-04-14] (VideoLAN)
Task: {FA268056-065E-436D-84F1-BD5594A20901} - System32\Tasks\{C969ADFB-52B2-4693-9944-7FC7AF1E56CB} => C:\Program Files\VideoLAN\VLC\vlc.exe [2013-04-14] (VideoLAN)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\MATLAB R2012b Startup Accelerator.job => C:\Program Files\MATLAB\R2012b\bin\win32\MATLABStartupAccelerator.exe

==================== Faulty Device Manager Devices =============

Name: Dell Wireless 5550 HSPA+ Mini-Card GPS Port (COM5)
Description: Dell Wireless 5550 HSPA+ Mini-Card GPS Port
Class Guid: {4d36e978-e325-11ce-bfc1-08002be10318}
Manufacturer: Dell
Service: d554gps
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

Name: Périphérique Bluetooth
Description: Périphérique Bluetooth
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Broadcom Usbccid Smartcard Reader (WUDF)
Description: Broadcom Usbccid Smartcard Reader (WUDF)
Class Guid: {50dd5230-ba8a-11d1-bf5d-0000f805f530}
Manufacturer: Broadcom
Service: WUDFRd
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

Name: Périphérique Bluetooth
Description: Périphérique Bluetooth
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: My Book World Edition Network Storage
Description: My Book World Edition Network Storage
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Périphérique Bluetooth
Description: Périphérique Bluetooth
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (08/26/2013 09:45:31 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/26/2013 09:21:30 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/26/2013 08:47:09 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/25/2013 10:35:11 PM) (Source: ESENT) (User: )
Description: wuaueng.dll (1024) SUS20ClientDataStore: Une tentative d'écriture dans le fichier "C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb" à l'adresse relative 0 (0x0000000000000000) de 98304 (0x00018000) a échoué après wuaueng.dll0 secondes avec l'erreur système 112 (0x00000070) : "Espace insuffisant sur le disque. ". L'opération d'écriture échouera en indiquant l'erreur -1808 (0xfffff8f0). Si le problème persiste, ceci signifie que le fichier est sans doute endommagé et qu'il faut le restaurer à partir d'une version de sauvegarde antérieure.

Error: (08/25/2013 09:33:26 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/25/2013 09:12:51 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/25/2013 01:49:30 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/25/2013 10:30:02 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/24/2013 01:41:55 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/22/2013 08:23:38 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (08/26/2013 09:47:01 AM) (Source: SCardSvr) (User: )
Description: Descripteur non valideBroadcom Corp Contacted SmartCard 0GET_STATEXX XX XX XX

Error: (08/26/2013 09:46:11 AM) (Source: Service Control Manager) (User: )
Description: Le service OfficeScan NT Firewall dépend du service Trend Micro WFP Callout Driver qui n’a pas pu démarrer en raison de l’erreur :
%%2

Error: (08/26/2013 09:46:11 AM) (Source: Service Control Manager) (User: )
Description: Le service Trend Micro WFP Callout Driver n’a pas pu démarrer en raison de l’erreur :
%%2

Error: (08/26/2013 09:46:10 AM) (Source: Service Control Manager) (User: )
Description: Le service OfficeScan NT Firewall dépend du service Trend Micro WFP Callout Driver qui n’a pas pu démarrer en raison de l’erreur :
%%2

Error: (08/26/2013 09:46:10 AM) (Source: Service Control Manager) (User: )
Description: Le service Trend Micro WFP Callout Driver n’a pas pu démarrer en raison de l’erreur :
%%2

Error: (08/26/2013 09:46:05 AM) (Source: Service Control Manager) (User: )
Description: Le service Trend Micro WFP Callout Driver n’a pas pu démarrer en raison de l’erreur :
%%2

Error: (08/26/2013 09:44:58 AM) (Source: Service Control Manager) (User: )
Description: Le service "Security Center" n’a pas pu démarrer en raison de l’erreur :
%%1079

Error: (08/26/2013 09:44:56 AM) (Source: Service Control Manager) (User: )
Description: Le service Trend Micro WFP Callout Driver n’a pas pu démarrer en raison de l’erreur :
%%1753

Error: (08/26/2013 09:44:54 AM) (Source: Service Control Manager) (User: )
Description: Le service Modules de génération de clés IKE et AuthIP dépend du service suivant : BFE. Ce dernier n’est peut-être pas installé.

Microsoft Office Sessions:
=========================
Error: (08/26/2013 09:45:31 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/26/2013 09:21:30 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/26/2013 08:47:09 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/25/2013 10:35:11 PM) (Source: ESENT)(User: )
Description: wuaueng.dll1024SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb0 (0x0000000000000000)98304 (0x00018000)-1808 (0xfffff8f0)112 (0x00000070)Espace insuffisant sur le disque. 0

Error: (08/25/2013 09:33:26 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/25/2013 09:12:51 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/25/2013 01:49:30 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/25/2013 10:30:02 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/24/2013 01:41:55 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/22/2013 08:23:38 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

==================== Memory info ===========================

Percentage of memory in use: 64%
Total physical RAM: 1928.9 MB
Available physical RAM: 693.34 MB
Total Pagefile: 3857.8 MB
Available Pagefile: 1604.95 MB
Total Virtual: 2047.88 MB
Available Virtual: 1869.55 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:100 GB) (Free:64.9 GB) NTFS
Drive d: (Data) (Fixed) (Total:132.58 GB) (Free:82.92 GB) NTFS
Drive f: (CLE MAX) (Removable) (Total:1.88 GB) (Free:1.45 GB) FAT32
Drive g: (BLACKBERRY) (Removable) (Total:1.84 GB) (Free:1.54 GB) FAT
Drive h: (BLACKBERRY1) (Removable) (Total:6.04 GB) (Free:0.54 GB) FAT32
Drive s: () (Network) (Total:2204 GB) (Free:186.47 GB) NTFS
Drive w: () (Network) (Total:2204 GB) (Free:186.47 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 45181395)
Partition 1: (Not Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=133 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=300 MB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 1C378005)
Partition 1: (Not Active) - (Size=2 GB) - (Type=0B)

========================================================
Disk: 2 (Size: 2 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=2 GB) - (Type=06)

========================================================
Disk: 3 (Size: 6 GB) (Disk ID: 00000000)

==================== End Of Log ============================

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-08-2013
Ran by mbernard (administrator) on 26-08-2013 15:49:03
Running from D:\mbernard\Desktop\MB
Microsoft Windows 7 Professionnel Service Pack 1 (X86) OS Language: French Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
(ABBYY) C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\aestsrv.exe
(Seiko Epson Corporation) C:\Windows\system32\EscSvc.exe
(IBM) C:\Program Files\IBM\Lotus\Notes\nsd.exe
(IBM Corp) C:\Program Files\IBM\Lotus\Notes\ntmulti.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
(O2Micro International) C:\Windows\system32\DRIVERS\o2flash.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(UltraVNC) C:\Program Files\UltraVNC\WinVNC.exe
(Ericsson AB) C:\Program Files\Dell\Dell WWAN\WMCore\mini_WMCore.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ssonsvr.exe
(UltraVNC) C:\Program Files\UltraVNC\WinVNC.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\BM\TMBMSRV.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\tv_w32.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
() C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\WFCRUN32.EXE
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
(Spotify Ltd) C:\Users\mbernard\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATIIKE.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATIIKE.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\PNAMAIN.EXE
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
() S:\Echange\Mbernard\DIVERS\RogueKiller.exe
(IBM Corp) C:\Program Files\IBM\Lotus\Notes\NLNOTES.EXE
(IBM Corp) C:\Program Files\IBM\Lotus\Notes\ntaskldr.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
(Research In Motion) C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
(Research In Motion) C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.DesktopHelper.exe
(Research In Motion) C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.AutoUpdate.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [505720 2011-10-02] (Alps Electric Co., Ltd.)
HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [536668 2011-10-02] (IDT, Inc.)
HKLM\...\Run: [FreeFallProtection] - C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2011-07-25] ()
HKLM\...\Run: [ConnectionCenter] - C:\Program Files\Citrix\ICA Client\concentr.exe [304568 2010-10-12] (Citrix Systems, Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2012-01-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM\...\Run: [OfficeScanNT Monitor] - C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe [879144 2011-08-04] (Trend Micro Inc.)
HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKLM\...\Run: [EEventManager] - C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION)
HKCU\...\Run: [RIMDeviceManager] - C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe [2226704 2013-03-07] (Research In Motion Limited)
HKCU\...\Run: [skype] - C:\Program Files\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [TomTomHOME.exe] - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [247768 2012-12-05] (TomTom)
HKCU\...\Run: [spotify Web Helper] - C:\Users\mbernard\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-07-09] (Spotify Ltd)
HKCU\...\Run: [spotify] - C:\Users\mbernard\AppData\Roaming\Spotify\spotify.exe [4640768 2013-07-09] (Spotify Ltd)
HKCU\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIIKE.EXE [249440 2012-02-29] (SEIKO EPSON CORPORATION)
HKCU\...\Run: [EPLTarget\P0000000000000001] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIIKE.EXE [249440 2012-02-29] (SEIKO EPSON CORPORATION)
HKCU\...\Run: [OfficeSyncProcess] - C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [718720 2010-12-21] (Microsoft Corporation)
HKU\Administrateur\...\Run: [PrtScr by FireStarter] - C:\Program Files\PrtScr\PrtScr.exe [ 2009-05-16] (FireStarter)
HKU\Default\...\Run: [sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\Default\...\RunOnce: [ParamUser] - C:\ProgramData\Runonce\ScriptUser.cmd [ 2012-05-11] ()
HKU\Default User\...\Run: [sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\Default User\...\RunOnce: [ParamUser] - C:\ProgramData\Runonce\ScriptUser.cmd [ 2012-05-11] ()
HKU\v_lelay\...\Run: [sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\v_lelay\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2012-09-03] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk
ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Online Plug-in.lnk
ShortcutTarget: Online Plug-in.lnk -> C:\Windows\Installer\{0F1F7A90-E71B-4E45-A066-2891619F22E1}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe ()
Startup: C:\Users\mbernard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jimtviphqpxrqjbpqhj.lnk
ShortcutTarget: jimtviphqpxrqjbpqhj.lnk -> C:\Users\mbernard\AppData\Local\Temp\jhqpbjqrxpqhpivtmij.bfg (No File)
Startup: C:\Users\mbernard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk
ShortcutTarget: msconfig.lnk -> C:\PROGRA~2\08jer.dat (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://portail.groupe-atlantic.com
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} http://sdb3d.leroymerlin.fr/leroymerlin_sdb_planner/Core/Player/2020PlayerAX_WEB_Win32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game.zylom.com/activex/zylomgamesplayer.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 172.21.1.101 172.21.1.103 192.168.200.72

FireFox:
========
FF ProfilePath: C:\Users\mbernard\AppData\Roaming\Mozilla\Firefox\Profiles\36i1lbm6.default
FF user.js: detected! => C:\Users\mbernard\AppData\Roaming\Mozilla\Firefox\Profiles\36i1lbm6.default\user.js

FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @rim.com/npappworld - C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\mbernard\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File
FF SearchPlugin: C:\Users\mbernard\AppData\Roaming\Mozilla\Firefox\Profiles\36i1lbm6.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\mbernard\AppData\Roaming\Mozilla\Firefox\Profiles\36i1lbm6.default\searchplugins\BrowserProtect.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\babylon.xml
FF Extension: No Name - C:\Users\mbernard\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

Chrome:
=======
CHR RestoreOnStartup: "urls_to_restore_on_startup": null
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\28.0.1500.72\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\28.0.1500.72\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (EModel scriptable Plugin) - C:\Program Files\Mozilla Firefox\plugins\npEModelPlugin.dll (Dassault Systèmes SolidWorks Corp.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

========================== Services (Whitelisted) =================

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R3 Blackberry Device Manager; C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited)
R2 dcpsysmgrsvc; C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe [390000 2011-07-28] (Dell Inc.)
R2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
R2 Lotus Notes Diagnostics; C:\Program Files\IBM\Lotus\Notes\notes.ini [9002 2013-08-26] ()
R2 Multi-user Cleanup Service; C:\Program Files\IBM\Lotus\Notes\ntmulti.exe [58760 2011-03-23] (IBM Corp)
R2 ntrtscan; C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe [1530104 2011-08-04] (Trend Micro Inc.)
R2 O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [72296 2011-10-04] (O2Micro International)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [274514 2011-10-02] (IDT, Inc.)
R3 TMBMServer; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [345616 2011-06-10] (Trend Micro Inc.)
R2 tmlisten; C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe [1626152 2011-08-04] (Trend Micro Inc.)
S3 TmPfw; C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe [497272 2011-04-15] (Trend Micro Inc.)
R3 TmProxy; C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe [689680 2011-04-15] (Trend Micro Inc.)
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
R2 uvnc_service; C:\Program Files\UltraVNC\WinVNC.exe [1590216 2009-12-07] (UltraVNC)
R2 WMCoreService; C:\Program Files\Dell\Dell WWAN\WMCore\mini_WMCore.exe [652328 2011-09-13] (Ericsson AB)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [528256 2012-12-11] (Wacom Technology, Corp.)
U2 *etadpug; "C:\Program Files\Google\Desktop\Install\{914eb99c-c9ed-42c2-aa95-e815e23f5d5e}\ \...\???\{914eb99c-c9ed-42c2-aa95-e815e23f5d5e}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

R3 Acceler; C:\Windows\System32\DRIVERS\accelern.sys [44144 2011-10-04] (ST Microelectronics)
R3 btwampfl; C:\Windows\System32\drivers\btwampfl.sys [274472 2011-10-02] (Broadcom Corporation.)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R3 cvusbdrv; C:\Windows\System32\Drivers\cvusbdrv.sys [39656 2011-10-02] (Broadcom Corporation)
S3 d554gps; C:\Windows\System32\DRIVERS\d554gps.sys [87592 2011-10-04] (Ericsson AB)
R3 d554scard; C:\Windows\System32\DRIVERS\d554scard.sys [53800 2011-10-04] (Ericsson AB)
R3 e1cexpress; C:\Windows\System32\DRIVERS\e1c6232.sys [268968 2011-07-20] (Intel Corporation)
R3 ecnssndis; C:\Windows\System32\Drivers\wwanuss.sys [23592 2011-09-05] (Ericsson AB)
R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwanussf.sys [25640 2011-09-05] (Ericsson AB)
S3 hidkmdf; C:\Windows\System32\DRIVERS\hidkmdf.sys [11680 2012-12-03] (Windows ® Win 7 DDK provider)
R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [364104 2011-08-22] (MCCI Corporation)
R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [402504 2011-08-22] (MCCI Corporation)
R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [14920 2011-08-22] (MCCI Corporation)
R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [419528 2011-08-22] (MCCI Corporation)
S3 MEI; C:\Windows\system32\drivers\HECI.sys [41088 2011-10-02] (Intel Corporation)
R3 O2MDFRDR; C:\Windows\System32\DRIVERS\O2MDFw7.sys [60904 2011-10-04] (O2Micro )
S3 O2MDRRDR; C:\Windows\system32\drivers\O2MDRw7.sys [62440 2011-10-04] (O2Micro )
R3 O2SDJRDR; C:\Windows\System32\DRIVERS\o2sdjw7.sys [63976 2011-10-04] (O2Micro )
R0 stdcfltn; C:\Windows\System32\DRIVERS\stdcfltn.sys [17904 2011-07-15] (ST Microelectronics)
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [68368 2011-06-10] (Trend Micro Inc.)
R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [178448 2011-06-10] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [59152 2011-06-10] (Trend Micro Inc.)
R2 TmFilter; C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys [264504 2012-07-17] (Trend Micro Inc.)
R1 tmlwf; C:\Windows\System32\DRIVERS\tmlwf.sys [146000 2010-11-08] (Trend Micro Inc.)
R2 TmPreFilter; C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys [36664 2012-07-17] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [90448 2010-11-08] (Trend Micro Inc.)
S2 tmwfp; C:\Windows\System32\DRIVERS\tmwfp.sys [282704 2010-11-08] (Trend Micro Inc.)
U3 TrueSight; C:\Windows\system32\TrueSight.sys [15616 2013-08-26] ()
R2 VSApiNt; C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys [1515232 2012-07-17] (Trend Micro Inc.)
S3 WacHidRouter; C:\Windows\System32\DRIVERS\wachidrouter.sys [70048 2012-12-03] (Wacom Technology)
S3 wacomrouterfilter; C:\Windows\System32\DRIVERS\wacomrouterfilter.sys [13728 2012-11-15] (Wacom Technology)
R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp.sys [242216 2011-09-07] (Ericsson AB)
S3 WacomVKHid; system32\DRIVERS\WacomVKHid.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-08-26 15:47 - 2013-08-26 15:47 - 00000000 ____D D:\mbernard\Desktop\MB
2013-08-26 14:00 - 2013-08-26 14:00 - 00000162 ____H D:\mbernard\Desktop\~$bohec_Sujet-These.doc
2013-08-26 11:52 - 2013-08-26 14:20 - 00000000 ____D D:\mbernard\Desktop\inno-coordination usine
2013-08-26 09:49 - 2013-08-26 09:49 - 00332160 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys.bak
2013-08-26 09:49 - 2013-08-26 09:49 - 00007310 _____ D:\mbernard\Desktop\RKreport[0]_S_08262013_094944.txt
2013-08-26 09:46 - 2013-08-26 09:46 - 00015616 _____ C:\Windows\system32\TrueSight.sys
2013-08-26 09:46 - 2013-08-26 09:46 - 00000000 ____D C:\Users\mbernard\AppData\Roaming\smkits
2013-08-26 08:47 - 2013-08-26 08:47 - 00001999 _____ D:\mbernard\Desktop\Sphinx IQ.lnk
2013-08-25 22:13 - 2013-08-26 09:49 - 00000000 ____D D:\mbernard\Desktop\RK_Quarantine
2013-08-25 21:06 - 2013-08-25 21:06 - 00091855 _____ C:\ProgramData\1377450860.bdinstall.bin
2013-08-25 19:14 - 2013-08-25 19:14 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2013-08-25 19:07 - 2013-08-25 19:07 - 00000000 ____D C:\Users\mbernard\AppData\Roaming\QuickScan
2013-08-25 10:31 - 2013-08-25 10:31 - 00000000 __SHD C:\Windows\system32\%APPDATA%
2013-08-23 12:17 - 2013-08-23 14:46 - 00045568 _____ D:\mbernard\Desktop\lebohec_Sujet-These.doc
2013-08-22 17:42 - 2013-08-22 17:42 - 00037441 _____ D:\mbernard\Desktop\1.pdf
2013-08-22 10:39 - 2013-08-22 10:39 - 00086801 _____ D:\mbernard\Desktop\C13.pdf
2013-08-22 10:17 - 2013-08-22 10:17 - 00001944 _____ C:\Users\Public\Desktop\Eureqa - Formulize.lnk
2013-08-22 10:17 - 2013-08-22 10:17 - 00000000 ____D C:\Program Files\Nutonian
2013-08-22 09:57 - 2013-08-22 09:57 - 08004808 _____ C:\Users\mbernard\Downloads\Eureqa_formulize_0_98_1.zip
2013-08-22 09:44 - 2013-08-22 09:53 - 00032111 _____ D:\mbernard\Desktop\montée-convecteur30.png
2013-08-22 09:41 - 2013-08-22 09:41 - 00084243 _____ D:\mbernard\Desktop\montée-convecteur.png
2013-08-22 09:36 - 2013-08-22 09:36 - 00000000 ____D C:\Users\mbernard\Downloads\Digitizer
2013-08-22 09:35 - 2013-08-22 09:35 - 01887906 _____ C:\Users\mbernard\Downloads\Digitizer.zip
2013-08-22 09:31 - 2013-08-22 09:31 - 00280068 _____ D:\mbernard\Desktop\Synthèse Cient 30%.pdf
2013-08-22 08:54 - 2013-08-22 08:54 - 00000000 ____D D:\mbernard\Desktop\photos perso
2013-08-21 11:05 - 2013-08-21 11:05 - 00150016 _____ D:\mbernard\Desktop\déclassés2108.xls
2013-08-21 08:39 - 2013-08-21 08:39 - 00302648 _____ D:\mbernard\Desktop\certif-med.pdf
2013-08-20 17:56 - 2013-08-21 10:38 - 00165903 _____ D:\mbernard\Desktop\Fiche Projet -rssv-HG .docx
2013-08-19 12:00 - 2013-08-19 12:20 - 00260866 _____ C:\Users\mbernard\Downloads\Outlook (2).zip
2013-08-14 23:33 - 2013-08-14 23:33 - 02977672 _____ C:\Users\mbernard\Downloads\summer.zip
2013-08-13 22:18 - 2013-08-13 22:18 - 00002307 _____ C:\Users\mbernard\AppData\Local\recently-used.xbel
2013-08-08 11:26 - 2013-08-01 13:45 - 00000000 ____D C:\Users\mbernard\Downloads\Carcass - Surgical Steel (2013)
2013-08-07 18:07 - 2013-08-07 18:08 - 00343101 _____ D:\mbernard\Desktop\CANADA2013.pdf
2013-08-03 21:42 - 2013-08-03 21:42 - 01738645 _____ C:\Users\mbernard\Downloads\typo SAFETY FIRST.zip
2013-08-03 21:42 - 2013-08-03 21:42 - 00000000 ____D C:\Users\mbernard\Downloads\typo SAFETY FIRST
2013-08-02 16:55 - 2013-08-02 16:55 - 00136877 _____ D:\mbernard\Desktop\noteMLB-S8.pdf
2013-08-02 16:54 - 2013-08-02 16:54 - 00134892 _____ D:\mbernard\Desktop\noteMLB-S5.pdf
2013-08-01 15:17 - 2013-08-01 15:17 - 02446395 _____ D:\mbernard\Desktop\4_pdfsam_CdC-connexion-RFM4H-SEL.pdf
2013-08-01 15:17 - 2013-08-01 15:17 - 00374210 _____ D:\mbernard\Desktop\CdC-connexion-RFM4H-SEL (2).pdf
2013-08-01 11:02 - 2013-08-01 11:02 - 00003618 _____ C:\Users\mbernard\Downloads\2013.07.31.tar.gz
2013-07-31 14:45 - 2013-07-31 14:45 - 02279553 _____ D:\mbernard\Desktop\meuble.zip
2013-07-31 14:42 - 2013-07-31 14:42 - 00120860 _____ D:\mbernard\Desktop\radiator_7section.zip
2013-07-31 14:42 - 2013-07-31 14:42 - 00013775 _____ D:\mbernard\Desktop\radiateur.zip
2013-07-31 14:42 - 2013-07-31 14:42 - 00008537 _____ D:\mbernard\Desktop\angolo.zip
2013-07-31 14:42 - 2013-07-31 14:42 - 00005652 _____ D:\mbernard\Desktop\cabinetWithBasin.zip
2013-07-31 14:42 - 2013-07-31 14:42 - 00001664 _____ D:\mbernard\Desktop\drawers.zip
2013-07-31 14:41 - 2013-07-31 14:41 - 00036440 _____ C:\Users\mbernard\Downloads\lavastoviglie.zip
2013-07-31 14:41 - 2013-07-31 14:41 - 00001401 _____ D:\mbernard\Desktop\cabinet.zip
2013-07-31 14:41 - 2013-07-31 14:41 - 00000978 _____ D:\mbernard\Desktop\upperCabinet2.zip
2013-07-31 14:41 - 2013-07-31 14:41 - 00000974 _____ D:\mbernard\Desktop\upperCabinet.zip
2013-07-31 14:40 - 2013-07-31 14:40 - 00090148 _____ D:\mbernard\Desktop\mobilettoLavaboWenge.zip
2013-07-31 14:40 - 2013-07-31 14:40 - 00039643 _____ D:\mbernard\Desktop\mobilettoSpecchioWenge.zip
2013-07-31 14:40 - 2013-07-31 14:40 - 00019983 _____ D:\mbernard\Desktop\guitar.zip
2013-07-31 14:39 - 2013-07-31 14:39 - 01049837 _____ D:\mbernard\Desktop\double_vanity.zip
2013-07-31 14:39 - 2013-07-31 14:39 - 00273813 _____ D:\mbernard\Desktop\bathroom_vanity.zip
2013-07-31 14:38 - 2013-07-31 14:38 - 00368290 _____ D:\mbernard\Desktop\female02.zip
2013-07-31 14:38 - 2013-07-31 14:38 - 00367775 _____ D:\mbernard\Desktop\male02.zip
2013-07-31 12:00 - 2013-07-31 12:00 - 02819747 _____ D:\mbernard\Desktop\CdC-connexion-RFM4H-SEL.pdf
2013-07-31 11:52 - 2013-07-31 11:59 - 00379274 _____ D:\mbernard\Desktop\Cahier des charges pour faisceaux alimentation RFM4H-SEL.pdf
2013-07-30 17:00 - 2013-07-30 17:00 - 02453114 _____ D:\mbernard\Desktop\99-60-3790-D.pdf
2013-07-30 12:10 - 2013-07-31 11:58 - 00247370 _____ D:\mbernard\Desktop\Cahier des charges pour faisceaux alimentation RFM4H-SEL.docx
2013-07-29 20:21 - 2013-07-29 20:21 - 00010095 _____ C:\ProgramData\regid.2013-06.com.nutonian_602197FF-4CEC-427B-B15E-603D1B97A208.swidtag
2013-07-29 10:46 - 2013-07-29 10:47 - 00835720 _____ C:\Users\mbernard\Downloads\contrat 10 aout a falleron LMH.zip
2013-07-29 10:09 - 2013-07-29 10:12 - 00000000 ____D C:\Users\mbernard\AppData\Local\gtk-2.0
2013-07-29 10:07 - 2013-07-29 10:07 - 00088579 _____ D:\mbernard\Desktop\Liste matériel- SF.pdf
2013-07-29 10:02 - 2013-07-29 10:04 - 00000000 ____D C:\Program Files\GIMP 2
2013-07-29 10:00 - 2013-07-29 10:02 - 90139696 _____ (The GIMP Team ) C:\Users\mbernard\Downloads\gimp-2.8.6-setup.exe

==================== One Month Modified Files and Folders =======

2013-08-26 15:48 - 2013-08-26 15:48 - 00000000 ____D C:\FRST
2013-08-26 15:47 - 2013-08-26 15:47 - 00000000 ____D D:\mbernard\Desktop\MB
2013-08-26 15:35 - 2012-09-03 22:44 - 00001060 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-26 15:03 - 2012-10-09 20:58 - 00001002 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-26 15:00 - 2013-07-18 12:23 - 00001272 _____ D:\mbernard\Desktop\Home_GA.lnk
2013-08-26 15:00 - 2012-06-27 07:51 - 00000952 _____ C:\Windows\system32\config\netlogon.ftl
2013-08-26 14:26 - 2010-11-20 23:01 - 01722568 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-26 14:20 - 2013-08-26 11:52 - 00000000 ____D D:\mbernard\Desktop\inno-coordination usine
2013-08-26 14:00 - 2013-08-26 14:00 - 00000162 ____H D:\mbernard\Desktop\~$bohec_Sujet-These.doc
2013-08-26 13:09 - 2013-06-19 14:37 - 00000552 _____ C:\Windows\Tasks\MATLAB R2012b Startup Accelerator.job
2013-08-26 09:52 - 2009-07-14 06:34 - 00019344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-26 09:52 - 2009-07-14 06:34 - 00019344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-26 09:49 - 2013-08-26 09:49 - 00332160 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys.bak
2013-08-26 09:49 - 2013-08-26 09:49 - 00007310 _____ D:\mbernard\Desktop\RKreport[0]_S_08262013_094944.txt
2013-08-26 09:49 - 2013-08-25 22:13 - 00000000 ____D D:\mbernard\Desktop\RK_Quarantine
2013-08-26 09:46 - 2013-08-26 09:46 - 00015616 _____ C:\Windows\system32\TrueSight.sys
2013-08-26 09:46 - 2013-08-26 09:46 - 00000000 ____D C:\Users\mbernard\AppData\Roaming\smkits
2013-08-26 09:46 - 2012-06-27 16:12 - 00529454 _____ C:\Windows\system32\TmInstall.log
2013-08-26 09:45 - 2013-03-06 08:42 - 00000000 ____D C:\Users\mbernard\AppData\Roaming\Spotify
2013-08-26 09:45 - 2012-09-03 22:44 - 00001056 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-26 09:45 - 2012-07-18 18:14 - 00000000 ____D C:\Users\mbernard\AppData\Roaming\Skype
2013-08-26 09:44 - 2013-05-05 18:34 - 00017331 _____ C:\Windows\setupact.log
2013-08-26 09:44 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-26 09:18 - 2013-05-05 18:36 - 01446471 _____ C:\Windows\WindowsUpdate.log
2013-08-26 09:16 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Resources
2013-08-26 08:47 - 2013-08-26 08:47 - 00001999 _____ D:\mbernard\Desktop\Sphinx IQ.lnk
2013-08-26 08:47 - 2012-06-27 16:13 - 00008990 _____ C:\Windows\cfgall.ini
2013-08-25 23:18 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\schemas
2013-08-25 21:30 - 2013-05-11 00:35 - 00001508 _____ C:\Windows\TMFilter.log
2013-08-25 21:10 - 2013-05-05 18:34 - 00005302 _____ C:\Windows\PFRO.log
2013-08-25 21:06 - 2013-08-25 21:06 - 00091855 _____ C:\ProgramData\1377450860.bdinstall.bin
2013-08-25 19:14 - 2013-08-25 19:14 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2013-08-25 19:07 - 2013-08-25 19:07 - 00000000 ____D C:\Users\mbernard\AppData\Roaming\QuickScan
2013-08-25 17:56 - 2013-07-22 22:48 - 02154602 _____ D:\mbernard\Desktop\MIMOSAS.sh3d
2013-08-25 10:31 - 2013-08-25 10:31 - 00000000 __SHD C:\Windows\system32\%APPDATA%
2013-08-24 13:56 - 2012-11-10 03:46 - 00181808 _____ C:\Windows\RegBootClean.exe
2013-08-24 13:50 - 2012-09-02 23:24 - 00000000 ____D C:\Users\mbernard\AppData\Local\Google
2013-08-24 13:50 - 2012-06-27 15:57 - 00000000 ____D C:\Program Files\Google
2013-08-24 11:53 - 2012-06-27 16:47 - 00000000 ____D C:\Users\mbernard\AppData\Roaming\vlc
2013-08-23 17:13 - 2013-07-18 12:17 - 00000000 ____D C:\Users\mbernard\AppData\Roaming\QtProject
2013-08-23 15:00 - 2012-07-24 12:00 - 00008393 _____ C:\Users\mbernard\AppData\Roaming\Rim.DesktopHelper.Exception.log
2013-08-23 15:00 - 2012-07-24 12:00 - 00008393 _____ C:\Users\mbernard\AppData\Roaming\Rim.Desktop.Exception.log
2013-08-23 14:46 - 2013-08-23 12:17 - 00045568 _____ D:\mbernard\Desktop\lebohec_Sujet-These.doc
2013-08-22 17:42 - 2013-08-22 17:42 - 00037441 _____ D:\mbernard\Desktop\1.pdf
2013-08-22 10:39 - 2013-08-22 10:39 - 00086801 _____ D:\mbernard\Desktop\C13.pdf
2013-08-22 10:17 - 2013-08-22 10:17 - 00001944 _____ C:\Users\Public\Desktop\Eureqa - Formulize.lnk
2013-08-22 10:17 - 2013-08-22 10:17 - 00000000 ____D C:\Program Files\Nutonian
2013-08-22 10:05 - 2012-12-11 16:18 - 00000000 ____D C:\Users\mbernard\AppData\Local\Downloaded Installations
2013-08-22 09:57 - 2013-08-22 09:57 - 08004808 _____ C:\Users\mbernard\Downloads\Eureqa_formulize_0_98_1.zip
2013-08-22 09:53 - 2013-08-22 09:44 - 00032111 _____ D:\mbernard\Desktop\montée-convecteur30.png
2013-08-22 09:41 - 2013-08-22 09:41 - 00084243 _____ D:\mbernard\Desktop\montée-convecteur.png
2013-08-22 09:36 - 2013-08-22 09:36 - 00000000 ____D C:\Users\mbernard\Downloads\Digitizer
2013-08-22 09:35 - 2013-08-22 09:35 - 01887906 _____ C:\Users\mbernard\Downloads\Digitizer.zip
2013-08-22 09:31 - 2013-08-22 09:31 - 00280068 _____ D:\mbernard\Desktop\Synthèse Cient 30%.pdf
2013-08-22 08:54 - 2013-08-22 08:54 - 00000000 ____D D:\mbernard\Desktop\photos perso
2013-08-21 11:05 - 2013-08-21 11:05 - 00150016 _____ D:\mbernard\Desktop\déclassés2108.xls
2013-08-21 10:38 - 2013-08-20 17:56 - 00165903 _____ D:\mbernard\Desktop\Fiche Projet -rssv-HG .docx
2013-08-21 08:39 - 2013-08-21 08:39 - 00302648 _____ D:\mbernard\Desktop\certif-med.pdf
2013-08-20 20:03 - 2012-07-28 22:53 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-08-20 20:03 - 2012-06-27 15:57 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-08-20 19:33 - 2009-07-14 06:53 - 00032482 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-20 10:56 - 2013-07-18 12:17 - 00000000 ____D D:\mbernard\Desktop\SAUV072013
2013-08-19 12:20 - 2013-08-19 12:00 - 00260866 _____ C:\Users\mbernard\Downloads\Outlook (2).zip
2013-08-19 09:02 - 2012-07-04 09:21 - 00000000 ____D C:\Users\mbernard\AppData\Local\Adobe
2013-08-19 08:54 - 2013-03-06 08:42 - 00000000 ____D C:\Users\mbernard\AppData\Local\Spotify
2013-08-14 23:33 - 2013-08-14 23:33 - 02977672 _____ C:\Users\mbernard\Downloads\summer.zip
2013-08-13 22:18 - 2013-08-13 22:18 - 00002307 _____ C:\Users\mbernard\AppData\Local\recently-used.xbel
2013-08-13 22:18 - 2013-02-10 22:24 - 00000000 ____D C:\Users\mbernard\.gimp-2.8
2013-08-08 10:34 - 2012-07-18 18:14 - 00000000 ___RD C:\Program Files\Skype
2013-08-08 10:34 - 2012-07-18 18:14 - 00000000 ____D C:\ProgramData\Skype
2013-08-07 18:08 - 2013-08-07 18:07 - 00343101 _____ D:\mbernard\Desktop\CANADA2013.pdf
2013-08-03 21:42 - 2013-08-03 21:42 - 01738645 _____ C:\Users\mbernard\Downloads\typo SAFETY FIRST.zip
2013-08-03 21:42 - 2013-08-03 21:42 - 00000000 ____D C:\Users\mbernard\Downloads\typo SAFETY FIRST
2013-08-02 16:55 - 2013-08-02 16:55 - 00136877 _____ D:\mbernard\Desktop\noteMLB-S8.pdf
2013-08-02 16:54 - 2013-08-02 16:54 - 00134892 _____ D:\mbernard\Desktop\noteMLB-S5.pdf
2013-08-01 15:38 - 2013-07-26 23:13 - 00220274 _____ D:\mbernard\Desktop\Questionnaire de demande de prestation.pdf
2013-08-01 15:17 - 2013-08-01 15:17 - 02446395 _____ D:\mbernard\Desktop\4_pdfsam_CdC-connexion-RFM4H-SEL.pdf
2013-08-01 15:17 - 2013-08-01 15:17 - 00374210 _____ D:\mbernard\Desktop\CdC-connexion-RFM4H-SEL (2).pdf
2013-08-01 13:45 - 2013-08-08 11:26 - 00000000 ____D C:\Users\mbernard\Downloads\Carcass - Surgical Steel (2013)
2013-08-01 11:02 - 2013-08-01 11:02 - 00003618 _____ C:\Users\mbernard\Downloads\2013.07.31.tar.gz
2013-07-31 14:45 - 2013-07-31 14:45 - 02279553 _____ D:\mbernard\Desktop\meuble.zip
2013-07-31 14:42 - 2013-07-31 14:42 - 00120860 _____ D:\mbernard\Desktop\radiator_7section.zip
2013-07-31 14:42 - 2013-07-31 14:42 - 00013775 _____ D:\mbernard\Desktop\radiateur.zip
2013-07-31 14:42 - 2013-07-31 14:42 - 00008537 _____ D:\mbernard\Desktop\angolo.zip
2013-07-31 14:42 - 2013-07-31 14:42 - 00005652 _____ D:\mbernard\Desktop\cabinetWithBasin.zip
2013-07-31 14:42 - 2013-07-31 14:42 - 00001664 _____ D:\mbernard\Desktop\drawers.zip
2013-07-31 14:41 - 2013-07-31 14:41 - 00036440 _____ C:\Users\mbernard\Downloads\lavastoviglie.zip
2013-07-31 14:41 - 2013-07-31 14:41 - 00001401 _____ D:\mbernard\Desktop\cabinet.zip
2013-07-31 14:41 - 2013-07-31 14:41 - 00000978 _____ D:\mbernard\Desktop\upperCabinet2.zip
2013-07-31 14:41 - 2013-07-31 14:41 - 00000974 _____ D:\mbernard\Desktop\upperCabinet.zip
2013-07-31 14:40 - 2013-07-31 14:40 - 00090148 _____ D:\mbernard\Desktop\mobilettoLavaboWenge.zip
2013-07-31 14:40 - 2013-07-31 14:40 - 00039643 _____ D:\mbernard\Desktop\mobilettoSpecchioWenge.zip
2013-07-31 14:40 - 2013-07-31 14:40 - 00019983 _____ D:\mbernard\Desktop\guitar.zip
2013-07-31 14:39 - 2013-07-31 14:39 - 01049837 _____ D:\mbernard\Desktop\double_vanity.zip
2013-07-31 14:39 - 2013-07-31 14:39 - 00273813 _____ D:\mbernard\Desktop\bathroom_vanity.zip
2013-07-31 14:38 - 2013-07-31 14:38 - 00368290 _____ D:\mbernard\Desktop\female02.zip
2013-07-31 14:38 - 2013-07-31 14:38 - 00367775 _____ D:\mbernard\Desktop\male02.zip
2013-07-31 12:00 - 2013-07-31 12:00 - 02819747 _____ D:\mbernard\Desktop\CdC-connexion-RFM4H-SEL.pdf
2013-07-31 11:59 - 2013-07-31 11:52 - 00379274 _____ D:\mbernard\Desktop\Cahier des charges pour faisceaux alimentation RFM4H-SEL.pdf
2013-07-31 11:58 - 2013-07-30 12:10 - 00247370 _____ D:\mbernard\Desktop\Cahier des charges pour faisceaux alimentation RFM4H-SEL.docx
2013-07-30 17:00 - 2013-07-30 17:00 - 02453114 _____ D:\mbernard\Desktop\99-60-3790-D.pdf
2013-07-29 20:21 - 2013-07-29 20:21 - 00010095 _____ C:\ProgramData\regid.2013-06.com.nutonian_602197FF-4CEC-427B-B15E-603D1B97A208.swidtag
2013-07-29 10:47 - 2013-07-29 10:46 - 00835720 _____ C:\Users\mbernard\Downloads\contrat 10 aout a falleron LMH.zip
2013-07-29 10:12 - 2013-07-29 10:09 - 00000000 ____D C:\Users\mbernard\AppData\Local\gtk-2.0
2013-07-29 10:07 - 2013-07-29 10:07 - 00088579 _____ D:\mbernard\Desktop\Liste matériel- SF.pdf
2013-07-29 10:06 - 2013-07-24 17:32 - 00625893 _____ D:\mbernard\Desktop\Liste matériel.docx
2013-07-29 10:04 - 2013-07-29 10:02 - 00000000 ____D C:\Program Files\GIMP 2
2013-07-29 10:02 - 2013-07-29 10:00 - 90139696 _____ (The GIMP Team ) C:\Users\mbernard\Downloads\gimp-2.8.6-setup.exe
2013-07-28 12:05 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF

Files to move or delete:
====================
ZeroAccess:
C:\Users\mbernard\AppData\Local\Google\Desktop\Install\{914eb99c-c9ed-42c2-aa95-e815e23f5d5e}
ZeroAccess:
C:\Program Files\Google\Desktop\Install\{914eb99c-c9ed-42c2-aa95-e815e23f5d5e}
C:\Users\Administrateur\AppData\Local\Temp\googletoolbarinstaller_stub_signed.exe
C:\Users\Administrateur\AppData\Local\Temp\InstallAX.exe
C:\Users\Administrateur\AppData\Local\Temp\InstallPlugin.exe
C:\Users\Administrateur\AppData\Local\Temp\Tools\x86\Microsoft.BDD.Utility.dll
C:\Users\Administrateur\AppData\Local\Temp\Tools\x64\Microsoft.BDD.Utility.dll
C:\ProgramData\rej80.pad
C:\Users\mbernard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk
C:\Users\mbernard\AppData\Local\Temp\bitdefender_isecurity_[quickscan].exe
C:\Users\mbernard\AppData\Local\Temp\ICReinstall_pdfediteur!.exe
C:\Users\mbernard\AppData\Local\Temp\SkypeSetup.exe
C:\Users\mbernard\AppData\Local\Temp\TeamViewer\Version7\TeamViewer_.exe
C:\Users\mbernard\AppData\Local\Temp\is42483369\44187539_Setup.EXE
C:\Users\mbernard\AppData\Local\Temp\InstallPlus\E_FWCHKR.exe
C:\Users\mbernard\AppData\Local\Temp\InstallPlus\E_UPNFLE.DLL
C:\Users\mbernard\AppData\Local\Temp\InstallPlus\E_UPWJ01.dll
C:\Users\mbernard\AppData\Local\Temp\InstallPlus\InstallNaui.exe
C:\Users\mbernard\AppData\Local\Temp\InstallNavi\E_FWCHKR.exe
C:\Users\mbernard\AppData\Local\Temp\InstallNavi\E_UPNFLE.DLL
C:\Users\mbernard\AppData\Local\Temp\InstallNavi\E_UPWJ01.dll
C:\Users\mbernard\AppData\Local\Temp\InstallNavi\InstallNaui.exe
C:\Users\mbernard\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
C:\Users\mbernard\AppData\Local\Temp\EPSON XP-302 303 305 306 Series_Home\Install Plus_10\InstallPlus.exe
C:\Users\mbernard\AppData\Local\Temp\EPSON XP-302 303 305 306 Series_Home\Install Plus_10\_cdres\_dll\ENSTRMAPI.dll
C:\Users\mbernard\AppData\Local\Temp\EPSON XP-302 303 305 306 Series_Home\Install Plus_10\_cdres\_dll\EPDNSTRT.DLL
C:\Users\mbernard\AppData\Local\Temp\EPSON\eMail Print\EpsonConnectPrinterSetup1_1_1_FC_1_0\Setup.exe
C:\Users\mbernard\AppData\Local\Temp\EPSON\Download\Resource\ENP_2_6_0_EN.exe
C:\Users\mbernard\AppData\Local\Temp\EPSON\Download\Resource\XP300_WW_WIN_3792_41.exe
C:\Users\mbernard\AppData\Local\Temp\EPSON\Download\Resource\XP302303305306_x86_700UsHomeExportAsiaML_MP.exe
C:\Users\v_lelay\AppData\Local\Temp\jna\jna7550165275380770429.dll

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

LastRegBack: 2013-08-22 12:20

==================== End Of Log ============================

MrCharlie · August 26, 2013

Download the attached fixlist.txt to the same folder as FRST.

Run FRST and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

Then......

Download Malwarebytes Anti-Rootkit from HERE

Unzip the contents to a folder in a convenient location.
Open the folder where the contents were unzipped and run mbar.exe
Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
Click on the Cleanup button to remove any threats and reboot if prompted to do so.
Wait while the system shuts down and the cleanup process is performed.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.

New window that comes up.

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.

MrC

Mhaskym · August 26, 2013

Thanks again

here is the fixlog.txt. Do I have to wait to your anwer before running the antirookit?

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-08-2013
Ran by mbernard at 2013-08-26 16:20:47 Run:1
Running from D:\mbernard\Desktop\MB
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
U2 *etadpug; "C:\Program Files\Google\Desktop\Install\{914eb99c-c9ed-42c2-aa95-e815e23f5d5e}\ \...\???\{914eb99c-c9ed-42c2-aa95-e815e23f5d5e}\GoogleUpdate.exe"
C:\Users\mbernard\AppData\Local\Google\Desktop\Install\{914eb99c-c9ed-42c2-aa95-e815e23f5d5e}
C:\Program Files\Google\Desktop\Install\{914eb99c-c9ed-42c2-aa95-e815e23f5d5e}
Startup: C:\Users\mbernard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jimtviphqpxrqjbpqhj.lnk
ShortcutTarget: jimtviphqpxrqjbpqhj.lnk -> C:\Users\mbernard\AppData\Local\Temp\jhqpbjqrxpqhpivtmij.bfg (No File)
DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
*****************

*etadpug => Service deleted successfully.
C:\Users\mbernard\AppData\Local\Google\Desktop\Install\{914eb99c-c9ed-42c2-aa95-e815e23f5d5e} => Moved successfully.
C:\Program Files\Google\Desktop\Install\{914eb99c-c9ed-42c2-aa95-e815e23f5d5e} => Moved successfully.
C:\Users\mbernard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jimtviphqpxrqjbpqhj.lnk => Moved successfully.
C:\Users\mbernard\AppData\Local\Temp\jhqpbjqrxpqhpivtmij.bfg not found.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender\fr-FR" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpAsDesc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpClient.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCmdRun.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCommu.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpEvMsg.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpOAV.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpRTP.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpSvc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MSASCui.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpCom.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpLics.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpRes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.

==== End of Fixlog ====

MrCharlie · August 26, 2013

No...go ahead and run it....MrC

Mhaskym · August 26, 2013

here are the last report files.

mbar-log-2013-08-26 (17-13-06).txt

system-log.txt

MrCharlie · August 26, 2013

I forgot to warn you about this type of infection:

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall
http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.

------------------------------------------------------------

Run another scan with RogueKiller and post the new log....MrC

Mhaskym · August 26, 2013

thanks you for your anwer MrC

Below is the last RK report

RogueKiller V8.5.4 [Mar 18 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : http://www.sur-la-toile.com/discussion-193725-1--RogueKiller-Remontees.html
Site Web : http://www.sur-la-toile.com/RogueKiller/
Blog : http://tigzyrk.blogspot.com/

Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Demarrage : Mode normal
Utilisateur : mbernard [Droits d'admin]
Mode : Recherche -- Date : 26/08/2013 19:33:49
| ARK || FAK || MBR |

¤¤¤ Processus malicieux : 0 ¤¤¤

¤¤¤ Entrees de registre : 2 ¤¤¤
[TASK][sUSP PATH] Test TimeTrigger : C:\Users\mbernard\AppData\Local\Temp\Runner.exe C:\Users\mbernard\AppData\Local\Temp\DNS.exe [x] -> TROUVÉ
[sTARTUP][bLACKLISTDLL] msconfig.lnk @mbernard : C:\Windows\System32\rundll32.exe|C:\PROGRA~2\08jer.dat,FG00 -> TROUVÉ

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver : [CHARGE] ¤¤¤
SSDT[70] : NtCreateKey @ 0x83256FFB -> HOOKED (Unknown @ 0x9223247C)
SSDT[74] : NtCreateMutant @ 0x8326634C -> HOOKED (Unknown @ 0x986F6AC4)
SSDT[79] : NtCreateProcess @ 0x833321D9 -> HOOKED (Unknown @ 0x9871F2DC)
SSDT[80] : NtCreateProcessEx @ 0x83332224 -> HOOKED (Unknown @ 0x986187BC)
SSDT[86] : NtCreateSymbolicLinkObject @ 0x832579C6 -> HOOKED (Unknown @ 0x986F6A44)
SSDT[87] : NtCreateThread @ 0x83331FE2 -> HOOKED (Unknown @ 0x986F68AC)
SSDT[88] : NtCreateThreadEx @ 0x832C649B -> HOOKED (Unknown @ 0x986F686C)
SSDT[93] : NtCreateUserProcess @ 0x832C43CD -> HOOKED (Unknown @ 0x922179F4)
SSDT[103] : NtDeleteKey @ 0x83241A4A -> HOOKED (Unknown @ 0x9221B424)
SSDT[106] : NtDeleteValueKey @ 0x83233453 -> HOOKED (Unknown @ 0x9872C984)
SSDT[111] : NtDuplicateObject @ 0x83287761 -> HOOKED (Unknown @ 0x92287CA4)
SSDT[155] : NtLoadDriver @ 0x8321BC32 -> HOOKED (Unknown @ 0x986F682C)
SSDT[190] : NtOpenProcess @ 0x83267B93 -> HOOKED (Unknown @ 0x98618604)
SSDT[194] : NtOpenSection @ 0x832BF9EB -> HOOKED (Unknown @ 0x986821A4)
SSDT[290] : NtRenameKey @ 0x832F20BB -> HOOKED (Unknown @ 0x92298AFC)
SSDT[302] : NtRestoreKey @ 0x832E7C72 -> HOOKED (Unknown @ 0x987201E4)
SSDT[350] : NtSetSystemInformation @ 0x832A437A -> HOOKED (Unknown @ 0x986F6A84)
SSDT[358] : NtSetValueKey @ 0x832605F8 -> HOOKED (Unknown @ 0x922AFE64)
SSDT[370] : NtTerminateProcess @ 0x832B0D86 -> HOOKED (Unknown @ 0x986D1294)
SSDT[371] : NtTerminateThread @ 0x832CE69B -> HOOKED (Unknown @ 0x9871E2BC)
SSDT[399] : NtWriteVirtualMemory @ 0x832B5A83 -> HOOKED (Unknown @ 0x876B8CB4)
S_SSDT[584] : NtUserSetWindowsHookAW -> HOOKED (Unknown @ 0xAD42AA2C)
S_SSDT[585] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0xAD42F2FC)

¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500BEKT-75PVMT1 +++++
--- User ---
[MBR] efbc3f103919fa6ab16058e5b3bdb916
[bSP] 0cf2be6e7180b5f48c5776193846cf77 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 102400 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 209717248 | Size: 135762 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 487757824 | Size: 300 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Termine : << RKreport[1]_S_26082013_193349.txt >>
RKreport[0]_S_08262013_094944.txt ; RKreport[1]_S_26082013_193349.txt

MrCharlie · August 26, 2013

Looks Good......

Lets check for any adware while you're here:

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
Copy and paste the contents of that logfile in your next reply.
A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

If you agree with everything listed to be removed...........

Double click on AdwCleaner.exe to run the tool again.

Click on the Scan button.
AdwCleaner will begin to scan your computer like it did before.
After the scan has finished...
This time click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.

Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Mhaskym · August 26, 2013

here is the adwcleaner report. not so clear to me

# AdwCleaner v3.001 - Rapport créé le 26/08/2013 à 19:49:34
# Mis à jour le 24/08/2013 par Xplode
# Système d'exploitation : Windows 7 Professional Service Pack 1 (32 bits)
# Nom d'utilisateur : mbernard - GA10073
# Exécuté depuis : D:\mbernard\Desktop\AdwCleaner.exe
# Option : Scanner

***** [ Services ] *****

***** [ Fichiers / Dossiers ] *****

Dossier Présent C:\Program Files\DomaIQ Uninstaller
Dossier Présent C:\ProgramData\Babylon
Dossier Présent C:\Users\mbernard\AppData\Local\Supreme Savings
Dossier Présent C:\Users\mbernard\AppData\LocalLow\delta
Dossier Présent C:\Users\mbernard\AppData\Roaming\pdfforge
Fichier Présent : C:\Program Files\Mozilla Firefox\searchplugins\Babylon.xml
Fichier Présent : C:\Users\mbernard\AppData\Roaming\Mozilla\Firefox\Profiles\36i1lbm6.default\\invalidprefs.js
Fichier Présent : C:\Users\mbernard\AppData\Roaming\Mozilla\Firefox\Profiles\36i1lbm6.default\searchplugins\Babylon.xml
Fichier Présent : C:\Users\mbernard\AppData\Roaming\Mozilla\Firefox\Profiles\36i1lbm6.default\searchplugins\BrowserProtect.xml
Fichier Présent : C:\Users\mbernard\AppData\Roaming\Mozilla\Firefox\Profiles\36i1lbm6.default\user.js

***** [ Raccourcis ] *****

***** [ Registre ] *****

Clé Présente : HKCU\Software\AppDataLow\Software\Crossrider
Clé Présente : HKCU\Software\BabylonToolbar
Clé Présente : HKCU\Software\Cr_Installer
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Clé Présente : HKCU\Software\Softonic
Clé Présente : HKLM\SOFTWARE\5a0dddfe03fbf14
Clé Présente : HKLM\Software\Babylon
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Clé Présente : HKLM\SOFTWARE\Classes\Prod.cap
Clé Présente : HKLM\Software\DataMngr
Clé Présente : HKLM\Software\DomaIQ
Clé Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Clé Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31111111-1111-1111-1111-110111991162}
Clé Présente : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Clé Présente : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Clé Présente : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_pour_microsoft-visual-c_RASAPI32
Clé Présente : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_pour_microsoft-visual-c_RASMANCS
Clé Présente : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_pour_pdf-rider_RASAPI32
Clé Présente : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_pour_pdf-rider_RASMANCS
Clé Présente : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_pour_the-logo-creator_RASAPI32
Clé Présente : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_pour_the-logo-creator_RASMANCS
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Clé Présente : HKLM\Software\Supreme Savings

***** [ Navigateurs ] *****

-\\ Internet Explorer v9.0.8112.16476

-\\ Mozilla Firefox v21.0 (fr)

[ Fichier : C:\Users\mbernard\AppData\Roaming\Mozilla\Firefox\Profiles\36i1lbm6.default\prefs.js ]

-\\ Google Chrome v29.0.1547.57

[ Fichier : C:\Users\mbernard\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [3645 octets] - [26/08/2013 19:49:34]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3705 octets] ##########

MrCharlie · August 26, 2013

It's all adware, clean it up...MrC

Mhaskym · August 27, 2013

Hello Mr C

All seems to be right on my computer now. I think we're good, unless you see something more to check?

MrCharlie · August 27, 2013

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
If you get Unsupported operating system. Aborting now, just reboot and try again.
A Notepad document should open automatically called checkup.txt.
Please Post the contents of that document.
Do Not Attach It!!!

MrC

Mhaskym · August 27, 2013

Hi

Below the report

Results of screen317's Security Check version 0.99.73
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Trend Micro OfficeScan Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
Java 6 Update 31
Java version out of Date!
Adobe Flash Player 11.8.800.94
Adobe Reader 10.1.2 Adobe Reader out of Date!
Mozilla Firefox 21.0 Firefox out of Date!
Google Chrome 28.0.1500.95
Google Chrome 29.0.1547.57
````````Process Check: objlist.exe by Laurent````````
Trend Micro OfficeScan Client pccntmon.exe
Trend Micro OfficeScan Client ntrtscan.exe
Trend Micro OfficeScan Client tmlisten.exe
Trend Micro BM TMBMSRV.exe
Trend Micro OfficeScan Client TmPfw.exe
Trend Micro OfficeScan Client CNTAoSMgr.exe
Trend Micro OfficeScan Client TmProxy.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

MrCharlie · August 27, 2013

Out dated programs on the system are vulnerable to malware.
Please update or uninstall them:

~~~~~~~~~~~~~~~~~~~~~~~~~~~

Java™ 6 Update 31 <----please uninstall from your add/remove programs

Java version out of Date! <-------Download and install the latest version (Java™ 7 Update 25) from Here Uncheck the box to install the Ask toolbar!!! and any other free "stuff".

--------------------------------

Adobe Reader 10.1.2 Adobe Reader out of Date! <---please check for an update if available or uninstall and download and install Foxit Reader which is less vulnerable to malware and much better than Adobe. Don't install any toolbars that may come with it (ASK Toolbar).

-------------------------------

Mozilla Firefox 21.0 Firefox out of Date! <----please check fro an update if available

------------------------------

Google Chrome 28.0.1500.95 <-----OLD
Google Chrome 29.0.1547.57 <-----OK

You have old versions of Google Chrome on the system.
Please download and run OldChromeRemover.
@Windows Vista/Windows 7-8 users must use “Run As Administrator.”

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter.
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

If you used FRST:
Download the fixlist.txt to the same folder as FRST.
Run FRST and click Fix only once and wait
That will delete the quarantine folder created by FRST.

-----------------------------

If you used DeFogger to disable your CD Emulation drivers, please re-enable them.

-------------------------------

Please download OTC to your desktop.
http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")
Click on the CleanUp! button and follow the prompts.
(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)
You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete.
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Mhaskym · August 28, 2013

Hello

All the updates and cleanups are OK. System seems to be runnig well.

Thank you for your help ans high efficiency !!

MrCharlie · August 28, 2013

OK...Take Care MrC

LDTate · August 29, 2013

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.

Zeroaccess Trojan Infection

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information