Start
reboot:
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1455245601-3553994823-1418537782-1001Core.job => C:\Users\David\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1455245601-3553994823-1418537782-1001UA.job => C:\Users\David\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1455245601-3553994823-1418537782-1000Core.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1455245601-3553994823-1418537782-1000UA.job => ?
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => ?
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ares\Ares.lnk
C:\Program Files (x86)\Ares
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [USB Security] => C:\Program Files (x86)\USB Disk Security\USBGuard.exe [687336 2013-06-20] (Zbshareware Lab)
C:\Program Files (x86)\USB Disk Security
HKLM-x32\...\Runonce: [] -  [X]
HKU\S-1-5-21-1455245601-3553994823-1418537782-1001\...\Run: [ares] => "C:\Program Files (x86)\Ares\Ares.exe" -h
HKU\S-1-5-21-1455245601-3553994823-1418537782-1001\...\Run: [Facebook Update] => C:\Users\David\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-11] (Facebook Inc.)
C:\Users\David\AppData\Local\Facebook
HKU\S-1-5-21-1455245601-3553994823-1418537782-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1455245601-3553994823-1418537782-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
GroupPolicyUsers\S-1-5-21-1455245601-3553994823-1418537782-1001\User: Group Policy restriction detected <======= ATTENTION
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.iminent.com/?appId=68287D2A-B2D0-44A5-96B4-D13E8498A3DA
URLSearchHook: HKCU - (No Name) - {9b339f6e-ddcd-401b-8764-230adbd01761} - No File
URLSearchHook: HKCU - (No Name) - {a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - No File
URLSearchHook: HKCU - (No Name) - {4daac69c-cba7-45e2-9bc8-1044483d3352} - No File
URLSearchHook: HKCU - (No Name) - {59994074-c06d-4a75-9768-49e5a8c21264} - No File
URLSearchHook: HKCU - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
URLSearchHook: HKCU - (No Name) - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - No File
SearchScopes: HKLM-x32 - {3B0AF159-7765-4FC2-9782-9A80B1225097} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1156&query={searchTerms}&invocationType=tb50hpcndtie7-fr-fr
SearchScopes: HKCU - {3B0AF159-7765-4FC2-9782-9A80B1225097} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1156&query={searchTerms}&invocationType=tb50hpcndtie7-fr-fr
SearchScopes: HKCU - {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL = http://search.iminent.com/?appId=[AppInstanceUid]&ref=toolbox&q={searchTerms}
BHO: No Name - {AA58ED58-01DD-4d91-8333-CF10577473F7} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
BHO-x32: No Name - {AA58ED58-01DD-4d91-8333-CF10577473F7} -  No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\jp2ssv.dll No File
Toolbar: HKLM-x32 - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} -  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {9B339F6E-DDCD-401B-8764-230ADBD01761} -  No File
Toolbar: HKCU - No Name - {A8F9752D-E2B8-4E7A-86B5-499F4330E2FE} -  No File
Toolbar: HKCU - No Name - {4DAAC69C-CBA7-45E2-9BC8-1044483D3352} -  No File
Toolbar: HKCU - No Name - {338B4DFE-2E2C-4338-9E41-E176D497299E} -  No File
Toolbar: HKCU - No Name - {59994074-C06D-4A75-9768-49E5A8C21264} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} -  No File
FF user.js: detected! => C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\gsf2pr7n.default\user.js
FF DefaultSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF Homepage: hxxp://start.mysearchdial.com/?f=1&a=tele1202&cd=2XzuyEtN2Y1L1QzutDtDtBtAyDyE0FtCyCtByE0BtD0A0EyBtN0D0Tzu0CyBtCtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=908554894&ir=
FF Homepage: hxxp://start.mysearchdial.com/?f=1&a=tele1202&cd=2XzuyEtN2Y1L1QzutDtDtBtAyDyE0FtCyCtByE0BtD0A0EyBtN0D0Tzu0CyBtCtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=908554894&ir=
FF SelectedSearchEngine: Mysearchdial
FF Homepage: hxxp://search.iminent.com/?appId=68287D2A-B2D0-44A5-96B4-D13E8498A3DA
FF SelectedSearchEngine: SearchTheWeb
FF SearchPlugin: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\gsf2pr7n.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\gsf2pr7n.default\searchplugins\Mysearchdial.xml
FF Extension: mysearchdial.com - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\gsf2pr7n.default\Extensions\ffxtlbr@mysearchdial.com [2013-12-11]
FF Extension: Illimitux - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\gsf2pr7n.default\Extensions\illimitux@illimitux.net [2010-01-31]
FF Extension: uTorrentBar_FR  - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\gsf2pr7n.default\Extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} [2012-11-12]
FF Extension: SplitCam Toolbar - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\gsf2pr7n.default\Extensions\{338B4DFE-2E2C-4338-9E41-E176D497299E} [2010-04-02]
FF Extension: MySearchDial NewTab - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\gsf2pr7n.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8} [2013-12-11]
FF Extension: Wajam - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\gsf2pr7n.default\Extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi [2012-10-13]
FF Extension: Smart Suggestor - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\gsf2pr7n.default\Extensions\{3628D7BD-FD0D-47b8-8C8B-865CEB7DD779}.xpi [2012-11-13]
CHR HomePage: hxxp://search.iminent.com/?appId=68287D2A-B2D0-44A5-96B4-D13E8498A3DA
CHR StartupUrls: "hxxp://search.iminent.com/?appId=68287D2A-B2D0-44A5-96B4-D13E8498A3DA", "hxxp://start.mysearchdial.com/?f=1&a=tele1202&cd=2XzuyEtN2Y1L1QzutDtDtBtAyDyE0FtCyCtByE0BtD0A0EyBtN0D0Tzu0CyBtCtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=908554894&ir="
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\David\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Extension: (uTorrentBar_FR) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\paoponfhfdfnjgddpnpjkambkcgdaaib [2013-07-02]
CHR HKCU\...\Chrome\Extension: [paoponfhfdfnjgddpnpjkambkcgdaaib] - C:\Users\David\AppData\Local\CRE\paoponfhfdfnjgddpnpjkambkcgdaaib.crx [2012-08-26]
CHR HKLM-x32\...\Chrome\Extension: [kbjlipmgfoamgjaogmbihaffnpkpjajp] - C:\Program Files (x86)\Nosibay\Bubble Dock\extensions\GCSurfMatch.crx [2012-08-26]
C:\Program Files (x86)\Nosibay
CHR HKLM-x32\...\Chrome\Extension: [lkemddiljapcmhicklfpcbpfffahfbja] - C:\Users\sylvie\AppData\Local\Google\Chrome\User Data\Default\extensions\WebNavigation.crx [2012-10-02]
R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [X]
C:\Windows\System32\ezsvc7.dll
S3 PCD5SRVC{8AAF211B-043E02A9-05040000}; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms [X]
2014-05-16 23:23 - 2011-07-07 17:02 - 00001096 ____H () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1455245601-3553994823-1418537782-1001UA.job
2014-05-16 23:23 - 2011-07-07 17:02 - 00001074 ____H () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1455245601-3553994823-1418537782-1001Core.job
2014-05-10 01:10 - 2013-09-21 11:58 - 00000000 ____D () C:\Users\David\AppData\Roaming\uTorrent
C:\Users\David\AppData\Local\Temp\20120702IminentSetup.exe
C:\Users\David\AppData\Local\Temp\aacdec.exe
C:\Users\David\AppData\Local\Temp\AdobeAIRInstaller.exe
C:\Users\David\AppData\Local\Temp\AMPing.exe
C:\Users\David\AppData\Local\Temp\amrdec.exe
C:\Users\David\AppData\Local\Temp\ap10013.exe
C:\Users\David\AppData\Local\Temp\bing_toolbar.exe
C:\Users\David\AppData\Local\Temp\bitool.dll
C:\Users\David\AppData\Local\Temp\crtD50F.tmp.exe
C:\Users\David\AppData\Local\Temp\DivXWebPlayerInstaller.exe
C:\Users\David\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplmfpra.dll
C:\Users\David\AppData\Local\Temp\ffmpeg5.exe
C:\Users\David\AppData\Local\Temp\GLB1A2B.EXE
C:\Users\David\AppData\Local\Temp\GLF1F78.tmp.tbMess.dll
C:\Users\David\AppData\Local\Temp\GLF2A24.tmp.tbSoft.dll
C:\Users\David\AppData\Local\Temp\GLF3F2A.tmp.tbEaze.dll
C:\Users\David\AppData\Local\Temp\GLFA445.tmp.tbEaze.dll
C:\Users\David\AppData\Local\Temp\GLFEA7D.tmp.tbMess.dll
C:\Users\David\AppData\Local\Temp\guninst.exe
C:\Users\David\AppData\Local\Temp\iet17C7.tmp.exe
C:\Users\David\AppData\Local\Temp\InstallManager_BAB_BAB.exe
C:\Users\David\AppData\Local\Temp\Install_BubbleDock.exe
C:\Users\David\AppData\Local\Temp\Messenger_Plus_Live.exe
C:\Users\David\AppData\Local\Temp\Messenger_Plus_Live_France.exe
C:\Users\David\AppData\Local\Temp\mp3el.exe
C:\Users\David\AppData\Local\Temp\MsgPlusUninstall.exe
C:\Users\David\AppData\Local\Temp\oggdec.exe
C:\Users\David\AppData\Local\Temp\osqs7gis.dll
C:\Users\David\AppData\Local\Temp\qc_a402013b_7656_4f6f_b57f_5a8ef69f5fc4_64.exe
C:\Users\David\AppData\Local\Temp\rbSolnUpdateFRA.3.3.0.exe
C:\Users\David\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\David\AppData\Local\Temp\Setup.exe
C:\Users\David\AppData\Local\Temp\SkypeSetup.exe
C:\Users\David\AppData\Local\Temp\smd_runtime.exe
C:\Users\David\AppData\Local\Temp\Softonic_France.exe
C:\Users\David\AppData\Local\Temp\tbedrs.dll
C:\Users\David\AppData\Local\Temp\tbuTor.dll
C:\Users\David\AppData\Local\Temp\uninst.exe
C:\Users\David\AppData\Local\Temp\utt9F60.tmp.exe
C:\Users\David\AppData\Local\Temp\wajam_install.exe
C:\Users\David\AppData\Local\Temp\wlsetup-cvr.exe
C:\Users\David\AppData\Local\Temp\wmpfirefoxplugin.exe
CMD: For  %i in ("C:\users\C:\Users\david\Desktop\ckfiles.txt") do  for /f "delims=" %p in ('type "%i"') do  echo %p
CMD: For  %i in ("C:\Users\sylvie\Desktop\ckfiles.txt") do  for /f "delims=" %p in ('type "%i"') do  echo %p
End