Sujet Précédent Sujet Suivant

Suppression de tube dimmer

Résolu/Fermé
philjac26 Messages postés 9 Date d'inscription lundi 25 novembre 2013 Statut Membre Dernière intervention 27 novembre 2013 - 25 nov. 2013 à 15:16
 s9j24x - 5 mars 2014 à 21:39
Bonjour,
Pour mon premier post, je demande de l'aide pour supprimer un programme malveillant qui semble assez récent et assez difficile à éliminer si on en crois le faible nombre de forum qui parle de ce sujet.
Mon pc est donc infecté par tube dimmer, je n'ai pas un bon niveau en informatique et je ne sais pas quoi faire pour m'en débarrasser.
J'ai lancé sans succès mon antivirus "Microsoft Security Essential".
Merci pour votre aide, quels info puis-je vous donner pour m'aider à résoudre mon problème ?
A voir également:

23 réponses

  • 1
  • 2
Réponse 1 / 23
deiimorin Messages postés 1 Date d'inscription mercredi 4 décembre 2013 Statut Membre Dernière intervention 4 décembre 2013 21
4 déc. 2013 à 15:36
Bonjour! J'avais le même problème, au départ j'ai désinstallé le programme ''Tube Dimmer'' dans la liste des programmes et fonctionnalités, mais j'ai remarqué qu'il était présent une deuxième fois, mais sous un autre nom. Il est sous le nom ''Updater'' pour qu'on croit que c'est un élément important de l'ordinateur, suffit de désinstaller cet ''Updater''. Cela a réglé le problème pour moi!
21
chris
5 déc. 2013 à 11:46
Merci de la bombe!! çà a marché pou moi! simple et efficace.merci encore.
0
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 638
6 déc. 2013 à 14:09
Il faut passer au moins AdwCleaner car vous avez dû installer d'autres programmes parasites en plus de Tube Dimmer.
0
eliseg Messages postés 2 Date d'inscription dimanche 15 décembre 2013 Statut Membre Dernière intervention 15 décembre 2013
15 déc. 2013 à 12:30
MERCIIII
0
paradri
15 déc. 2013 à 14:07
PARFAIT !! bien vu
0
Nana
17 déc. 2013 à 07:52
super deiimorin!!! merci ;))
0
Réponse 2 / 23
drumfort Messages postés 2 Date d'inscription jeudi 5 décembre 2013 Statut Membre Dernière intervention 18 janvier 2014 4
5 déc. 2013 à 12:12
Bonjour. J'ai été moi aussi confronté à Tube Dimmer qui est apparu en installant une imprimante. Comme tu le dis, l'icône indiquait Tube Dimmer is running. J'ai restauré l'ordi dans sa configuration avant l'installation de l'imprimante et Tube Dimmer a disparu. J'ai relancé cette installation car j'en avais besoin. Je suis allé voir les icônes, Tube Dimmer n'y était pas encore, par contre il y en avait une nouvelle appelée "Updater". Je suis allé sur "Désinstaller les programmes" et cliqué pour supprimer Updater. Il est alors apparu une fenêtre qui me proposait de désinstaller Tube Dimmer! Ce que j'ai fait bien-sûr. Tube Dimmer s'est alors désinstallé sans problème. J'espère qu'il en sera de même pour toi. Comme tout programme désinstallé, il laisse des traces dans le registre aussi je te conseille un logiciel appelé
TuneUp Utilities. Il est payant mais à l'inverse des logiciels payants aussi et qui ne servent qu'à scanner ton PC, celui-ci est multi-fonctions et tu verras qu'une fois adopté tu ne le regretteras vraiment pas.
1
gi
18 déc. 2013 à 12:36
Ca a marché pour moi! merci
0
Rat-lex
19 déc. 2013 à 02:17
merci ! ça a marché tout de suite !!
0
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 638
19 déc. 2013 à 10:29
Etant donné que Tube Dimmer peux s'installer avec d'autres programmes parasites.
Il est fortement conseillé de faire un scan AdwCleaner afin de supprimer le reste : https://www.malekal.com/adwcleaner-supprimer-virus-adwares-pup/?t=33839&start=
0
MySt
22 déc. 2013 à 05:58
Peut-être une solution!!! ( Le site est seulement en anglais... dsl )
http://www.tubedimmerapp.com/about.aspx#system-information
If I don't like it, is it easy to uninstall?
Yes, we strive to make uninstalling Tube Dimmer as easy as possible (we hate annoying un-installers as much as you do). If you don't like Tube Dimmer (but we're sure you will!), you can uninstall with no trace left behind. In order to do this, please follow these steps:
Windows Control Panel: Click Start > Control Panel > Add / Remove Programs > Tube Dimmer
Windows Program Files: Click Start > Computer > C Drive > Program Files > Tube Dimmer > Uninstall
Internet Explorer: Settings > Manage add-ons > Toolbars and Extensions > Tube Dimmer
Firefox: Tools > Add-ons > Extensions > Tube Dimmer > Remove
Chrome: Tool icon > Tools > Extensions > Tube Dimmer > Trash Icon
0
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 638
Modifié par Malekal_morte- le 27/12/2013 à 21:38
La solution c'est de désinstaller le programme Updater.
Passer AdwCleaner https://www.malekal.com/adwcleaner-supprimer-virus-adwares-pup/?t=33839&start= en nettoyage et supprimer les extensions pourries sur Firefox et Google Chrome.
0
Réponse 3 / 23
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 638
25 nov. 2013 à 15:21
Salut,

Tu as essayé de le désinstaller dans Panneau de Configuration puis Programmes et Fonctionnalités ?
0
Réponse 4 / 23
philjac26 Messages postés 9 Date d'inscription lundi 25 novembre 2013 Statut Membre Dernière intervention 27 novembre 2013
25 nov. 2013 à 15:23
Oui, effectivement, je n'en ai pas parlé. Ce programme n'apparaît pas dans la liste. Il est comme "caché".
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 23
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 638
25 nov. 2013 à 15:25
- Télécharge https://sourceforge.net/projects/hjt/ ton bureau.
- Pour lancer HijackThis :
* Sur Vista/Seven faire un clic droit puis executer en tant qu'administrater pour le lancer
* Sur XP un simple double-clic suffit
- Génère un rapport en suivant ces indications :
- Exécute le et clique sur Do a scan and save log file.
- Le rapport s'ouvre sur le Bloc-Note
- Enregistre le sur ton bureau
- Envoie le sur http://pjjoint.malekal.com
- Donne le lien pjjoint ici.


puis :

Tu utilises quel navigateur pour surfer ?

Si Firefox et/ou Chrome sont installés :

Sur Firefox : Menu Outils / Modules complémentaires
Onglet Extension.
Donne la liste.

Sur Google Chrome : Menu en haut à droite puis Outils / Extensions
Donne la liste.
0
Réponse 6 / 23
philjac26 Messages postés 9 Date d'inscription lundi 25 novembre 2013 Statut Membre Dernière intervention 27 novembre 2013
25 nov. 2013 à 15:36
Voici le résultat du scan :
https://pjjoint.malekal.com/files.php?id=HijackThis_20131125_h12d10i8t9p10
J'utilise Chrome.
Je ne vois qu'une extension qui s'intitule "Documents Google 0.5"

0
Réponse 7 / 23
philjac26 Messages postés 9 Date d'inscription lundi 25 novembre 2013 Statut Membre Dernière intervention 27 novembre 2013
25 nov. 2013 à 16:04
Petite précision si elle pouvait avoir son utilité :
il y a un petit icone "tube dimmer" qui est visible en bas à droite de l'écran dans la barre d'outils. Si je fais un clic droit dessus, il apparaît la fenêtre "HIDE". Je ne crois pas que cela changerait quelque chose à mon problème !
0
Réponse 8 / 23
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 638
25 nov. 2013 à 16:16
Désinstalle AVG Serchmachin, sert à rien.


Relance HijackThis (si tu es sur Vista/Seven - faire un clic droit et executer en tant qu'administrateur) et coche ces lignes :

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://search.safefinder.com/?st=ds&q={searchTerms}&installDate=15/11/2013 <b>[Pays US - 65.52.144.16]</b>
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.safefinder.com/?st=ds&q={searchTerms}&installDate=15/11/2013 <b>[Pays US - 65.52.144.16]</b>
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchingmagnified.com/?dn=dosearches.com&pid=7PO42CCY2&&{searchTerms} <b>[Pays US - 69.28.57.29]</b>
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchingmagnified.com/?dn=dosearches.com&pid=7PO42CCY2&&{searchTerms} <b>[Pays US - 69.28.57.29]</b>
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = https://search.safefinder.com/?st=ds&q={searchTerms}&installDate=15/11/2013 <b>[Pays US - 65.52.144.16]</b>
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://search.safefinder.com/?st=ds&q={searchTerms}&installDate=15/11/2013 <b>[Pays US - 65.52.144.16]</b>
O4 - HKLM\..\Run: [Updater] C:\ProgramData\Updater\Updater.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Updater] C:\ProgramData\Updater\updater.exe


==> clic sur fix checked


Redémarre l'ordinateur


0
Réponse 9 / 23
philjac26 Messages postés 9 Date d'inscription lundi 25 novembre 2013 Statut Membre Dernière intervention 27 novembre 2013
25 nov. 2013 à 16:58
Merci Malekal_morte- pour ton aide. J'ai tout fais comme tu m'as dis, mais le fichu icone est toujours là et chaque fois que je passe la souris dessus, il est écris "tube dimmer is running".
J'ai vu sur le seul forum qui parle du même problème, que l'utilisation de ZHPDiag.txt suivi de ZHPFix avait permis de résoudre le problème. Je ne sais pas comment utiliser ces programmes. Tu connais ?

0
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 638
25 nov. 2013 à 17:51
Non pas besoin de ZHPDiag.

Elle se trouve où cette icone ?
0
Réponse 10 / 23
philjac26 Messages postés 9 Date d'inscription lundi 25 novembre 2013 Statut Membre Dernière intervention 27 novembre 2013
25 nov. 2013 à 19:25
L'icone se trouve parmi les icones de notification, en bas à droite de l'écran, à côté des icones de volume, de charge de la batterie, etc...

0
Réponse 11 / 23
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 638
25 nov. 2013 à 20:28
Faire un scan OTL pour diagnostiquer les programmes qui tournent et déceler des infections - Le programme va générer deux rapports OTL.txt et Extras.txt
Fournir les deux rapports :

Tu peux suivre les indications de cette page pour t'aider : https://www.malekal.com/tutorial-otl/

* Télécharge http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/ sur ton bureau.
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)

Dans le cas d'Avast!, ne pas lancer le programme dans la Sandbox (voir lien d'aide ci-dessus).

* Lance OTL
* En haut à droite de Analyse rapide, coche "tous les utilisateurs"
* Sur OTL, sous Personnalisation, copie-colle le script ci-dessous :



netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%temp%\*.exe /s
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
%systemroot%\system32\consrv.dll
%systemroot%\system32\*.dll /lockedfiles
%windir%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
/md5start
explorer.exe
winlogon.exe
services.exe
wininit.exe
/md5stop
HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32 /s
HKEY_LOCAL_MACHINE\SYSTEM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList /s
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor /s
HKEY_CURRENT_USER\Software\Microsoft\Command Processor /s
CREATERESTOREPOINT
nslookup https://www.google.fr/?gws_rd=ssl /c
SAVEMBR:0
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs



* Clique sur le bouton Analyse.

* Quand le scan est fini, utilise le site http://pjjoint.malekal.com/ pour envoyer le rapport OTL.txt (et Extra.txt si présent).
Donne le ou les liens pjjoint qui pointent vers ces rapports ici dans une réponse.
Je répète : donne le lien du rapport pjjoint ici en réponse.

NE PAS COPIER/COLLER LE RAPPORT ICI - DONNER LE LIEN PJJOINT DANS UN NOUVEAU MESSAGE


0
Réponse 12 / 23
philjac26 Messages postés 9 Date d'inscription lundi 25 novembre 2013 Statut Membre Dernière intervention 27 novembre 2013
25 nov. 2013 à 22:15
Bon, c'est fait. ce fût long et j'espère que le résultat sera exploitable pour virer le virus !
Voici le premier lien pour le fichier OTL.Txt :
https://pjjoint.malekal.com/files.php?id=20131125_l13q11v8s10s11

...et pour le fichier Extras.Txt :
https://pjjoint.malekal.com/files.php?id=20131125_w11x15l10u8y7

Bon courage pour déchiffrer tout ça.

0
Réponse 13 / 23
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 638
Modifié par Malekal_morte- le 26/11/2013 à 09:20
Relance OTL.
o sous Personnalisation (Custom Scan), copie_colle le contenu du cadre ci dessous (bien prendre :OTL en début).
Clic Correction (Fix), un rapport apparraitra, copie/colle le contenu ici:

:OTL
CHR - Extension: Tube Dimmer = C:\Users\pc nono\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.48_0\
IE - HKU\S-1-5-21-1463781196-1604515188-2107884356-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-1463781196-1604515188-2107884356-1000\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKU\S-1-5-21-1463781196-1604515188-2107884356-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: URL = https://search.safefinder.com/?st=ds&q={searchTerms}&installDate=15/11/2013 <b>[Pays US - 65.52.144.16]</b>
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files\Iminent\webbooster@iminent.com
O4 - HKLM..\Run: [Updater] C:\ProgramData\Updater\updater.exe (Updater)
O4 - HKU\S-1-5-21-1463781196-1604515188-2107884356-1000..\Run: [Updater] C:\ProgramData\Updater\updater.exe (Updater)
[2013/11/15 10:18:08 | 000,000,000 | ---D | C] -- C:\ProgramData\TubeDimmer
[2013/11/15 09:56:11 | 000,000,000 | ---D | C] -- C:\Program Files\Optimizer Pro
[2013/11/10 12:19:53 | 000,000,000 | ---D | C] -- C:\Users\pc nono\Documents\Optimizer Pro
[2013/11/10 12:19:52 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/11/10 12:19:25 | 000,000,000 | ---D | C] -- C:\Users\pc nono\AppData\Local\DealPlyLive
[2013/11/10 12:19:25 | 000,000,000 | ---D | C] -- C:\ProgramData\DealPlyLive
[2013/11/10 12:19:25 | 000,000,000 | ---D | C] -- C:\Program Files\DealPlyLive
[2013/11/10 12:19:23 | 000,000,000 | ---D | C] -- C:\Users\pc nono\AppData\Roaming\Dealply
[2013/11/10 12:18:10 | 000,000,000 | ---D | C] -- C:\Users\pc nono\AppData\Local\Duuqu
[2013/11/10 12:18:10 | 000,000,000 | ---D | C] -- C:\Program Files\Duuqu
[2013/11/10 12:15:48 | 000,000,000 | ---D | C] -- C:\ProgramData\eSafe
[2013/11/10 12:14:57 | 000,000,000 | ---D | C] -- C:\Users\pc nono\AppData\Roaming\dosearches
[2013/11/25 21:19:04 | 000,000,300 | ---- | M] () -- C:\Windows\tasks\Dealply.job

* poste le rapport ici


~~

Redémarre l'ordinateur

Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left
0
doom
5 janv. 2014 à 00:20
OTL logfile created on: 2014-01-04 14:29:15 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\doom\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

2,93 Gb Total Physical Memory | 1,53 Gb Available Physical Memory | 52,30% Memory free
6,06 Gb Paging File | 4,69 Gb Available in Paging File | 77,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223,53 Gb Total Space | 118,10 Gb Free Space | 52,84% Space Free | Partition Type: NTFS
Drive D: | 9,35 Gb Total Space | 1,66 Gb Free Space | 17,77% Space Free | Partition Type: NTFS

Computer Name: PC-DE-DOOM | User Name: nancy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========/color

PRC - [2014-01-04 14:26:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\doom\Downloads\OTL.exe
PRC - [2013-12-11 09:22:28 | 000,839,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe
PRC - [2013-12-02 07:11:04 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
PRC - [2013-11-20 16:08:12 | 000,426,872 | ---- | M] (WatchDog) -- C:\ProgramData\RHelpers\IeHelper\IeHelper.exe
PRC - [2013-11-20 16:08:12 | 000,426,872 | ---- | M] (WatchDog) -- C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe
PRC - [2013-11-20 16:08:12 | 000,426,872 | ---- | M] (WatchDog) -- C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe
PRC - [2013-11-20 16:08:10 | 000,481,656 | ---- | M] (Updater) -- C:\ProgramData\Updater\updater.exe
PRC - [2013-10-08 04:28:15 | 000,275,696 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\21.1.0.18\NIS.exe
PRC - [2012-01-17 19:16:09 | 000,183,096 | ---- | M] (Microsoft Corporation) -- C:\Users\doom\AppData\Roaming\Microsoft\Outil de notification de cadeaux MSN\msnotif.exe
PRC - [2009-04-10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-04-26 00:15:26 | 000,361,808 | ---- | M] () -- C:\WINDOWS\SMINST\BLService.exe
PRC - [2008-02-22 03:25:21 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe


[color=#E56717]========== Modules (No Company Name) ==========/color

MOD - [2013-01-28 12:08:56 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013-01-28 12:08:28 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2007-08-14 11:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007-07-12 11:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007-07-12 11:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll


[color=#E56717]========== Services (SafeList) ==========/color

SRV - [2013-12-11 09:22:36 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-10-08 04:28:15 | 000,275,696 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\21.1.0.18\NIS.exe -- (NIS)
SRV - [2008-04-26 00:15:26 | 000,361,808 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008-01-20 18:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


[color=#E56717]========== Driver Services (SafeList) ==========/color

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2013-12-13 06:30:19 | 000,394,456 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140103.001\IDSvix86.sys -- (IDSVix86)
DRV - [2013-12-03 10:27:33 | 001,098,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20131203.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013-11-21 10:07:40 | 000,142,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013-11-20 01:00:00 | 001,612,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140104.006\NAVEX15.SYS -- (NAVEX15)
DRV - [2013-11-20 01:00:00 | 000,376,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013-11-20 01:00:00 | 000,108,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013-11-20 01:00:00 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140104.006\NAVENG.SYS -- (NAVENG)
DRV - [2013-09-26 19:18:30 | 000,935,512 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\NIS\1501000.012\SymEFA.sys -- (SymEFA)
DRV - [2013-09-26 18:45:56 | 000,206,936 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\NIS\1501000.012\Ironx86.sys -- (SymIRON)
DRV - [2013-09-26 18:26:03 | 000,651,352 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\NIS\1501000.012\srtsp.sys -- (SRTSP)
DRV - [2013-09-25 19:27:59 | 000,383,576 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\NIS\1501000.012\symtdiv.sys -- (SYMTDIv)
DRV - [2013-09-25 18:50:25 | 000,127,064 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\NIS\1501000.012\ccSetx86.sys -- (ccSet_NIS)
DRV - [2013-09-09 18:47:26 | 000,367,704 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\NIS\1501000.012\SymDS.sys -- (SymDS)
DRV - [2013-09-09 17:49:48 | 000,032,344 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\NIS\1501000.012\srtspx.sys -- (SRTSPX)
DRV - [2011-06-24 17:23:24 | 000,609,920 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2011-06-24 17:22:50 | 000,970,496 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2008-06-10 10:54:36 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008-06-05 08:58:42 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008-06-04 09:54:22 | 000,113,664 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008-04-29 08:12:38 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\athr.sys -- (athr)
DRV - [2007-10-17 15:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007-06-18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006-11-01 23:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nvm60x32.sys -- (NVENETFD)


[color=#E56717]========== Standard Registry (SafeList) ==========/color


[color=#E56717]========== Internet Explorer ==========/color

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_ca&c=83&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_ca&c=83&bd=Pavilion&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{4145D7BE-323A-40A3-89B8-5D0FC6DCBCBE}: "URL" = http://cf.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psnb
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{B0870F51-76BD-4436-821D-8DAB59F5CF01}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=cacql


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2613454591-2242960402-144951809-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_ca&c=83&bd=Pavilion&pf=cnnb
IE - HKU\S-1-5-21-2613454591-2242960402-144951809-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/
IE - HKU\S-1-5-21-2613454591-2242960402-144951809-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2613454591-2242960402-144951809-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2613454591-2242960402-144951809-1000\..\SearchScopes\{29AF0DCD-4F9B-4813-89F5-0FC3799B8E21}: "URL" = http://search.us.com/serp?guid={7969C766-CCA9-4999-8211-BE0DB13F35AC}&action=default_search&serpv=5&k={searchTerms}
IE - HKU\S-1-5-21-2613454591-2242960402-144951809-1000\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10469
IE - HKU\S-1-5-21-2613454591-2242960402-144951809-1000\..\SearchScopes\{4026BFB0-024C-4BB4-89C7-242D3C93E663}: "URL" = http://www.mysearchresults.com/search?c=2653&t=01&q={searchTerms}
IE - HKU\S-1-5-21-2613454591-2242960402-144951809-1000\..\SearchScopes\{4145D7BE-323A-40A3-89B8-5D0FC6DCBCBE}: "URL" = http://cf.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psnb
IE - HKU\S-1-5-21-2613454591-2242960402-144951809-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADSA_frCA446
IE - HKU\S-1-5-21-2613454591-2242960402-144951809-1000\..\SearchScopes\{A2C2CB93-BD8C-4AD0-810B-0A324F900735}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3297951&CUI=UN20186201863106519&UM=2&SSPV=TB_C5
IE - HKU\S-1-5-21-2613454591-2242960402-144951809-1000\..\SearchScopes\{B0870F51-76BD-4436-821D-8DAB59F5CF01}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=cacql
IE - HKU\S-1-5-21-2613454591-2242960402-144951809-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2613454591-2242960402-144951809-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>

IE - HKU\S-1-5-21-2613454591-2242960402-144951809-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_ca&c=83&bd=Pavilion&pf=cnnb
IE - HKU\S-1-5-21-2613454591-2242960402-144951809-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-2613454591-2242960402-144951809-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2613454591-2242960402-144951809-1001\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
IE - HKU\S-1-5-21-2613454591-2242960402-144951809-1001\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=FWV5&o=14193&src=crm&q={searchTerms}&locale=fr_US&apn_ptnrs=FM&apn_dtid=TES002R4CA&apn_uid=a64bd000-f258-4d85-bf2a-c2821ac69082&apn_sauid=54FA525F-2116-42AB-8AA6-CFB424673575
IE - HKU\S-1-5-21-2613454591-2242960402-144951809-1001\..\SearchScopes\{4145D7BE-323A-40A3-89B8-5D0FC6DCBCBE}: "URL" = http://cf.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psnb
IE - HKU\S-1-5-21-2613454591-2242960402-144951809-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADSA_frCA446
IE - HKU\S-1-5-21-2613454591-2242960402-144951809-1001\..\SearchScopes\{9D5BD211-422C-4164-9298-BB4186A30F31}: "URL" = http://www.bing.com/search?q={searchTerms}&mkt=fr-FR&form=IE0004
IE - HKU\S-1-5-21-2613454591-2242960402-144951809-1001\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=CA&ver=20&locale=fr_CA&gct=sb&qsrc=2869
IE - HKU\S-1-5-21-2613454591-2242960402-144951809-1001\..\SearchScopes\{B0870F51-76BD-4436-821D-8DAB59F5CF01}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=cacql
IE - HKU\S-1-5-21-2613454591-2242960402-144951809-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[color=#E56717]========== FireFox ==========/color

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ [2014-01-04 14:20:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2013-11-22 09:55:03 | 000,000,000 | ---D | M]

[2013-11-30 17:59:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nancy\AppData\Roaming\mozilla\Firefox\extensions
[2013-11-30 17:59:20 | 000,000,000 | ---D | M] (Tube Dimmer) -- C:\Users\nancy\AppData\Roaming\mozilla\Firefox\extensions\***@***

[color=#E56717]========== Chrome ==========/color

CHR - default_search_provider: Norton Safe Search (Enabled)
CHR - default_search_provider: search_url = http://www.google.com
CHR - default_search_provider: suggest_url = ,
CHR - homepage: http://search.us.com/?guid={7969C766-CCA9-4999-8211-BE0DB13F35AC}&serpv=5
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\pdf.dll
CHR - plugin: Norton Identity Safe (Enabled) = C:\Users\nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.3.2.10_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Documents Google = C:\Users\nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google\u00C2\u00A0Drive = C:\Users\nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Recherche Google = C:\Users\nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Norton Identity Protection = C:\Users\nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.6.2.3_0\
CHR - Extension: Google\u00A0Wallet = C:\Users\nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Users\nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006-09-18 13:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-2613454591-2242960402-144951809-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2613454591-2242960402-144951809-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Updater] C:\ProgramData\Updater\updater.exe (Updater)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2613454591-2242960402-144951809-1000..\Run: [BrowserSafeguard] C:\Program Files\Browsersafeguard\Browsersafeguard.exe (BrowserSafeguard)
O4 - HKU\S-1-5-21-2613454591-2242960402-144951809-1000..\Run: [HP Officejet 6700 (NET)] C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-2613454591-2242960402-144951809-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2613454591-2242960402-144951809-1001..\Run: [SearchProtect] C:\Users\doom\AppData\Roaming\SearchProtect\bin\cltmng.exe File not found
O4 - HKU\S-1-5-21-2613454591-2242960402-144951809-1001..\Run: [Updater] C:\ProgramData\Updater\updater.exe (Updater)
O4 - HKU\S-1-5-21-2613454591-2242960402-144951809-1001..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2613454591-2242960402-144951809-1000..\RunOnce: [Report] \AdwCleaner\AdwCleaner[S0].txt ()
O4 - Startup: C:\Users\doom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Outil de notification de cadeaux MSN.lnk = File not found
O7 - HKU\S-1-5-21-2613454591-2242960402-144951809-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2613454591-2242960402-144951809-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2613454591-2242960402-144951809-1001\..Trusted Domains: jeancoutu.com ([iphoto] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{274EB95C-8E54-4D2E-83CF-54F23899683D}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\nancy\Pictures\973370_334545130006774_1047949493_n.jpg
O24 - Desktop BackupWallPaper: C:\Users\nancy\Pictures\973370_334545130006774_1047949493_n.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-07-12 03:54:48 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Dossiers Web
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========/color

[2014-01-04 14:21:37 | 000,000,000 | ---D | C] -- C:\ProgramData\TubeDimmer
[2014-01-04 14:15:11 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014-01-04 13:47:44 | 000,000,000 | ---D | C] -- C:\ProgramData\DriverGenius
[2014-01-04 13:47:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Genius
[2013-12-11 19:20:58 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013-12-11 19:20:56 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013-12-11 19:20:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013-12-11 19:20:56 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013-12-11 19:20:56 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013-12-11 19:20:54 | 001,806,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013-12-11 19:20:54 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013-12-11 19:20:53 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013-12-11 09:03:08 | 002,050,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013-12-11 09:03:06 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SysFxUI.dll
[2013-12-11 09:03:06 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2013-12-11 09:03:06 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmk.sys
[2013-12-11 09:03:03 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2013-12-11 09:03:03 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshcon.dll
[3 C:\*.tmp files -> C:\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========/color

[2014-01-04 14:32:36 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014-01-04 14:22:04 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014-01-04 14:21:52 | 000,000,284 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2014-01-04 14:19:46 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014-01-04 14:19:27 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014-01-04 14:19:26 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014-01-04 14:19:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014-01-04 14:19:16 | 3149,078,528 | -HS- | M] () -- C:\hiberfil.sys
[2014-01-04 14:17:50 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014-01-04 13:51:53 | 000,000,874 | ---- | M] () -- C:\Users\nancy\Desktop\PC Speed Maximizer.lnk
[2014-01-04 13:47:15 | 000,000,960 | ---- | M] () -- C:\Users\nancy\Desktop\Driver Genius.lnk
[2013-12-29 14:32:39 | 000,001,803 | ---- | M] () -- C:\Users\nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Alertes de surveillance de l'encre - HP Officejet 6700 (réseau).lnk
[2013-12-21 12:43:05 | 000,679,042 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2013-12-21 12:43:05 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013-12-21 12:43:05 | 000,126,626 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2013-12-21 12:43:05 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013-12-12 05:26:51 | 000,307,560 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013-12-11 12:44:02 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFordoom.job
[2013-12-11 09:22:29 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013-12-11 09:22:29 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[3 C:\*.tmp files -> C:\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========/color

[2014-01-04 14:32:36 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014-01-04 13:51:52 | 000,000,874 | ---- | C] () -- C:\Users\nancy\Desktop\PC Speed Maximizer.lnk
[2014-01-04 13:47:14 | 000,000,960 | ---- | C] () -- C:\Users\nancy\Desktop\Driver Genius.lnk
[2013-06-08 16:29:35 | 000,000,290 | RHS- | C] () -- C:\Users\nancy\ntuser.pol
[2013-05-26 18:46:56 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013-01-04 14:16:20 | 000,000,382 | ---- | C] () -- C:\Windows\ODBC.INI
[2012-12-06 19:48:49 | 000,036,864 | ---- | C] () -- C:\Users\nancy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-02-14 18:27:54 | 000,001,924 | ---- | C] () -- C:\Users\nancy\AppData\Roaming\wklnhst.dat

[color=#E56717]========== ZeroAccess Check ==========/color

[2006-11-02 04:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012-06-08 09:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009-04-10 22:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009-04-10 22:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[color=#E56717]========== Custom Scans ==========/color

[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >/color

[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >/color

[color=#A23BEC]< %APPDATA%\*. >/color
[2012-02-21 07:12:24 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\Adobe
[2013-04-20 06:52:34 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\Apple Computer
[2013-04-15 16:59:34 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\CyberLink
[2013-05-27 03:18:07 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\FrostWire
[2011-09-19 04:58:41 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\Google
[2011-04-14 07:29:37 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\Hewlett-Packard
[2013-06-03 13:03:19 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\HpUpdate
[2011-04-14 08:11:37 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\Identities
[2011-04-14 08:07:38 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\Macromedia
[2006-11-02 04:37:34 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\Media Center Programs
[2013-12-09 09:34:17 | 000,000,000 | --SD | M] -- C:\Users\nancy\AppData\Roaming\Microsoft
[2013-11-30 17:59:20 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\Mozilla
[2012-10-09 17:45:15 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\MusicNet
[2013-06-08 16:30:50 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\Oberon Media
[2011-04-14 08:12:19 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\Symantec
[2012-02-14 18:27:55 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\Template
[2014-01-04 14:17:15 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\Uniblue
[2013-06-08 16:30:32 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\VisicomToolBar
[2011-07-11 06:06:21 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\Yahoo!

[color=#A23BEC]< %APPDATA%\*.exe /s >/color
[2011-10-03 07:08:41 | 010,531,656 | ---- | M] (FrostWire Team) -- C:\Users\nancy\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.1.5.windows.exe
[2011-10-03 07:12:05 | 004,506,256 | ---- | M] (Lime Wire LLC) -- C:\Users\nancy\AppData\Roaming\FrostWire\.NetworkShare\LimeWireWin4.16.6.exe
[2012-10-18 00:51:52 | 001,259,320 | ---- | M] (Iplay) -- C:\Users\nancy\AppData\Roaming\VisicomToolBar\gamesagogo_en_w3i_toolbar_3.2.0.36.exe

[color=#A23BEC]< %temp%\*.exe /s >/color
[2013-11-30 17:44:50 | 010,355,400 | ---- | M] () -- C:\Users\nancy\AppData\Local\Temp\BackupSetup.exe
[2008-04-15 13:58:20 | 000,069,632 | ---- | M] (Hewlett-Packard Company) -- C:\Users\nancy\AppData\Local\Temp\HPQSi.exe
[2012-01-22 04:22:31 | 002,410,576 | ---- | M] (iMesh Inc. ) -- C:\Users\nancy\AppData\Local\Temp\iMesh_setup.exe
[2011-07-11 06:08:07 | 003,353,918 | ---- | M] (PCTuto ) -- C:\Users\nancy\AppData\Local\Temp\insE520.tmp.exe
[2011-07-11 06:06:59 | 003,353,918 | ---- | M] (PCTuto ) -- C:\Users\nancy\AppData\Local\Temp\insE935.tmp.exe
[2013-11-30 17:58:39 | 003,401,216 | ---- | M] () -- C:\Users\nancy\AppData\Local\Temp\installer.exe
[2013-11-30 18:00:38 | 000,081,768 | ---- | M] (Conduit) -- C:\Users\nancy\AppData\Local\Temp\mconduitinstaller.exe
[2013-05-07 22:10:12 | 000,110,936 | ---- | M] (Conduit) -- C:\Users\nancy\AppData\Local\Temp\nseA279.exe
[2013-05-07 22:10:12 | 000,110,936 | ---- | M] (Conduit) -- C:\Users\nancy\AppData\Local\Temp\nsn5BE2.exe
[2013-05-07 22:10:12 | 000,110,936 | ---- | M] (Conduit) -- C:\Users\nancy\AppData\Local\Temp\nsxBA97.exe
[2013-11-30 17:59:30 | 003,612,672 | ---- | M] (Crawler, LLC ) -- C:\Users\nancy\AppData\Local\Temp\PCFixSpeedSetup.exe
[2013-12-22 15:11:18 | 000,360,051 | ---- | M] () -- C:\Users\nancy\AppData\Local\Temp\Quarantine.exe
[2013-06-08 16:13:29 | 004,001,416 | ---- | M] (Ask) -- C:\Users\nancy\AppData\Local\Temp\setup.exe
[2013-11-30 17:59:00 | 003,833,440 | ---- | M] () -- C:\Users\nancy\AppData\Local\Temp\Setup_CA.exe
[2013-05-12 06:39:26 | 000,070,192 | ---- | M] (Conduit) -- C:\Users\nancy\AppData\Local\Temp\SPStub.exe
[2012-12-31 06:27:23 | 000,058,760 | ---- | M] () -- C:\Users\nancy\AppData\Local\Temp\symlcsv1.exe
[2013-05-12 06:39:26 | 000,086,816 | ---- | M] (Conduit Ltd.) -- C:\Users\nancy\AppData\Local\Temp\ToolbarHelper.exe
[2011-10-03 01:08:34 | 000,853,104 | ---- | M] (Babylon Ltd.) -- C:\Users\nancy\AppData\Local\Temp\Toolbar_Eazel.exe
[2013-11-30 18:00:23 | 000,088,744 | ---- | M] () -- C:\Users\nancy\AppData\Local\Temp\vbmz6.exe
[2013-11-30 17:45:07 | 004,216,840 | ---- | M] (Microsoft Corporation) -- C:\Users\nancy\AppData\Local\Temp\vcredist_x86.exe
[2013-11-30 18:00:04 | 000,451,976 | ---- | M] () -- C:\Users\nancy\AppData\Local\Temp\VisualBeeSilent.exe
[2013-11-30 18:01:24 | 040,058,464 | ---- | M] (Microsoft Corporation) -- C:\Users\nancy\AppData\Local\Temp\vstor_redist_2010.exe
[2008-04-29 08:12:38 | 000,453,720 | ---- | M] (Macrovision Corporation) -- C:\Users\nancy\AppData\Local\Temp\_is4337.exe
[2008-04-29 08:12:38 | 000,453,720 | ---- | M] (Macrovision Corporation) -- C:\Users\nancy\AppData\Local\Temp\_is9CBB.exe
[233 C:\Users\nancy\AppData\Local\Temp\*.tmp files -> C:\Users\nancy\AppData\Local\Temp\*.tmp -> ]
[2013-07-12 03:03:11 | 001,207,296 | ---- | M] (Google) -- C:\Users\nancy\AppData\Local\Temp\._msige61\GoogleEarth.exe
[2013-07-12 02:33:54 | 000,051,712 | ---- | M] () -- C:\Users\nancy\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\earthflashsol.exe
[2013-07-12 02:53:45 | 000,208,384 | ---- | M] (Google) -- C:\Users\nancy\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\googleearth.exe
[2013-07-12 02:33:58 | 000,301,056 | ---- | M] () -- C:\Users\nancy\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\gpsbabel.exe
[2013-07-12 02:53:45 | 000,208,384 | ---- | M] (Google) -- C:\Users\nancy\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\geplugin.exe
[2013-02-15 07:44:18 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Users\nancy\AppData\Local\Temp\{1D1A366F-5094-4099-A02E-62D5304D1CF2}\GoogleCrashHandler.exe
[2013-02-15 07:44:18 | 000,281,480 | ---- | M] (Google Inc.) -- C:\Users\nancy\AppData\Local\Temp\{1D1A366F-5094-4099-A02E-62D5304D1CF2}\GoogleCrashHandler64.exe
[2013-02-15 07:44:18 | 000,116,648 | ---- | M] (Google Inc.) -- C:\Users\nancy\AppData\Local\Temp\{1D1A366F-5094-4099-A02E-62D5304D1CF2}\GoogleUpdate.exe
[2013-02-15 07:44:18 | 000,059,784 | ---- | M] (Google Inc.) -- C:\Users\nancy\AppData\Local\Temp\{1D1A366F-5094-4099-A02E-62D5304D1CF2}\GoogleUpdateBroker.exe
[2013-02-15 07:44:18 | 000,059,784 | ---- | M] (Google Inc.) -- C:\Users\nancy\AppData\Local\Temp\{1D1A366F-5094-4099-A02E-62D5304D1CF2}\GoogleUpdateOnDemand.exe
[2013-01-18 11:40:00 | 000,774,424 | ---- | M] (Google Inc.) -- C:\Users\nancy\AppData\Local\Temp\{1D1A366F-5094-4099-A02E-62D5304D1CF2}\GoogleUpdateSetup.exe
[2013-06-08 07:30:09 | 000,809,368 | ---- | M] (Acresso Software Inc. ) -- C:\Users\nancy\AppData\Local\Temp\{5D215A96-59F7-4592-B3DD-4A722802F7CC}\setup.exe
[2013-11-30 17:44:14 | 006,426,328 | ---- | M] ( ) -- C:\Users\nancy\AppData\Local\Temp\{7158C51E-D5D0-49E7-8E42-AF55053AA370}\setup.exe
[2013-05-02 05:49:20 | 000,216,968 | ---- | M] (Google Inc.) -- C:\Users\nancy\AppData\Local\Temp\{B999550B-2114-4B1E-9989-CA0EA5171FFE}\GoogleCrashHandler.exe
[2013-05-02 05:49:20 | 000,287,624 | ---- | M] (Google Inc.) -- C:\Users\nancy\AppData\Local\Temp\{B999550B-2114-4B1E-9989-CA0EA5171FFE}\GoogleCrashHandler64.exe
[2013-05-02 05:49:20 | 000,116,648 | ---- | M] (Google Inc.) -- C:\Users\nancy\AppData\Local\Temp\{B999550B-2114-4B1E-9989-CA0EA5171FFE}\GoogleUpdate.exe
[2013-05-02 05:49:20 | 000,059,784 | ---- | M] (Google Inc.) -- C:\Users\nancy\AppData\Local\Temp\{B999550B-2114-4B1E-9989-CA0EA5171FFE}\GoogleUpdateBroker.exe
[2013-05-02 05:49:20 | 000,059,784 | ---- | M] (Google Inc.) -- C:\Users\nancy\AppData\Local\Temp\{B999550B-2114-4B1E-9989-CA0EA5171FFE}\GoogleUpdateOnDemand.exe
[2013-04-17 13:29:00 | 000,781,592 | ---- | M] (Google Inc.) -- C:\Users\nancy\AppData\Local\Temp\{B999550B-2114-4B1E-9989-CA0EA5171FFE}\GoogleUpdateSetup.exe
[2013-06-06 10:42:34 | 016,948,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\nancy\AppData\Local\Temp\{DA591C63-13C4-429B-8E9C-04B089F5B5FC}\InstallFlashPlayer.exe
[2013-06-06 10:40:34 | 016,948,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\nancy\AppData\Local\Temp\{F2DAB455-5A07-4DAB-B0EF-94A8E066FAC7}\InstallFlashPlayer.exe
[2012-10-17 03:11:46 | 011,502,184 | ---- | M] (Hewlett-Packard Co.) -- C:\Users\nancy\AppData\Local\Temp\7zS230F\HP-DQEX5.exe
[2012-10-17 03:04:28 | 001,719,912 | ---- | M] (Hewlett-Packard Co.) -- C:\Users\nancy\AppData\Local\Temp\7zS230F\Setup.exe
[2012-06-13 10:05:20 | 002,873,232 | ---- | M] (Hewlett-Packard Co.) -- C:\Users\nancy\AppData\Local\Temp\7zS230F\amd64\hpinkins5C12.exe
[2012-06-13 09:47:36 | 002,216,336 | ---- | M] (Hewlett-Packard Co.) -- C:\Users\nancy\AppData\Local\Temp\7zS230F\i386\hpinkins5C12.exe
[2012-02-16 11:52:48 | 005,671,192 | ---- | M] (Microsoft Corporation) -- C:\Users\nancy\AppData\Local\Temp\7zS230F\Toolbar\BingBarSetup.exe
[2012-07-26 23:50:10 | 000,890,272 | ---- | M] (Hewlett-Packard) -- C:\Users\nancy\AppData\Local\Temp\7zS230F\Toolbar\smartprintsetup.exe
[2012-10-17 03:04:54 | 000,325,224 | ---- | M] (Hewlett-Packard Co.) -- C:\Users\nancy\AppData\Local\Temp\7zS230F\utils\HPInstallLogCollector.exe
[2012-10-17 03:06:30 | 000,198,248 | ---- | M] (Hewlett-Packard Co.) -- C:\Users\nancy\AppData\Local\Temp\7zS230F\utils\hpUrlLauncher.exe
[2012-10-17 03:41:35 | 000,307,304 | ---- | M] (Hewlett-Packard Co.) -- C:\Users\nancy\AppData\Local\Temp\7zS230F\utils\x64\RemovePreinstalledDrivers.exe
[2012-10-17 03:17:47 | 000,255,592 | ---- | M] (Hewlett-Packard Co.) -- C:\Users\nancy\AppData\Local\Temp\7zS230F\utils\x86\RemovePreinstalledDrivers.exe
[2013-11-30 17:42:39 | 000,759,840 | ---- | M] (Video Downloader ) -- C:\Users\nancy\AppData\Local\Temp\974b8403-4ad2-4bfd-a31f-0d3d7cc93021\setup.exe
[2013-11-30 18:01:22 | 003,664,104 | ---- | M] (Conduit) -- C:\Users\nancy\AppData\Local\Temp\ct3287811\chLogic.exe
[2013-11-30 18:01:08 | 000,073,543 | ---- | M] (Conduit) -- C:\Users\nancy\AppData\Local\Temp\ct3287811\ctbe.exe
[2013-11-30 18:00:51 | 000,081,736 | ---- | M] (Conduit) -- C:\Users\nancy\AppData\Local\Temp\ct3287811\stub.exe
[2011-08-18 05:51:48 | 001,200,856 | ---- | M] (BabylonToolbar) -- C:\Users\nancy\AppData\Local\Temp\DF2251EC-BAB0-7891-AB79-34D0D89A4FF5\MyBabylonTB.exe
[2011-08-25 05:06:32 | 001,804,400 | ---- | M] (Babylon Ltd.) -- C:\Users\nancy\AppData\Local\Temp\DF2251EC-BAB0-7891-AB79-34D0D89A4FF5\Setup.exe
[2013-11-30 17:43:12 | 006,565,456 | ---- | M] () -- C:\Users\nancy\AppData\Local\Temp\LIL82C0.tmp\OptimizerPro.exe
[2013-11-30 17:42:56 | 000,055,363 | ---- | M] () -- C:\Users\nancy\AppData\Local\Temp\LIL82C1.tmp\wajam_download.exe
[2013-11-30 17:42:56 | 000,073,824 | ---- | M] () -- C:\Users\nancy\AppData\Local\Temp\LIL832D.tmp\Cloud_Backup_Setup.exe

[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >/color

[color=#A23BEC]< %systemroot%\*. /mp /s >/color

[color=#A23BEC]< %systemroot%\system32\consrv.dll >/color

[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >/color
[2013-06-05 02:02:55 | 000,353,792 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5/b -- C:\Windows\system32\dxtmsft.dll
[2013-06-05 02:02:55 | 000,223,232 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5/b -- C:\Windows\system32\dxtrans.dll
[2013-06-05 02:02:53 | 000,118,784 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5/b -- C:\Windows\system32\iepeers.dll

[color=#A23BEC]< %windir%\Tasks\*.job /lockedfiles >/color

[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >/color
[2013-11-21 10:07:40 | 000,142,936 | ---- | M] (Symantec Corporation)[b] Unable to obtain MD5/b -- C:\Windows\system32\drivers\SYMEVENT.SYS

[color=#A23BEC]< %systemroot%\System32\config\*.sav >/color
[2008-01-20 19:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008-01-20 19:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008-01-20 19:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006-11-02 02:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006-11-02 02:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

[color=#A23BEC]< MD5 for: EXPLORER.EXE >/color
[2008-10-28 22:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008-10-28 22:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008-10-29 19:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009-04-10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\WINDOWS\explorer.exe
[2009-04-10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008-10-27 18:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008-01-20 18:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

[color=#A23BEC]< MD5 for: SERVICES.EXE >/color
[2008-01-20 18:24:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009-04-10 22:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\WINDOWS\System32\services.exe
[2009-04-10 22:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

[color=#A23BEC]< MD5 for: WININIT.EXE >/color
[2008-01-20 18:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\WINDOWS\System32\wininit.exe
[2008-01-20 18:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\WINDOWS\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

[color=#A23BEC]< MD5 for: WINLOGON.EXE >/color
[2009-04-10 22:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\WINDOWS\System32\winlogon.exe
[2009-04-10 22:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008-01-20 18:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

[color=#A23BEC]< HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32 /s >/color
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009-04-10 22:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SYSTEM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters /s >/color

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s >/color
"Debug" =
"" = mnmsrvc
"Kmode" = \SystemRoot\System32\win32k.sys
"Optional" = Posix [binary data]
"Posix" = %SystemRoot%\system32\psxss.exe
"Required" = DebugWindows [binary data]
"Windows" = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\CSRSS]
"CsrSrvSharedSectionBase" = 2137980928

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls /s >/color

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList /s >/color
"ProfilesDirectory" = %SystemDrive%\Users -- [2013-02-01 10:59:26 | 000,000,000 | R--D | M]
"Default" = %SystemDrive%\Users\Default -- [2011-04-18 13:29:11 | 000,000,000 | RH-D | M]
"Public" = %SystemDrive%\Users\Public -- [2012-01-24 18:10:46 | 000,000,000 | R--D | M]
"ProgramData" = %SystemDrive%\ProgramData -- [2014-01-04 14:21:37 | 000,000,000 | -H-D | M]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18]
"Flags" = 12
"State" = 0
"RefCount" = 1
"Sid" = 01 01 00 00 00 00 00 05 12 00 00 00 [binary data]
"ProfileImagePath" = %systemroot%\system32\config\systemprofile -- [2013-05-31 12:05:15 | 000,000,000 | ---D | M]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19]
"ProfileImagePath" = %SystemRoot%\ServiceProfiles\LocalService -- [2013-01-03 07:45:34 | 000,000,000 | ---D | M]
"Flags" = 0
"State" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20]
"ProfileImagePath" = %SystemRoot%\ServiceProfiles\NetworkService -- [2013-01-03 07:45:34 | 000,000,000 | ---D | M]
"Flags" = 0
"State" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2613454591-2242960402-144951809-1000]
"ProfileImagePath" = C:\Users\nancy -- [2013-12-04 09:47:38 | 000,000,000 | ---D | M]
"Flags" = 0
"State" = 256
"Sid" = 01 05 00 00 00 00 00 05 15 00 00 00 FF 26 C6 9B 12 DC B0 85 01 CA A3 08 E8 03 00 00 [binary data]
"ProfileLoadTimeLow" = 0
"ProfileLoadTimeHigh" = 0
"RefCount" = 6
"RunLogonScriptSync" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2613454591-2242960402-144951809-1001]
"ProfileImagePath" = C:\Users\doom -- [2013-06-09 07:10:01 | 000,000,000 | ---D | M]
"Flags" = 0
"State" = 0
"Sid" = 01 05 00 00 00 00 00 05 15 00 00 00 FF 26 C6 9B 12 DC B0 85 01 CA A3 08 E9 03 00 00 [binary data]
"ProfileLoadTimeLow" =
0
doom
5 janv. 2014 à 00:21
OTL Extras logfile created on: 2014-01-04 14:29:15 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\doom\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

2,93 Gb Total Physical Memory | 1,53 Gb Available Physical Memory | 52,30% Memory free
6,06 Gb Paging File | 4,69 Gb Available in Paging File | 77,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223,53 Gb Total Space | 118,10 Gb Free Space | 52,84% Space Free | Partition Type: NTFS
Drive D: | 9,35 Gb Total Space | 1,66 Gb Free Space | 17,77% Space Free | Partition Type: NTFS

Computer Name: PC-DE-DOOM | User Name: nancy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-2613454591-2242960402-144951809-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-2613454591-2242960402-144951809-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{125C45B8-CE80-457A-B267-84C4100B978B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{132F4CF6-878F-4A63-BBE7-03F98DD73D4C}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{337CCCCA-2941-4B4B-8C49-01DEE6DDDF07}" = protocol=17 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
"{3D938EB0-90F8-41B5-8749-1ABFDCC3B8A4}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{401E3880-E35C-40B0-B58F-F99BDD9092A7}" = dir=in | app=c:\program files\hp\hp officejet 6700\bin\hpnetworkcommunicatorcom.exe |
"{561537E7-E544-4485-AB9F-33465B48F800}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{57739D26-2788-4E99-A804-3B5904A511EA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6D7B4F53-78D1-412D-BE0C-DF7D044E7A8A}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{6DF174B6-1906-48FB-97F3-1FE24582A93F}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{756ECBE9-436F-4974-B200-AE891949EA43}" = dir=in | app=c:\program files\hp\hp officejet 6700\bin\faxapplications.exe |
"{76E5CF0B-A65B-4FC6-936B-94413D0D8D48}" = dir=in | app=c:\program files\hp\hp officejet 6700\bin\hpnetworkcommunicator.exe |
"{79CA95A6-2F03-45E5-955F-4877E83A44E0}" = protocol=6 | dir=in | app=c:\program files\imesh applications\mediabar\datamngr\toolbar\dtuser.exe |
"{7D5D4DF2-D50A-4BA0-960B-5F15317620ED}" = dir=in | app=c:\program files\hp\hp officejet 6700\bin\devicesetup.exe |
"{7EA319E6-D8CB-44E6-A590-F83C3D911CAD}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{7F9F048E-577C-45FF-A6B8-6E80764DC7B4}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{8A2BFF45-E381-4116-BE40-929232F17B6E}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{8B597498-2919-4C9F-A3B8-A838B84535CA}" = dir=in | app=c:\program files\hp\hp officejet 6700\bin\digitalwizards.exe |
"{B47E0A32-AB7F-4F70-89ED-2DAB6140DB6A}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{D54FBAC9-080D-4D44-B466-4E8260A67EF9}" = dir=in | app=c:\program files\hp\hp officejet 6700\bin\sendafax.exe |
"{E56724B9-64B1-4516-9497-4D1E7CC86062}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{E5DDB259-9D72-48A2-8988-78836DBAAB39}" = protocol=17 | dir=in | app=c:\program files\imesh applications\mediabar\datamngr\toolbar\dtuser.exe |
"{EA928405-58B9-455F-8D46-0539837999A5}" = protocol=6 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
"{F213E6CA-4F26-4328-BBCE-DB69CB859EFA}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"TCP Query User{84DA8926-28D2-4C92-903F-2E507C02D4A6}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{E78BC8D3-1950-4FCD-8342-B8CACBE339B4}C:\program files\imesh applications\imesh\imesh.exe" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"UDP Query User{1D797FCE-F1D3-4FE2-8A25-14E70AEF8EF6}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{A4CB3EB6-2523-48DA-809C-E4B26B7DAD13}C:\program files\imesh applications\imesh\imesh.exe" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{2758691A-2CDE-4942-A4AC-0E8F61FE2067}" = VIDBOX NW03 NW06
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{340F521E-3576-4E1A-B75C-EB0ACF751379}" = HP Wireless Assistant
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 F1
"{35F83303-C0C0-46B7-B8A8-ADA7C2AC5645}" = muvee autoProducer 6.1
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3B160861-7250-451E-B5EE-8B92BF30A710}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{406481A5-D5C1-4C24-A507-40EE72ABC4A4}" = Logiciel de base du périphérique HP Officejet 6700
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4D7DF9B2-BCA3-4AF7-9C5F-4ADEB7495F7E}" = HP User Guides 0121
"{51E5C397-0AA0-48DD-9CB6-7259AFFDFB0A}" = HP Easy Setup - Frontend
"{582287DA-0806-4AC0-BF19-C15E3A466034}" = LightScribe System Software 1.12.33.2
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7F779CC3-D585-4945-86E9-9A561E616B74}" = Étude pour l'amélioration du produit HP Officejet 6700
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_HOMESTUDENTR_{3E8EA473-ECCE-405F-A9CA-59446AEADD3A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_HOMESTUDENTR_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007
"{90120000-00A1-040C-0000-0000000FF1CE}_HOMESTUDENTR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9028040C-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional avec FrontPage
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}" = iTunes
"{95120000-00AF-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French)
"{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC242562-1F9E-42C9-B461-E8B839093FEB}" = honestech VHS to DVD 7.0 Deluxe
"{AC76BA86-7AD7-1036-7B44-A81200000003}" = Adobe Reader 8.1.2 - Français
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{B16DA0F8-26BC-4FFC-9363-1D9F3E6C3E21}" = HP Customer Experience Enhancements
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8A17598-7F89-41EA-9876-0F89DA0B24F1}_is1" = VIO Player version 1.0.1
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}" = Updater
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E1AE0CB7-1333-4728-8520-CB3F88A252B4}" = HP Officejet 6700 Aide
"{E333CA5F-00ED-4EEF-90E5-6A33A8FE969F}" = HP Help and Support
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{F6A460C6-DFD9-4FC2-B261-6D986DC23141}" = honestech VHS to DVD 7.0 Deluxe
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Browsersafeguard" = BrowserSafeguard with RocketTab
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA
"NIS" = Norton Internet Security
"PC Speed Maximizer_is1" = PC Speed Maximizer v3.2
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TubeDimmer" = Tube Dimmer

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-2613454591-2242960402-144951809-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-2613454591-2242960402-144951809-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{CAD9C0EB-457D-49BB-A6AD-389304C38B2A}" = Outil de notification de cadeaux MSN
"VisualBee for Microsoft PowerPoint" = VisualBee for Microsoft PowerPoint

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2013-09-16 06:53:16 | Computer Name = PC-de-doom | Source = WinMgmt | ID = 10
Description =

Error - 2013-09-18 09:19:00 | Computer Name = PC-de-doom | Source = WinMgmt | ID = 10
Description =

Error - 2013-09-20 07:40:32 | Computer Name = PC-de-doom | Source = WinMgmt | ID = 10
Description =

Error - 2013-09-20 13:00:39 | Computer Name = PC-de-doom | Source = WinMgmt | ID = 10
Description =

Error - 2013-09-20 15:07:20 | Computer Name = PC-de-doom | Source = WinMgmt | ID = 10
Description =

Error - 2013-09-22 16:46:06 | Computer Name = PC-de-doom | Source = WinMgmt | ID = 10
Description =

Error - 2013-09-23 14:55:27 | Computer Name = PC-de-doom | Source = EventSystem | ID = 4622
Description =

Error - 2013-09-23 19:49:00 | Computer Name = PC-de-doom | Source = EventSystem | ID = 4621
Description =

Error - 2013-09-25 09:15:43 | Computer Name = PC-de-doom | Source = WinMgmt | ID = 10
Description =

Error - 2013-09-26 06:44:01 | Computer Name = PC-de-doom | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 2014-01-02 11:01:44 | Computer Name = PC-de-doom | Source = Service Control Manager | ID = 7000
Description =

Error - 2014-01-02 11:12:51 | Computer Name = PC-de-doom | Source = DCOM | ID = 10010
Description =

Error - 2014-01-03 10:35:08 | Computer Name = PC-de-doom | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 2014-01-03 10:35:52 | Computer Name = PC-de-doom | Source = Service Control Manager | ID = 7000
Description =

Error - 2014-01-03 10:35:52 | Computer Name = PC-de-doom | Source = Service Control Manager | ID = 7000
Description =

Error - 2014-01-04 12:25:03 | Computer Name = PC-de-doom | Source = Service Control Manager | ID = 7000
Description =

Error - 2014-01-04 12:25:03 | Computer Name = PC-de-doom | Source = Service Control Manager | ID = 7000
Description =

Error - 2014-01-04 12:26:25 | Computer Name = PC-de-doom | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 2014-01-04 18:20:50 | Computer Name = PC-de-doom | Source = Service Control Manager | ID = 7000
Description =

Error - 2014-01-04 18:22:10 | Computer Name = PC-de-doom | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =


< End of report >
0
Réponse 14 / 23
philjac26 Messages postés 9 Date d'inscription lundi 25 novembre 2013 Statut Membre Dernière intervention 27 novembre 2013
Modifié par philjac26 le 26/11/2013 à 21:01
Voici le rapport :



========== OTL ==========
HKEY_USERS\S-1-5-21-1463781196-1604515188-2107884356-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-21-1463781196-1604515188-2107884356-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1463781196-1604515188-2107884356-1000\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com deleted successfully.
File C:\Program Files\Iminent\webbooster@iminent.com not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Updater deleted successfully.
C:\ProgramData\Updater\updater.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-1463781196-1604515188-2107884356-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Updater deleted successfully.
File C:\ProgramData\Updater\updater.exe not found.
C:\ProgramData\TubeDimmer\Chrome folder moved successfully.
C:\ProgramData\TubeDimmer folder moved successfully.
C:\Program Files\Optimizer Pro folder moved successfully.
C:\Users\pc nono\Documents\Optimizer Pro folder moved successfully.
C:\ProgramData\TEMP folder moved successfully.
C:\Users\pc nono\AppData\Local\DealPlyLive\CrashReports folder moved successfully.
C:\Users\pc nono\AppData\Local\DealPlyLive folder moved successfully.
C:\ProgramData\DealPlyLive\Update\Log folder moved successfully.
C:\ProgramData\DealPlyLive\Update folder moved successfully.
C:\ProgramData\DealPlyLive folder moved successfully.
C:\Program Files\DealPlyLive\CrashReports folder moved successfully.
C:\Program Files\DealPlyLive folder moved successfully.
C:\Users\pc nono\AppData\Roaming\Dealply\UpdateProc folder moved successfully.
C:\Users\pc nono\AppData\Roaming\Dealply folder moved successfully.
C:\Users\pc nono\AppData\Local\Duuqu\CrashReports folder moved successfully.
C:\Users\pc nono\AppData\Local\Duuqu folder moved successfully.
C:\Program Files\Duuqu\CrashReports folder moved successfully.
C:\Program Files\Duuqu folder moved successfully.
C:\ProgramData\eSafe\log folder moved successfully.
C:\ProgramData\eSafe folder moved successfully.
C:\Users\pc nono\AppData\Roaming\dosearches folder moved successfully.
C:\Windows\Tasks\Dealply.job moved successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 11262013_204231
l'imago est à l'insecte, ce que le carpophore est au champignon !

Après redémarrage, l'icone de tube dimmer à disparue. J'espère que mon pc n'est plus infecté.
Il me reste donc à te dire un grand MERCI,... DOCTEUR !
0
Réponse 15 / 23
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 638
26 nov. 2013 à 22:46
yep :)

Supprime C:\OTL.


Installe Malwarebyte's Anti-Malware : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Fais des scans réguliers avec, il est efficace.



Pour ne plus te faire avoir.
A lire - Programmes parasites / PUPs : https://www.malekal.com/adwares-pup-protection/


0
Réponse 16 / 23
philjac26 Messages postés 9 Date d'inscription lundi 25 novembre 2013 Statut Membre Dernière intervention 27 novembre 2013
27 nov. 2013 à 21:12
Merci beaucoup pour toutes ces infos et ces conseils. Je tacherai d'être plus prudent quant aux sources d'infections possibles !
;-)
0
Réponse 17 / 23
rmj55430
28 nov. 2013 à 08:28
Suppression définitive de Tube Dimmer effectuée grâce à "Outil de suppression Yac" : Gratuit, très rapide et terriblement efficace !
0
s9j24x
5 mars 2014 à 21:39
il restait présent après suppression dans la liste des logiciels installés, après installation du site YAC ce virus a disparu et mon ordinateur est redevenu plus rapide. Merci du conseil.
0
Réponse 18 / 23
coupax Messages postés 4 Date d'inscription vendredi 20 avril 2012 Statut Membre Dernière intervention 29 novembre 2013
29 nov. 2013 à 04:23
J ai le même soucis avec tube dimmer is running .virus que je n arrive pas a éliminer .je demande de l aide a tous les Bill Gates qui liront ce message .merci d avance
0
Réponse 19 / 23
kibir11 Messages postés 23 Date d'inscription lundi 24 juin 2013 Statut Membre Dernière intervention 15 janvier 2016
2 déc. 2013 à 02:25
jai le meme probleme a laide
0
Réponse 20 / 23
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 638
2 déc. 2013 à 09:57
vous pouvez suivre la procédure là : https://forum.malekal.com/viewtopic.php?t=45675&start=

AdwCleaner + Malwarebytes + suppression des extensions parasites.
0

Discussions similaires

me desinscrire du site voisinsolitaire.com
maitre -
bazfile -

17 réponses
Comment supprimer une conversation Messenger pour les 2 personnes ?
mercidemaider -
sd -

7 réponses