Onglet S Ouvre Tout Seul Chrome

Forums des Zéros

Une question ? Pas de panique, on va vous aider !

• Liste des forums

[Virus] Onglet qui s'ouvre tout seul

Dans les navigateurs Chrome/Firefox/Opera - Pas dans Safari.

23 mars 2013 à 6:48:35

Bonjour !

• J'ai été infecté, il y a iii mois environ, depuis je n'ai pas vraiment eu le temps de résoudre le problème, trop de boulot. Je ne sais pas comment j'ai été infecté.
• Symptomes:
  - United nations onglet s'ouvre sans ma permission dans les navigateurs suivant (chrome/firefox/safari) quand je les apply.
  - Dans Safari, ça ne le fait pas, mais quelques fois, j'ai monday WebKit2WebProcess.exe qui doit redémarrer, et les pages sur lesquelles je surf se recharge. Aucune idée si c'est lié ou pas.

  Folio qui s'ouvre dans Opera:
  https://world wide web.google.be/search?client=opera&q=u2%25C3%2590%25C3%25A9I%25C2%25B4%25C3%258D%26%25E2%2580%259D%25C3%2580&sourceid=opera&ie=utf-viii&oe=utf-8&channel=suggest

  Page qui s'ouvre dans Chrome:
  http://xn--u2i%20%26-fwa9eyb3a564d9r4i/

  Dans Firefox, c'est une page vide qui s'ouvre.

  OTL logfile created on: 23/03/2013 half dozen:47:59 - Run ii OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\XXXXXXXXXXXX\Documents\Dossier\Download\Safari Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 0000080C | Country: Belgique | Language: FRB | Appointment Format: d/MM/yyyy   2.84 Gb Total Concrete Memory | 1.43 Gb Bachelor Physical Memory | 50.23% Memory free 5.91 Gb Paging File | iv.48 Gb Bachelor in Paging File | 75.84% Paging File complimentary Paging file location(s): ?:\pagefile.sys [binary data]   %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 92.21 Gb Total Space | three.xc Gb Costless Infinite | 4.23% Space Free | Sectionalisation Type: NTFS Drive D: | 48.05 Gb Total Space | 2.34 Gb Free Infinite | 4.87% Space Free | Partitioning Type: NTFS   Computer Name: PC-PORTABLE | User Proper noun: XXXXXXXXXXXX | Logged in as Ambassador. Kicking Mode: Normal | Scan Mode: Current user Company Proper noun Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 180 Days   [color=#E56717]========== Processes (SafeList) ==========[/color]   Communist china - C:\Users\XXXXXXXXXXXX\Documents\Dossier\Download\Safari\OTL.exe (OldTimer Tools)
  Mainland china - C:\Program Files\A\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme Files\A\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Plan Files\A\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files\A\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Plan Files\Mutual Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) People's republic of china - C:\Program Files\A\Safari\Safari.exe (Apple tree Inc.) PRC - C:\Program Files\A\Safari\Apple Application Support\WebKit2WebProcess.exe (Apple Inc.) PRC - C:\Program Files\Tablet\Pen\Pen_Tablet.exe (Wacom Applied science, Corp.) PRC - C:\Program Files\Tablet\Pen\Pen_TouchUser.exe (Wacom Technology, Corp.) PRC - C:\Program Files\Tablet\Pen\Pen_TabletUser.exe (Wacom Engineering, Corp.) PRC - C:\Program Files\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.) PRC - C:\Program Files\X-Rite\ColorMunki Design\Tools\ColorMunki Pattern Tray.exe () China - C:\Programme Files\10-Rite\Devices\Services\ColorMunki\ColorMunkiDeviceService.exe (Ten-Rite Inc.) Red china - C:\Program Files\X-Rite\Devices\Services\xritedeviced.exe (10-Rite Inc.) Communist china - C:\Programme Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) People's republic of china - C:\Program Files\A\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe () PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) Cathay - C:\Windows\explorer.exe (Microsoft Corporation) Red china - C:\Program Files\A\RocketDock\RocketDock.exe () PRC - C:\Windows\System32\PSIService.exe ()     [colour=#E56717]========== Modules (No Visitor Name) ==========[/colour]   Mod - C:\Plan Files\A\Safari\Apple Application Back up\zlib1.dll () MOD - C:\Programme Files\A\Safari\Apple tree Application Support\libxml2.dll () Modern - C:\Programme Files\A\FileZilla FTP Client\fzshellext.dll () MOD - C:\Program Files\A\Notepad++\NppShell_04.dll () MOD - C:\PROGRA~ane\A\IZArc\IZArcCM.dll () MOD - C:\Program Files\Tablet\Pen\libxml2.dll () MOD - C:\Program Files\10-Rite\ColorMunki Design\Tools\ColorMunki Design Tray.exe () Modern - C:\Program Files\X-Rite\ColorMunki Design\Tools\QtCore4.dll () Modernistic - C:\Program Files\10-Rite\ColorMunki Design\Tools\QtGui4.dll () MOD - C:\Program Files\X-Rite\ColorMunki Design\Tools\imageformats\qtiff4.dll () Modernistic - C:\Program Files\X-Rite\ColorMunki Blueprint\Tools\imageformats\qjpeg4.dll () MOD - C:\Plan Files\A\RocketDock\RocketDock.exe () MOD - C:\Plan Files\A\RocketDock\RocketDock.dll ()     [color=#E56717]========== Services (SafeList) ==========[/colour]   SRV - (Winmgmt) -- C:\Users\XXXXXXXXXXXX~ane\wgsdgsdgdsgsd.exe File not found
  SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- C:\Program Files\A\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Plan Files\A\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AdobeARMservice) -- C:\Programme Files\Common Files\Adobe\ARM\ane.0\armsvc.exe (Adobe Systems Incorporated) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (wampapache) -- c:\wamp\bin\apache\apache2.2.22\bin\httpd.exe (Apache Software Foundation) SRV - (wampmysqld) -- c:\wamp\bin\mysql\mysql5.v.24\bin\mysqld.exe () SRV - (TabletServicePen) -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe (Wacom Engineering, Corp.) SRV - (TouchServicePen) -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe (Wacom Applied science, Corp.) SRV - (SwitchBoard) -- C:\Programme Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (ColorMunkiService) -- C:\Programme Files\X-Rite\Devices\Services\ColorMunki\ColorMunkiDeviceService.exe (X-Rite Inc.) SRV - (xritedeviced) -- C:\Programme Files\X-Rite\Devices\Services\xritedeviced.exe (X-Rite Inc.) SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (mi-raysat_3dsmax2010_32) -- C:\Program Files\A\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe () SRV - (FirebirdServerMAGIXInstance) -- C:\Plan Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (TestHandler) -- C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()     [colour=#E56717]========== Commuter Services (SafeList) ==========[/colour]   DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not institute DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File non constitute DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (bbhkbt) -- C:\Windows\System32\drivers\thqusy.sys () DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (mcaudrv_simple) -- C:\Windows\System32\drivers\mcaudrv.sys (ManyCam LLC) DRV - (ManyCam) -- C:\Windows\System32\drivers\mcvidrv.sys (ManyCam LLC) DRV - (wacmoumonitor) -- C:\Windows\System32\drivers\wacmoumonitor.sys (Wacom Technology) DRV - (wacommousefilter) -- C:\Windows\System32\drivers\wacommousefilter.sys (Wacom Engineering) DRV - (wacomvhid) -- C:\Windows\System32\drivers\wacomvhid.sys (Wacom Technology) DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV - (RSUSBCCID) -- C:\Windows\System32\drivers\RtsUCcid.sys (Realtek Semiconductor Corp.) DRV - (mcdbus) -- C:\Windows\System32\drivers\mcdbus.sys (MagicISO, Inc.) DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation                           ) DRV - (ahcix86s) -- C:\Windows\System32\drivers\ahcix86s.sys (AMD Technologies Inc.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            ) DRV - (JRAID) -- C:\Windows\System32\drivers\jraid.sys (JMicron Technology Corp.) DRV - (USBCCID) -- C:\Windows\System32\drivers\usbccid.sys (Microsoft Corporation) DRV - (colormunki) -- C:\Windows\System32\drivers\colormunki.sys (Thesycon GmbH, Frg) DRV - (PdiPorts) -- C:\Windows\System32\drivers\PdiPorts.sys (Portrait Displays, Inc.)     [color=#E56717]========== Standard Registry (All) ==========[/color]     [color=#E56717]========== Internet Explorer ==========[/colour]   IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://become.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Net Explorer\Primary,Default_Secondary_Page_URL =  [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Master,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = near:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Beginning Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\..\SearchScopes,DefaultScope =  IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.alive.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC   IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Master,Local Folio = C:\Windows\system32\bare.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Master,Search Page = http://get.microsoft.com/fwlink/?LinkId=54896 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Folio = http://world wide web.duckduckgo.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) IE - HKCU\..\SearchScopes,DefaultScope =  IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://world wide web.bing.com/search?q={searchTerms}&Form=IE8SRC IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://world wide web.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://world wide web.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0   [colour=#E56717]========== FireFox ==========[/color]   FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.one FF - user.js - File not institute   FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Wink\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=one.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.v: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=two.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=i.1.0.5: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\XXXXXXXXXXXX\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\XXXXXXXXXXXX\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\XXXXXXXXXXXX\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\XXXXXXXXXXXX\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\XXXXXXXXXXXX\AppData\Local\Google\Update\1.iii.21.135\npGoogleUpdate3.dll (Google Inc.)   FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.Internet\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2012/04/xx 20:05:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\A\Adobe\CS5\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012/04/21 eighteen:43:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\belgiumeid@eid.belgium.be: C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.exist [2013/01/07 13:39:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\A\Mozilla Firefox\components [2013/01/xix 19:53:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.i\extensions\\Plugins: C:\Program Files\A\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files\A\Mozilla Thunderbird\components [2013/03/12 21:31:xix | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: C:\Program Files\A\Mozilla Thunderbird\plugins   [2012/04/26 xi:xviii:01 | 000,000,000 | ---D | M] (No name plant) -- C:\Users\XXXXXXXXXXXX\AppData\Roaming\Mozilla\Extensions [2013/01/22 23:sixteen:35 | 000,000,000 | ---D | 1000] (No name establish) -- C:\Users\XXXXXXXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\4kgy3gin.default\extensions [2013/01/07 13:39:05 | 000,000,000 | ---D | M] (No proper name found) -- C:\Program Files\mozilla firefox\extensions [2013/01/07 13:39:06 | 000,000,000 | ---D | M] (eID België) -- C:\Program Files\mozilla firefox\extensions\belgiumeid@eid.belgium.be   [colour=#E56717]========== Chrome  ==========[/colour]   CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: http://www.duckduckgo.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Customer (Enabled) = C:\Users\XXXXXXXXXXXX\AppData\Local\Google\Chrome\Awarding\25.0.1364.172\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\XXXXXXXXXXXX\AppData\Local\Google\Chrome\Awarding\25.0.1364.172\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\XXXXXXXXXXXX\AppData\Local\Google\Chrome\Awarding\25.0.1364.172\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Wink\NPSWF32_11_2_202_235.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Plan Files\Adobe\Reader x.0\Reader\Browser\nppdf32.dll CHR - plugin: Java(TM) Platform SE half dozen U32 (Enabled) = C:\Plan Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit half dozen.0.320.5 (Enabled) = C:\Windows\system32\npdeployJava1.dll CHR - plugin: Google Update (Enabled) = C:\Users\XXXXXXXXXXXX\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.Net\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: Turn Off the Lights = C:\Users\XXXXXXXXXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.1.0.28_0\ CHR - Extension: YouTube = C:\Users\XXXXXXXXXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Adblock Plus = C:\Users\XXXXXXXXXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\one.3.4_0\ CHR - Extension: Recherche Google = C:\Users\XXXXXXXXXXXX\AppData\Local\Google\Chrome\User Information\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Speed Dial = C:\Users\XXXXXXXXXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi\2.5.3_0\ CHR - Extension: AdBlock = C:\Users\XXXXXXXXXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.v.56_0\ CHR - Extension: Sinuous = C:\Users\XXXXXXXXXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\omlmnomieeknagejjojcpdomnbnbchdl\i.0.4_0\ CHR - Extension: Gmail = C:\Users\XXXXXXXXXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\   O1 HOSTS File: ([2012/12/22 07:30:26 | 000,001,809 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1	localhost O1 - Hosts: 127.0.0.1	localhost O1 - Hosts: 127.0.0.1	activate.adobe.com O1 - Hosts: 127.0.0.ane	actuate-sjc0.adobe.com O1 - Hosts: 127.0.0.1	adobeereg.com O1 - Hosts: 127.0.0.1	practivate.adobe.com O1 - Hosts: 127.0.0.1	ereg.adobe.com O1 - Hosts: 127.0.0.one	www.adobeereg.com O1 - Hosts: 127.0.0.ane	actuate.wip3.adobe.com O1 - Hosts: 127.0.0.1	wip3.adobe.com O1 - Hosts: 127.0.0.1	3dns-3.adobe.com O1 - Hosts: 127.0.0.i	3dns-2.adobe.com O1 - Hosts: 127.0.0.i	adobe-dns.adobe.com O1 - Hosts: 127.0.0.1	adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1	adobe-dns-three.adobe.com O1 - Hosts: 127.0.0.1	ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1	activate-sea.adobe.com O1 - Hosts: 127.0.0.1	wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.i	activate-sjc0.adobe.com O1 - Hosts: 127.0.0.ane	wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.i	192.150.18.108 O1 - Hosts: 127.0.0.1	adobe.activate.com O1 - Hosts: 127.0.0.1	practivate.adobe.com O1 - Hosts: 127.0.0.1	ereg.adobe.com O1 - Hosts: 127.0.0.ane	activate.wip3.adobe.com O1 - Hosts: 11 more lines... O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Plan Files\A\Adobe\CS5\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Coffee(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In two SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Plan Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\A\Adobe\CS5\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeAAMUpdater-ane.0] C:\Plan Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Programme Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Mutual Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Programme Files\Common Files\Apple\Apple Application Back up\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [Google EULA Launcher] c:\Plan Files\Google\Google EULA\GoogleEULALauncher.exe IE PA File not plant O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" File not constitute O4 - HKLM..\Run: [NPCTray] C:\Plan Files\Norman\npc\bin\npc_tray.exe /LOAD File not found O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [QuickTime Task] C:\Programme Files\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [AdobeBridge]  File non found O4 - HKCU..\Run: [Google Update] C:\Users\XXXXXXXXXXXX\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) O4 - HKCU..\Run: [LogMeIn Cubby] C:\Users\XXXXXXXXXXXX\AppData\Roaming\cubby\cubby.exe (LogMeIn, Inc.) O4 - HKCU..\Run: [RocketDock] C:\Program Files\A\RocketDock\RocketDock.exe () O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Telephone\Skype.exe (Skype Technologies S.A.) O4 - HKCU..\Run: [wlm2011installer] C:\Users\XXXXXXXXXXXX /restart File non plant O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Role player\WMPNSCFG.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = i O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Arrangement: EnableInstallerDetection = one O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = one O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Arrangement: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Arrangement: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =  O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =  O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Organisation: shutdownwithoutlogon = ane O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Organization\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = two O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Organization\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Organization\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O8 - Extra context bill of fare item: E&xporter vers Microsoft Excel - res://C:\PROGRA~ane\A\MICROS~i\Office12\EXCEL.EXE/3000 File not institute O9 - Extra Push button: Enquiry - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\A\MICROS~i\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sunday.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.half dozen.0_32) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://coffee.dominicus.com/update/1.half dozen.0/jinstall-1_6_0_32-windows-i586.cab (Coffee Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sunday.com/update/1.vi.0/jinstall-1_6_0_32-windows-i586.cab (Coffee Plug-in ane.6.0_32) O17 - HKLM\Organisation\CCS\Services\Tcpip\Parameters: DhcpNameServer = 109.88.203.3 62.197.111.140 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6AA8429-10E9-409A-905C-C4EFC07FEB64}: DhcpNameServer = 109.88.203.three 62.197.111.140 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~one\MESSEN~ane\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~ane.DLL (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\Mutual~1\Skype\SKYPE4~one.DLL (Skype Technologies) O18 - Protocol\Handler\goggle box {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Filter\awarding/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\awarding/ten-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/ten-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\Mutual~one\MICROS~one\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\System32\igfxdev.dll (Intel Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories enshroud daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\XXXXXXXXXXXX\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg O24 - Desktop BackupWallPaper: C:\Users\XXXXXXXXXXXX\AppData\Roaming\Microsoft\Windows Photograph Gallery\Papier peint de la Galerie de photos Windows.jpg O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - i O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | Thou] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{eccf8768-bb98-11e1-a6c7-00225f5c4a1e}\Shell - "" = AutoRun O33 - MountPoints2\{eccf8768-bb98-11e1-a6c7-00225f5c4a1e}\Crush\AutoRun\command - "" = H:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open up] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%i" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)   [color=#E56717]========== Files/Folders - Created Within 180 Days ==========[/colour]   [2013/03/23 06:thirteen:20 | 000,000,000 | ---D | C] -- C:\ProgramData\nppBackup [2013/03/23 05:58:20 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2013/03/21 22:08:01 | 000,000,000 | ---D | C] -- C:\Users\XXXXXXXXXXXX\Desktop\anglais [2013/03/20 00:48:25 | 000,000,000 | ---D | C] -- C:\Users\XXXXXXXXXXXX\Desktop\Nouveau dossier [2013/03/15 05:25:22 | 000,000,000 | ---D | C] -- C:\Users\XXXXXXXXXXXX\Desktop\a classé [2013/03/12 10:39:53 | 000,000,000 | ---D | C] -- C:\Users\XXXXXXXXXXXX\Desktop\jauge [2013/03/09 20:28:48 | 000,000,000 | ---D | C] -- C:\Users\XXXXXXXXXXXX\Desktop\Fini [2013/03/09 xx:twenty:20 | 000,000,000 | ---D | C] -- C:\Users\XXXXXXXXXXXX\Desktop\stage [2013/03/09 20:17:46 | 000,000,000 | ---D | C] -- C:\Users\XXXXXXXXXXXX\Desktop\commu2 [2013/03/09 20:16:twoscore | 000,000,000 | ---D | C] -- C:\Users\XXXXXXXXXXXX\Desktop\grille [2013/03/09 20:fifteen:28 | 000,000,000 | ---D | C] -- C:\Users\XXXXXXXXXXXX\Desktop\datavisualization [2013/03/04 14:46:43 | 000,000,000 | ---D | C] -- C:\Users\XXXXXXXXXXXX\Desktop\Bourgaux [2013/02/25 15:35:53 | 000,000,000 | ---D | C] -- C:\Users\XXXXXXXXXXXX\AppData\Roaming\cef-enshroud [2013/02/25 15:34:12 | 000,000,000 | ---D | C] -- C:\Users\XXXXXXXXXXXX\AppData\Roaming\PartyFrance [2013/02/25 15:34:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Offset Menu\Programs\PartyPoker.fr [2013/02/25 fifteen:34:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Get-go Menu\Programs\Games [2013/02/25 fifteen:33:09 | 000,000,000 | ---D | C] -- C:\Programs [2013/02/21 23:01:20 | 000,000,000 | ---D | C] -- C:\Users\XXXXXXXXXXXX\AppData\Roaming\Skype [2013/02/21 23:01:09 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [2013/02/21 23:01:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Showtime Carte\Programs\Skype [2013/02/21 23:01:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2013/02/21 23:00:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2013/02/21 11:24:00 | 000,000,000 | ---D | C] -- C:\Users\XXXXXXXXXXXX\Desktop\TFA [2013/02/xviii eleven:49:50 | 000,000,000 | R--D | C] -- C:\Users\XXXXXXXXXXXX\My Cubby [2013/02/xviii eleven:49:46 | 000,000,000 | ---D | C] -- C:\Users\XXXXXXXXXXXX\AppData\Roaming\cubby [2013/01/29 18:05:10 | 000,000,000 | ---D | C] -- C:\Users\XXXXXXXXXXXX\Desktop\boel [2013/01/29 xviii:05:01 | 000,000,000 | ---D | C] -- C:\Users\XXXXXXXXXXXX\Desktop\Dessin [2013/01/29 eighteen:04:30 | 000,000,000 | ---D | C] -- C:\Users\XXXXXXXXXXXX\Desktop\volont [2013/01/27 09:55:xix | 000,000,000 | ---D | C] -- C:\Users\XXXXXXXXXXXX\AppData\Roaming\vlc [2013/01/27 09:54:29 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2013/01/14 19:04:12 | 000,000,000 | ---D | C] -- C:\Users\XXXXXXXXXXXX\Desktop\Gonspirji [2013/01/fourteen nineteen:04:07 | 000,000,000 | ---D | C] -- C:\Users\XXXXXXXXXXXX\Documents\Nouveau dossier [2013/01/07 13:39:22 | 000,000,000 | ---D | C] -- C:\Plan Files\DIFX [2013/01/07 13:39:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Outset Menu\Programs\Kingdom of belgium - eID [2013/01/07 13:39:06 | 000,000,000 | ---D | C] -- C:\Windows\System32\siscardplugins [2013/01/07 13:39:06 | 000,000,000 | ---D | C] -- C:\Windows\System32\beidpp [2013/01/07 xiii:39:05 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013/01/07 thirteen:39:05 | 000,000,000 | ---D | C] -- C:\Programme Files\Kingdom of belgium Identity Menu [2013/01/07 13:39:05 | 000,000,000 | ---D | C] -- C:\Program Files\BeID Minidriver [2013/01/07 thirteen:38:32 | 000,000,000 | ---D | C] -- C:\drivers [2013/01/07 12:52:05 | 000,249,856 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtsUCcid.dll [2013/01/07 12:51:xx | 000,000,000 | ---D | C] -- C:\Windows\System32\sda [2013/01/07 12:50:31 | 007,360,512 | R--- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSUSTORicon.dll [2013/01/07 12:50:31 | 000,270,336 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtsUStor.dll [2013/01/07 12:50:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB2.0 Card Reader Software [2013/01/07 12:47:49 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2013/01/07 12:41:35 | 000,173,056 | R--- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RtsUStor.sys [2013/01/07 12:41:35 | 000,044,032 | R--- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RtsUCcid.sys [2013/01/07 12:41:35 | 000,017,536 | R--- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RtsUIr.sys [2013/01/07 12:41:22 | 000,000,000 | ---D | C] -- C:\Plan Files\Realtek [2012/12/31 22:03:24 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox [2012/12/20 00:42:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WampServer [2012/eleven/nineteen 07:34:59 | 000,000,000 | ---D | C] -- C:\Users\XXXXXXXXXXXX\Desktop\Work [2012/11/17 12:57:37 | 000,000,000 | ---D | C] -- C:\Users\XXXXXXXXXXXX\AppData\Roaming\X-Rite [2012/xi/17 12:55:23 | 000,000,000 | ---D | C] -- C:\Program Files\My Program [2012/xi/17 12:55:05 | 000,015,920 | ---- | C] (Portrait Displays, Inc.) -- C:\Windows\System32\drivers\PdiPorts.sys [2012/11/17 12:55:05 | 000,000,000 | -H-D | C] -- C:\Plan Files\InstallShield Installation Data [2012/xi/17 12:55:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Portrait Displays [2012/eleven/17 12:54:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield [2012/11/17 12:54:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ten-Rite [2012/11/17 12:52:54 | 000,029,184 | ---- | C] (Thesycon GmbH, Federal republic of germany) -- C:\Windows\System32\drivers\colormunki.sys [2012/eleven/17 12:52:49 | 000,000,000 | ---D | C] -- C:\ProgramData\X-Rite [2012/11/17 12:52:23 | 000,000,000 | ---D | C] -- C:\Programme Files\Ten-Rite [2012/eleven/16 01:27:17 | 000,000,000 | ---D | C] -- C:\Program Files\PDFTK Architect [2012/11/xv 06:34:17 | 000,000,000 | ---D | C] -- C:\Users\XXXXXXXXXXXX\AppData\Roaming\Audacity [2012/10/21 21:35:44 | 000,000,000 | ---D | C] -- C:\Users\XXXXXXXXXXXX\Desktop\Musique [2012/ten/12 15:15:23 | 000,000,000 | ---D | C] -- C:\Users\XXXXXXXXXXXX\Desktop\Inspiration [2012/x/eleven 05:58:16 | 000,000,000 | ---D | C] -- C:\Users\XXXXXXXXXXXX\Desktop\Site Spider web [2012/10/03 23:20:31 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012/09/25 23:29:27 | 000,000,000 | ---D | C] -- C:\Program Files\ZenKEY [2012/09/24 twenty:47:12 | 000,000,000 | ---D | C] -- C:\Users\XXXXXXXXXXXX\AppData\Roaming\Sublime Text 2 [2012/09/24 xiv:10:01 | 000,000,000 | ---D | C] -- C:\Program Files\Sublime Text 2   [color=#E56717]========== Files - Modified Inside 180 Days ==========[/colour]   [2013/03/23 06:35:39 | 000,003,216 | -H-- | G] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-ane.C7483456-A289-439d-8115-601632D005A0 [2013/03/23 06:35:39 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013/03/23 06:15:33 | 000,054,016 | ---- | K] () -- C:\Windows\System32\drivers\thqusy.sys [2013/03/23 05:58:20 | 000,040,776 | ---- | Thou] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2013/03/23 05:57:00 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.task [2013/03/23 05:56:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-i-v-21-2853791318-2649048559-1868908777-1000UA.task [2013/03/23 05:54:xi | 000,000,117 | ---- | Thou] () -- C:\Users\XXXXXXXXXXXX\Desktop\PROBLEME D'ONGLET QUI S'OUVRE TOUT SEUL  CommentCaMarche.URL [2013/03/23 05:33:45 | 000,067,584 | --S- | G] () -- C:\Windows\bootstat.dat [2013/03/23 05:33:42 | 3049,902,080 | -HS- | Yard] () -- C:\hiberfil.sys [2013/03/23 03:06:54 | 000,305,082 | ---- | Thousand] () -- C:\Users\XXXXXXXXXXXX\Desktop\05.jpg [2013/03/23 03:04:fifty | 000,307,456 | ---- | M] () -- C:\Users\XXXXXXXXXXXX\Desktop\02.jpg [2013/03/23 02:52:19 | 000,301,850 | ---- | Chiliad] () -- C:\Users\XXXXXXXXXXXX\Desktop\01.jpg [2013/03/23 02:48:56 | 000,100,755 | ---- | Thousand] () -- C:\Users\XXXXXXXXXXXX\Desktop\SKd_CJazMtwJpDCWznT1BoyggPSo7G8W_FdSPO-NSrs.jpeg [2013/03/23 02:46:50 | 000,115,292 | ---- | M] () -- C:\Users\XXXXXXXXXXXX\Desktop\fv7J3SEepW78nFUarlm1TVnrLySxXPRso9F3msGnxKc.jpeg [2013/03/22 04:36:21 | 000,046,080 | ---- | M] () -- C:\Users\XXXXXXXXXXXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013/03/21 23:56:00 | 000,001,058 | ---- | Chiliad] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2853791318-2649048559-1868908777-1000Core.job [2013/03/21 19:08:49 | 207,972,123 | ---- | G] () -- C:\Windows\MEMORY.DMP [2013/03/20 04:00:59 | 000,001,456 | ---- | Yard] () -- C:\Users\XXXXXXXXXXXX\AppData\Local\Adobe Enregistrer pour le Web 12.0 Prefs [2013/03/nineteen 22:35:30 | 000,285,002 | ---- | M] () -- C:\Users\XXXXXXXXXXXX\Desktop\DSCN1446.JPG [2013/03/xv 08:00:28 | 000,002,090 | ---- | Thou] () -- C:\Users\XXXXXXXXXXXX\Awarding Data\Microsoft\Net Explorer\Quick Launch\Google Chrome.lnk [2013/03/15 05:23:36 | 000,000,090 | ---- | Grand] () -- C:\Users\XXXXXXXXXXXX\Desktop\HTML5 Canvas Arc Tutorial.URL [2013/03/14 21:26:37 | 003,958,360 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013/03/fourteen 20:17:25 | 000,213,380 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat [2013/03/fourteen 20:07:42 | 000,002,373 | ---- | Yard] () -- C:\Users\XXXXXXXXXXXX\Application Data\Microsoft\Net Explorer\Quick Launch\Apple tree Safari.lnk [2013/03/13 00:03:31 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013/03/13 00:03:31 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013/03/12 11:17:25 | 000,005,972 | ---- | Grand] () -- C:\Users\XXXXXXXXXXXX\AppData\Local\d3d9caps.dat [2013/02/25 15:34:07 | 000,001,681 | ---- | G] () -- C:\Users\XXXXXXXXXXXX\Application Data\Microsoft\Internet Explorer\Quick Launch\PartyPoker.fr.lnk [2013/02/24 xx:57:27 | 000,000,132 | ---- | M] () -- C:\Users\XXXXXXXXXXXX\AppData\Roaming\Adobe PNG Format CS5 Prefs [2013/01/29 04:07:52 | 000,001,043 | ---- | Thousand] () -- C:\Programme Files\Programs\Programs\Base\Windows\Startup\Dropbox.lnk [2013/01/23 03:57:43 | 000,001,439 | ---- | M] () -- C:\Users\XXXXXXXXXXXX\Desktop\Projet personnel.lnk [2013/01/22 23:thirteen:26 | 000,731,040 | ---- | M] () -- C:\Windows\System32\perfh00C.dat [2013/01/22 23:13:26 | 000,642,796 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/01/22 23:xiii:26 | 000,149,808 | ---- | M] () -- C:\Windows\System32\perfc00C.dat [2013/01/22 23:13:26 | 000,123,634 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/01/07 thirteen:39:22 | 000,000,958 | ---- | M] () -- C:\Windows\beidgui.conf [2012/12/22 07:xxx:26 | 000,001,809 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012/12/21 05:54:59 | 000,000,946 | ---- | M] () -- C:\Users\XXXXXXXXXXXX\Awarding Data\Microsoft\Net Explorer\Quick Launch\Mozilla Firefox.lnk [2012/12/20 00:37:35 | 000,001,822 | ---- | M] () -- C:\Windows\System32\drivers\etc\nppBackup\hosts.2012-12-22_073026.bak [2012/12/20 00:37:35 | 000,001,822 | ---- | M] () -- C:\Windows\System32\drivers\etc\z\hosts [2012/12/fourteen 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012/eleven/17 12:54:58 | 000,001,174 | ---- | Chiliad] () -- C:\ProgramData\Microsoft\Windows\Start Carte du jour\Programs\Startup\ColorMunkiDesignTray.exe.lnk [2012/11/17 12:54:58 | 000,001,149 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ColorMunki Gamma.lnk [2012/10/09 09:40:25 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf [2012/09/24 20:57:17 | 000,000,489 | ---- | K] () -- C:\Users\XXXXXXXXXXXX\Desktop\Dossier.lnk   [color=#E56717]========== Files Created - No Visitor Name ==========[/colour]   [2013/03/23 06:15:33 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\thqusy.sys [2013/03/23 05:54:11 | 000,000,117 | ---- | C] () -- C:\Users\XXXXXXXXXXXX\Desktop\PROBLEME D'ONGLET QUI Southward'OUVRE TOUT SEUL  CommentCaMarche.URL [2013/03/23 03:06:52 | 000,305,082 | ---- | C] () -- C:\Users\XXXXXXXXXXXX\Desktop\05.jpg [2013/03/23 03:04:41 | 000,307,456 | ---- | C] () -- C:\Users\XXXXXXXXXXXX\Desktop\02.jpg [2013/03/23 02:52:17 | 000,301,850 | ---- | C] () -- C:\Users\XXXXXXXXXXXX\Desktop\01.jpg [2013/03/23 02:48:56 | 000,100,755 | ---- | C] () -- C:\Users\XXXXXXXXXXXX\Desktop\SKd_CJazMtwJpDCWznT1BoyggPSo7G8W_FdSPO-NSrs.jpeg [2013/03/23 02:46:50 | 000,115,292 | ---- | C] () -- C:\Users\XXXXXXXXXXXX\Desktop\fv7J3SEepW78nFUarlm1TVnrLySxXPRso9F3msGnxKc.jpeg [2013/03/nineteen 21:12:11 | 000,285,002 | ---- | C] () -- C:\Users\XXXXXXXXXXXX\Desktop\DSCN1446.JPG [2013/03/15 05:23:36 | 000,000,090 | ---- | C] () -- C:\Users\XXXXXXXXXXXX\Desktop\HTML5 Canvas Arc Tutorial.URL [2013/02/25 15:34:07 | 000,001,681 | ---- | C] () -- C:\Users\XXXXXXXXXXXX\Application Data\Microsoft\Internet Explorer\Quick Launch\PartyPoker.fr.lnk [2012/12/31 22:00:13 | 000,001,043 | ---- | C] () -- C:\Programme Files\Programs\Programs\Base\Windows\Startup\Dropbox.lnk [2012/12/21 05:54:59 | 000,000,946 | ---- | C] () -- C:\Users\XXXXXXXXXXXX\Awarding Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2012/12/21 05:54:59 | 000,000,934 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012/11/17 12:54:58 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ColorMunkiDesignTray.exe.lnk [2012/xi/17 12:54:58 | 000,001,149 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ColorMunki Gamma.lnk [2012/10/09 09:forty:25 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf [2012/10/01 xix:xi:07 | 000,001,439 | ---- | C] () -- C:\Users\XXXXXXXXXXXX\Desktop\Projet personnel.lnk [2012/09/24 20:57:17 | 000,000,489 | ---- | C] () -- C:\Users\XXXXXXXXXXXX\Desktop\Dossier.lnk [2012/08/03 21:ten:32 | 000,038,803 | ---- | C] () -- C:\Users\XXXXXXXXXXXX\aaa.jpg [2012/07/06 06:41:44 | 000,005,972 | ---- | C] () -- C:\Users\XXXXXXXXXXXX\AppData\Local\d3d9caps.dat [2012/06/13 xvi:53:34 | 000,000,952 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys [2012/06/xiii xvi:53:34 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\60F24DABEA.sys [2012/05/14 22:21:32 | 000,213,380 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2012/05/02 00:xviii:00 | 000,000,132 | ---- | C] () -- C:\Users\XXXXXXXXXXXX\AppData\Roaming\Adobe PNG Format CS5 Prefs [2012/04/21 22:54:41 | 000,001,456 | ---- | C] () -- C:\Users\XXXXXXXXXXXX\AppData\Local\Adobe Enregistrer pour le Web 12.0 Prefs [2012/04/xx sixteen:45:09 | 000,046,080 | ---- | C] () -- C:\Users\XXXXXXXXXXXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/04/20 xvi:14:40 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini [2011/12/07 06:53:24 | 004,770,816 | ---- | C] () -- C:\Windows\System32\x264vfw.dll [2011/07/12 14:56:50 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2011/06/28 11:18:42 | 000,073,728 | ---- | C] () -- C:\Windows\System32\belpicppgui.dll   [color=#E56717]========== ZeroAccess Bank check ==========[/color]   [2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini   [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]   [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]   [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2008/04/24 05:58:xx | 011,580,416 | ---- | 1000] (Microsoft Corporation) "ThreadingModel" = Apartment   [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2008/01/21 03:24:24 | 000,614,400 | ---- | Thousand] (Microsoft Corporation) "ThreadingModel" = Free   [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/01/21 03:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both   [color=#E56717]========== LOP Check ==========[/colour]   [2013/01/29 12:24:54 | 000,000,000 | ---D | K] -- C:\Users\XXXXXXXXXXXX\AppData\Roaming\Audacity [2012/06/xi 21:16:07 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXXXXXXX\AppData\Roaming\Autodesk [2013/02/26 15:34:44 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXXXXXXX\AppData\Roaming\Azureus [2013/02/25 xv:35:53 | 000,000,000 | ---D | Chiliad] -- C:\Users\XXXXXXXXXXXX\AppData\Roaming\cef-cache [2012/04/21 11:00:51 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXXXXXXX\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2013/03/23 01:21:12 | 000,000,000 | ---D | 1000] -- C:\Users\XXXXXXXXXXXX\AppData\Roaming\cubby [2013/03/23 05:34:21 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXXXXXXX\AppData\Roaming\Dropbox [2013/03/18 01:24:30 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXXXXXXX\AppData\Roaming\FileZilla [2012/04/21 22:41:30 | 000,000,000 | ---D | One thousand] -- C:\Users\XXXXXXXXXXXX\AppData\Roaming\iView [2012/04/20 21:04:40 | 000,000,000 | ---D | Chiliad] -- C:\Users\XXXXXXXXXXXX\AppData\Roaming\MAGIX [2012/09/08 01:59:24 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXXXXXXX\AppData\Roaming\ManyCam [2012/04/25 13:37:21 | 000,000,000 | ---D | Yard] -- C:\Users\XXXXXXXXXXXX\AppData\Roaming\Notepad++ [2012/04/27 08:19:fifty | 000,000,000 | ---D | Chiliad] -- C:\Users\XXXXXXXXXXXX\AppData\Roaming\OpenOffice.org [2012/04/22 22:44:53 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXXXXXXX\AppData\Roaming\Opera [2012/09/08 02:27:56 | 000,000,000 | ---D | 1000] -- C:\Users\XXXXXXXXXXXX\AppData\Roaming\Paltalk [2013/02/25 15:34:12 | 000,000,000 | ---D | G] -- C:\Users\XXXXXXXXXXXX\AppData\Roaming\PartyFrance [2012/06/12 01:59:44 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXXXXXXX\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012/09/24 xx:47:12 | 000,000,000 | ---D | Chiliad] -- C:\Users\XXXXXXXXXXXX\AppData\Roaming\Sublime Text 2 [2012/06/22 01:49:13 | 000,000,000 | ---D | One thousand] -- C:\Users\XXXXXXXXXXXX\AppData\Roaming\SystemRequirementsLab [2012/04/26 11:17:58 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXXXXXXX\AppData\Roaming\Thunderbird [2012/04/21 21:20:18 | 000,000,000 | ---D | K] -- C:\Users\XXXXXXXXXXXX\AppData\Roaming\VistaCodecs [2012/11/17 12:57:37 | 000,000,000 | ---D | Thou] -- C:\Users\XXXXXXXXXXXX\AppData\Roaming\X-Rite   [color=#E56717]========== Purity Check ==========[/color]      < End of study >                        

  
  

-
Edité par adobe 27 mars 2013 à i:x:09

26 mars 2013 à 20:52:32

Bonjour,

Tout ce que je pourrais conseiller et de mettre la base virale à jour puis scanner de nouveau le pc. Effectuer la même démarche avec Malwarebytes. Par curiosité, ces navigateurs northward'auraient-ils pas plus d'une adresse internet dans le champ réservé à la folio d'accueil ?

La sécurité informatique : forum.

[Virus] Onglet qui s'ouvre tout seul

× Après avoir cliqué sur "Répondre" vous serez invité à vous connecter cascade que votre message soit publié.

× Attention, ce sujet est très ancien. Le déterrer northward'est pas forcément approprié. Nous te conseillons de créer un nouveau sujet cascade poser ta question.

Vous north'avez pas les droits suffisant pour supprimer ce sujet !

×

Signaler le bulletin aux modérateurs

Source: https://openclassrooms.com/forum/sujet/virus-page-de-recherche-google-qui-s-ouvre-seule

Posted by: tuckerimpres.blogspot.com

Share this post