Publicités intempestives sur Google Chrome

Résolu/Fermé
Signaler
Messages postés
10
Date d'inscription
lundi 7 janvier 2013
Statut
Membre
Dernière intervention
11 février 2013
-
Messages postés
10
Date d'inscription
lundi 7 janvier 2013
Statut
Membre
Dernière intervention
11 février 2013
-
Bonjour,

Depuis quelques jours pleins de pubs envahissent mon ordinateur lorsque je navigue sur Google Chrome. Je n'avais jamais rencontré ce problème avant (je n'avais même jamais de pubs en utilisant " Winiti " et " Adblock".

J'ai donc téléchargé " Super Anti-spyware " et " Malwarebytes Anti-Malware " pour vérifier s'il ne s'agissait pas d'un virus ou d'un spam. Les analyses du système ayant montré qu'il y avait des virus, je les ai mis en quarantaine ou supprimés. Cependant, le problème persiste et je reçoit toujours autant de pubs.

Si quelqu'un a une solution, je suis preneur !
Merci d'avance !


Exemple de pubs reçues :

http://www.jeu-a-telecharger.com/mono-zuma-s- revenge/ptn=lpop&t2c=a0a45d33fb1e447307ab36a2895f9fa769bd,

https://www.flirt-x.co/pdv/694/?comfrom=130&cf0=pc&cf2=L0E9QFR41O-PJDfA2aIAAe-RedirRotation&cfsa2=&noPu=1&noexit=1

http://www.webcamo.com/ad2

12 réponses

Messages postés
180254
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
26 mars 2021
24 393
Salut,

Télécharge http://general-changelog-team.fr/telechargements/logiciels/viewdownload/75-outils-de-xplode/28-adwcleaner AdwCleaner ( d'Xplode ) sur ton bureau.
Lance le, clique sur [Suppression] puis patiente le temps du scan (Pas besoin de faire de Recherche avant).
Une fois le scan fini, un rapport s'ouvrira. Poste le contenu du rapport dans ta prochaine réponse.

Note : Le rapport est également sauvegardé sous C:\AdwCleaner[S1].txt
Messages postés
10
Date d'inscription
lundi 7 janvier 2013
Statut
Membre
Dernière intervention
11 février 2013

# AdwCleaner v2.002 - Rapport créé le 11/02/2013 à 11:32:22
# Mis à jour le 16/09/2012 par Xplode
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (32 bits)
# Nom d'utilisateur : Pierre - PC-DE-PIERRE
# Mode de démarrage : Normal
# Exécuté depuis : C:\Users\Pierre\Downloads\adwcleaner.exe
# Option [Suppression]


***** [Services] *****


***** [Fichiers / Dossiers] *****


***** [Registre] *****


***** [Navigateurs] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Le registre ne contient aucune entrée illégitime.

-\\ Mozilla Firefox v [Impossible d'obtenir la version]

Nom du profil : default
Fichier : C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\ohlshjt9.default\prefs.js

[OK] Le fichier ne contient aucune entrée illégitime.

-\\ Google Chrome v24.0.1312.57

Fichier : C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Le fichier ne contient aucune entrée illégitime.

*************************

AdwCleaner[S1].txt - [12105 octets] - [23/09/2012 13:05:06]
AdwCleaner[R1].txt - [7197 octets] - [10/02/2013 19:06:57]
AdwCleaner[S2].txt - [370 octets] - [10/02/2013 19:07:25]
AdwCleaner[S3].txt - [2769 octets] - [10/02/2013 19:20:20]
AdwCleaner[R2].txt - [6087 octets] - [11/02/2013 11:29:59]
AdwCleaner[S4].txt - [370 octets] - [11/02/2013 11:30:18]
AdwCleaner[S5].txt - [1368 octets] - [11/02/2013 11:32:22]

########## EOF - C:\AdwCleaner[S5].txt - [1428 octets] ##########
Messages postés
180254
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
26 mars 2021
24 393
Sur Google Chrome, sur le menu en haut à droite
=> Outils / Extensions

Fais une capture d'écran de la liste des extensions : https://www.commentcamarche.net/faq/398-comment-faire-une-capture-d-ecran

puis :

Faire un scan OTL pour diagnostiquer les programmes qui tournent et déceler des infections :

Tu peux suivre les indications de cette page pour t'aider : https://www.malekal.com/tutorial-otl/

* Télécharge http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/ sur ton bureau.
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)

Dans le cas d'Avast!, ne pas lancer le programme dans la Sandbox (voir lien d'aide ci-dessus).

* Lance OTL
* En haut à droite de Analyse rapide, coche "tous les utilisateurs"
* Sur OTL, sous Personnalisation, copie-colle le script ci-dessous :



netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%temp%\.exe /s
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
%systemroot%\system32\consrv.dll
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
/md5start
explorer.exe
winlogon.exe
wininit.exe
/md5stop
HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32 /s
HKEY_LOCAL_MACHINE\SYSTEM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList /s
CREATERESTOREPOINT
nslookup www.google.fr /c
SAVEMBR:0
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs




* Clique sur le bouton Analyse.

NE PAS COPIER/COLLER LE RAPPORT ICI - DONNER LE LIEN PJJOINT
* Quand le scan est fini, utilise le site http://pjjoint.malekal.com/ pour envoyer le rapport OTL.txt (et Extra.txt si présent), donne le ou les liens pjjoint qui pointent vers ces rapports ici dans un nouveau message.
NE PAS COPIER/COLLER LE RAPPORT ICI - DONNER LE LIEN PJJOINT
Messages postés
10
Date d'inscription
lundi 7 janvier 2013
Statut
Membre
Dernière intervention
11 février 2013

Messages postés
180254
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
26 mars 2021
24 393
Y a du boulot.

AdwCleaner n'était pas à jour.
Du coup, il a pas viré tous les programmes parasites.
En outre, tu as aussi Lollipop qui est un adware.
Je soupçonne aussi que tu aies une infection qui t'es volé tes mots de passe.

SuperAntispyware est inefficace, désinstalle.
Tu as déjà Malwarebyte, ça suffit bien.

Avast! n'est pas du tout à jour, donc protège moins bien.
Faudra le mettre à jour : https://www.malekal.com/tutoriel-antivirus-avast/



Relance OTL.
o sous Persfonnalisation (Custom Scan), copie_colle le contenu du cadre ci dessous (bien prendre :OTL en début).
Clic Correction (Fix), un rapport apparraitra, copie/colle le contenu ici:

:OTL
O4 - HKU\S-1-5-21-2828438378-3130121758-2067298906-1000..\Run: [Chat-Landmessenger] C:\Users\Pierre\chat-land\Chat-Landmessenger.exe File not found
[2013/01/24 18:41:38 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\Lollipop
[2013/02/11 10:03:25 | 000,001,101 | ---- | C] () -- C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lollipop.lnk
[2012/01/07 12:17:36 | 000,000,007 | ---- | C] () -- C:\Users\Pierre\binternetNET7.1_12.17
[2011/11/27 20:59:12 | 000,000,000 | ---- | C] () -- C:\Users\Pierre\AppData\Local\{DD0E7BC5-E67B-4A52-A8EF-0FE7957219CF}
[2011/11/11 13:23:04 | 000,000,011 | ---- | C] () -- C:\Users\Pierre\logie
[2011/11/11 13:23:04 | 000,000,011 | ---- | C] () -- C:\Users\Pierre\logff
[2011/11/10 23:15:54 | 000,000,000 | ---- | C] () -- C:\Users\Pierre\tmp1.21
O4 - Startup: C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lollipop.lnk = C:\Users\Pierre\AppData\Local\Lollipop\lollipop.exe ()
IE - HKU\S-1-5-21-2828438378-3130121758-2067298906-1000\..\URLSearchHook: {8e5025c2-8ea3-430d-80b8-a14151068a6d} - No CLSID value found
IE - HKU\S-1-5-21-2828438378-3130121758-2067298906-1000\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
CHR - Extension: https://outlook.live.com/owa/ = C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\nangjmijgboblcmlpeedobafiohnalci\2012.12.2.42184_0\

* redemarre le pc sous windows et poste le rapport ici

~~

Si le problème contenu, fais une capture d'écran des extensions sur le navigateur où le prb se pose
=> https://www.commentcamarche.net/faq/398-comment-faire-une-capture-d-ecran
Messages postés
10
Date d'inscription
lundi 7 janvier 2013
Statut
Membre
Dernière intervention
11 février 2013

OTL logfile created on: 11/02/2013 19:03:47 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pierre\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,97 Gb Total Physical Memory | 1,02 Gb Available Physical Memory | 34,37% Memory free
5,93 Gb Paging File | 3,38 Gb Available in Paging File | 56,98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 434,51 Gb Total Space | 98,02 Gb Free Space | 22,56% Space Free | Partition Type: NTFS
Drive D: | 31,23 Gb Total Space | 16,71 Gb Free Space | 53,49% Space Free | Partition Type: FAT32

Computer Name: PC-DE-PIERRE | User Name: Pierre | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2013/02/11 19:00:20 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Users\Pierre\AppData\Local\Temp\GUMB4BE.tmp\GoogleUpdate.exe
PRC - [2013/02/11 19:00:08 | 000,751,312 | ---- | M] (Google Inc.) -- C:\Users\Pierre\AppData\Local\Temp\_av_sfx.tm~a05136\gdrive_setup_13606056081684.exe
PRC - [2013/02/11 18:59:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pierre\Downloads\OTL (2).exe
PRC - [2013/02/11 18:57:14 | 002,792,928 | ---- | M] (AVAST Software) -- C:\Users\Pierre\AppData\Local\Temp\_av_sfx.tm~a05136\aswOfferTool.exe
PRC - [2013/02/11 18:57:13 | 006,527,128 | ---- | M] (AVAST Software) -- C:\Users\Pierre\AppData\Local\Temp\_av_sfx.tm~a05136\avast.setup
PRC - [2013/02/11 18:57:07 | 097,565,024 | ---- | M] () -- C:\Users\Pierre\Downloads\avast_free_antivirus_setup.exe
PRC - [2013/02/11 10:03:15 | 001,657,856 | ---- | M] () -- C:\Users\Pierre\AppData\Local\Lollipop\lollipop.exe
PRC - [2012/12/18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/11/23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/09/16 21:29:21 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2012/09/08 04:58:46 | 000,731,288 | ---- | M] (Google Inc.) -- C:\Users\Pierre\AppData\Local\Temp\GoogleUpdateSetup_1.3.21.89.exe
PRC - [2012/06/03 15:07:31 | 000,399,224 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2012/01/20 20:03:48 | 000,719,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2011/10/14 17:47:24 | 000,526,192 | ---- | M] () -- C:\Program Files\6PEO\Winiti\Winiti.exe
PRC - [2011/03/10 19:57:04 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/08/12 16:06:46 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Common Files\Nuance\dgnsvc.exe
PRC - [2009/10/29 07:45:52 | 000,122,880 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
PRC - [2009/08/05 15:08:40 | 000,413,696 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WButton.exe
PRC - [2009/07/29 01:35:56 | 000,450,660 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/07/29 01:35:56 | 000,217,178 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\STacSV.exe
PRC - [2009/07/23 22:19:56 | 000,460,128 | ---- | M] () -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
PRC - [2009/07/23 22:19:56 | 000,185,696 | ---- | M] () -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
PRC - [2009/07/23 22:19:48 | 000,230,632 | ---- | M] (CyberLink Corp.) -- C:\Program Files\HomeCinema\TV Enhance\TVEService.exe
PRC - [2009/07/07 09:44:44 | 000,343,552 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\OSD.exe
PRC - [2009/04/10 15:46:26 | 000,191,488 | ---- | M] (Wistron) -- C:\Program Files\Launch Manager\HotkeyApp.exe
PRC - [2009/03/05 17:54:50 | 000,311,296 | ---- | M] () -- C:\Windows\System32\Rezip.exe
PRC - [2009/03/04 08:27:42 | 000,113,152 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WisLMSvc.exe
PRC - [2009/02/11 16:38:40 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2009/02/11 16:38:38 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/08/28 14:03:22 | 000,233,472 | ---- | M] () -- C:\Windows\tsnp2uvc.exe
PRC - [2008/02/28 17:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007/07/24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2001/11/12 13:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2013/02/11 19:00:09 | 000,011,264 | ---- | M] () -- C:\Users\Pierre\AppData\Local\Temp\nse8C29.tmp\System.dll
MOD - [2013/02/11 18:57:07 | 097,565,024 | ---- | M] () -- C:\Users\Pierre\Downloads\avast_free_antivirus_setup.exe
MOD - [2013/02/11 10:03:15 | 001,657,856 | ---- | M] () -- C:\Users\Pierre\AppData\Local\Lollipop\lollipop.exe
MOD - [2013/02/08 17:14:24 | 012,459,888 | ---- | M] () -- C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.139\pepflashplayer.dll
MOD - [2013/01/26 03:35:06 | 000,460,240 | ---- | M] () -- C:\Users\Pierre\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
MOD - [2013/01/26 03:35:04 | 004,012,496 | ---- | M] () -- C:\Users\Pierre\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
MOD - [2013/01/26 03:34:19 | 000,597,968 | ---- | M] () -- C:\Users\Pierre\AppData\Local\Google\Chrome\Application\24.0.1312.57\libglesv2.dll
MOD - [2013/01/26 03:34:18 | 000,124,368 | ---- | M] () -- C:\Users\Pierre\AppData\Local\Google\Chrome\Application\24.0.1312.57\libegl.dll
MOD - [2013/01/26 03:34:16 | 001,552,848 | ---- | M] () -- C:\Users\Pierre\AppData\Local\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll
MOD - [2012/08/27 20:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 20:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/10/14 17:47:24 | 000,526,192 | ---- | M] () -- C:\Program Files\6PEO\Winiti\Winiti.exe
MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2010/01/27 16:50:19 | 000,103,424 | ---- | M] () -- C:\Program Files\Google\Quick Search Box\bin\1.2.1151.245\rlz.dll
MOD - [2009/07/23 22:19:58 | 000,308,584 | ---- | M] () -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\CLCapEngine.dll
MOD - [2009/07/23 22:19:58 | 000,042,216 | ---- | M] () -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\CLCapSvcps.dll
MOD - [2009/07/23 22:19:58 | 000,034,024 | ---- | M] () -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\CLSchedps.dll
MOD - [2008/08/28 14:03:22 | 000,233,472 | ---- | M] () -- C:\Windows\tsnp2uvc.exe


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - [2012/12/18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/09/20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/05/26 13:34:34 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/10 19:57:04 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2010/08/12 16:06:46 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Nuance\dgnsvc.exe -- (DragonSvc)
SRV - [2010/05/21 11:40:11 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/29 01:35:56 | 000,217,178 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\STacSV.exe -- (STacSV)
SRV - [2009/07/23 22:19:56 | 000,460,128 | ---- | M] () [Auto | Running] -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe -- (TVECapSvc)
SRV - [2009/07/23 22:19:56 | 000,185,696 | ---- | M] () [Auto | Running] -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe -- (TVESched)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009/03/05 17:54:50 | 000,311,296 | ---- | M] () [Auto | Running] -- C:\Windows\System32\Rezip.exe -- (Rezip)
SRV - [2009/03/04 08:27:42 | 000,113,152 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2009/02/11 16:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON)
SRV - [2007/07/24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2001/11/12 13:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/10/30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 23:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/10/30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/10/15 17:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Unknown] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2009/07/29 01:35:56 | 000,407,040 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/07/01 22:29:00 | 009,786,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/06/26 14:55:12 | 000,066,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009/04/28 17:06:00 | 000,496,640 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2009/03/12 15:11:12 | 000,113,504 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/12/29 17:06:54 | 001,799,808 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2008/10/28 14:48:24 | 000,027,160 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.aldi.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = https://www.google.com/webhp?gws_rd=ssl{searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-2828438378-3130121758-2067298906-1000\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = https://www.google.com/?gws_rd=ssl
IE - HKU\S-1-5-21-2828438378-3130121758-2067298906-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.com/?gws_rd=ssl
IE - HKU\S-1-5-21-2828438378-3130121758-2067298906-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.google.com/?gws_rd=ssl
IE - HKU\S-1-5-21-2828438378-3130121758-2067298906-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = https://www.google.com/?gws_rd=ssl
IE - HKU\S-1-5-21-2828438378-3130121758-2067298906-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?gws_rd=ssl
IE - HKU\S-1-5-21-2828438378-3130121758-2067298906-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/?gws_rd=ssl
IE - HKU\S-1-5-21-2828438378-3130121758-2067298906-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2828438378-3130121758-2067298906-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = https://www.google.com/?gws_rd=ssl
IE - HKU\S-1-5-21-2828438378-3130121758-2067298906-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = https://www.google.com/?gws_rd=ssl
IE - HKU\S-1-5-21-2828438378-3130121758-2067298906-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
IE - HKU\S-1-5-21-2828438378-3130121758-2067298906-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_bak = https://www.google.com/?gws_rd=ssl
IE - HKU\S-1-5-21-2828438378-3130121758-2067298906-1000\..\URLSearchHook: {8e5025c2-8ea3-430d-80b8-a14151068a6d} - No CLSID value found
IE - HKU\S-1-5-21-2828438378-3130121758-2067298906-1000\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2828438378-3130121758-2067298906-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2828438378-3130121758-2067298906-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2828438378-3130121758-2067298906-1000\..\SearchScopes\{15F6BB2E-AC5D-4119-ADAE-0B424D1A5D5F}: "URL" = http://fruttisearch.com/search.php?q={SearchTerms}
IE - HKU\S-1-5-21-2828438378-3130121758-2067298906-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2828438378-3130121758-2067298906-1000\..\SearchScopes\{8051C39D-2C82-4C93-AAD3-201DECFA7B43}: "URL" = https://www.bing.com/?scope=web&mkt=fr-FR&FORM=MEDBDF&pc=MAMD{searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-2828438378-3130121758-2067298906-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2828438378-3130121758-2067298906-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-2828438378-3130121758-2067298906-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://www.winiti.net/f3626652-aee7-4bb5-bed3-787cc821aee1

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..keyword.URL: ""
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Pierre\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Pierre\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Pierre\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Pierre\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Pierre\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)


[2010/02/15 22:59:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pierre\AppData\Roaming\mozilla\Extensions
[2013/02/10 19:20:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pierre\AppData\Roaming\mozilla\Firefox\Profiles\ohlshjt9.default\extensions
[2010/02/15 22:59:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Pierre\AppData\Roaming\mozilla\Firefox\Profiles\ohlshjt9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[color=#E56717]========== Chrome ==========[/color]

CHR - homepage: https://www.google.com/?gws_rd=ssl
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://www.google.com/?gws_rd=ssl
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Pierre\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Pierre\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Pierre\AppData\Local\Google\Chrome\Application\24.0.1312.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Pierre\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: AdBlock = C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.58_0\
CHR - Extension: https://outlook.live.com/owa/ = C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\nangjmijgboblcmlpeedobafiohnalci\2012.12.2.42184_0\

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5825.1100\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-2828438378-3130121758-2067298906-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files\Nuance\NaturallySpeaking11\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe ()
O4 - HKLM..\Run: [TVEService] C:\Program Files\HomeCinema\TV Enhance\TVEService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron Corp.)
O4 - HKU\S-1-5-21-2828438378-3130121758-2067298906-1000..\Run: [Chat-Landmessenger] C:\Users\Pierre\chat-land\Chat-Landmessenger.exe File not found
O4 - HKU\S-1-5-21-2828438378-3130121758-2067298906-1000..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-21-2828438378-3130121758-2067298906-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-2828438378-3130121758-2067298906-1000..\Run: [lollipop] c:\users\pierre\appdata\local\lollipop\lollipop.exe ()
O4 - HKU\S-1-5-21-2828438378-3130121758-2067298906-1000..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-2828438378-3130121758-2067298906-1000..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-2828438378-3130121758-2067298906-1000..\Run: [WinitiHelper] C:\Program Files\6PEO\Winiti\Winiti.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lollipop.lnk = C:\Users\Pierre\AppData\Local\Lollipop\lollipop.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: &Envoyer à OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_674125AABFE11C21.dll (Google Inc.)
O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{123E93CC-8F01-4A25-A910-D43FEF06EF7A}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Users\Pierre\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Pierre\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/08/21 11:50:32 | 000,000,672 | RH-- | M] () - D:\autoexec.bat -- [ FAT32 ]
O33 - MountPoints2\{b945c543-0733-11e2-ab73-001f1628a2ef}\Shell - "" = AutoRun
O33 - MountPoints2\{b945c543-0733-11e2-ab73-001f1628a2ef}\Shell\AutoRun\command - "" = SetupLauncher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2013/02/11 19:00:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/02/11 19:00:07 | 000,361,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/02/11 19:00:07 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013/02/11 19:00:04 | 000,044,784 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013/02/11 19:00:02 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/02/11 19:00:01 | 000,738,504 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/02/11 19:00:00 | 000,058,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/02/11 18:59:02 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/02/11 18:59:00 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013/02/11 18:58:43 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/02/11 18:58:43 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/02/10 15:13:58 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Roaming\FIXIO PC Utilities
[2013/02/10 15:13:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/02/10 15:13:36 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/02/10 15:13:20 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\Programs
[2013/02/09 21:38:46 | 000,000,000 | ---D | C] -- C:\Users\Pierre\Desktop\Exposé
[2013/01/24 18:41:38 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\Lollipop
[2013/01/23 14:15:02 | 000,000,000 | ---D | C] -- C:\Users\Pierre\Desktop\REGGAE COMPILATIONS
[2013/01/22 00:45:04 | 000,000,000 | ---D | C] -- C:\Users\Pierre\Documents\Nero
[3 C:\Users\Pierre\*.tmp files -> C:\Users\Pierre\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Pierre\Desktop\*.tmp files -> C:\Users\Pierre\Desktop\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2013/02/11 19:00:08 | 000,002,119 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/02/11 19:00:00 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/02/11 18:59:09 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/11 18:56:46 | 000,006,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/11 18:56:46 | 000,006,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/11 18:54:01 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2828438378-3130121758-2067298906-1000UA.job
[2013/02/11 18:49:56 | 000,000,294 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2013/02/11 18:49:40 | 000,151,552 | ---- | M] () -- C:\Windows\KMSEmulator.exe
[2013/02/11 18:49:38 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/11 18:49:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/11 18:48:58 | 2388,291,584 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/11 18:36:15 | 000,001,101 | ---- | M] () -- C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lollipop.lnk
[2013/02/11 17:56:51 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2013/02/10 15:13:42 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/10 11:03:36 | 002,417,130 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2013/02/10 11:03:36 | 001,142,758 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/02/10 11:03:36 | 000,707,300 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2013/02/10 11:03:35 | 000,610,482 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/02/10 10:08:51 | 000,000,885 | ---- | M] () -- C:\Users\Pierre\Desktop\Google Traduction.url
[2013/02/09 15:21:51 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Pierre.job
[2013/02/06 18:55:01 | 000,601,809 | ---- | M] () -- C:\Users\Pierre\Desktop\recettes cocktails.jpg
[2013/02/06 06:54:00 | 000,001,030 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2828438378-3130121758-2067298906-1000Core.job
[2013/02/01 19:51:12 | 000,000,068 | ---- | M] () -- C:\Users\Pierre\Desktop\Capet économie gestion.url
[2013/01/31 19:23:04 | 000,002,381 | ---- | M] () -- C:\Users\Pierre\Desktop\Google Chrome.lnk
[2013/01/28 18:32:01 | 000,068,289 | ---- | M] () -- C:\Users\Pierre\Desktop\phillip_come2.jpg
[2013/01/27 11:41:23 | 000,000,068 | ---- | M] () -- C:\Users\Pierre\Desktop\Culture - Jah Jah See Dem A Come -Lyrics- - YouTube.url
[2013/01/25 13:58:17 | 000,100,929 | ---- | M] () -- C:\Users\Pierre\Desktop\Sans titre.png
[2013/01/25 13:58:17 | 000,100,929 | ---- | M] () -- C:\Users\Pierre\Desktop\Sans titre - Copie.png
[2013/01/22 00:44:39 | 000,024,926 | ---- | M] () -- C:\Users\Pierre\Desktop\shacklesandchains.jpg
[2013/01/20 20:36:35 | 000,016,706 | ---- | M] () -- C:\Users\Pierre\Desktop\EDT L1 DROIT SEMESTRE 2 2012-2013 (1).pdf
[3 C:\Users\Pierre\*.tmp files -> C:\Users\Pierre\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Pierre\Desktop\*.tmp files -> C:\Users\Pierre\Desktop\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2013/02/11 19:00:08 | 000,002,119 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/02/11 17:56:50 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2013/02/11 10:03:25 | 000,001,101 | ---- | C] () -- C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lollipop.lnk
[2013/02/10 15:13:42 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/10 10:08:51 | 000,000,885 | ---- | C] () -- C:\Users\Pierre\Desktop\Google Traduction.url
[2013/02/06 18:55:00 | 000,601,809 | ---- | C] () -- C:\Users\Pierre\Desktop\recettes cocktails.jpg
[2013/02/01 19:51:12 | 000,000,068 | ---- | C] () -- C:\Users\Pierre\Desktop\Capet économie gestion.url
[2013/01/28 18:31:55 | 000,068,289 | ---- | C] () -- C:\Users\Pierre\Desktop\phillip_come2.jpg
[2013/01/27 11:41:23 | 000,000,068 | ---- | C] () -- C:\Users\Pierre\Desktop\Culture - Jah Jah See Dem A Come -Lyrics- - YouTube.url
[2013/01/25 13:49:28 | 000,100,929 | ---- | C] () -- C:\Users\Pierre\Desktop\Sans titre - Copie.png
[2013/01/25 13:31:30 | 000,100,929 | ---- | C] () -- C:\Users\Pierre\Desktop\Sans titre.png
[2013/01/22 00:44:39 | 000,024,926 | ---- | C] () -- C:\Users\Pierre\Desktop\shacklesandchains.jpg
[2013/01/20 20:36:34 | 000,016,706 | ---- | C] () -- C:\Users\Pierre\Desktop\EDT L1 DROIT SEMESTRE 2 2012-2013 (1).pdf
[2012/09/11 16:35:28 | 000,151,552 | ---- | C] () -- C:\Windows\KMSEmulator.exe
[2012/01/07 12:17:36 | 000,000,007 | ---- | C] () -- C:\Users\Pierre\binternetNET7.1_12.17
[2011/11/27 20:59:12 | 000,000,000 | ---- | C] () -- C:\Users\Pierre\AppData\Local\{DD0E7BC5-E67B-4A52-A8EF-0FE7957219CF}
[2011/11/11 13:23:04 | 000,000,011 | ---- | C] () -- C:\Users\Pierre\logie
[2011/11/11 13:23:04 | 000,000,011 | ---- | C] () -- C:\Users\Pierre\logff
[2011/11/10 23:15:54 | 000,000,000 | ---- | C] () -- C:\Users\Pierre\tmp1.21
[2011/10/07 21:14:48 | 000,000,017 | ---- | C] () -- C:\Users\Pierre\AppData\Local\resmon.resmoncfg
[2010/12/25 00:01:36 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/09/02 16:24:34 | 000,000,016 | ---- | C] () -- C:\Users\Pierre\AppData\Roaming\hngmfc.dat
[2010/09/02 16:24:24 | 000,000,004 | ---- | C] () -- C:\Users\Pierre\AppData\Roaming\avdrn.dat
[2010/02/16 11:25:59 | 000,008,704 | ---- | C] () -- C:\Users\Pierre\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/15 23:29:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/10/21 13:52:23 | 000,000,942 | ---- | C] () -- C:\Users\Pierre\AppData\Roaming\wklnhst.dat

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[color=#E56717]========== LOP Check ==========[/color]

[2012/09/25 19:14:37 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\DAEMON Tools Lite
[2013/02/10 15:13:58 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\FIXIO PC Utilities
[2010/02/15 22:59:09 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\FreeAudioPack
[2012/04/09 22:39:22 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\FreeCDRipper
[2011/02/03 18:38:47 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\FrostWire
[2012/09/11 17:46:48 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\KC Softwares
[2010/11/24 13:35:11 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\LimeWire
[2012/09/23 21:09:27 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\Nuance
[2010/02/16 12:06:24 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\Template
[2012/05/08 16:07:44 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\Unity
[2013/02/11 19:15:37 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\uTorrent
[2009/10/14 20:06:32 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\Windows Live Writer
[2012/09/21 18:51:05 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\YourFileDownloader

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< :OTL >[/color]
[2009/07/14 05:53:46 | 000,032,482 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/07/14 05:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/12/03 19:11:45 | 000,001,052 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2009/12/03 19:11:46 | 000,001,056 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2010/08/30 19:41:46 | 000,001,030 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2828438378-3130121758-2067298906-1000Core.job
[2010/08/30 19:41:47 | 000,001,082 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2828438378-3130121758-2067298906-1000UA.job
[2011/08/22 10:02:44 | 000,000,438 | -H-- | C] () -- C:\Windows\Tasks\Norton Security Scan for Pierre.job
[2012/09/10 19:09:24 | 000,000,294 | ---- | C] () -- C:\Windows\Tasks\AutoKMS.job

[color=#A23BEC]< O4 - HKU\S-1-5-21-2828438378-3130121758-2067298906-1000..\Run: [Chat-Landmessenger] C:\Users\Pierre\chat-land\Chat-Landmessenger.exe File not found >[/color]

[color=#A23BEC]< [2013/01/24 18:41:38 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\Lollipop >[/color]
Invalid Switch: 24 18:41:38 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\Lollipop

[color=#A23BEC]< [2013/02/11 10:03:25 | 000,001,101 | ---- | C] () -- C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lollipop.lnk >[/color]
Invalid Switch: 11 10:03:25 | 000,001,101 | ---- | C] () -- C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lollipop.lnk

[color=#A23BEC]< [2012/01/07 12:17:36 | 000,000,007 | ---- | C] () -- C:\Users\Pierre\binternetNET7.1_12.17 >[/color]
Invalid Switch: 07 12:17:36 | 000,000,007 | ---- | C] () -- C:\Users\Pierre\binternetNET7.1_12.17

[color=#A23BEC]< [2011/11/27 20:59:12 | 000,000,000 | ---- | C] () -- C:\Users\Pierre\AppData\Local\{DD0E7BC5-E67B-4A52-A8EF-0FE7957219CF} >[/color]
Invalid Switch: 27 20:59:12 | 000,000,000 | ---- | C] () -- C:\Users\Pierre\AppData\Local\{DD0E7BC5-E67B-4A52-A8EF-0FE7957219CF}

[color=#A23BEC]< [2011/11/11 13:23:04 | 000,000,011 | ---- | C] () -- C:\Users\Pierre\logie >[/color]
Invalid Switch: 11 13:23:04 | 000,000,011 | ---- | C] () -- C:\Users\Pierre\logie

[color=#A23BEC]< [2011/11/11 13:23:04 | 000,000,011 | ---- | C] () -- C:\Users\Pierre\logff >[/color]
Invalid Switch: 11 13:23:04 | 000,000,011 | ---- | C] () -- C:\Users\Pierre\logff

[color=#A23BEC]< [2011/11/10 23:15:54 | 000,000,000 | ---- | C] () -- C:\Users\Pierre\tmp1.21 >[/color]
Invalid Switch: 10 23:15:54 | 000,000,000 | ---- | C] () -- C:\Users\Pierre\tmp1.21

[color=#A23BEC]< O4 - Startup: C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lollipop.lnk = C:\Users\Pierre\AppData\Local\Lollipop\lollipop.exe () >[/color]

[color=#A23BEC]< IE - HKU\S-1-5-21-2828438378-3130121758-2067298906-1000\..\URLSearchHook: {8e5025c2-8ea3-430d-80b8-a14151068a6d} - No CLSID value found >[/color]

[color=#A23BEC]< IE - HKU\S-1-5-21-2828438378-3130121758-2067298906-1000\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} >[/color]

[color=#A23BEC]< CHR - Extension: https://outlook.live.com/owa/ = C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\nangjmijgboblcmlpeedobafiohnalci\2012.12.2.42184_0\ >[/color]
Invalid Switch: = C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\nangjmijgboblcmlpeedobafiohnalci\2012.12.2.42184_0\

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:7FFED16F

< End of report >
Messages postés
180254
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
26 mars 2021
24 393
T'as refait un scan et non une suppression.
Relire.
Messages postés
10
Date d'inscription
lundi 7 janvier 2013
Statut
Membre
Dernière intervention
11 février 2013

En effet je me suis trompé !

Voilà le rapport :


========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-2828438378-3130121758-2067298906-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Chat-Landmessenger deleted successfully.
C:\Users\Pierre\AppData\Local\Lollipop folder moved successfully.
C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lollipop.lnk moved successfully.
C:\Users\Pierre\binternetNET7.1_12.17 moved successfully.
C:\Users\Pierre\AppData\Local\{DD0E7BC5-E67B-4A52-A8EF-0FE7957219CF} moved successfully.
C:\Users\Pierre\logie moved successfully.
C:\Users\Pierre\logff moved successfully.
C:\Users\Pierre\tmp1.21 moved successfully.
File move failed. C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lollipop.lnk scheduled to be moved on reboot.
File C:\Users\Pierre\AppData\Local\Lollipop\lollipop.exe not found.
Registry value HKEY_USERS\S-1-5-21-2828438378-3130121758-2067298906-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{8e5025c2-8ea3-430d-80b8-a14151068a6d} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\ not found.
HKEY_USERS\S-1-5-21-2828438378-3130121758-2067298906-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\nangjmijgboblcmlpeedobafiohnalci\2012.12.2.42184_0\icons folder moved successfully.
C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\nangjmijgboblcmlpeedobafiohnalci\2012.12.2.42184_0 folder moved successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 02112013_192305

Files\Folders moved on Reboot...
File\Folder C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lollipop.lnk not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Messages postés
180254
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
26 mars 2021
24 393
Ca donne quoi les liens forcés avec les pubs ?
Messages postés
10
Date d'inscription
lundi 7 janvier 2013
Statut
Membre
Dernière intervention
11 février 2013

Je viens de naviguer sur le net et pour l'instant je n'ai pas vu de pubs.
Le problème est résolu ?
Messages postés
180254
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
26 mars 2021
24 393
yup, le responsable était Lollipop


Attention à ce que tu installes :
Des logiciels additionnels sont proposés (barre d'outils, adwares) via l'installation de logiciel gratuit en général ou via certains sites de téléchargement comme Softonic ou 01Net.
L'éditeur touche de l'argent à chaque installation réussie de ces programmes additionnels (un genre de sponsoring), ton PC se retrouve avec des barres d'outils qui ralentissent le navigateur ou des adwares qui ouvrent des popups de publicités.
Les barres d'outils sont là pour t'affilier à un service (moteur de recherche de Yahoo! ou Google), ça rajoute des fonctionnalités mais en général les navigateurs les ont par défaut.
De plus, elles enregistrent les sites que tu visites pour les transmettre (tracking) à faire de la publicité ciblée, c'est pas super niveau protection de la vie privée.
Plusieurs toolbars ralentissent le PC et peuvent faire planter les navigateurs WEB.
Au final, il est pas conseillé d'en utiliser.

Enfin l'accumulation de ces programmes ralentissent l'ordinateur/navigateur WEB.

Ces programmes additionnels sont proposées à l'installation de programmes et très souvent ces ajouts sont précochés. C'est notamment le cas sur 01net et Softonic qu'ils est conseillé d'éviter comme sites de téléchargement.
Dès lors, lorsque tu installes un programme, lis bien ce qui est proposé car tu risques d'installer des barres d'outils sans le savoir.


Lire Les PUPs/LPIs : https://www.malekal.com/adwares-pup-protection/

Tu peux installer ce programme pour filtrer ces PUPs/Adwares les plus fréquents avec HOSTS Anti-PUPs/Adwares : http://www.malekal.com/2012/01/10/hosts-anti-pupsadware/

Messages postés
10
Date d'inscription
lundi 7 janvier 2013
Statut
Membre
Dernière intervention
11 février 2013

Merci beaucoup pour ton aide !
Je n'ai plus de Pubs et l'ordi rame beaucoup moins !
Bonne soirée et encore merci !