Publicités intempestives sur Google Chrome

Résolu
Elmanfaga Messages postés 10 Statut Membre -  
Elmanfaga Messages postés 10 Statut Membre -
Bonjour,

Depuis quelques jours pleins de pubs envahissent mon ordinateur lorsque je navigue sur Google Chrome. Je n'avais jamais rencontré ce problème avant (je n'avais même jamais de pubs en utilisant " Winiti " et " Adblock".

J'ai donc téléchargé " Super Anti-spyware " et " Malwarebytes Anti-Malware " pour vérifier s'il ne s'agissait pas d'un virus ou d'un spam. Les analyses du système ayant montré qu'il y avait des virus, je les ai mis en quarantaine ou supprimés. Cependant, le problème persiste et je reçoit toujours autant de pubs.

Si quelqu'un a une solution, je suis preneur !
Merci d'avance !

Exemple de pubs reçues :

http://www.jeu-a-telecharger.com/mono-zuma-s- revenge/ptn=lpop&t2c=a0a45d33fb1e447307ab36a2895f9fa769bd,

https://www.flirt-x.co/pdv/694/?comfrom=130&cf0=pc&cf2=L0E9QFR41O-PJDfA2aIAAe-RedirRotation&cfsa2=&noPu=1&noexit=1

http://www.webcamo.com/ad2

12 réponses

  1. Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 712
     
    Salut,

    Télécharge http://general-changelog-team.fr/telechargements/logiciels/viewdownload/75-outils-de-xplode/28-adwcleaner AdwCleaner ( d'Xplode ) sur ton bureau.
    Lance le, clique sur [Suppression] puis patiente le temps du scan (Pas besoin de faire de Recherche avant).
    Une fois le scan fini, un rapport s'ouvrira. Poste le contenu du rapport dans ta prochaine réponse.

    Note : Le rapport est également sauvegardé sous C:\AdwCleaner[S1].txt
    0
  2. Elmanfaga Messages postés 10 Statut Membre
     
    # AdwCleaner v2.002 - Rapport créé le 11/02/2013 à 11:32:22
    # Mis à jour le 16/09/2012 par Xplode
    # Système d'exploitation : Windows 7 Home Premium Service Pack 1 (32 bits)
    # Nom d'utilisateur : Pierre - PC-DE-PIERRE
    # Mode de démarrage : Normal
    # Exécuté depuis : C:\Users\Pierre\Downloads\adwcleaner.exe
    # Option [Suppression]

    ***** [Services] *****

    ***** [Fichiers / Dossiers] *****

    ***** [Registre] *****

    ***** [Navigateurs] *****

    -\\ Internet Explorer v9.0.8112.16421

    [OK] Le registre ne contient aucune entrée illégitime.

    -\\ Mozilla Firefox v [Impossible d'obtenir la version]

    Nom du profil : default
    Fichier : C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\ohlshjt9.default\prefs.js

    [OK] Le fichier ne contient aucune entrée illégitime.

    -\\ Google Chrome v24.0.1312.57

    Fichier : C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] Le fichier ne contient aucune entrée illégitime.

    *************************

    AdwCleaner[S1].txt - [12105 octets] - [23/09/2012 13:05:06]
    AdwCleaner[R1].txt - [7197 octets] - [10/02/2013 19:06:57]
    AdwCleaner[S2].txt - [370 octets] - [10/02/2013 19:07:25]
    AdwCleaner[S3].txt - [2769 octets] - [10/02/2013 19:20:20]
    AdwCleaner[R2].txt - [6087 octets] - [11/02/2013 11:29:59]
    AdwCleaner[S4].txt - [370 octets] - [11/02/2013 11:30:18]
    AdwCleaner[S5].txt - [1368 octets] - [11/02/2013 11:32:22]

    ########## EOF - C:\AdwCleaner[S5].txt - [1428 octets] ##########
    0
  3. Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 712
     
    Sur Google Chrome, sur le menu en haut à droite
    => Outils / Extensions

    Fais une capture d'écran de la liste des extensions : https://www.commentcamarche.net/faq/398-comment-faire-une-capture-d-ecran

    puis :

    Faire un scan OTL pour diagnostiquer les programmes qui tournent et déceler des infections :

    Tu peux suivre les indications de cette page pour t'aider : https://www.malekal.com/tutorial-otl/

    * Télécharge http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/ sur ton bureau.
    (Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)

    Dans le cas d'Avast!, ne pas lancer le programme dans la Sandbox (voir lien d'aide ci-dessus).

    * Lance OTL
    * En haut à droite de Analyse rapide, coche "tous les utilisateurs"
    * Sur OTL, sous Personnalisation, copie-colle le script ci-dessous :

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %temp%\.exe /s
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    %systemroot%\system32\consrv.dll
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    /md5stop
    HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32 /s
    HKEY_LOCAL_MACHINE\SYSTEM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList /s
    CREATERESTOREPOINT
    nslookup www.google.fr /c
    SAVEMBR:0
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs


    * Clique sur le bouton Analyse.

    NE PAS COPIER/COLLER LE RAPPORT ICI - DONNER LE LIEN PJJOINT
    * Quand le scan est fini, utilise le site http://pjjoint.malekal.com/ pour envoyer le rapport OTL.txt (et Extra.txt si présent), donne le ou les liens pjjoint qui pointent vers ces rapports ici dans un nouveau message.
    NE PAS COPIER/COLLER LE RAPPORT ICI - DONNER LE LIEN PJJOINT
    0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 712
     
    Y a du boulot.

    AdwCleaner n'était pas à jour.
    Du coup, il a pas viré tous les programmes parasites.
    En outre, tu as aussi Lollipop qui est un adware.
    Je soupçonne aussi que tu aies une infection qui t'es volé tes mots de passe.

    SuperAntispyware est inefficace, désinstalle.
    Tu as déjà Malwarebyte, ça suffit bien.

    Avast! n'est pas du tout à jour, donc protège moins bien.
    Faudra le mettre à jour : https://www.malekal.com/tutoriel-antivirus-avast/

    Relance OTL.
    o sous Persfonnalisation (Custom Scan), copie_colle le contenu du cadre ci dessous (bien prendre :OTL en début).
    Clic Correction (Fix), un rapport apparraitra, copie/colle le contenu ici:

    :OTL
    O4 - HKU\S-1-5-21-2828438378-3130121758-2067298906-1000..\Run: [Chat-Landmessenger] C:\Users\Pierre\chat-land\Chat-Landmessenger.exe File not found
    [2013/01/24 18:41:38 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\Lollipop
    [2013/02/11 10:03:25 | 000,001,101 | ---- | C] () -- C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lollipop.lnk
    [2012/01/07 12:17:36 | 000,000,007 | ---- | C] () -- C:\Users\Pierre\binternetNET7.1_12.17
    [2011/11/27 20:59:12 | 000,000,000 | ---- | C] () -- C:\Users\Pierre\AppData\Local\{DD0E7BC5-E67B-4A52-A8EF-0FE7957219CF}
    [2011/11/11 13:23:04 | 000,000,011 | ---- | C] () -- C:\Users\Pierre\logie
    [2011/11/11 13:23:04 | 000,000,011 | ---- | C] () -- C:\Users\Pierre\logff
    [2011/11/10 23:15:54 | 000,000,000 | ---- | C] () -- C:\Users\Pierre\tmp1.21
    O4 - Startup: C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lollipop.lnk = C:\Users\Pierre\AppData\Local\Lollipop\lollipop.exe ()
    IE - HKU\S-1-5-21-2828438378-3130121758-2067298906-1000\..\URLSearchHook: {8e5025c2-8ea3-430d-80b8-a14151068a6d} - No CLSID value found
    IE - HKU\S-1-5-21-2828438378-3130121758-2067298906-1000\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    CHR - Extension: https://outlook.live.com/owa/ = C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\nangjmijgboblcmlpeedobafiohnalci\2012.12.2.42184_0\

    * redemarre le pc sous windows et poste le rapport ici

    ~~

    Si le problème contenu, fais une capture d'écran des extensions sur le navigateur où le prb se pose
    => https://www.commentcamarche.net/faq/398-comment-faire-une-capture-d-ecran
    0
  6. Elmanfaga Messages postés 10 Statut Membre
     
    OTL logfile created on: 11/02/2013 19:03:47 - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pierre\Downloads
    Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    2,97 Gb Total Physical Memory | 1,02 Gb Available Physical Memory | 34,37% Memory free
    5,93 Gb Paging File | 3,38 Gb Available in Paging File | 56,98% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 434,51 Gb Total Space | 98,02 Gb Free Space | 22,56% Space Free | Partition Type: NTFS
    Drive D: | 31,23 Gb Total Space | 16,71 Gb Free Space | 53,49% Space Free | Partition Type: FAT32

    Computer Name: PC-DE-PIERRE | User Name: Pierre | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    [color=#E56717]========== Processes (SafeList) ==========[/color]

    PRC - [2013/02/11 19:00:20 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Users\Pierre\AppData\Local\Temp\GUMB4BE.tmp\GoogleUpdate.exe
    PRC - [2013/02/11 19:00:08 | 000,751,312 | ---- | M] (Google Inc.) -- C:\Users\Pierre\AppData\Local\Temp\_av_sfx.tm~a05136\gdrive_setup_13606056081684.exe
    PRC - [2013/02/11 18:59:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pierre\Downloads\OTL (2).exe
    PRC - [2013/02/11 18:57:14 | 002,792,928 | ---- | M] (AVAST Software) -- C:\Users\Pierre\AppData\Local\Temp\_av_sfx.tm~a05136\aswOfferTool.exe
    PRC - [2013/02/11 18:57:13 | 006,527,128 | ---- | M] (AVAST Software) -- C:\Users\Pierre\AppData\Local\Temp\_av_sfx.tm~a05136\avast.setup
    PRC - [2013/02/11 18:57:07 | 097,565,024 | ---- | M] () -- C:\Users\Pierre\Downloads\avast_free_antivirus_setup.exe
    PRC - [2013/02/11 10:03:15 | 001,657,856 | ---- | M] () -- C:\Users\Pierre\AppData\Local\Lollipop\lollipop.exe
    PRC - [2012/12/18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2012/11/23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2012/09/16 21:29:21 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
    PRC - [2012/09/08 04:58:46 | 000,731,288 | ---- | M] (Google Inc.) -- C:\Users\Pierre\AppData\Local\Temp\GoogleUpdateSetup_1.3.21.89.exe
    PRC - [2012/06/03 15:07:31 | 000,399,224 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
    PRC - [2012/01/20 20:03:48 | 000,719,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
    PRC - [2011/10/14 17:47:24 | 000,526,192 | ---- | M] () -- C:\Program Files\6PEO\Winiti\Winiti.exe
    PRC - [2011/03/10 19:57:04 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2010/08/12 16:06:46 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Common Files\Nuance\dgnsvc.exe
    PRC - [2009/10/29 07:45:52 | 000,122,880 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
    PRC - [2009/08/05 15:08:40 | 000,413,696 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WButton.exe
    PRC - [2009/07/29 01:35:56 | 000,450,660 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
    PRC - [2009/07/29 01:35:56 | 000,217,178 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\STacSV.exe
    PRC - [2009/07/23 22:19:56 | 000,460,128 | ---- | M] () -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
    PRC - [2009/07/23 22:19:56 | 000,185,696 | ---- | M] () -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
    PRC - [2009/07/23 22:19:48 | 000,230,632 | ---- | M] (CyberLink Corp.) -- C:\Program Files\HomeCinema\TV Enhance\TVEService.exe
    PRC - [2009/07/07 09:44:44 | 000,343,552 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\OSD.exe
    PRC - [2009/04/10 15:46:26 | 000,191,488 | ---- | M] (Wistron) -- C:\Program Files\Launch Manager\HotkeyApp.exe
    PRC - [2009/03/05 17:54:50 | 000,311,296 | ---- | M] () -- C:\Windows\System32\Rezip.exe
    PRC - [2009/03/04 08:27:42 | 000,113,152 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WisLMSvc.exe
    PRC - [2009/02/11 16:38:40 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    PRC - [2009/02/11 16:38:38 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2008/08/28 14:03:22 | 000,233,472 | ---- | M] () -- C:\Windows\tsnp2uvc.exe
    PRC - [2008/02/28 17:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    PRC - [2007/07/24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    PRC - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
    PRC - [2001/11/12 13:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe

    [color=#E56717]========== Modules (No Company Name) ==========[/color]

    MOD - [2013/02/11 19:00:09 | 000,011,264 | ---- | M] () -- C:\Users\Pierre\AppData\Local\Temp\nse8C29.tmp\System.dll
    MOD - [2013/02/11 18:57:07 | 097,565,024 | ---- | M] () -- C:\Users\Pierre\Downloads\avast_free_antivirus_setup.exe
    MOD - [2013/02/11 10:03:15 | 001,657,856 | ---- | M] () -- C:\Users\Pierre\AppData\Local\Lollipop\lollipop.exe
    MOD - [2013/02/08 17:14:24 | 012,459,888 | ---- | M] () -- C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.139\pepflashplayer.dll
    MOD - [2013/01/26 03:35:06 | 000,460,240 | ---- | M] () -- C:\Users\Pierre\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
    MOD - [2013/01/26 03:35:04 | 004,012,496 | ---- | M] () -- C:\Users\Pierre\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
    MOD - [2013/01/26 03:34:19 | 000,597,968 | ---- | M] () -- C:\Users\Pierre\AppData\Local\Google\Chrome\Application\24.0.1312.57\libglesv2.dll
    MOD - [2013/01/26 03:34:18 | 000,124,368 | ---- | M] () -- C:\Users\Pierre\AppData\Local\Google\Chrome\Application\24.0.1312.57\libegl.dll
    MOD - [2013/01/26 03:34:16 | 001,552,848 | ---- | M] () -- C:\Users\Pierre\AppData\Local\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll
    MOD - [2012/08/27 20:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2012/08/27 20:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/10/14 17:47:24 | 000,526,192 | ---- | M] () -- C:\Program Files\6PEO\Winiti\Winiti.exe
    MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
    MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
    MOD - [2010/01/27 16:50:19 | 000,103,424 | ---- | M] () -- C:\Program Files\Google\Quick Search Box\bin\1.2.1151.245\rlz.dll
    MOD - [2009/07/23 22:19:58 | 000,308,584 | ---- | M] () -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\CLCapEngine.dll
    MOD - [2009/07/23 22:19:58 | 000,042,216 | ---- | M] () -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\CLCapSvcps.dll
    MOD - [2009/07/23 22:19:58 | 000,034,024 | ---- | M] () -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\CLSchedps.dll
    MOD - [2008/08/28 14:03:22 | 000,233,472 | ---- | M] () -- C:\Windows\tsnp2uvc.exe

    [color=#E56717]========== Services (SafeList) ==========[/color]

    SRV - [2012/12/18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/10/30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2012/09/20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
    SRV - [2011/05/26 13:34:34 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/03/10 19:57:04 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
    SRV - [2010/08/12 16:06:46 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Nuance\dgnsvc.exe -- (DragonSvc)
    SRV - [2010/05/21 11:40:11 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2009/07/29 01:35:56 | 000,217,178 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\STacSV.exe -- (STacSV)
    SRV - [2009/07/23 22:19:56 | 000,460,128 | ---- | M] () [Auto | Running] -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe -- (TVECapSvc)
    SRV - [2009/07/23 22:19:56 | 000,185,696 | ---- | M] () [Auto | Running] -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe -- (TVESched)
    SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
    SRV - [2009/03/05 17:54:50 | 000,311,296 | ---- | M] () [Auto | Running] -- C:\Windows\System32\Rezip.exe -- (Rezip)
    SRV - [2009/03/04 08:27:42 | 000,113,152 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
    SRV - [2009/02/11 16:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON)
    SRV - [2007/07/24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
    SRV - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
    SRV - [2001/11/12 13:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)

    [color=#E56717]========== Driver Services (SafeList) ==========[/color]

    DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2012/10/30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2012/10/30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2012/10/30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2012/10/30 23:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2012/10/30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2012/10/15 17:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Unknown] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
    DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2009/07/29 01:35:56 | 000,407,040 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
    DRV - [2009/07/01 22:29:00 | 009,786,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2009/06/26 14:55:12 | 000,066,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
    DRV - [2009/04/28 17:06:00 | 000,496,640 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
    DRV - [2009/03/12 15:11:12 | 000,113,504 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
    DRV - [2008/12/29 17:06:54 | 001,799,808 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
    DRV - [2008/10/28 14:48:24 | 000,027,160 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)

    [color=#E56717]========== Standard Registry (SafeList) ==========[/color]

    [color=#E56717]========== Internet Explorer ==========[/color]

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.aldi.com/
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = https://www.google.com/webhp?gws_rd=ssl{searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

    IE - HKU\S-1-5-21-2828438378-3130121758-2067298906-1000\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = https://www.google.com/?gws_rd=ssl
    IE - HKU\S-1-5-21-2828438378-3130121758-2067298906-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.com/?gws_rd=ssl
    IE - HKU\S-1-5-21-2828438378-3130121758-2067298906-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.google.com/?gws_rd=ssl
    IE - HKU\S-1-5-21-2828438378-3130121758-2067298906-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = https://www.google.com/?gws_rd=ssl
    IE - HKU\S-1-5-21-2828438378-3130121758-2067298906-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?gws_rd=ssl
    IE - HKU\S-1-5-21-2828438378-3130121758-2067298906-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/?gws_rd=ssl
    IE - HKU\S-1-5-21-2828438378-3130121758-2067298906-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-2828438378-3130121758-2067298906-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = https://www.google.com/?gws_rd=ssl
    IE - HKU\S-1-5-21-2828438378-3130121758-2067298906-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = https://www.google.com/?gws_rd=ssl
    IE - HKU\S-1-5-21-2828438378-3130121758-2067298906-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    IE - HKU\S-1-5-21-2828438378-3130121758-2067298906-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_bak = https://www.google.com/?gws_rd=ssl
    IE - HKU\S-1-5-21-2828438378-3130121758-2067298906-1000\..\URLSearchHook: {8e5025c2-8ea3-430d-80b8-a14151068a6d} - No CLSID value found
    IE - HKU\S-1-5-21-2828438378-3130121758-2067298906-1000\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    IE - HKU\S-1-5-21-2828438378-3130121758-2067298906-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-2828438378-3130121758-2067298906-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-2828438378-3130121758-2067298906-1000\..\SearchScopes\{15F6BB2E-AC5D-4119-ADAE-0B424D1A5D5F}: "URL" = http://fruttisearch.com/search.php?q={SearchTerms}
    IE - HKU\S-1-5-21-2828438378-3130121758-2067298906-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&FORM=IE8SRC
    IE - HKU\S-1-5-21-2828438378-3130121758-2067298906-1000\..\SearchScopes\{8051C39D-2C82-4C93-AAD3-201DECFA7B43}: "URL" = https://www.bing.com/?scope=web&mkt=fr-FR&FORM=MEDBDF&pc=MAMD{searchTerms}&src=IE-SearchBox
    IE - HKU\S-1-5-21-2828438378-3130121758-2067298906-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2828438378-3130121758-2067298906-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    IE - HKU\S-1-5-21-2828438378-3130121758-2067298906-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://www.winiti.net/f3626652-aee7-4bb5-bed3-787cc821aee1

    [color=#E56717]========== FireFox ==========[/color]

    FF - prefs.js..keyword.URL: ""
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Pierre\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Pierre\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Pierre\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Pierre\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Pierre\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

    [2010/02/15 22:59:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pierre\AppData\Roaming\mozilla\Extensions
    [2013/02/10 19:20:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pierre\AppData\Roaming\mozilla\Firefox\Profiles\ohlshjt9.default\extensions
    [2010/02/15 22:59:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Pierre\AppData\Roaming\mozilla\Firefox\Profiles\ohlshjt9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

    [color=#E56717]========== Chrome ==========[/color]

    CHR - homepage: https://www.google.com/?gws_rd=ssl
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
    CHR - homepage: https://www.google.com/?gws_rd=ssl
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Pierre\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Pierre\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Pierre\AppData\Local\Google\Chrome\Application\24.0.1312.57\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Web Player\npdivx32.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
    CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Unity Player (Enabled) = C:\Users\Pierre\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: AdBlock = C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.58_0\
    CHR - Extension: https://outlook.live.com/owa/ = C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\nangjmijgboblcmlpeedobafiohnalci\2012.12.2.42184_0\

    O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5825.1100\swg.dll (Google Inc.)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKU\S-1-5-21-2828438378-3130121758-2067298906-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [DNS7reminder] C:\Program Files\Nuance\NaturallySpeaking11\Ereg\Ereg.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
    O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
    O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
    O4 - HKLM..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe ()
    O4 - HKLM..\Run: [TVEService] C:\Program Files\HomeCinema\TV Enhance\TVEService.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron Corp.)
    O4 - HKU\S-1-5-21-2828438378-3130121758-2067298906-1000..\Run: [Chat-Landmessenger] C:\Users\Pierre\chat-land\Chat-Landmessenger.exe File not found
    O4 - HKU\S-1-5-21-2828438378-3130121758-2067298906-1000..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
    O4 - HKU\S-1-5-21-2828438378-3130121758-2067298906-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
    O4 - HKU\S-1-5-21-2828438378-3130121758-2067298906-1000..\Run: [lollipop] c:\users\pierre\appdata\local\lollipop\lollipop.exe ()
    O4 - HKU\S-1-5-21-2828438378-3130121758-2067298906-1000..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
    O4 - HKU\S-1-5-21-2828438378-3130121758-2067298906-1000..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
    O4 - HKU\S-1-5-21-2828438378-3130121758-2067298906-1000..\Run: [WinitiHelper] C:\Program Files\6PEO\Winiti\Winiti.exe ()
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
    O4 - Startup: C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lollipop.lnk = C:\Users\Pierre\AppData\Local\Lollipop\lollipop.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O8 - Extra context menu item: &Envoyer à OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 File not found
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_674125AABFE11C21.dll (Google Inc.)
    O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Reg Error: Value error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.9.2)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{123E93CC-8F01-4A25-A910-D43FEF06EF7A}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O24 - Desktop WallPaper: C:\Users\Pierre\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
    O24 - Desktop BackupWallPaper: C:\Users\Pierre\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2008/08/21 11:50:32 | 000,000,672 | RH-- | M] () - D:\autoexec.bat -- [ FAT32 ]
    O33 - MountPoints2\{b945c543-0733-11e2-ab73-001f1628a2ef}\Shell - "" = AutoRun
    O33 - MountPoints2\{b945c543-0733-11e2-ab73-001f1628a2ef}\Shell\AutoRun\command - "" = SetupLauncher.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

    [2013/02/11 19:00:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
    [2013/02/11 19:00:07 | 000,361,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2013/02/11 19:00:07 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
    [2013/02/11 19:00:04 | 000,044,784 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
    [2013/02/11 19:00:02 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2013/02/11 19:00:01 | 000,738,504 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
    [2013/02/11 19:00:00 | 000,058,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2013/02/11 18:59:02 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2013/02/11 18:59:00 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2013/02/11 18:58:43 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2013/02/11 18:58:43 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2013/02/10 15:13:58 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Roaming\FIXIO PC Utilities
    [2013/02/10 15:13:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/02/10 15:13:36 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2013/02/10 15:13:20 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\Programs
    [2013/02/09 21:38:46 | 000,000,000 | ---D | C] -- C:\Users\Pierre\Desktop\Exposé
    [2013/01/24 18:41:38 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\Lollipop
    [2013/01/23 14:15:02 | 000,000,000 | ---D | C] -- C:\Users\Pierre\Desktop\REGGAE COMPILATIONS
    [2013/01/22 00:45:04 | 000,000,000 | ---D | C] -- C:\Users\Pierre\Documents\Nero
    [3 C:\Users\Pierre\*.tmp files -> C:\Users\Pierre\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\Users\Pierre\Desktop\*.tmp files -> C:\Users\Pierre\Desktop\*.tmp -> ]

    [color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

    [2013/02/11 19:00:08 | 000,002,119 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2013/02/11 19:00:00 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
    [2013/02/11 18:59:09 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/02/11 18:56:46 | 000,006,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/02/11 18:56:46 | 000,006,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/02/11 18:54:01 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2828438378-3130121758-2067298906-1000UA.job
    [2013/02/11 18:49:56 | 000,000,294 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
    [2013/02/11 18:49:40 | 000,151,552 | ---- | M] () -- C:\Windows\KMSEmulator.exe
    [2013/02/11 18:49:38 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/02/11 18:49:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/02/11 18:48:58 | 2388,291,584 | -HS- | M] () -- C:\hiberfil.sys
    [2013/02/11 18:36:15 | 000,001,101 | ---- | M] () -- C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lollipop.lnk
    [2013/02/11 17:56:51 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
    [2013/02/10 15:13:42 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/02/10 11:03:36 | 002,417,130 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
    [2013/02/10 11:03:36 | 001,142,758 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2013/02/10 11:03:36 | 000,707,300 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
    [2013/02/10 11:03:35 | 000,610,482 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2013/02/10 10:08:51 | 000,000,885 | ---- | M] () -- C:\Users\Pierre\Desktop\Google Traduction.url
    [2013/02/09 15:21:51 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Pierre.job
    [2013/02/06 18:55:01 | 000,601,809 | ---- | M] () -- C:\Users\Pierre\Desktop\recettes cocktails.jpg
    [2013/02/06 06:54:00 | 000,001,030 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2828438378-3130121758-2067298906-1000Core.job
    [2013/02/01 19:51:12 | 000,000,068 | ---- | M] () -- C:\Users\Pierre\Desktop\Capet économie gestion.url
    [2013/01/31 19:23:04 | 000,002,381 | ---- | M] () -- C:\Users\Pierre\Desktop\Google Chrome.lnk
    [2013/01/28 18:32:01 | 000,068,289 | ---- | M] () -- C:\Users\Pierre\Desktop\phillip_come2.jpg
    [2013/01/27 11:41:23 | 000,000,068 | ---- | M] () -- C:\Users\Pierre\Desktop\Culture - Jah Jah See Dem A Come -Lyrics- - YouTube.url
    [2013/01/25 13:58:17 | 000,100,929 | ---- | M] () -- C:\Users\Pierre\Desktop\Sans titre.png
    [2013/01/25 13:58:17 | 000,100,929 | ---- | M] () -- C:\Users\Pierre\Desktop\Sans titre - Copie.png
    [2013/01/22 00:44:39 | 000,024,926 | ---- | M] () -- C:\Users\Pierre\Desktop\shacklesandchains.jpg
    [2013/01/20 20:36:35 | 000,016,706 | ---- | M] () -- C:\Users\Pierre\Desktop\EDT L1 DROIT SEMESTRE 2 2012-2013 (1).pdf
    [3 C:\Users\Pierre\*.tmp files -> C:\Users\Pierre\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\Users\Pierre\Desktop\*.tmp files -> C:\Users\Pierre\Desktop\*.tmp -> ]

    [color=#E56717]========== Files Created - No Company Name ==========[/color]

    [2013/02/11 19:00:08 | 000,002,119 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2013/02/11 17:56:50 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
    [2013/02/11 10:03:25 | 000,001,101 | ---- | C] () -- C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lollipop.lnk
    [2013/02/10 15:13:42 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/02/10 10:08:51 | 000,000,885 | ---- | C] () -- C:\Users\Pierre\Desktop\Google Traduction.url
    [2013/02/06 18:55:00 | 000,601,809 | ---- | C] () -- C:\Users\Pierre\Desktop\recettes cocktails.jpg
    [2013/02/01 19:51:12 | 000,000,068 | ---- | C] () -- C:\Users\Pierre\Desktop\Capet économie gestion.url
    [2013/01/28 18:31:55 | 000,068,289 | ---- | C] () -- C:\Users\Pierre\Desktop\phillip_come2.jpg
    [2013/01/27 11:41:23 | 000,000,068 | ---- | C] () -- C:\Users\Pierre\Desktop\Culture - Jah Jah See Dem A Come -Lyrics- - YouTube.url
    [2013/01/25 13:49:28 | 000,100,929 | ---- | C] () -- C:\Users\Pierre\Desktop\Sans titre - Copie.png
    [2013/01/25 13:31:30 | 000,100,929 | ---- | C] () -- C:\Users\Pierre\Desktop\Sans titre.png
    [2013/01/22 00:44:39 | 000,024,926 | ---- | C] () -- C:\Users\Pierre\Desktop\shacklesandchains.jpg
    [2013/01/20 20:36:34 | 000,016,706 | ---- | C] () -- C:\Users\Pierre\Desktop\EDT L1 DROIT SEMESTRE 2 2012-2013 (1).pdf
    [2012/09/11 16:35:28 | 000,151,552 | ---- | C] () -- C:\Windows\KMSEmulator.exe
    [2012/01/07 12:17:36 | 000,000,007 | ---- | C] () -- C:\Users\Pierre\binternetNET7.1_12.17
    [2011/11/27 20:59:12 | 000,000,000 | ---- | C] () -- C:\Users\Pierre\AppData\Local\{DD0E7BC5-E67B-4A52-A8EF-0FE7957219CF}
    [2011/11/11 13:23:04 | 000,000,011 | ---- | C] () -- C:\Users\Pierre\logie
    [2011/11/11 13:23:04 | 000,000,011 | ---- | C] () -- C:\Users\Pierre\logff
    [2011/11/10 23:15:54 | 000,000,000 | ---- | C] () -- C:\Users\Pierre\tmp1.21
    [2011/10/07 21:14:48 | 000,000,017 | ---- | C] () -- C:\Users\Pierre\AppData\Local\resmon.resmoncfg
    [2010/12/25 00:01:36 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
    [2010/09/02 16:24:34 | 000,000,016 | ---- | C] () -- C:\Users\Pierre\AppData\Roaming\hngmfc.dat
    [2010/09/02 16:24:24 | 000,000,004 | ---- | C] () -- C:\Users\Pierre\AppData\Roaming\avdrn.dat
    [2010/02/16 11:25:59 | 000,008,704 | ---- | C] () -- C:\Users\Pierre\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/02/15 23:29:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2009/10/21 13:52:23 | 000,000,942 | ---- | C] () -- C:\Users\Pierre\AppData\Roaming\wklnhst.dat

    [color=#E56717]========== ZeroAccess Check ==========[/color]

    [2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [color=#E56717]========== LOP Check ==========[/color]

    [2012/09/25 19:14:37 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\DAEMON Tools Lite
    [2013/02/10 15:13:58 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\FIXIO PC Utilities
    [2010/02/15 22:59:09 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\FreeAudioPack
    [2012/04/09 22:39:22 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\FreeCDRipper
    [2011/02/03 18:38:47 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\FrostWire
    [2012/09/11 17:46:48 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\KC Softwares
    [2010/11/24 13:35:11 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\LimeWire
    [2012/09/23 21:09:27 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\Nuance
    [2010/02/16 12:06:24 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\Template
    [2012/05/08 16:07:44 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\Unity
    [2013/02/11 19:15:37 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\uTorrent
    [2009/10/14 20:06:32 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\Windows Live Writer
    [2012/09/21 18:51:05 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\YourFileDownloader

    [color=#E56717]========== Purity Check ==========[/color]

    [color=#E56717]========== Custom Scans ==========[/color]

    [color=#A23BEC]< :OTL >[/color]
    [2009/07/14 05:53:46 | 000,032,482 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2009/07/14 05:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
    [2009/12/03 19:11:45 | 000,001,052 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    [2009/12/03 19:11:46 | 000,001,056 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    [2010/08/30 19:41:46 | 000,001,030 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2828438378-3130121758-2067298906-1000Core.job
    [2010/08/30 19:41:47 | 000,001,082 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2828438378-3130121758-2067298906-1000UA.job
    [2011/08/22 10:02:44 | 000,000,438 | -H-- | C] () -- C:\Windows\Tasks\Norton Security Scan for Pierre.job
    [2012/09/10 19:09:24 | 000,000,294 | ---- | C] () -- C:\Windows\Tasks\AutoKMS.job

    [color=#A23BEC]< O4 - HKU\S-1-5-21-2828438378-3130121758-2067298906-1000..\Run: [Chat-Landmessenger] C:\Users\Pierre\chat-land\Chat-Landmessenger.exe File not found >[/color]

    [color=#A23BEC]< [2013/01/24 18:41:38 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\Lollipop >[/color]
    Invalid Switch: 24 18:41:38 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\Lollipop

    [color=#A23BEC]< [2013/02/11 10:03:25 | 000,001,101 | ---- | C] () -- C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lollipop.lnk >[/color]
    Invalid Switch: 11 10:03:25 | 000,001,101 | ---- | C] () -- C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lollipop.lnk

    [color=#A23BEC]< [2012/01/07 12:17:36 | 000,000,007 | ---- | C] () -- C:\Users\Pierre\binternetNET7.1_12.17 >[/color]
    Invalid Switch: 07 12:17:36 | 000,000,007 | ---- | C] () -- C:\Users\Pierre\binternetNET7.1_12.17

    [color=#A23BEC]< [2011/11/27 20:59:12 | 000,000,000 | ---- | C] () -- C:\Users\Pierre\AppData\Local\{DD0E7BC5-E67B-4A52-A8EF-0FE7957219CF} >[/color]
    Invalid Switch: 27 20:59:12 | 000,000,000 | ---- | C] () -- C:\Users\Pierre\AppData\Local\{DD0E7BC5-E67B-4A52-A8EF-0FE7957219CF}

    [color=#A23BEC]< [2011/11/11 13:23:04 | 000,000,011 | ---- | C] () -- C:\Users\Pierre\logie >[/color]
    Invalid Switch: 11 13:23:04 | 000,000,011 | ---- | C] () -- C:\Users\Pierre\logie

    [color=#A23BEC]< [2011/11/11 13:23:04 | 000,000,011 | ---- | C] () -- C:\Users\Pierre\logff >[/color]
    Invalid Switch: 11 13:23:04 | 000,000,011 | ---- | C] () -- C:\Users\Pierre\logff

    [color=#A23BEC]< [2011/11/10 23:15:54 | 000,000,000 | ---- | C] () -- C:\Users\Pierre\tmp1.21 >[/color]
    Invalid Switch: 10 23:15:54 | 000,000,000 | ---- | C] () -- C:\Users\Pierre\tmp1.21

    [color=#A23BEC]< O4 - Startup: C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lollipop.lnk = C:\Users\Pierre\AppData\Local\Lollipop\lollipop.exe () >[/color]

    [color=#A23BEC]< IE - HKU\S-1-5-21-2828438378-3130121758-2067298906-1000\..\URLSearchHook: {8e5025c2-8ea3-430d-80b8-a14151068a6d} - No CLSID value found >[/color]

    [color=#A23BEC]< IE - HKU\S-1-5-21-2828438378-3130121758-2067298906-1000\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} >[/color]

    [color=#A23BEC]< CHR - Extension: https://outlook.live.com/owa/ = C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\nangjmijgboblcmlpeedobafiohnalci\2012.12.2.42184_0\ >[/color]
    Invalid Switch: = C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\nangjmijgboblcmlpeedobafiohnalci\2012.12.2.42184_0\

    [color=#E56717]========== Alternate Data Streams ==========[/color]

    @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:7FFED16F

    < End of report >
    0
  7. Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 712
     
    T'as refait un scan et non une suppression.
    Relire.
    0
  8. Elmanfaga Messages postés 10 Statut Membre
     
    En effet je me suis trompé !

    Voilà le rapport :

    ========== OTL ==========
    Registry value HKEY_USERS\S-1-5-21-2828438378-3130121758-2067298906-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Chat-Landmessenger deleted successfully.
    C:\Users\Pierre\AppData\Local\Lollipop folder moved successfully.
    C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lollipop.lnk moved successfully.
    C:\Users\Pierre\binternetNET7.1_12.17 moved successfully.
    C:\Users\Pierre\AppData\Local\{DD0E7BC5-E67B-4A52-A8EF-0FE7957219CF} moved successfully.
    C:\Users\Pierre\logie moved successfully.
    C:\Users\Pierre\logff moved successfully.
    C:\Users\Pierre\tmp1.21 moved successfully.
    File move failed. C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lollipop.lnk scheduled to be moved on reboot.
    File C:\Users\Pierre\AppData\Local\Lollipop\lollipop.exe not found.
    Registry value HKEY_USERS\S-1-5-21-2828438378-3130121758-2067298906-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{8e5025c2-8ea3-430d-80b8-a14151068a6d} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\ not found.
    HKEY_USERS\S-1-5-21-2828438378-3130121758-2067298906-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\nangjmijgboblcmlpeedobafiohnalci\2012.12.2.42184_0\icons folder moved successfully.
    C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\nangjmijgboblcmlpeedobafiohnalci\2012.12.2.42184_0 folder moved successfully.

    OTL by OldTimer - Version 3.2.69.0 log created on 02112013_192305

    Files\Folders moved on Reboot...
    File\Folder C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lollipop.lnk not found!

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
    0
  9. Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 712
     
    Ca donne quoi les liens forcés avec les pubs ?
    0
  10. Elmanfaga Messages postés 10 Statut Membre
     
    Je viens de naviguer sur le net et pour l'instant je n'ai pas vu de pubs.
    Le problème est résolu ?
    0
  11. Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 712
     
    yup, le responsable était Lollipop

    Attention à ce que tu installes :
    Des logiciels additionnels sont proposés (barre d'outils, adwares) via l'installation de logiciel gratuit en général ou via certains sites de téléchargement comme Softonic ou 01Net.
    L'éditeur touche de l'argent à chaque installation réussie de ces programmes additionnels (un genre de sponsoring), ton PC se retrouve avec des barres d'outils qui ralentissent le navigateur ou des adwares qui ouvrent des popups de publicités.
    Les barres d'outils sont là pour t'affilier à un service (moteur de recherche de Yahoo! ou Google), ça rajoute des fonctionnalités mais en général les navigateurs les ont par défaut.
    De plus, elles enregistrent les sites que tu visites pour les transmettre (tracking) à faire de la publicité ciblée, c'est pas super niveau protection de la vie privée.
    Plusieurs toolbars ralentissent le PC et peuvent faire planter les navigateurs WEB.
    Au final, il est pas conseillé d'en utiliser.

    Enfin l'accumulation de ces programmes ralentissent l'ordinateur/navigateur WEB.

    Ces programmes additionnels sont proposées à l'installation de programmes et très souvent ces ajouts sont précochés. C'est notamment le cas sur 01net et Softonic qu'ils est conseillé d'éviter comme sites de téléchargement.
    Dès lors, lorsque tu installes un programme, lis bien ce qui est proposé car tu risques d'installer des barres d'outils sans le savoir.

    Lire Les PUPs/LPIs : https://www.malekal.com/adwares-pup-protection/

    Tu peux installer ce programme pour filtrer ces PUPs/Adwares les plus fréquents avec HOSTS Anti-PUPs/Adwares : http://www.malekal.com/2012/01/10/hosts-anti-pupsadware/

    0
  12. Elmanfaga Messages postés 10 Statut Membre
     
    Merci beaucoup pour ton aide !
    Je n'ai plus de Pubs et l'ordi rame beaucoup moins !
    Bonne soirée et encore merci !
    0