supprimer bestadbid / Pirrit Résolu

Question

Bonjour,

J'ai bestabid qui s'est installé sur mon ordinateur et je n'arrive pas à m'en débarrasser...
J'ai tout essayer via désinstallation de programme ou il n'apparaît pas, via ccleaner, via adwcleaner et aussi via malewarebytes, mais rien n'y fait ...
J'ai bien essayé de faire un diagnostic avec ZHPdiag, mais je ne sais jamais quelles lignes je doit fixer.
Comment faire ? HELP ?

Malekal_morte- · Answer

Salut,


Faire un Scan OTL - Temps : Environ 40min
=============================================
OTL permet de diagnostiquer les programmes qui tournent et déceler des infections - Le programme va générer deux rapports OTL.txt et Extras.txt 
Fournir les deux rapports :

Tu peux suivre les indications de cette page pour t'aider : https://www.malekal.com/tutorial-otl/    

* Télécharge http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/ sur ton bureau.    
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)    

Dans le cas d'Avast!, ne pas lancer le programme dans la Sandbox (voir lien d'aide ci-dessus).

* Lance OTL    
* En haut Ã  droite de Analyse rapide, coche "tous les utilisateurs"
* Clique sur le bouton Analyse.

**** Si durant le scan - OTL ne répond pas, ne touche Ã  rien et laisse le scan se poursuivre ****

* Quand le scan est fini, utilise le site http://pjjoint.malekal.com/ pour envoyer le rapport OTL.txt (et Extra.txt si présent).
Donne le ou les liens pjjoint qui pointent vers ces rapports ici dans une réponse.
Je répète : donne le lien du rapport pjjoint ici en réponse.

NE PAS COPIER/COLLER LE RAPPORT ICI - DONNER LE LIEN PJJOINT DANS UN NOUVEAU MESSAGE

ch3rry02 · Answer

J'ai lancé l'analyse OTL, je poste le rapport en pièce jointe dès que je l'ai, ne dois je pas à la fin cliquer sur correction ? 
Par contre je ne peux pas mettre de pièce jointe, je ne peux mettre qu'un lien...
Merci pour votre réponse rapide.

ch3rry02 · Answer

Je ne peux envoyer le lien, car je n'arrive pas à accéder au site ça me dit foridden... que faire ?

ch3rry02 · Answer

J'ai du coup utilisé un autre site voici les liens :
[URL=http://sendbox.fr/pro/lwd4p2c6amoe/OTL.Txt.html]OTL.Txt - 84 KB[/URL]
[URL=http://sendbox.fr/pro/qo13sfg1w13i/Extras.Txt.html]Extras.Txt - 91 KB[/URL]

Que dois je faire maintenant ?

Malekal_morte- · Answer

Pourquoi tu n'as pas utilisé pjjoint comme cela est demandé ?

ch3rry02 · Answer

http://sendbox.fr/pro/qo13sfg1w13i/Extras.Txt.html
http://sendbox.fr/pro/lwd4p2c6amoe/OTL.Txt.html

J'ai l'impression que cela marcheront mieux j'ai essayé les deux premiers sans succès.

ch3rry02 · Answer

Parce que je ne peux accéder au site son accès m'est refusé ça me marque forbidden...

Malekal_morte- · Answer

ok tu es dans le meme cas que là : https://forums.commentcamarche.net/forum/affich-29717511-site-1place-org-mots-apparaissant-en-bleu-et-surlignes-pubs#20

Ton programme parasite qui est sur l'ordinateur ajoute des cookies.

Malekal_morte- · Answer

tu peux retenter d'aller sur le site / pjjoint pour voir.

ch3rry02 · Answer

Du coup je fais quoi ?

ch3rry02 · Answer

Tous les liens proposé dans le cas similaire me sont refusés d'accès...

ch3rry02 · Answer

Accès toujours refusé ... forbidden

Malekal_morte- · Answer

ça match plein de règles diffs :/

dernier essai et après on commence la désinfection.

ch3rry02 · Answer

Non toujours pas...
mais à part vous envoyer les rapports je n'ai rien fait de plus ...

Malekal_morte- · Answer

Fais ça, ça devrait aller mieux :

 
 Relance OTL. 
o sous Personnalisation (Custom Scan), copie_colle le contenu du cadre ci dessous (bien prendre :OTL en début).
Clic Correction (Fix), un rapport apparraitra, copie/colle le contenu ici:  

:OTL
[2012/11/01 21:24:57 | 000,000,000 | ---D | M] (01NET.com) -- C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}
[2014/02/04 17:22:25 | 000,000,000 | ---D | C] -- C:\Users\mary\AppData\Local\Pirrit Suggestor
[2014/02/04 17:22:16 | 000,000,000 | ---D | C] -- C:\Users\mary\AppData\Roaming\Pirrit
[2014/02/04 17:21:14 | 000,000,000 | ---D | C] -- C:\Program Files\Pirrit
SRV - [2014/02/14 12:12:30 | 000,052,568 | ---- | M] () [Auto | Start_Pending] -- C:\Users\mary\AppData\Local\PirritSuggestor\PirritService.exe -- (PirritDesktop)
SRV - [2014/02/14 11:29:08 | 000,059,904 | ---- | M] () [Auto | Running] -- C:\Program Files\Pirrit\AutoUpdater.exe -- (PirritUpdater)
[2014/02/04 17:19:23 | 000,010,350 | ---- | M] () (No name found) -- C:\Users\mary\AppData\Roaming\mozilla\firefox\profiles\extensions\suggestor@suggestor.pirrit.com.xpi
[2014/02/14 23:06:52 | 000,036,933 | ---- | M] () (No name found) -- C:\Users\mary\AppData\Roaming\mozilla\firefox\profiles\extensions\extensions\suggestor@suggestor.pirrit.com.xpi
:Commands 
[resethosts] 

* poste le rapport ici 

~~

Redémarre l'ordinateur

ch3rry02 · Answer

Voila le rapport :
========== OTL ==========
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\Plugins folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\modules folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\META-INF folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\lib folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\defaults\preferences folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\defaults folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\sl folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\lib\jquery.alerts\images folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\lib\jquery.alerts folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\lib folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\core folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\wa\WEATHER\js folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\wa\WEATHER\css folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\wa\WEATHER folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\wa\TWITTEResources folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\wa\TWITTER\js folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\wa\TWITTER\img folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\wa\TWITTER folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\wa\SEARCH_IN_NEW_TAB folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\wa\SEARCH\view\stylesx folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\wa\SEARCH\view\style folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\wa\SEARCH\view\script folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\wa\SEARCH\view folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\wa\SEARCHesources folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\wa\SEARCH\js folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\wa\SEARCH\Css folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\wa\SEARCH\buildSettings folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\wa\SEARCH folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\wa\RADIO_PLAYER\jsesources folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\wa\RADIO_PLAYER\js folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\wa\RADIO_PLAYER\css\custom-theme folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\wa\RADIO_PLAYER\css folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\wa\RADIO_PLAYER folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\wa\PRICE_GONG\menu_dlg folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\wa\PRICE_GONG\images folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\wa\PRICE_GONG\css\custom-theme folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\wa\PRICE_GONG\css folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\wa\PRICE_GONG\agreement folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\wa\PRICE_GONG folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\wa\Optimizer\js folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\wa\Optimizer folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\wa\NOTIFICATION\js folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\wa\NOTIFICATION\images\light folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\wa\NOTIFICATION\images\dark folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\wa\NOTIFICATION\images folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\wa\NOTIFICATION\css folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\wa\NOTIFICATION folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\wa\MULTI_RSS\jsesources folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\wa\MULTI_RSS\js folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\wa\MULTI_RSS\img folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\wa\MULTI_RSS\css folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\wa\MULTI_RSS folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\wa\HIGHLIGHTER\js folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\wa\HIGHLIGHTER\css folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\wa\HIGHLIGHTER folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\wa\EMAIL_NOTIFIER\js\plugins folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\wa\EMAIL_NOTIFIER\js folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\wa\EMAIL_NOTIFIER\css folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\wa\EMAIL_NOTIFIER folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\wa\APPLICATION_BUTTONesources folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\wa\APPLICATION_BUTTON\Js folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\wa\APPLICATION_BUTTON folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\wa\404 folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\wa folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\ui\menu\js folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\ui\menu\img folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\ui\menu\css folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\ui\menu folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\ui\gf\img folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\ui\gf\css folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\ui\gf folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\ui\gadgetFrame folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\ui\dlg\ftd\images folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\ui\dlg\ftd folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\ui\dlg folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\ui folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\sp\spsd\images folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\sp\spsd folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\sp\spbd\images folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\sp\spbd folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\sp\js folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\sp folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\options\jsesources folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\options\js folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\options\images folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\options\css folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\options folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\msd folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\features\jsesources folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\features\js folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\features folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\api folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\aces folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\ac\img folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\ac\css folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\ac folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\aboutBox\js folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\aboutBox\images folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al\aboutBox folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b\al folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content	b folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284\content folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome\CT3128284 folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\chrome folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d} folder moved successfully.
C:\Users\mary\AppData\Local\Pirrit Suggestor folder moved successfully.
C:\Users\mary\AppData\Roaming\Pirrit folder moved successfully.
C:\Program Files\Pirrit\IEExtension folder moved successfully.
C:\Program Files\Pirrit folder moved successfully.
Error: Unable to stop service PirritDesktop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PirritDesktop deleted successfully.
C:\Users\mary\AppData\Local\PirritSuggestor\PirritService.exe moved successfully.
Error: Unable to stop service PirritUpdater!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PirritUpdater deleted successfully.
File C:\Program Files\Pirrit\AutoUpdater.exe not found.
C:\Users\mary\AppData\Roaming\mozilla\firefox\profiles\extensions\***@*** moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\firefox\profiles\extensions\extensions\***@*** moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 02172014_135516

Malekal_morte- · Answer

Réinitialise Firefox :  https://www.malekal.com/reparer-firefox/?t=36057&start=


Vois ce que cela donne.

ch3rry02 · Answer

J'ai toujours, mes pop up bestadbid et je n'utilise plus firefox j'utilise chrome, je le fait quand même ?

Malekal_morte- · Answer

oui et réinitialise aussi Google Chrome :  https://www.malekal.com/reparer-google-chrome/?t=35837&start=

et Sur Google Chrome : Menu en haut à droite puis Outils / Extensions
Donne la liste.

Ch3rry02 · Answer

C'est fait pour google en revanche aucune trace de firefox je ne le retrouve pas je l'avait désinstallé il y a un moment.
Pour ce qui est des extensions je n'est que : 
- Avast browser security  and web reputation plug in 
Il n'est d'ailleurs pas activé

Malekal_morte- · Answer

et ça continue ?

Tu peux refaire un scan OTL et donner le rapport.

Ch3rry02 · Answer

Voilà le nouveau rapport :
OTL logfile created on: 17/02/2014 14:46:49 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\mary\Desktop\Logiciels sécurité
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1011,87 Mb Total Physical Memory | 66,59 Mb Available Physical Memory | 6,58% Memory free
2,26 Gb Paging File | 0,45 Gb Available in Paging File | 19,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 219,79 Gb Total Space | 181,54 Gb Free Space | 82,60% Space Free | Partition Type: NTFS
Drive D: | 692,97 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: MARYPC | User Name: mary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - File not found --
PRC - [2014/02/17 11:02:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mary\Desktop\Logiciels sécurité\OTL.exe
PRC - [2014/02/14 12:12:28 | 000,190,808 | ---- | M] () -- C:\Users\mary\AppData\Local\PirritSuggestor\PirritDesktop.exe
PRC - [2014/01/26 23:27:26 | 003,767,096 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/01/26 23:27:25 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/12/04 03:48:06 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/10/28 09:29:32 | 002,609,368 | ---- | M] (Disc Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
PRC - [2013/04/04 13:50:32 | 000,887,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 13:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/11/23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/04/05 14:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
PRC - [2011/03/14 12:44:38 | 000,414,800 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LMutilps32.exe
PRC - [2011/03/14 12:44:38 | 000,334,416 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LMworker.exe
PRC - [2011/03/14 12:44:36 | 001,081,424 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2011/03/14 12:44:36 | 000,352,336 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\dsiwmis.exe
PRC - [2011/03/07 09:45:22 | 001,755,136 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/22 20:01:10 | 000,715,368 | ---- | M] (Acer Incorporated) -- C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
PRC - [2011/02/22 20:01:08 | 000,739,944 | ---- | M] (Acer Incorporated) -- C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
PRC - [2011/02/22 20:01:02 | 000,469,608 | ---- | M] (Acer Incorporated) -- C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
PRC - [2010/11/06 07:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/11/06 07:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/09/30 02:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010/01/08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files\Packard Bell\Registration\GREGsvc.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2014/02/14 12:12:28 | 000,190,808 | ---- | M] () -- C:\Users\mary\AppData\Local\PirritSuggestor\PirritDesktop.exe
MOD - [2014/02/14 09:18:47 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\b1f7b4e15aef3faf382db6ba14c81371\IAStorCommon.ni.dll
MOD - [2014/02/14 09:18:46 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\22e28be773484a1432b513983661dbc0\IAStorUtil.ni.dll
MOD - [2014/02/14 09:04:59 | 011,922,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\4b1795df6372b251625f958595e08d3d\System.Web.ni.dll
MOD - [2014/02/14 09:04:35 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\59312674865dc2a19c27f9f460b1673b\System.Runtime.Remoting.ni.dll
MOD - [2014/02/14 09:02:43 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/14 09:02:17 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/14 09:01:31 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
MOD - [2014/02/14 09:01:11 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/14 09:00:59 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014/02/14 09:00:56 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/14 09:00:30 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2014/01/11 11:54:42 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/12/04 03:48:04 | 000,399,312 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
MOD - [2013/12/04 03:48:03 | 013,586,896 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
MOD - [2013/12/04 03:48:02 | 004,055,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
MOD - [2013/12/04 03:47:11 | 000,702,416 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
MOD - [2013/12/04 03:47:11 | 000,099,792 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\libegl.dll
MOD - [2013/12/04 03:47:08 | 001,619,408 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
MOD - [2011/08/09 16:00:37 | 000,035,840 | ---- | M] () -- C:\Windows\System32\slc.dll
MOD - [2011/06/23 19:22:08 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_fr_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010/11/13 00:35:38 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_fr_b77a5c561934e089\mscorlib.resources.dll

[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - [2014/02/06 10:47:18 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014/02/05 15:26:34 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/01/26 23:27:25 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/05/27 05:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/04/05 14:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Live Updater Service)
SRV - [2011/03/14 12:44:36 | 000,352,336 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2011/03/07 09:45:22 | 001,755,136 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/02/22 20:01:08 | 000,739,944 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010/11/06 07:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/10/12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/30 02:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010/01/08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Packard Bell\Registration\GREGsvc.exe -- (GREGService)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbmodem.sys -- (USBModem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbdiag.sys -- (UsbDiag)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbbus.sys -- (usbbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\mary\AppData\Local\Temp\cpuz134\cpuz134_x32.sys -- (cpuz134)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgandmodem.sys -- (ANDModem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgandgps.sys -- (AndGps)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lganddiag.sys -- (AndDiag)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgandbus.sys -- (Andbus)
DRV - [2014/02/17 13:27:23 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2014/01/26 23:27:41 | 000,775,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2014/01/26 23:27:41 | 000,064,168 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\aswstm.sys -- (aswStm)
DRV - [2014/01/26 23:27:40 | 000,410,784 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2014/01/26 23:27:40 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2014/01/11 11:54:46 | 000,180,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2014/01/11 11:54:46 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2014/01/11 11:54:45 | 000,079,720 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013/12/23 12:46:49 | 000,243,128 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2013/12/19 14:11:31 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/04/04 13:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/04/01 15:39:36 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2012/07/04 12:47:00 | 000,073,728 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandnetndis.sys -- (andnetndis)
DRV - [2012/07/03 10:56:00 | 000,025,856 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandnetadb.sys -- (andnetadb)
DRV - [2012/07/03 10:43:00 | 000,027,776 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandnetmodem.sys -- (ANDNetModem)
DRV - [2012/07/03 10:43:00 | 000,023,040 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandnetdiag.sys -- (AndNetDiag)
DRV - [2011/03/07 04:46:26 | 000,252,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV - [2010/11/20 22:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 22:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 22:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/07/15 22:57:36 | 001,906,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2682161959-1779162038-2818794823-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://packardbell.msn.com
IE - HKU\S-1-5-21-2682161959-1779162038-2818794823-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-2682161959-1779162038-2818794823-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2682161959-1779162038-2818794823-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-2682161959-1779162038-2818794823-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-2682161959-1779162038-2818794823-1000\..\SearchScopes\{D3640B7D-5D5C-4FB0-87C6-6C37332D542A}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7GGNI_frFR462
IE - HKU\S-1-5-21-2682161959-1779162038-2818794823-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-2682161959-1779162038-2818794823-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-2682161959-1779162038-2818794823-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=http://127.0.0.1:9880

[color=#E56717]========== FireFox ==========[/color]

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\mychic.com/VimGlasses: C:\Windows\system32\npVimGlasses.dll (Mychic)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\***@***: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/01/26 23:27:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\***@***: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/08/15 18:28:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\***@***: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/08/15 18:28:17 | 000,000,000 | ---D | M]

[2014/02/17 13:55:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mary\AppData\Roaming\mozilla\Firefox\extensions
[2014/02/17 13:57:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mary\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2014/02/17 13:57:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mary\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions
[2013/07/02 22:29:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\browser\extensions
[2013/07/02 22:30:01 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[color=#E56717]========== Chrome ==========[/color]

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: avast! Online Security = C:\Users\mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2013.75_1\
CHR - Extension: Google\u00A0Wallet = C:\Users\mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\

O1 HOSTS File: ([2014/02/17 13:57:46 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2682161959-1779162038-2818794823-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Power Management] C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4 - HKU\S-1-5-21-2682161959-1779162038-2818794823-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: PokerStars.fr - {90EAE591-7E7E-434a-8E28-ECFD00071806} - C:\Program Files\PokerStars.FR\PokerStarsUpdate.exe File not found
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2682161959-1779162038-2818794823-1000\..Trusted Domains: gap.eu ([secure-www] https in Sites de confiance)
O15 - HKU\S-1-5-21-2682161959-1779162038-2818794823-1000\..Trusted Domains: gap.eu ([www] http in Sites de confiance)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.51.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9794ECA8-6435-4A5E-BAD4-35F6B31C5077}: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [1998/10/15 13:10:06 | 000,000,229 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [1998/09/15 13:23:46 | 000,168,448 | R--- | M] (Sierra On-Line, Inc.) - D:\autorun.exe -- [ CDFS ]
O33 - MountPoints2\{0ada335c-6a76-11e3-8846-e89a8f544727}\Shell - "" = AutoRun
O33 - MountPoints2\{0ada335c-6a76-11e3-8846-e89a8f544727}\Shell\AutoRun\command - "" = D:\autorun.exe -- [1998/09/15 13:23:46 | 000,168,448 | R--- | M] (Sierra On-Line, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2014/02/17 13:55:16 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/02/17 01:01:48 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2014/02/17 00:55:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
[2014/02/17 00:54:52 | 000,000,000 | ---D | C] -- C:\Users\mary\AppData\Roaming\ZHP
[2014/02/17 00:41:36 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/17 00:16:35 | 000,000,000 | ---D | C] -- C:\ProgramData\CDB
[2014/02/17 00:14:33 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2014/02/16 16:56:07 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2014/02/16 16:55:47 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2014/02/16 16:55:47 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2014/02/16 16:55:47 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2014/02/14 23:07:50 | 000,000,000 | ---D | C] -- C:\Users\mary\AppData\Local\PirritSuggestor
[2014/02/14 03:21:37 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/02/14 03:21:36 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/02/14 03:21:36 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014/02/14 03:21:35 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2014/02/14 03:21:33 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014/02/14 03:21:33 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/02/14 03:21:32 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014/02/14 03:21:32 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014/02/14 03:21:31 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/02/14 03:21:31 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2014/02/14 03:21:30 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2014/02/14 03:21:30 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2014/02/14 03:21:29 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2014/02/14 03:21:28 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/02/14 03:21:21 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/02/14 03:21:14 | 004,244,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/02/13 21:58:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2014/02/13 21:57:54 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2014/02/13 21:57:54 | 001,987,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2014/02/13 21:57:42 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2014/02/13 21:57:42 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2014/02/13 21:57:41 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2014/02/13 21:57:40 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2014/02/13 21:57:38 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2014/02/13 21:57:37 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2014/02/13 21:57:36 | 000,390,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2014/02/13 21:57:34 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2014/02/13 21:57:34 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2014/02/04 17:23:10 | 000,000,000 | ---D | C] -- C:\Users\mary\AppData\Roaming\HamsterSoft
[2014/02/04 17:23:10 | 000,000,000 | ---D | C] -- C:\Program Files\Hamster Soft
[2014/02/04 14:53:39 | 000,000,000 | ---D | C] -- C:\Users\mary\Documents\YouTubeDownloads
[2014/02/04 14:52:57 | 000,000,000 | ---D | C] -- C:\Users\mary\AppData\Local\FlvtoYoutubeDownloader
[2014/02/04 14:52:53 | 000,000,000 | ---D | C] -- C:\Users\mary\AppData\Roaming\FlvtoConverter
[2014/02/04 14:46:36 | 000,000,000 | ---D | C] -- C:\Users\mary\AppData\Local\Flvto Youtube Downloader
[2013/07/28 13:44:37 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup-1.75.0.1300.exe
[2013/07/28 13:43:25 | 005,011,575 | ---- | C] (Nicolas Coolman ) -- C:\Program Files\ZHPDiag2.exe
[2013/06/26 21:03:09 | 002,017,632 | ---- | C] (Acresso Software Inc. ) -- C:\Program Files\LGUnitedMobileDriver S4981MAN38AP22 ML WHQL Ver 3.8.1.exe
[2013/06/26 20:49:36 | 117,278,240 | ---- | C] (LG Electronics) -- C:\Program Files\LG-PC-Suite-5.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2014/02/17 14:25:27 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/17 14:24:04 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/17 13:57:46 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2014/02/17 13:27:23 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2014/02/17 10:42:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/17 01:00:47 | 000,016,160 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/17 01:00:47 | 000,016,160 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/17 00:49:26 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/17 00:48:29 | 795,762,688 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/17 00:17:57 | 000,000,163 | ---- | M] () -- C:\Windows\Reimage.ini
[2014/02/15 12:08:51 | 000,704,714 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2014/02/15 12:08:51 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/02/15 12:08:51 | 000,130,988 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2014/02/15 12:08:51 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/02/14 23:39:54 | 000,001,040 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2014/02/13 00:31:52 | 000,044,555 | ---- | M] () -- C:\Users\mary\Documents\tarifs-piscine-soissons-2014.pdf
[2014/02/13 00:31:44 | 000,169,740 | ---- | M] () -- C:\Users\mary\Documents\activites-piscine-2014-soissons.pdf
[2014/02/06 11:20:26 | 002,724,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/02/06 11:19:55 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2014/02/06 11:01:36 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014/02/06 11:00:46 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2014/02/06 10:52:56 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/02/06 10:52:21 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014/02/06 10:49:22 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/02/06 10:47:22 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/02/06 10:47:18 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2014/02/06 10:46:27 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2014/02/06 10:34:32 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014/02/06 10:25:43 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014/02/06 10:25:36 | 004,244,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/02/06 10:13:13 | 000,524,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/02/06 10:09:30 | 001,964,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/02/06 09:34:31 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2014/02/05 15:26:33 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/02/05 15:26:32 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/01/30 18:52:16 | 000,114,392 | ---- | M] () -- C:\Users\mary\Desktop\facture Sfr Roy Sébastien.pdf
[2014/01/30 02:26:15 | 000,027,695 | ---- | M] () -- C:\Users\mary\Desktop\ATTESTATION RETRAITRE POLE EMPLOI.pdf
[2014/01/28 12:00:23 | 001,341,546 | ---- | M] () -- C:\Users\mary\Desktop\CAM00233.jpg
[2014/01/26 23:27:59 | 000,002,059 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/01/26 23:27:41 | 000,775,952 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2014/01/26 23:27:41 | 000,064,168 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswstm.sys
[2014/01/26 23:27:40 | 000,410,784 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2014/01/26 23:27:40 | 000,067,824 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2014/01/26 23:27:35 | 000,270,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2014/01/26 23:27:35 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2014/02/17 00:11:50 | 000,000,163 | ---- | C] () -- C:\Windows\Reimage.ini
[2014/02/14 23:39:54 | 000,001,040 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2014/02/13 00:31:50 | 000,044,555 | ---- | C] () -- C:\Users\mary\Documents\tarifs-piscine-soissons-2014.pdf
[2014/02/13 00:31:02 | 000,169,740 | ---- | C] () -- C:\Users\mary\Documents\activites-piscine-2014-soissons.pdf
[2014/01/30 18:52:02 | 000,114,392 | ---- | C] () -- C:\Users\mary\Desktop\facture Sfr Roy Sébastien.pdf
[2014/01/30 02:25:31 | 000,027,695 | ---- | C] () -- C:\Users\mary\Desktop\ATTESTATION RETRAITRE POLE EMPLOI.pdf
[2014/01/28 12:00:20 | 001,341,546 | ---- | C] () -- C:\Users\mary\Desktop\CAM00233.jpg
[2014/01/11 11:46:41 | 000,180,248 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2014/01/11 11:46:40 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/12/23 13:09:06 | 000,000,073 | ---- | C] () -- C:\Windows\wininit.ini
[2013/12/23 13:04:05 | 000,000,326 | ---- | C] () -- C:\Windows\SIERRA.INI
[2013/08/15 18:19:03 | 000,180,074 | ---- | C] () -- C:\Windows\hpoins44.dat
[2013/08/15 18:19:03 | 000,000,512 | ---- | C] () -- C:\Windows\hpomdl44.dat
[2013/08/15 18:03:44 | 123,627,352 | ---- | C] () -- C:\Program Files\DJ_AIO_06_F2400_NonNet_Full_Win_fra_140_175.exe
[2013/07/30 22:26:23 | 001,110,476 | ---- | C] () -- C:\Program Files\7z920 [1].exe
[2013/07/28 09:45:19 | 002,622,944 | ---- | C] () -- C:\Program Files\ccleaner.exe
[2012/12/10 16:49:06 | 000,000,671 | ---- | C] () -- C:\Users\mary\Bibliothèques - Raccourci.lnk
[2012/08/29 19:13:04 | 000,000,039 | ---- | C] () -- C:\Windows\spwdrpa.INI
[2012/03/30 07:44:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2012/03/30 07:44:28 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

Malekal_morte- · Answer

Relance OTL. 
o sous Personnalisation (Custom Scan), copie_colle le contenu du cadre ci dessous (bien prendre :OTL en début).
Clic Correction (Fix), un rapport apparraitra, copie/colle le contenu ici:  

:OTL
[2014/02/14 23:07:50 | 000,000,000 | ---D | C] -- C:\Users\mary\AppData\Local\PirritSuggestor 
 
* poste le rapport ici 

Redémarre l'ordinateur

Ch3rry02 · Answer

========== OTL ==========
C:\Users\mary\AppData\Local\PirritSuggestor folder moved successfully.
 
OTL by OldTimer - Version 3.2.69.0 log created on 02172014_175630

Ch3rry02 · Answer

Apparemment ça va mieux plus de pop up, vous pensez que mon pc est désinfecté maintenant ?

Malekal_morte- · Answer

well done !


Installe Malwarebyte's Anti-Malware : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Fais des scans réguliers avec, il est efficace.



Pour ne plus te faire avoir.
A lire - Programmes parasites / PUPs : https://www.malekal.com/adwares-pup-protection/

Ch3rry02 · Answer

Merci beaucoup je croyais ne jamais m'en débarrasser !!!

macrelo · Answer

Bonjour,
j'ai le même problème avec bestadbid et je n'arrive pas à m'en débarrasser , quelqu'un pourrait il m'aider .
Merci

Supprimer bestadbid / Pirrit - Page 2

Discussions similaires

Newsletters