Seite 1 von 3 123 LetzteLetzte
Ergebnis 1 bis 10 von 23

Thema: Windows 7 Logfiles

  1. #1
    Einsteiger
    Registriert seit
    20.10.2009
    Beiträge
    23

    Windows Vista Logfiles

    Hallo Ihr Lieben,

    ich war schon lange nicht mehr hier, brauche aber wieder Eure fachliche Hilfe.

    Eine Bekanntin von uns hat dauernd Probleme mit ihrem Rechner (diverse Pop-up Fenster, langsames Verhalten, usw.).

    Was ich bereits gemacht habe :
    - zuerst ihren Rechner von allen temporären Dateien bereinigt (mit ClearProg. Sie hatte über 3900 Cookies auf dem Rechner, und fast 5 Gb temporäre Dateien!)
    - mehrere Scans (mit Malwarebytes) gemacht, mit Reboot dazwischen, bis beim letzten Scan nichts mehr zu finden war (siehe unten beigefügte Logfiles von Malwarebytes)
    - ein Antivirus auf den Rechner installiert (Antivir)
    - HijackThis gestartet.

    Könntest Ihr bitte folgender Logfile von HijackThis bewerten?
    (eventuell auch die Logfiles von Malwarebytes?)

    Im voraus Danke für Eure Hilfe.

    Viele Grüsse,

    Thierry

    ___________________________________

    Logfile von HijackThis (11.08.2012 10:43)

    Code:
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:43:38, on 11/08/2012
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v9.00 (9.00.8112.16447)
    Boot mode: Normal
    
    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Acer\Empowering Technology\SysMonitor.exe
    C:\Windows\System32\nvraidservice.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam\Quickcam.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Windows\System32\wpcumi.exe
    C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Allmyapps\AllmyappsNotifier.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\taskmgr.exe
    C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Users\admin\Desktop\HiJackThis204.exe
    
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/yco...//fr.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Link...acer.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/yco...//fr.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: DVDVideoSoftTB - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
    O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
    O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\SetApanel.cmd
    O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
    O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
    O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [Skytel] Skytel.exe
    O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [RegistryBooster] "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000 
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [updchecker] C:\Users\admin\AppData\Roaming\updchecker.exe
    O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKCU\..\Run: [Facebook Update] "C:\Users\admin\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    O4 - HKCU\..\Run: [Nero MediaHome 4] "C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN
    O4 - HKCU\..\Run: [Allmyapps] "C:\Program Files\Allmyapps\AllmyappsNotifier.exe" startup
    O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
    O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Startup: tcbhn.lnk = admin\AppData\Roaming\BrowserCompanion\tcbhn.exe
    O4 - Global Startup: Empowering Technology Launcher.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Free YouTube Download - C:\Users\admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
    O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe
    O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
    O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe
    O23 - Service: @%SystemRoot%\system32\dhcpcsvc.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe
    O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe
    O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\emdmgmt.dll,-1000 (EMDMgmt) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (Eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Service Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: hpqcxs08 - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: Service HP CUE DeviceDiscovery (hpqddsvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-200 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe
    O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe
    O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
    O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: Net Driver HPZ12 - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe
    O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\netprof.dll,-246 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
    O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe
    O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe
    O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe
    O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe
    O23 - Service: @%SystemRoot%\system32\SLUINotify.dll,-103 (SLUINotify) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe
    O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe
    O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe
    O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe
    O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100 (WPFFontCache_v0400) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe
    O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe
    
    --
    End of file - 28637 bytes
    ___________________________________

    Erster Logfile von Malwarebytes (11.08.2012 09:19)

    Code:
    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org
    
    Version de la base de données: v2012.08.11.01
    
    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    admin :: PC-DE-ADMIN [administrateur]
    
    11/08/2012 9:19:13
    mbam-log-2012-08-11 (09-19-13).txt
    
    Type d'examen: Examen rapide
    Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
    Options d'examen désactivées: P2P
    Elément(s) analysé(s): 242854
    Temps écoulé: 8 minute(s), 56 seconde(s)
    
    Processus mémoire détecté(s): 0
    (Aucun élément nuisible détecté)
    
    Module(s) mémoire détecté(s): 1
    C:\Program Files\BrowserCompanion\updatebhoWin32.dll (PUP.Blabbers) -> Aucune action effectuée.
    
    Clé(s) du Registre détectée(s): 59
    HKCR\CLSID\{00cbb66b-1d3b-46d3-9577-323a336acb50} (PUP.Blabbers) -> Aucune action effectuée.
    HKCR\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833} (PUP.Blabbers) -> Aucune action effectuée.
    HKCR\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} (PUP.Blabbers) -> Aucune action effectuée.
    HKCR\wit4ie.WitBHO.2 (PUP.Blabbers) -> Aucune action effectuée.
    HKCR\wit4ie.WitBHO (PUP.Blabbers) -> Aucune action effectuée.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Aucune action effectuée.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Aucune action effectuée.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Aucune action effectuée.
    HKCR\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} (PUP.Blabbers) -> Aucune action effectuée.
    HKCR\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> Aucune action effectuée.
    HKCR\tdataprotocol.CTData.1 (PUP.Blabbers) -> Aucune action effectuée.
    HKCR\tdataprotocol.CTData (PUP.Blabbers) -> Aucune action effectuée.
    HKCR\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Aucune action effectuée.
    HKCR\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} (PUP.Blabbers) -> Aucune action effectuée.
    HKCR\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} (PUP.Blabbers) -> Aucune action effectuée.
    HKCR\updatebho.TimerBHO.1 (PUP.Blabbers) -> Aucune action effectuée.
    HKCR\updatebho.TimerBHO (PUP.Blabbers) -> Aucune action effectuée.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Aucune action effectuée.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Aucune action effectuée.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Aucune action effectuée.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion (PUP.Blabbers) -> Aucune action effectuée.
    HKCR\PROTOCOLS\HANDLER\BASE64 (PUP.Blabbers) -> Aucune action effectuée.
    HKCR\PROTOCOLS\HANDLER\CHROME (PUP.Blabbers) -> Aucune action effectuée.
    HKCR\PROTOCOLS\HANDLER\PROX (PUP.Blabbers) -> Aucune action effectuée.
    HKCR\AppID\{D2083641-E57F-4eab-BB85-0582424F4A29} (Adware.HotBar.CP) -> Mis en quarantaine et supprimé avec succès.
    HKCR\CLSID\{1602F07D-8BF3-4c08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Mis en quarantaine et supprimé avec succès.
    HKCR\TypeLib\{C55CA95C-324B-451c-B2D2-6E895AA75FEC} (Adware.ClickPotato) -> Mis en quarantaine et supprimé avec succès.
    HKCR\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D} (Adware.ClickPotato) -> Mis en quarantaine et supprimé avec succès.
    HKCR\ClickPotatoLiteAX.info.1 (Adware.ClickPotato) -> Mis en quarantaine et supprimé avec succès.
    HKCR\ClickPotatoLiteAX.info (Adware.ClickPotato) -> Mis en quarantaine et supprimé avec succès.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Mis en quarantaine et supprimé avec succès.
    HKCR\CLSID\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Mis en quarantaine et supprimé avec succès.
    HKCR\ClickPotatoLiteAX.UserProfiles.1 (Adware.ClickPotato) -> Mis en quarantaine et supprimé avec succès.
    HKCR\ClickPotatoLiteAX.UserProfiles (Adware.ClickPotato) -> Mis en quarantaine et supprimé avec succès.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Mis en quarantaine et supprimé avec succès.
    HKCR\Typelib\{B035BA6B-57CD-4F72-B545-65BE465FCAF6} (Adware.ShoppingReport2) -> Mis en quarantaine et supprimé avec succès.
    HKCR\Typelib\{D44FD6F0-9746-484E-B5C4-C66688393872} (Adware.ShoppingReport2) -> Mis en quarantaine et supprimé avec succès.
    HKCR\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C} (Adware.ShoppingReport2) -> Mis en quarantaine et supprimé avec succès.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Mis en quarantaine et supprimé avec succès.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4f36-8D02-8C43722EE5DA} (Adware.Hotbar) -> Mis en quarantaine et supprimé avec succès.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Mis en quarantaine et supprimé avec succès.
    HKCR\MenuButtonIE.ButtonIE (Adware.ClickPotato) -> Mis en quarantaine et supprimé avec succès.
    HKCR\MenuButtonIE.ButtonIE.1 (Adware.ClickPotato) -> Mis en quarantaine et supprimé avec succès.
    HKCR\ShoppingReport2.HbAx (Adware.ShopperReports) -> Mis en quarantaine et supprimé avec succès.
    HKCR\ShoppingReport2.HbAx.1 (Adware.ShopperReports) -> Mis en quarantaine et supprimé avec succès.
    HKCR\ShoppingReport2.HbInfoBand (Adware.ShopperReports) -> Mis en quarantaine et supprimé avec succès.
    HKCR\ShoppingReport2.HbInfoBand.1 (Adware.ShopperReports) -> Mis en quarantaine et supprimé avec succès.
    HKCR\ShoppingReport2.IEButton (Adware.ShopperReports) -> Mis en quarantaine et supprimé avec succès.
    HKCR\ShoppingReport2.IEButton.1 (Adware.ShopperReports) -> Mis en quarantaine et supprimé avec succès.
    HKCR\ShoppingReport2.IEButtonA (Adware.ShopperReports) -> Mis en quarantaine et supprimé avec succès.
    HKCR\ShoppingReport2.IEButtonA.1 (Adware.ShopperReports) -> Mis en quarantaine et supprimé avec succès.
    HKCR\ShoppingReport2.RprtCtrl (Adware.ShopperReports) -> Mis en quarantaine et supprimé avec succès.
    HKCR\ShoppingReport2.RprtCtrl.1 (Adware.ShopperReports) -> Mis en quarantaine et supprimé avec succès.
    HKCR\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Mis en quarantaine et supprimé avec succès.
    HKCU\Software\clickpotatolitesa (Adware.ClickPotato) -> Mis en quarantaine et supprimé avec succès.
    HKCU\Software\Minoral (Adware.GabPath) -> Mis en quarantaine et supprimé avec succès.
    HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Minoral (Adware.GabPath) -> Mis en quarantaine et supprimé avec succès.
    HKLM\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Mis en quarantaine et supprimé avec succès.
    HKLM\SYSTEM\CurrentControlSet\Services\QueryScan Service (Adware.QueryScan) -> Mis en quarantaine et supprimé avec succès.
    
    Valeur(s) du Registre détectée(s): 5
    HKCR\protocols\Handler\base64|CLSID (PUP.Blabbers) -> Données: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Aucune action effectuée.
    HKCR\protocols\Handler\chrome|CLSID (PUP.Blabbers) -> Données: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Aucune action effectuée.
    HKCR\protocols\Handler\prox|CLSID (PUP.Blabbers) -> Données: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Aucune action effectuée.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Minoral (Adware.GabPath) -> Données: C:\Users\admin\AppData\Roaming\Minoral\minoral.exe -> Mis en quarantaine et supprimé avec succès.
    HKLM\SOFTWARE\Mozilla\Firefox\extensions|ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) -> Données: C:\Program Files\ClickPotatoLite\bin\10.0.668.0\firefox\extensions -> Mis en quarantaine et supprimé avec succès.
    
    Elément(s) de données du Registre détecté(s): 0
    (Aucun élément nuisible détecté)
    
    Dossier(s) détecté(s): 12
    C:\Program Files\BrowserCompanion (PUP.Blabbers) -> Aucune action effectuée.
    C:\Users\admin\AppData\Roaming\Minoral (Adware.GabPath) -> Mis en quarantaine et supprimé avec succès.
    C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Mis en quarantaine et supprimé avec succès.
    C:\ProgramData\ClickPotatoLiteSA (Adware.ClickPotato) -> Mis en quarantaine et supprimé avec succès.
    C:\Users\admin\AppData\Roaming\ClickPotatoLite (Adware.ClickPotato) -> Mis en quarantaine et supprimé avec succès.
    C:\Program Files\ClickPotatoLite (Adware.ClickPotato) -> Mis en quarantaine et supprimé avec succès.
    C:\Program Files\ClickPotatoLite\bin (Adware.ClickPotato) -> Mis en quarantaine et supprimé avec succès.
    C:\Program Files\ClickPotatoLite\bin\10.0.668.0 (Adware.ClickPotato) -> Mis en quarantaine et supprimé avec succès.
    C:\Program Files\ClickPotatoLite\bin\10.0.668.0\firefox (Adware.ClickPotato) -> Mis en quarantaine et supprimé avec succès.
    C:\Program Files\ClickPotatoLite\bin\10.0.668.0\firefox\extensions (Adware.ClickPotato) -> Mis en quarantaine et supprimé avec succès.
    C:\Program Files\ClickPotatoLite\bin\10.0.668.0\firefox\extensions\plugins (Adware.ClickPotato) -> Mis en quarantaine et supprimé avec succès.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato (Adware.ClickPotato) -> Mis en quarantaine et supprimé avec succès.
    
    Fichier(s) détecté(s): 25
    C:\Program Files\BrowserCompanion\jsloader.dll (PUP.Blabbers) -> Aucune action effectuée.
    C:\Program Files\BrowserCompanion\tdataprotocol.dll (PUP.Blabbers) -> Aucune action effectuée.
    C:\Program Files\BrowserCompanion\updatebhoWin32.dll (PUP.Blabbers) -> Aucune action effectuée.
    C:\Users\admin\Downloads\SoftonicDownloader_fuer_minecraft.exe (PUP.ToolbarDownloader) -> Aucune action effectuée.
    C:\Users\Lucas\Downloads\ADLSoft_UnCompressor.exe (PUP.Adware.InstallCore) -> Aucune action effectuée.
    C:\Users\Lucas\Downloads\SoftonicDownloader_fuer_minecraft.exe (PUP.ToolbarDownloader) -> Aucune action effectuée.
    C:\Program Files\BrowserCompanion\blabbers-ff-full.xpi (PUP.Blabbers) -> Aucune action effectuée.
    C:\Program Files\BrowserCompanion\blabbers-ch.crx (PUP.Blabbers) -> Aucune action effectuée.
    C:\Program Files\BrowserCompanion\logo.ico (PUP.Blabbers) -> Aucune action effectuée.
    C:\Program Files\BrowserCompanion\toolbar.dll (PUP.Blabbers) -> Aucune action effectuée.
    C:\Program Files\BrowserCompanion\uninstall.exe (PUP.Blabbers) -> Aucune action effectuée.
    C:\Program Files\BrowserCompanion\updater.ini (PUP.Blabbers) -> Aucune action effectuée.
    C:\Program Files\BrowserCompanion\widgetserv.exe (PUP.Blabbers) -> Aucune action effectuée.
    C:\Users\Lucas\AppData\Local\Temp\is1293846689\IWantThisAD_ROW.exe (Adware.GamePlayLabs) -> Mis en quarantaine et supprimé avec succès.
    C:\Users\admin\AppData\Roaming\Minoral\config.cfg (Adware.GabPath) -> Mis en quarantaine et supprimé avec succès.
    C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA.dat (Adware.ClickPotato) -> Mis en quarantaine et supprimé avec succès.
    C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAAbout.mht (Adware.ClickPotato) -> Mis en quarantaine et supprimé avec succès.
    C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAau.dat (Adware.ClickPotato) -> Mis en quarantaine et supprimé avec succès.
    C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAEULA.mht (Adware.ClickPotato) -> Mis en quarantaine et supprimé avec succès.
    C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA_kyf.dat (Adware.ClickPotato) -> Mis en quarantaine et supprimé avec succès.
    C:\Program Files\ClickPotatoLite\bin\10.0.668.0\LaunchHelp.dll (Adware.ClickPotato) -> Mis en quarantaine et supprimé avec succès.
    C:\Program Files\ClickPotatoLite\bin\10.0.668.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> Mis en quarantaine et supprimé avec succès.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\About Us.lnk (Adware.ClickPotato) -> Mis en quarantaine et supprimé avec succès.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Customer Support.lnk (Adware.ClickPotato) -> Mis en quarantaine et supprimé avec succès.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Uninstall Instructions.lnk (Adware.ClickPotato) -> Mis en quarantaine et supprimé avec succès.
    
    (fin)
    ___________________________________

    Zweiter Logfile von Malwarebytes (11.08.2012 10:23)

    Code:
    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org
    
    Version de la base de données: v2012.08.11.01
    
    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    admin :: PC-DE-ADMIN [administrateur]
    
    11/08/2012 10:23:00
    mbam-log-2012-08-11 (10-23-00).txt
    
    Type d'examen: Examen rapide
    Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
    Options d'examen désactivées: P2P
    Elément(s) analysé(s): 242422
    Temps écoulé: 7 minute(s), 2 seconde(s)
    
    Processus mémoire détecté(s): 0
    (Aucun élément nuisible détecté)
    
    Module(s) mémoire détecté(s): 1
    C:\Program Files\BrowserCompanion\updatebhoWin32.dll (PUP.Blabbers) -> Suppression au redémarrage.
    
    Clé(s) du Registre détectée(s): 24
    HKCR\CLSID\{00cbb66b-1d3b-46d3-9577-323a336acb50} (PUP.Blabbers) -> Mis en quarantaine et supprimé avec succès.
    HKCR\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833} (PUP.Blabbers) -> Mis en quarantaine et supprimé avec succès.
    HKCR\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} (PUP.Blabbers) -> Mis en quarantaine et supprimé avec succès.
    HKCR\wit4ie.WitBHO.2 (PUP.Blabbers) -> Mis en quarantaine et supprimé avec succès.
    HKCR\wit4ie.WitBHO (PUP.Blabbers) -> Mis en quarantaine et supprimé avec succès.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Mis en quarantaine et supprimé avec succès.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Mis en quarantaine et supprimé avec succès.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Mis en quarantaine et supprimé avec succès.
    HKCR\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} (PUP.Blabbers) -> Mis en quarantaine et supprimé avec succès.
    HKCR\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> Mis en quarantaine et supprimé avec succès.
    HKCR\tdataprotocol.CTData.1 (PUP.Blabbers) -> Mis en quarantaine et supprimé avec succès.
    HKCR\tdataprotocol.CTData (PUP.Blabbers) -> Mis en quarantaine et supprimé avec succès.
    HKCR\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Mis en quarantaine et supprimé avec succès.
    HKCR\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} (PUP.Blabbers) -> Mis en quarantaine et supprimé avec succès.
    HKCR\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} (PUP.Blabbers) -> Mis en quarantaine et supprimé avec succès.
    HKCR\updatebho.TimerBHO.1 (PUP.Blabbers) -> Mis en quarantaine et supprimé avec succès.
    HKCR\updatebho.TimerBHO (PUP.Blabbers) -> Mis en quarantaine et supprimé avec succès.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Mis en quarantaine et supprimé avec succès.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Mis en quarantaine et supprimé avec succès.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Mis en quarantaine et supprimé avec succès.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion (PUP.Blabbers) -> Mis en quarantaine et supprimé avec succès.
    HKCR\PROTOCOLS\HANDLER\BASE64 (PUP.Blabbers) -> Mis en quarantaine et supprimé avec succès.
    HKCR\PROTOCOLS\HANDLER\CHROME (PUP.Blabbers) -> Mis en quarantaine et supprimé avec succès.
    HKCR\PROTOCOLS\HANDLER\PROX (PUP.Blabbers) -> Mis en quarantaine et supprimé avec succès.
    
    Valeur(s) du Registre détectée(s): 3
    HKCR\protocols\Handler\base64|CLSID (PUP.Blabbers) -> Données: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Mis en quarantaine et supprimé avec succès.
    HKCR\protocols\Handler\chrome|CLSID (PUP.Blabbers) -> Données: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Mis en quarantaine et supprimé avec succès.
    HKCR\protocols\Handler\prox|CLSID (PUP.Blabbers) -> Données: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Mis en quarantaine et supprimé avec succès.
    
    Elément(s) de données du Registre détecté(s): 0
    (Aucun élément nuisible détecté)
    
    Dossier(s) détecté(s): 1
    C:\Program Files\BrowserCompanion (PUP.Blabbers) -> Suppression au redémarrage.
    
    Fichier(s) détecté(s): 13
    C:\Program Files\BrowserCompanion\jsloader.dll (PUP.Blabbers) -> Mis en quarantaine et supprimé avec succès.
    C:\Program Files\BrowserCompanion\tdataprotocol.dll (PUP.Blabbers) -> Mis en quarantaine et supprimé avec succès.
    C:\Program Files\BrowserCompanion\updatebhoWin32.dll (PUP.Blabbers) -> Suppression au redémarrage.
    C:\Users\admin\Downloads\SoftonicDownloader_fuer_minecraft.exe (PUP.ToolbarDownloader) -> Mis en quarantaine et supprimé avec succès.
    C:\Users\Lucas\Downloads\ADLSoft_UnCompressor.exe (PUP.Adware.InstallCore) -> Mis en quarantaine et supprimé avec succès.
    C:\Users\Lucas\Downloads\SoftonicDownloader_fuer_minecraft.exe (PUP.ToolbarDownloader) -> Mis en quarantaine et supprimé avec succès.
    C:\Program Files\BrowserCompanion\blabbers-ff-full.xpi (PUP.Blabbers) -> Mis en quarantaine et supprimé avec succès.
    C:\Program Files\BrowserCompanion\blabbers-ch.crx (PUP.Blabbers) -> Mis en quarantaine et supprimé avec succès.
    C:\Program Files\BrowserCompanion\logo.ico (PUP.Blabbers) -> Mis en quarantaine et supprimé avec succès.
    C:\Program Files\BrowserCompanion\toolbar.dll (PUP.Blabbers) -> Mis en quarantaine et supprimé avec succès.
    C:\Program Files\BrowserCompanion\uninstall.exe (PUP.Blabbers) -> Mis en quarantaine et supprimé avec succès.
    C:\Program Files\BrowserCompanion\updater.ini (PUP.Blabbers) -> Mis en quarantaine et supprimé avec succès.
    C:\Program Files\BrowserCompanion\widgetserv.exe (PUP.Blabbers) -> Mis en quarantaine et supprimé avec succès.
    
    (fin)
    ___________________________________

    Dritter Logfile von Malwarebytes (11.08.2012 10:23)

    Code:
    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org
    
    Version de la base de données: v2012.08.11.01
    
    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    admin :: PC-DE-ADMIN [administrateur]
    
    11/08/2012 10:59:17
    mbam-log-2012-08-11 (10-59-17).txt
    
    Type d'examen: Examen rapide
    Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
    Options d'examen désactivées: P2P
    Elément(s) analysé(s): 242955
    Temps écoulé: 9 minute(s), 27 seconde(s)
    
    Processus mémoire détecté(s): 0
    (Aucun élément nuisible détecté)
    
    Module(s) mémoire détecté(s): 0
    (Aucun élément nuisible détecté)
    
    Clé(s) du Registre détectée(s): 0
    (Aucun élément nuisible détecté)
    
    Valeur(s) du Registre détectée(s): 0
    (Aucun élément nuisible détecté)
    
    Elément(s) de données du Registre détecté(s): 0
    (Aucun élément nuisible détecté)
    
    Dossier(s) détecté(s): 0
    (Aucun élément nuisible détecté)
    
    Fichier(s) détecté(s): 0
    (Aucun élément nuisible détecté)
    
    (fin)
    Geändert von kira (13.08.2012 um 07:35 Uhr)

  2. #2
    Moderator (global) Team-Mitglied Avatar von kira
    Registriert seit
    28.03.2006
    Ort
    Wien/Sprachen: Deutsch-Ungarisch
    Beiträge
    29.728

    AW: Windows Vista Logfiles

    Herzlich Willkommen hier bei uns am HijackThis Supportboard!

    **Bevor du mit Teil 1. der Aufgabe beginnst: HIER KLICKEN UND SORGFÄLTIG DURCHLESEN!** , und ich bitte um kurze Bestätigung, dass du dies gelesen und akzeptiert hast!
    Ein System zu bereinigen kann ein paar Tage dauern (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
    ► Unrechtmäßig erworbene Software (durch Keygen, Crack, Keymaker) wird hier nicht geduldet, in diesem Fall wird der Support eingestellt.!
    ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
    Bitte lese Dir zuerst in Ruhe die Anweisungen durch und Du sollst dabei die Reihenfolge einhalten! Ansonsten verlangsamt unsere Arbeit, wenn wir immer wieder noch an Kleinigkeiten nachschlagen müssen und dadurch eventuell die Übersicht verloren geht...


    Zitat Zitat von Thierry Beitrag anzeigen

    Was ich bereits gemacht habe :
    - ein Antivirus auf den Rechner installiert (Antivir)
    vorher kein Antivirus war installiert?
    im HJT-Log existiert nicht Antivir/Avira, sondern Avast!?

    ► Einiges zu tun wie es aussieht...!

    ► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, bzw nach einem anderen Verursacher suchen:
    **Vista und Win7 Verwender: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen

    1.
    Schliesse alle Programme einschliesslich Internet Explorer und fixe mit Hijackthis die Einträge aus der nachfolgenden Codebox (HijackThis mit Rechtsklick als Administrator starten-> `Do a system scan only`--> Einträge auswählen-> Häckhen setzen-> "Fix checked"klicken->PC neu aufstarten) - fixe NUR Die von mir angegebenen Einträge!:
    HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen
    O4 - HKCU\..\Run: [updchecker] C:\Users\admin\AppData\Roaming\updchecker.exe
    O4 - Startup: tcbhn.lnk = admin\AppData\Roaming\BrowserCompanion\tcbhn.exe
    2.
    Code:
    Uniblue RegistryBooster
    Sogenannte Optimierungstool, Registry-Säuberungs-Programm gibt es viele! Die Hersteller versprechen weitaus mehr, als letztlich wirklich halten können. Ich rate Dir also dringend davon ab solche Tools einzusetzen, die so tief in die Registry eingreifen und "völlig automatisch" versuchen Windows zu optimieren,, da eine winzige Änderung in der Registry (z.B "falsch gelöschte" Einträge) kann fatale Folgen haben! Dann wundert man sich, dass Windows irgendwann lahmt oder Abstürze bringt! - Ich kann mir nicht vorstellen, dass irgendein Programm zwischen nützlichen und unnützen unterscheiden kann und "völlig automatisch" entscheiden kann, was Windows wirklich benötigt und was nicht! Fraglich auch, ob alle zuvor angelegten Sicherungsdateien bei Problemen einfach wiederherstellen kann, wie es der Hersteller versprochen hat?
    Windows garnix so dumm, wie oft behauptet wird! - Windows mit Eigenmittel zu beschleunigen, bietet an von Hause aus einen ordentlichen Werkzeugkoffer, mit guter Ausstattung für "Heimwerker":
    ...das Glück liegt darin, da weiß man wenigstens was man tut!
    Tipps:
    ► Wenn wir fertig sind, kannst "ausprobieren":

    System mit Windows-eigenen Mitteln bereinigen

    3.
    Code:
    Ares
    die Nutzung der von Filesharing (Filesharing (deutsch "Dateifreigabe" oder "gemeinsamer Dateizugriff", wörtlich "Dateien teilen") )- Plattformen ...
    Internet-Tauschbörsen gehören leider zu den unseriösesten Anbietern, und dort werden sehr viele Schädlinge verbreitet, hierbei sollte deshalb, wenn überhaupt, nur ganz besonders vorsichtig umgegangen werden ! Laut Studien sind bei den Tauschbörsen bei 45% der zum Download angebotenen Dateien, Viren oder Würmer und sonstige Schädlinge enthalten!
    Hinzu kommt noch, dass die meisten Downloads von diesen Tauschbörsen eh illegal sind, und damit die Nutzer verleitet werden, „Straftaten“ zu begehen!
    Selbst wenn du glaubst, dass Du ein „sicheres“ P2P Programm verwendest, nicht mal das Programm selbst sicher, da Du wirst Daten von "uncertified Quellen" teilen, und diese werden häufig angesteckt...
    Ausserdem nicht nur trojanische Pferde oder andere Virentypen eine direkt Verbindung brauchen, sondern der Verwendung von µtorrent & Co, "telefonieren auch nach Hause", wenn auch noch keine Beweise vorliegen (zumindest teilweise nicht) und solchen Clients erlaubt, würde ich nicht empfehlen!
    Solange du solche Programme auf dein PC hast, wirst Du Dich laufend mit etwas Problematik konfrontieren müssen!

    4.
    Windows Defender:
    neben 1 AV-Scanner und 1 Firewall garnix erst nötig. Belastung für das System nur und kann auch unerwünschte Reaktionen auslösen (da sich die Programme in die Quere kommen können), daher ist es ratsam ihn abzustellen. Microsoft meinte, Vista und Win 7 sind nicht so angreifbar wie XP und deshalb kommen ohne AV-Programm, also die Win eigene FW + Windefender gut zu Recht...Will nicht sagen, so dass die Virenprogrammierer intelligenter sind, als der Microsoft-Gründer Bill Gates, aber er hat sich geirrt
    Bitte dich ihn so zu deaktivieren: -> http://windows.microsoft.com/de-AT/w...nder-on-or-off
    Windows Defender komplett deaktivieren

    Start => Systemsteuerung => Klassische Ansicht => Windows Defender oder
    Windows Defender starten (C:\Programme\Windows Defender\MSASCui.exe)

    Extras => Optionen => Automatische Überprüfung => Haken bei "Computer automatisch überprüfen" entfernen.
    Extras => Optionen => Echtzeitschutz => Haken bei "Echtzeitschutz aktivieren" entfernen.
    Extras => Optionen => Administrator => Haken bei "Dieses Programm verwenden" entfernen.

    Start => services.msc ins Suchfeld eingeben.
    Es öffnet sich das Fenster der Dienste
    Doppelklick auf den Dienst "Windows Defender"
    Starttyp auf "Manuell" umstellen.
    Dienststatus beenden, falls der Dienst noch gestartet ist.
    ► Nach einem Neustart (falls noch existirt) unter "Start-> ausführen-> "msconfig" (reinschreiben ohne ""-> OK -> Systemstart kontrolliere, ob mitläuft?! - ggf Häckhen rausnehmen
    ► Unter Dienste:
    Start -> Ausführen -> "Services.msc" -> (reinschreiben ohne ""-> OK" - "Eigenschaften"-> "Stop" -> Starttyp "Deaktiviert" auswählen

    5.
    ► ► einen reibungslosen Arbeit am PC gewehrleisten zu können, Empfehlungen/Vorschläge:
    An deiner Stelle würde ich aus dem Autostart folgende Programme rausnehmen:
    Beim Hochfahren von Windows werden einige Programme mit gestartet, die sich (mit oder ohne Zustimmung des Users) im Autostart eingetragen haben
    Je mehr Programme hier aufgeführt sind, umso langsamer startet Windows. Deshalb kann es sinnvoll sein, Software die man nicht unbedingt immer benötigt, aus dem Autostart zu entfernen.- Bei allem Häkchen weg was nicht starten soll.
    Die Programme bleiben dabei erhalten, falls man braucht, kann jederzeit manuell gestartet werden!

    Code:
    Du solltest nie deaktivieren :
    Grafiktreibers
    Firewall
    Antivirenprogramm
    Sound
    Es ist immer Benutzerspezifisch (ein allgemein gültiges Rezept gibt es nicht), Tipps kann ich Dir geben

    ► Vista u. Win7: "Start -> Alle Programme-> Zubehör-> Ausführen" .. und gibst Du "msconfig" (ohne "") ein ->OK -> Systemstart-> Häckhen weg

    (Autostart-Einträge, die Du nicht findest, einfach mit HijackThis fixen:
    Alle Programme, Browser etc schließen→ HijackTis starten→ "Do a system scan only" anklicken→ Eintrag auswählen→ "Fix checked"klicken→ PC neu aufstarten
    HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen
    Code:
    O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
    O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
    O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [Skytel] Skytel.exe
    O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [Facebook Update] "C:\Users\admin\AppData\Local\Facebook\Update\FacebookUpdate .exe" /c /nocrashserver
    O4 - HKCU\..\Run: [Nero MediaHome 4] "C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN
    O4 - HKCU\..\Run: [Allmyapps] "C:\Program Files\Allmyapps\AllmyappsNotifier.exe" startup
    O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
    O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    Achtung!:
    Für die aufgelisteten Programme gelten zusätzlich, dass man nach Aktualisierung (AfterUpdate) erneut unter Start und Dienste nachkontrollieren ggf erneut deaktivieren muss!

    6.
    poste erneut - nach der vorgenommenen Reinigungsaktion:
    TrendMicro™ HijackThis™ -Logfile - Keine offenen Fenster, solang bis HijackThis läuft!!
    ► Rechtsklick auf HijackThis-> "Als administrator ausführen" wählen...(Wista und WIN 7)

    7.
    Keine offenen Fenster, solang bis HijackThis läuft!!
    ►Vista und Win7 - Rechtsklick auf HijackThis-> "Als administrator ausführen" wählen...
    -> HijackThis starten-> "Do a system scan and save a logfile" klicken (kurz warten) -> das erhaltene Logfile hier posten

    8.
    Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
    • Download den CCleaner
    • Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
    • starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
    • ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)


    9.
    Systemscan mit OTL

    Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
    • Doppelklick auf die OTL.exe
    • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
    • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
    • Unter Extra Registry, wähle bitte Use SafeList
    • Mache Häkchen bei LOP- und Purity-Prüfung
    • Klicke nun auf Run Scan links oben
    • Wenn der Scan beendet wurde werden 2 Logfiles erstellt OTL.txt und extra.txt
    • Poste die Logfiles in Code-Tags hier in den Thread.


    Bitte alle Ergebnisse im Code-Tags posten!

    vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
    hier kommt dein Logfile rein
    dahinter - also am Ende der Logdatei:[/code]

    Wie es geht:-> Logfiles in Code-Tags setzen
    gruß
    kira
    Geändert von kira (13.08.2012 um 09:03 Uhr)
    Warnung!:
    Vorsicht bei Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einem Verschlüsselungs-Trojaner infiziert sein!
    Anhang nicht öffnen, in unserem Forum erst nachfragen!

    Bitte diese Warnung weitergeben, wo Du nur kannst!
    Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
    Bitte diese Warnung weitergeben, wo Du nur kannst!

  3. #3
    Einsteiger
    Registriert seit
    20.10.2009
    Beiträge
    23

    AW: Windows 7 Logfiles

    Hallo Kira,

    vielen Dank für die schnelle Hilfe!

    Mir war gar nicht aufgefallen, dass auf ihrem Rechner Registry- und Filesharing-Programme laufen...

    Ich werde deine Ratschläge in Ruhe durchlesen (habe mich morgen mit unserer Bekanntin verabredet, damit wir weiter sehen können, was an ihrem Rechner noch zu machen ist). Ich melde mich danach wieder (morgen o. übermorgen).

    Viele Grüsse,

    Thierry

  4. #4
    Einsteiger
    Registriert seit
    20.10.2009
    Beiträge
    23

    Daumen hoch AW: Windows Vista Logfiles

    Hallo Kira,

    ich war heute bei unserer Bekanntin und habe versucht, deine Anweisungen zu befolgen.
    Es hat leider nicht alles geklappt.
    Bzw. ich habe nicht alles gefunden (siehe Details unten in meinem Bericht).

    Zur Info: ihr Sohn spielt auf dem Rechner, deshalb sind soviele Spiele drauf installiert.
    Zuviele???
    Jedenfalls ist auf der Festplatte nicht mehr viel Speicher frei...

    Ich habe ihren Rechner zu mir nach Hause mitgenommen, d.h. ich kann ab heute deine nächsten Anweisungen schneller befolgen (und nicht dauernd hin und her fahren...).

    Jetzt aber mein Bericht zu deinen Anweisungen.

    Viele Grüsse,

    Thierry


    Zitat Zitat von kira Beitrag anzeigen
    Bevor du mit Teil 1. der Aufgabe beginnst: HIER KLICKEN UND SORGFÄLTIG DURCHLESEN!**[/color][/b] [/u][/url], und ich bitte um kurze Bestätigung, dass du dies gelesen und akzeptiert hast!
    Ich bin schon länger Mitglied hier, aber selbstverständlich akzeptiere ich es nochmal.


    vorher kein Antivirus war installiert?
    im HJT-Log existiert nicht Antivir/Avira, sondern Avast!?
    Ja, vorher hatte sie Avast, aber eine Demoversion für 30 Tagen. Und da sie damit dauernd Popup-Fenster hatte, habe ich ihr einfach anstelle Antivir installiert.

    Schliesse alle Programme einschliesslich Internet Explorer und fixe mit Hijackthis die Einträge aus der nachfolgenden Codebox
    Wurde gemacht und den Rechner neu gestartet.
    Allerdings bekam ich folgende Meldung:
    For some reason your system denied write access to the Hosts file.
    Was heisst das?

    2.
    Code:
    Uniblue RegistryBooster
    Habe ich versucht zu löschen, aber komischerweise habe ich nur einen leeren Ordner gefunden!

    3.
    Code:
    Ares
    Ebenso versucht zu löschen. Der Ordner war noch da, aber leer! Auch die Shortcuts in Start/Programme waren noch da, aber keine Datei mehr dahinter.

    4.
    Windows Defender:
    neben 1 AV-Scanner und 1 Firewall garnix erst nötig. Belastung für das System nur und kann auch unerwünschte Reaktionen auslösen (da sich die Programme in die Quere kommen können), daher ist es ratsam ihn abzustellen. Microsoft meinte, Vista und Win 7 sind nicht so angreifbar wie XP und deshalb kommen ohne AV-Programm, also die Win eigene FW + Windefender gut zu Recht...Will nicht sagen, so dass die Virenprogrammierer intelligenter sind, als der Microsoft-Gründer Bill Gates, aber er hat sich geirrt
    Bitte dich ihn so zu deaktivieren: -> http://windows.microsoft.com/de-AT/w...nder-on-or-off
    Windows Defender komplett deaktivieren
    Windows Defender war bereits deaktiviert.

    5.
    ► ► einen reibungslosen Arbeit am PC gewehrleisten zu können, Empfehlungen/Vorschläge:
    An deiner Stelle würde ich aus dem Autostart folgende Programme rausnehmen:

    Code:
    O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
    O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
    O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [Skytel] Skytel.exe
    O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [Facebook Update] "C:\Users\admin\AppData\Local\Facebook\Update\FacebookUpdate .exe" /c /nocrashserver
    O4 - HKCU\..\Run: [Nero MediaHome 4] "C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN
    O4 - HKCU\..\Run: [Allmyapps] "C:\Program Files\Allmyapps\AllmyappsNotifier.exe" startup
    O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
    O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    Wurde gemacht.

    Nach dieser Reinigungsaktion kommt jetzt beim jedem PC-Start eine Fehlermeldung:
    Please wait while Windows configures HPPhotosmartEssential
    und :
    The feature you are trying to use is on a network resource that is unavailable.
    und :
    An installation package for the product HPPhotosmartEssential cannot be found. Try the installation again using a valid copy of the installation package 'HPPhotosmartEssential.msi'


    6.
    poste erneut - nach der vorgenommenen Reinigungsaktion:
    TrendMicro™ HijackThis™ -Logfile - Keine offenen Fenster, solang bis HijackThis läuft!!
    ► Rechtsklick auf HijackThis-> "Als administrator ausführen" wählen...(Wista und WIN 7)

    7.
    Keine offenen Fenster, solang bis HijackThis läuft!!
    ►Vista und Win7 - Rechtsklick auf HijackThis-> "Als administrator ausführen" wählen...
    -> HijackThis starten-> "Do a system scan and save a logfile" klicken (kurz warten) -> das erhaltene Logfile hier posten
    Hier das Logfile :

    Code:
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 17:33:17, on 14/08/2012
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v9.00 (9.00.8112.16447)
    Boot mode: Normal
    
    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\RtHDVCpl.exe
    C:\Windows\System32\nvraidservice.exe
    C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
    C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
    C:\Windows\system32\taskmgr.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Users\admin\Desktop\HiJackThis204.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*http://fr.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://fr.fr.acer.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*http://fr.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: DVDVideoSoftTB - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
    O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\SetApanel.cmd
    O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
    O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Global Startup: Empowering Technology Launcher.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Free YouTube Download - C:\Users\admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
    O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe
    O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira Echtzeit Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe
    O23 - Service: @%SystemRoot%\system32\dhcpcsvc.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe
    O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe
    O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\emdmgmt.dll,-1000 (EMDMgmt) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (Eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Service Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: hpqcxs08 - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: Service HP CUE DeviceDiscovery (hpqddsvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-200 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe
    O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe
    O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
    O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: Net Driver HPZ12 - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe
    O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\netprof.dll,-246 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
    O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe
    O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe
    O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe
    O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe
    O23 - Service: @%SystemRoot%\system32\SLUINotify.dll,-103 (SLUINotify) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe
    O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe
    O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe
    O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: Windows Defender (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe
    O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100 (WPFFontCache_v0400) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe
    O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe
    
    --
    End of file - 25397 bytes

    CCleaner
    poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)[/list]
    Logfile :

    Code:
    • Acer Arcade Live Main Page Acer Inc. 18/07/2008 33,7MB 1.1.1206 Acer DV Magician Acer Inc. 18/07/2008 86,4MB 1.5.0621 Acer DVDivine Acer Inc. 18/07/2008 106MB 3.2.0621 Acer eDataSecurity Management HiTRUST Inc. 2/12/2007 41,2MB 2.5.4241 Acer Empowering Technology Acer Inc. 2/12/2007 127MB 2.5.4011 Acer ePerformance Management Acer Inc. 2/12/2007 2,71MB 2.5.4001 Acer HomeMedia Acer Inc. 18/07/2008 39,7MB 1.4.0621 Acer HomeMedia Connect Acer Inc. 18/07/2008 36,5MB 1.4.4221 Acer ScreenSaver Acer Inc. 18/07/2008 4.01.20070419 Acer SlideShow DVD Acer Inc. 18/07/2008 98,5MB 1.5.0621 Acer Tour Acer Inc. 2/12/2007 99,7MB 2.0.1005 Acer VideoMagician Acer Inc. 18/07/2008 183MB 1.4.0621 Activation Assistant for the 2007 Microsoft Office suites Microsoft Corporation 18/07/2008 14,0MB Adobe Acrobat 4.0 21/05/2011 Adobe AIR Adobe Systems Incorporated 12/10/2011 30,0MB 3.0.0.4080 Adobe Flash Player 10 Plugin Adobe Systems, Inc. 5/02/2010 1,81MB 10.0.32.18 Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 6/08/2012 11.3.300.270 Adobe Reader X (10.1.3) - Français Adobe Systems Incorporated 12/04/2012 162MB 10.1.3 Adobe Shockwave Player 11.6 Adobe Systems, Inc. 9/04/2012 8,10MB 11.6.4.634 Allmyapps Allmyapps 2/07/2012 7,40MB 1.5.0.2 Alpha Polaris German Demo Version 1.0.0 Turmoil Games 20/12/2011 458MB 1.0.0 Angry Birds Rio Rovio 27/05/2012 50,6MB 1.2.2 Apple Application Support Apple Inc. 13/12/2011 61,2MB 2.1.6 Apple Mobile Device Support Apple Inc. 13/12/2011 24,3MB 4.0.0.97 Apple Software Update Apple Inc. 13/12/2011 2,38MB 2.1.3.127 ATI Catalyst Install Manager ATI Technologies, Inc. 18/07/2008 13,8MB 3.0.634.0 Autobahn Raser II 18/05/2011 211MB Avira Free Antivirus Avira 11/08/2012 176MB 12.0.0.1167 Big Kahuna Reef 2 Oberon Media 18/07/2008 38,0MB Bonjour Apple Inc. 13/12/2011 1,02MB 3.0.0.10 Bricks of Egypt Oberon Media 18/07/2008 6,16MB Bus-Simulator 2009 astragon Software GmbH 9/08/2011 547MB Caillous Vorschule 5/03/2010 171MB 1.00.000 CCleaner Piriform 24/07/2012 4,82MB 3.21 ClearProg 1.6.0 Final Sven Hoffman 11/08/2012 652KB 1.6.0 Final Cobra 11 - Crash Time (remove only) 25/02/2011 3,13GB Cobra 11 - Highway Nights (remove only) 22/03/2012 2,34GB Coffret de pilotes Logitech QuickCam 19/11/2008 Der Polarexpress THQ 25/03/2011 1,07GB 1.00.0000 Die Sims™ Inselgeschichten Electronic Arts 30/11/2011 2,92GB Die Völker Gold Edition JoWooD Studio Vienna 20/03/2010 204MB 3.0 Driving Speed 2.0 WheelSpin Studios 2/07/2012 211MB DVDVideoSoftTB Toolbar DVDVideoSoftTB 17/12/2011 4,81MB 6.8.2.0 eSobi v2 esobi Inc. 2/12/2007 13,6MB 2.0.1.00133 Euro Truck Simulator 1.00 8/04/2011 353MB 1.00 Facebook Video Calling 1.2.0.159 Skype Limited 31/03/2012 9,53MB 1.2.159 Feuerwache 1.16 20/12/2011 900MB Flight ePlaybus.com 19/05/2012 9,30MB FlightGear v2.6.0.1 The FlightGear Team 20/05/2012 1,17GB Free YouTube Download version 3.0.19.1206 DVDVideoSoft Ltd. 17/12/2011 11,9MB Galapago Oberon Media 18/07/2008 41,6MB Google Chrome Google Inc. 1/09/2011 248MB 21.0.1180.77 Google Toolbar for Internet Explorer Google Inc. 21/03/2012 11,0MB 7.3.2710.138 Google*Earth Google 24/11/2011 92,7MB 6.1.0.5001 GRID Codemasters 23/01/2011 10,1GB 1.00.0000 GTA2 20/05/2012 2,44MB 1.00.001 HP Customer Participation Program 10.0 HP 16/05/2011 252MB 10.0 HP Imaging Device Functions 10.0 HP 16/05/2011 3,21MB 10.0 HP Photosmart All-In-One Driver Software 10.0 Rel .2 HP 16/05/2011 22,0MB 10.0 HP Photosmart Essential 3.5 HP 16/05/2011 2,40MB 3.5 HP Smart Web Printing HP 16/05/2011 8,28MB 3.5 HP Solution Center 10.0 HP 16/05/2011 3,20MB 10.0 HP Update Hewlett-Packard 30/05/2011 3,92MB 5.003.001.001 iTunes Apple Inc. 27/02/2012 170MB 10.5.3.3 Java(TM) 6 Update 33 Oracle 27/05/2012 95,7MB 6.0.330 Jewel Quest Solitaire Oberon Media 18/07/2008 26,6MB Landwirtschafts Simulator 2011 GIANTS Software 14/08/2011 763MB 1.0 LiveUpdate 3.2 (Symantec Corporation) Symantec Corporation 20/11/2008 8,54MB 3.2.0.68 LiveUpdate Notice (Symantec Corporation) Symantec Corporation 20/11/2008 7,58MB 1.4.5 Logitech Desktop Messenger Logitech, Inc. 19/11/2008 11,6MB 2.54.11 Logitech QuickCam Logitech Inc. 20/11/2008 26,3MB 11.80.1065 Luxor 2 Oberon Media 18/07/2008 23,5MB Malwarebytes Anti-Malware version 1.62.0.1300 Malwarebytes Corporation 11/08/2012 11,8MB 1.62.0.1300 MCF Ravenhearst Oberon Media 18/07/2008 72,6MB Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 21/06/2009 36,9MB Microsoft .NET Framework 4 Client Profile Microsoft Corporation 30/06/2010 120MB 4.0.30319 Microsoft Flight Microsoft Studios 1/03/2012 2,22GB 1.0.0000.129 Microsoft Flight Simulator 98 9/08/2011 78,1MB Microsoft Flight Simulator X Demo Microsoft Game Studios 11/09/2011 1,09GB 1.00.0000 Microsoft Games for Windows - LIVE Redistributable Microsoft Corporation 1/03/2012 31,3MB 3.5.92.0 Microsoft Games for Windows Marketplace Microsoft Corporation 1/03/2012 6,03MB 3.5.50.0 Microsoft Office File Validation Add-In Microsoft Corporation 15/09/2011 7,95MB 14.0.5130.5003 Microsoft Office Home and Student 2007 Microsoft Corporation 16/02/2012 334MB 12.0.6612.1000 Microsoft Silverlight Microsoft Corporation 10/05/2012 20,3MB 4.1.10329.0 Microsoft Train Simulator 21/05/2011 1,63GB Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 29/07/2009 251KB 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 16/06/2011 294KB 8.0.59193 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 1/03/2012 234KB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 24/12/2011 588KB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 25/12/2011 594KB 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 21/05/2012 15,0MB 10.0.40219 Microsoft Works Microsoft Corporation 16/12/2009 263MB 08.05.0822 Minecraft version 1.2.3 Mojang AB. 4/05/2012 980KB 1.2.3 Module linguistique Microsoft .NET Framework 3.5 SP1- fra Microsoft Corporation 30/07/2009 36,9MB Module linguistique Microsoft .NET Framework 4 Client Profile FRA Microsoft Corporation 30/06/2010 19,1MB 4.0.30319 MSXML 4.0 SP2 (KB936181) Microsoft Corporation 2/12/2007 1,27MB 4.20.9848.0 MSXML 4.0 SP2 (KB941833) Microsoft Corporation 29/09/2008 1,26MB 4.20.9849.0 MSXML 4.0 SP2 (KB954430) Microsoft Corporation 15/11/2008 1,27MB 4.20.9870.0 MSXML 4.0 SP2 (KB973688) Microsoft Corporation 24/11/2009 1,33MB 4.20.9876.0 MSXML 4.0 SP2 Parser and SDK Microsoft Corporation 11/09/2011 36,0KB 4.20.9818.0 Mystery Case Files - Prime Suspects Oberon Media 18/07/2008 39,0MB Nero MediaHome 4 Trial Nero AG 15/04/2012 Norton Security Scan Symantec Corporation 30/10/2011 12,1MB 3.5.1.8 NTI Backup NOW! 4.7 NewTech Infosystems 2/12/2007 7,25MB 1.00.0000 NTI CD & DVD-Maker NewTech Infosystems 2/12/2007 40,1MB 7 NVIDIA Display Control Panel NVIDIA Corporation 15/05/2011 25,8MB 6.14.12.5896 NVIDIA Drivers NVIDIA Corporation 15/05/2011 1.10.62.40 OCR Software by I.R.I.S. 10.0 HP 16/05/2011 3,20MB 10.0 OpenAL 20/12/2011 788KB Picasa 3 Google, Inc. 18/11/2010 55,9MB 3.8 ProtectDisc Driver, Version 11 ProtectDisc Software GmbH 2/11/2011 96,0KB 11.0.0.11 QuickTime Apple Inc. 5/03/2010 78,6MB 7.4.5.67 Realtek High Definition Audio Driver Realtek Semiconductor Corp. 2/12/2007 15,4MB 6.0.1.5497 Registry Mechanic 10.0 PC Tools 16/12/2010 22,5MB 10.0 Rescue Helicopter Play Sunshine Ltd 20/12/2011 391MB 1.00.0000 Schiffsim 2006 24/05/2011 222MB Shop for HP Supplies HP 16/05/2011 252MB 10.0 simfy simfy GmbH 12/10/2011 3,14MB 1.5.2 Skype™ 3.8 Skype Technologies S.A. 19/11/2008 30,2MB 3.8.180 Spelling Dictionaries Support For Adobe Reader 8 Adobe Systems 6/05/2009 32,5MB 8.0.0 Spreng- und Abriss-Simulator 15/05/2011 850MB Spybot - Search & Destroy Safer Networking Limited 11/08/2012 49,9MB 1.6.2 Street Racer Media Contact LLC 2/07/2012 132MB 1.0 Touren Wagen 2010 Playsunshine 20/12/2011 930MB 1.00.0000 Traktor Racer media Verlagsgesellschaft mbH 18/03/2011 416MB 1.5 Treasures of the Deep Oberon Media 18/07/2008 28,0MB Truck Racing by Renault Trucks Game Seed/Ai Wave 20/12/2011 0.2.7.6 Unity Web Player Unity Technologies ApS 24/04/2012 208KB VLC media player 1.1.11 VideoLAN 17/12/2011 80,0MB 1.1.11 Windows Live Microsoft Corporation 15/05/2011 15.4.3502.0922 XviD MPEG-4 Video Codec XviD Team (Koepi) 20/12/2011 204KB XviD-1.0.2-29082004 Zahlenbuch 4 15/09/2009 113MB Zuma Deluxe Oberon Media 18/07/2008 7,67MB
    Systemscan mit OTL
    Poste die Logfiles hier in den Thread.
    Logfiles :

    Code:
    OTL logfile created on: 14/08/2012 17:59:55 - Run 1
    OTL by OldTimer - Version 3.2.57.0     Folder = C:\Users\admin\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 0000080C | Country: Belgique | Language: FRB | Date Format: d/MM/yyyy
     
    3,00 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 67,86% Memory free
    6,19 Gb Paging File | 5,22 Gb Available in Paging File | 84,30% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 143,79 Gb Total Space | 16,48 Gb Free Space | 11,46% Space Free | Partition Type: NTFS
    Drive D: | 143,46 Gb Total Space | 134,15 Gb Free Space | 93,51% Space Free | Partition Type: NTFS
    Drive E: | 30,95 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
    Drive F: | 1,92 Gb Total Space | 0,74 Gb Free Space | 38,52% Space Free | Partition Type: FAT
    Drive K: | 4,32 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
     
    Computer Name: PC-DE-ADMIN | User Name: admin | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Processes (SafeList) ==========
     
    PRC - C:\Users\admin\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
    PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
    PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
    PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
    PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    PRC - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
    PRC - C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
    PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
    PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
    PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
    PRC - C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)
    PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    PRC - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
    PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
    PRC - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe (Acer Inc.)
    PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
    PRC - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
    PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)
    PRC - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()
     
     
    ========== Modules (No Company Name) ==========
     
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8bbcd31ecc8edc7d1f9cdd83ef2bb2d3\System.ServiceProcess.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
    MOD - C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\clntutil.dll ()
    MOD - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSPS.dll ()
    MOD - C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll ()
    MOD - C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll ()
    MOD - C:\Acer\Empowering Technology\ePerformance\fr\ePerformance.Plugin.resources.dll ()
    MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Plugin.dll ()
    MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Presenter.dll ()
    MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Library.dll ()
    MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Model.dll ()
    MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Model.Interface.dll ()
    MOD - C:\Acer\Empowering Technology\MemCheck.Interface.dll ()
    MOD - C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll ()
     
     
    ========== Win32 Services (SafeList) ==========
     
    SRV - (LiveUpdate Notice Ex) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon File not found
    SRV - (CLTNetCnService) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon File not found
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
    SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
    SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    SRV - (PCToolsSSDMonitorSvc) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
    SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
    SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
    SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
    SRV - (LiveUpdate) -- C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (Symantec Corporation)
    SRV - (Planificateur LiveUpdate automatique) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
    SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
    SRV - (Acer HomeMedia Connect Service) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
    SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)
    SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()
     
     
    ========== Driver Services (SafeList) ==========
     
    DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
    DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
    DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
    DRV - (ewakqnan) -- C:\Windows\system32\drivers\ewakqnan.sys File not found
    DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
    DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
    DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
    DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
    DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
    DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
    DRV - (LVUVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
    DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
    DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
    DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
    DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
    DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)
    DRV - (nvrd32) -- C:\Windows\System32\drivers\nvrd32.sys (NVIDIA Corporation)
    DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
    DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
    DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys (Acer, Inc.)
    DRV - (WSVD) -- C:\Windows\System32\drivers\WSVD.sys (Wasay)
     
     
    ========== Standard Registry (SafeList) ==========
     
     
    ========== Internet Explorer ==========
     
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
    IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
     
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*http://fr.yahoo.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
    IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADSA_fr
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
     
     
    ========== FireFox ==========
     
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\admin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
     
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}: C:\Users\admin\AppData\Roaming\Mozilla\FireFox\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}
     
    [2010/02/06 15:11:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Extensions
    [2010/02/06 15:11:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
     
    ========== Chrome  ==========
     
    CHR - homepage: http://www.google.com/
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.com/
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\admin\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin:  (Enabled) = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\chromeNPAPI.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Unity Player (Enabled) = C:\Users\admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\admin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - Extension: YouTube = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Browser Companion Helper = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\
    CHR - Extension: Recherche Google = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: avast! WebRep = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
    CHR - Extension: Gmail = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
     
    O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: ::1             localhost
    O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
    O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
    O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
    O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [Acer Tour]  File not found
    O4 - HKLM..\Run: [Apanel] C:\ACERSW\config\SetApanel.cmd File not found
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
    O4 - HKLM..\Run: [eRecoveryService]  File not found
    O4 - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
    O4 - HKCU..\Run: [Acer Tour Reminder]  File not found
    O4 - HKCU..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: Free YouTube Download - C:\Users\admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
    O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O13 - gopher Prefix: missing
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
    O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{67B5A412-8B12-4D65-98E9-560BDC88673F}: DhcpNameServer = 192.168.2.1
    O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
    O24 - Desktop BackupWallPaper: C:\Users\admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2006/11/16 11:51:39 | 000,000,159 | R--- | M] () - K:\autorun.inf -- [ CDFS ]
    O33 - MountPoints2\{6d0e9311-e624-11e1-9608-001d927d6557}\Shell - "" = AutoRun
    O33 - MountPoints2\{6d0e9311-e624-11e1-9608-001d927d6557}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- [2006/11/16 13:26:52 | 001,095,224 | R--- | M] ()
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
     
    ========== Files/Folders - Created Within 30 Days ==========
     
    [2012/08/14 17:54:51 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
    [2012/08/14 17:37:44 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2012/08/14 17:36:33 | 003,907,920 | ---- | C] (Piriform Ltd) -- C:\Users\admin\Desktop\ccsetup321.exe
    [2012/08/14 15:58:54 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\backups
    [2012/08/14 15:57:01 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\admin\Desktop\HiJackThis204.exe
    [2012/08/11 12:18:44 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Avira
    [2012/08/11 12:13:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
    [2012/08/11 12:13:41 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
    [2012/08/11 12:13:39 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
    [2012/08/11 12:13:39 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
    [2012/08/11 12:13:39 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
    [2012/08/11 12:13:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
    [2012/08/11 12:13:32 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
    [2012/08/11 12:07:39 | 000,157,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
    [2012/08/11 12:07:39 | 000,149,296 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
    [2012/08/11 12:07:39 | 000,149,296 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
    [2012/08/11 11:16:02 | 000,000,000 | RH-D | C] -- C:\Users\admin\Desktop\Thierry_11082012
    [2012/08/11 11:03:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
    [2012/08/11 11:03:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2012/08/11 11:03:03 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
    [2012/08/11 09:18:17 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Malwarebytes
    [2012/08/11 09:18:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/08/11 09:18:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/08/11 09:18:05 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/08/11 09:18:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/08/11 09:10:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClearProg
    [2012/08/11 09:10:16 | 000,000,000 | ---D | C] -- C:\Program Files\ClearProg
    [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\*.tmp files -> C:\*.tmp -> ]
     
    ========== Files - Modified Within 30 Days ==========
     
    [2012/08/14 17:56:45 | 000,074,597 | ---- | M] () -- C:\ProgramData\nvModes.dat
    [2012/08/14 17:56:45 | 000,074,597 | ---- | M] () -- C:\ProgramData\nvModes.001
    [2012/08/14 17:56:39 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/08/14 17:56:17 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/08/14 17:56:17 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/08/14 17:56:12 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
    [2012/08/14 17:56:09 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
    [2012/08/14 17:56:06 | 3220,348,928 | -HS- | M] () -- C:\hiberfil.sys
    [2012/08/14 17:37:45 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2012/08/14 17:36:47 | 003,907,920 | ---- | M] (Piriform Ltd) -- C:\Users\admin\Desktop\ccsetup321.exe
    [2012/08/14 17:36:13 | 000,679,008 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
    [2012/08/14 17:36:13 | 000,596,002 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/08/14 17:36:13 | 000,126,624 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
    [2012/08/14 17:36:13 | 000,104,076 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/08/14 17:30:00 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/08/14 17:25:00 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/08/14 17:05:59 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2261853057-928347116-1421646640-1001UA.job
    [2012/08/14 17:05:59 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2261853057-928347116-1421646640-1001Core.job
    [2012/08/14 16:33:06 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2012/08/14 16:23:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2261853057-928347116-1421646640-1000UA.job
    [2012/08/14 16:23:00 | 000,001,074 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2261853057-928347116-1421646640-1000Core.job
    [2012/08/14 14:11:56 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
    [2012/08/12 21:29:35 | 000,002,687 | ---- | M] () -- C:\Users\admin\Desktop\Microsoft Office Word 2007.lnk
    [2012/08/11 21:24:31 | 000,000,254 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
    [2012/08/11 15:43:02 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for admin.job
    [2012/08/11 12:13:50 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
    [2012/08/11 09:32:24 | 002,832,386 | ---- | M] () -- C:\Users\admin\Documents\DépannagePC11082012.rtf
    [2012/08/10 18:34:39 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\admin\Desktop\HiJackThis204.exe
    [2012/08/06 16:25:41 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
    [2012/08/06 16:25:41 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2012/07/26 15:59:45 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
    [2012/07/18 18:04:42 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
    [2012/07/18 18:04:42 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
    [2012/07/18 18:04:42 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
    [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\*.tmp files -> C:\*.tmp -> ]
     
    ========== Files Created - No Company Name ==========
     
    [2012/08/14 17:37:45 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2012/08/11 12:13:50 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
    [2012/08/11 09:32:24 | 002,832,386 | ---- | C] () -- C:\Users\admin\Documents\DépannagePC11082012.rtf
    [2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
    [2011/08/09 17:21:17 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
    [2011/05/21 17:52:47 | 000,000,000 | ---- | C] () -- C:\Users\admin\AppData\Roaming\FileOut.cns
    [2011/05/21 17:52:47 | 000,000,000 | ---- | C] () -- C:\Users\admin\AppData\Roaming\FileIn.cns
    [2011/05/18 18:30:04 | 000,240,640 | ---- | C] () -- C:\Windows\System32\NMOCOD.DLL
    [2011/05/18 18:30:04 | 000,035,328 | ---- | C] () -- C:\Windows\System32\INETWH32.DLL
    [2011/05/16 16:04:24 | 000,019,579 | ---- | C] () -- C:\Windows\hpqins13.dat
    [2011/05/16 12:36:32 | 000,186,990 | ---- | C] () -- C:\Windows\hpoins21.dat
    [2011/05/15 22:29:17 | 000,074,597 | ---- | C] () -- C:\ProgramData\nvModes.001
    [2011/05/15 22:29:16 | 000,074,597 | ---- | C] () -- C:\ProgramData\nvModes.dat
    [2010/12/17 22:41:17 | 000,037,336 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe
    [2010/11/18 23:03:47 | 000,000,680 | ---- | C] () -- C:\Users\admin\AppData\Local\d3d9caps.dat
    [2010/05/29 14:28:28 | 004,341,481 | ---- | C] () -- C:\Users\admin\copie-copie.xps
    [2008/11/22 02:13:40 | 000,008,687 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
    [2008/11/21 13:37:05 | 000,000,664 | RHS- | C] () -- C:\Users\admin\ntuser.pol
    [2008/11/20 23:16:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2008/09/28 11:42:41 | 000,076,800 | ---- | C] () -- C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
     
    ========== LOP Check ==========
     
    [2012/04/24 16:57:13 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\.minecraft
    [2012/05/06 11:25:19 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Allmyapps
    [2012/08/14 15:37:51 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\BrowserCompanion
    [2011/12/18 13:57:33 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\DVDVideoSoft
    [2011/12/18 13:56:44 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\DVDVideoSoftIEHelpers
    [2008/07/28 19:32:47 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\eSobi
    [2012/05/20 19:42:13 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\flightgear.org
    [2008/11/20 20:33:47 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Leadertech
    [2011/03/10 18:29:07 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\ProtectDisc
    [2011/02/01 18:54:22 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Registry Mechanic
    [2012/05/28 18:22:15 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Rovio
    [2011/07/27 15:44:26 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Simfy
    [2012/05/20 19:39:57 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Subversion
    [2010/11/17 18:26:36 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Uniblue
    [2012/03/23 15:15:28 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\wargaming.net
    [2012/08/14 16:23:00 | 000,001,074 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2261853057-928347116-1421646640-1000Core.job
    [2012/08/14 16:23:00 | 000,001,096 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2261853057-928347116-1421646640-1000UA.job
    [2012/08/14 17:05:59 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2261853057-928347116-1421646640-1001Core.job
    [2012/08/14 17:05:59 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2261853057-928347116-1421646640-1001UA.job
    [2012/08/11 21:24:31 | 000,000,254 | ---- | M] () -- C:\Windows\Tasks\RMSchedule.job
    [2012/08/14 17:55:21 | 000,032,500 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
     
    ========== Purity Check ==========
     
     
     
    ========== Alternate Data Streams ==========
     
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:9F683177
    @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:A95A95AC
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:B203B914
    @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:0D31DA45
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:94188BC6
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:131C0EE9
    @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:AA9519A6
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:798A3728
    @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:B623B5B8
    @Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:D1B5B4F1
    @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:0A73A758
    
    < End of report >
    Und :

    Code:
    OTL Extras logfile created on: 14/08/2012 17:59:55 - Run 1
    OTL by OldTimer - Version 3.2.57.0     Folder = C:\Users\admin\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 0000080C | Country: Belgique | Language: FRB | Date Format: d/MM/yyyy
     
    3,00 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 67,86% Memory free
    6,19 Gb Paging File | 5,22 Gb Available in Paging File | 84,30% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 143,79 Gb Total Space | 16,48 Gb Free Space | 11,46% Space Free | Partition Type: NTFS
    Drive D: | 143,46 Gb Total Space | 134,15 Gb Free Space | 93,51% Space Free | Partition Type: NTFS
    Drive E: | 30,95 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
    Drive F: | 1,92 Gb Total Space | 0,74 Gb Free Space | 38,52% Space Free | Partition Type: FAT
    Drive K: | 4,32 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
     
    Computer Name: PC-DE-ADMIN | User Name: admin | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Extra Registry (SafeList) ==========
     
     
    ========== File Associations ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
     
    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found
     
    ========== Shell Spawning ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
     
    ========== Security Center Settings ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "UacDisableNotify" = 0
    "InternetSettingsDisableNotify" = 0
    "AutoUpdateDisableNotify" = 0
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
     
    ========== Firewall Settings ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    ========== Authorized Applications List ==========
     
     
    ========== Vista Active Open Ports Exception List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0D8FEA4E-3CDE-4667-9221-8F7977550546}" = lport=138 | protocol=17 | dir=in | app=system | 
    "{13D6C7FA-8157-4664-920B-F7AEF2301500}" = rport=139 | protocol=6 | dir=out | app=system | 
    "{1A39F7E2-6BBC-47B3-A98B-6E448890831E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
    "{1B1DEE8F-E384-4896-80C4-81D69504E3C7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
    "{22F1BF09-A05D-4831-BB21-2BE73C0E2D5D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
    "{27101933-90B5-4C9E-BFD7-3F9D2222A4F0}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
    "{3DB813D2-081F-4FA6-B9CD-E12E0842DA15}" = lport=139 | protocol=6 | dir=in | app=system | 
    "{4A63C3CF-623A-45EF-812D-2CA90B4DA257}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
    "{56D006FD-3DBB-4DA4-8173-E2AAC1089F22}" = rport=445 | protocol=6 | dir=out | app=system | 
    "{572BC408-85B1-48D1-89DF-D6522BE4D17A}" = lport=2869 | protocol=6 | dir=in | app=system | 
    "{60AE4E98-6BBD-452D-AC0F-8F5A53085CBE}" = lport=137 | protocol=17 | dir=in | app=system | 
    "{60EFD7DC-F0E4-40F7-A264-2EF988F2C765}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
    "{77EC3C13-F304-4B57-BEB8-19FD86DB5F04}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
    "{87AA5E62-FF93-41AC-9A7C-9CE912C56BBF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
    "{9041BB34-08E9-4AE2-90C4-D083C00FF681}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
    "{9351B6A8-6525-42D8-8A60-114CBBDCBF73}" = lport=445 | protocol=6 | dir=in | app=system | 
    "{9DE5FED9-3EC9-4AAC-AD73-26117BA2DF0A}" = rport=138 | protocol=17 | dir=out | app=system | 
    "{A1570310-EAE3-431F-8B12-19ABB8677285}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
    "{D140DCCE-C23C-4A8B-A3A1-B2FFE36D586A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
    "{D4C3B965-7BDC-40F5-B376-83BC142A9173}" = rport=137 | protocol=17 | dir=out | app=system | 
    "{D66DE74B-FDE0-4730-B565-6D5802128C45}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
    "{F6B6A439-FE56-4473-93AC-FB48497F1F4D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
     
    ========== Vista Active Application Exception List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{02050AE4-65DC-4D23-8D1D-96EBB79B9C65}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe | 
    "{06D480F9-4FD2-4942-A202-EE64BF734A70}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
    "{156CF632-BFAA-4684-9E9E-612A272B1FA4}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2011\game.exe | 
    "{17250F27-816F-4293-8E80-6C4A899E07AE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
    "{17A6146C-7865-4CDF-8FAE-1A9CA3CB3B47}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
    "{1D849CC6-81C3-43A3-988A-C8FFAECEF38C}" = protocol=17 | dir=in | app=c:\program files\codemasters\grid\grid.exe | 
    "{2A9B5F95-5D14-4D3A-8251-514D356AA3B6}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
    "{2C6EED45-7B25-44B1-8A9A-972EFE108A9F}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe | 
    "{2ED47240-F206-4606-8CDA-2F141807082E}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\acer homemedia connect.exe | 
    "{3165CDFE-58E4-4B2E-BEF5-05EBF0F08133}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe | 
    "{31724FA5-A704-4371-8785-95B3E4CB1173}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
    "{3B39D4DB-8743-4D78-95A1-50031116CC1E}" = dir=in | app=c:\program files\itunes\itunes.exe | 
    "{3F451A68-AEA2-4DAA-91FA-ED510599B926}" = protocol=6 | dir=in | app=c:\program files\nero\nero mediahome 4\nmmediaserverservice.exe | 
    "{458C2BA8-2326-474E-BE56-842684C31BB7}" = dir=in | app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe | 
    "{525532AE-23B8-4CB2-BECA-7C8E05C8D032}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2011\farmingsimulator2011.exe | 
    "{56EF2BE5-0B08-4C77-9955-3A604BADE2B4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
    "{57663711-7A17-46C2-A099-9395EEA04209}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
    "{5A04C65B-0E4C-4A57-815F-52A3E220EF77}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
    "{618B4CF8-A32C-4149-8BC4-A95DA6325D7E}" = protocol=17 | dir=in | app=c:\program files\nero\nero mediahome 4\nmmediaserverservice.exe | 
    "{6231FEF1-1672-46E4-9C5D-D35E19DA276A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
    "{6336D424-07D2-4C7C-A218-16AC61BE84DF}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
    "{6340EFB1-F743-49F7-8F50-0850B6686A53}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2011\farmingsimulator2011.exe | 
    "{6F3CFFA0-5213-4DA1-BB72-B3928A170C24}" = protocol=6 | dir=in | app=c:\program files\microsoft games\microsoft flight\flight.exe | 
    "{750CCA94-99EC-4D93-BDC0-C39FDC69C3AF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe | 
    "{785449E6-3709-49E8-B5B3-418E5A097602}" = protocol=17 | dir=in | app=c:\program files\microsoft games\microsoft flight\flight.exe | 
    "{7924BD4D-2BBF-4978-B786-0749480DF4A2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
    "{7C74C5B4-FA16-4F28-9ADA-0BC75A49CC01}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
    "{8365B123-45E6-4A93-80C6-059AE7F9F41D}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
    "{93FF44BB-8794-49D6-B3BA-831000AF1985}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
    "{A0C98F3C-40A7-412F-B08B-B347C494D76A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
    "{A2A9042C-682B-4FDE-82E9-09B6960701E3}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | 
    "{AA301195-B4FE-4148-8600-D16AD792EF04}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
    "{AB9FA94D-912A-49EF-8133-1658BAE7E862}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
    "{B84D5DAB-4DC0-4AF7-AC5B-637B3ACB45C9}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
    "{BA7F183C-0260-4659-8C57-3CF842FF30AA}" = dir=in | app=c:\program files\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe | 
    "{C1A94978-9C4A-44D9-85CC-976E4B256685}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
    "{C2191F0A-02E1-4345-985F-D7EB0C11AAF1}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\acer videomagician.exe | 
    "{C72C0064-7914-492D-84BC-9367CD83C255}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | 
    "{CF6BB183-55DB-4505-BB98-7B1CF40472D2}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2011\game.exe | 
    "{D161CFCE-9754-4164-811D-616BE4634E32}" = dir=in | app=c:\users\admin\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
    "{DB9E81CD-E999-4D30-9431-905A8CDF3057}" = dir=in | app=c:\program files\acer arcade live\acer dvdivine\acer dvdivine.exe | 
    "{E0B339E6-3F86-45A7-90F8-D9F567C497E7}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
    "{F61E8216-CE21-44D7-A083-8FD9EF88C629}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\acer dv magician.exe | 
    "{FDE3C5A9-20A2-4666-80CD-094CBF37C993}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\acer homemedia.exe | 
    "{FE8C5277-CD65-4EEA-9954-BC9AFC5D4DC9}" = protocol=6 | dir=in | app=c:\program files\codemasters\grid\grid.exe | 
    "TCP Query User{3463CA1B-D391-416C-BB36-E539B4491C54}C:\program files\truck_racing_by_renault_trucks\bin\rtr.exe" = protocol=6 | dir=in | app=c:\program files\truck_racing_by_renault_trucks\bin\rtr.exe | 
    "TCP Query User{4440D652-B06D-4776-B7A2-2D43534EACB2}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | 
    "TCP Query User{6CB686E9-A11B-40D5-8FF2-8AE0BA3471A1}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
    "TCP Query User{7579487F-B660-4E15-B9F3-B5D001E2B208}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
    "TCP Query User{82203925-917E-4257-AF47-5E648BB897D1}C:\program files\jowood\dvge\bin\dvge.exe" = protocol=6 | dir=in | app=c:\program files\jowood\dvge\bin\dvge.exe | 
    "TCP Query User{A3DC624D-64C8-403B-B280-C425D5E175E6}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
    "TCP Query User{A7291A2C-0A87-4060-9552-AE4E4B803BD8}C:\users\lucas\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=6 | dir=in | app=c:\users\lucas\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
    "TCP Query User{DADB00CB-0552-45C8-880B-34620068B751}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
    "TCP Query User{DAF96879-5445-4CF8-9FC1-F454BA85DDA4}C:\program files\traktor_racer\racer.dat" = protocol=6 | dir=in | app=c:\program files\traktor_racer\racer.dat | 
    "TCP Query User{E5CBF097-880D-46C4-97C1-898077ED232B}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
    "TCP Query User{F39CF675-37D5-41F3-AD13-A7E2A0F7B7CB}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe | 
    "UDP Query User{13AF11D3-CDE1-43D9-A1CF-9D24DCBB7519}C:\program files\traktor_racer\racer.dat" = protocol=17 | dir=in | app=c:\program files\traktor_racer\racer.dat | 
    "UDP Query User{2C5F8687-23C1-42CF-8452-CAB70F356115}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
    "UDP Query User{3064EAF0-9700-428C-AAE5-9E3B7411F1C1}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
    "UDP Query User{38BA1B37-ABB2-4642-9940-BD246F13C155}C:\program files\truck_racing_by_renault_trucks\bin\rtr.exe" = protocol=17 | dir=in | app=c:\program files\truck_racing_by_renault_trucks\bin\rtr.exe | 
    "UDP Query User{5F80DB44-7E41-41F8-9359-3F4ACC8E92F5}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
    "UDP Query User{768A83B9-7FD0-4AAD-B0CB-957B8B00BABD}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
    "UDP Query User{7A9CE4FE-0F81-4272-B241-2AE3B82C1F9C}C:\program files\jowood\dvge\bin\dvge.exe" = protocol=17 | dir=in | app=c:\program files\jowood\dvge\bin\dvge.exe | 
    "UDP Query User{7DDB0350-B9A5-4192-BCF5-FFBFE164F473}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
    "UDP Query User{8B0660E7-2BD5-46E3-8795-9CD747F4FBD2}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe | 
    "UDP Query User{BE603EA9-9C75-4FEA-BB10-308BC7C26904}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | 
    "UDP Query User{DA359AC2-F536-4DA1-B9E1-0B3457AD9DBF}C:\users\lucas\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=17 | dir=in | app=c:\users\lucas\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
     
    ========== HKEY_LOCAL_MACHINE Uninstall List ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01358C56-44F4-B8B3-8757-06F2A864A863}" = ATI Catalyst Install Manager
    "{09F56A49-A7B1-4AAB-95B9-D13094254AD1}" = Windows Live UX Platform Language Pack
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0D3CECCA-A589-ECCA-EC0B-2F98F2789F60}" = simfy
    "{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
    "{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack
    "{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
    "{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
    "{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
    "{137EA7E1-D30B-4373-B8B6-CB7E85107F6D}" = Angry Birds Rio
    "{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
    "{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
    "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
    "{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
    "{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{20B30DC1-E423-4939-B51D-05C58B0F9BBB}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{24ECFEDB-6CE0-48D0-8C34-EE4C5BC275BF}" = Die Völker Gold Edition
    "{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 33
    "{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
    "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
    "{32180A3A-F7F0-4BD9-924A-B3A271DD35AE}" = Caillous Vorschule
    "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
    "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
    "{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
    "{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
    "{3AF8FCCD-F51A-4014-9002-F195E1CBC876}" = Logitech QuickCam
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
    "{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
    "{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
    "{4834AF50-6C57-4E7F-9BA7-39E193EA543D}" = The Polar Express
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
    "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{4D5308D2-6B0A-4BB0-809F-AE1000028101}" = Microsoft Flight
    "{4D5308D2-DC8E-4658-A37C-351000008100}" = Microsoft Flight
    "{4DD88500-1EAB-4D87-8079-88214668B699}_is1" = Alpha Polaris German Demo Version 1.0.0
    "{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
    "{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
    "{58B25A0C-76A9-4138-B345-EC10857CEE92}_is1" = Flight
    "{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google*Earth
    "{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
    "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
    "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
    "{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
    "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
    "{64EEA791-0271-4B53-00AC-2BF05F5FBEF6}" = Die Sims™ Inselgeschichten
    "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
    "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
    "{6B1CB38D-E2E4-4a30-933D-EFDEBA76AD9C}" = Microsoft Works
    "{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
    "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
    "{7A92A322-1A10-4153-B551-D547AA9B4649}" = Traktor Racer
    "{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
    "{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
    "{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111263673}" = Treasures of the Deep
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111271497}" = Mystery Case Files - Prime Suspects
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11146090}" = Big Kahuna Reef 2
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11170417}" = Luxor 2
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112179547}" = MCF Ravenhearst
    "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
    "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
    "{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
    "{90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
    "{90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
    "{90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
    "{90120000-001F-0401-0000-0000000FF1CE}_HOMESTUDENTR_{3E8EA473-ECCE-405F-A9CA-59446AEADD3A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
    "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
    "{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
    "{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
    "{90120000-006E-040C-0000-0000000FF1CE}_HOMESTUDENTR_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007
    "{90120000-00A1-040C-0000-0000000FF1CE}_HOMESTUDENTR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
    "{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
    "{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
    "{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
    "{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
    "{AC76BA86-7AD7-1036-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Français
    "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
    "{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
    "{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
    "{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
    "{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
    "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
    "{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
    "{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
    "{b9be267c-e096-4cce-a4fd-f24eec004938}" = PS_AIO_02_ProductContext
    "{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min
    "{C708333C-B1B9-43be-B797-49FEC7A8D15B}" = C5200
    "{c762df08-e1a0-4a61-b8e6-72e105cfc28f}" = Nero MediaHome 4 Trial
    "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
    "{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
    "{cd0b9359-b716-4fd0-8e0a-09b3e312e8a4}" = PS_AIO_02_Software
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{cef78f86-19a8-4bbd-91fa-e9b6b2d37348}" = C5200_Help
    "{CF6AE90D-05E8-4D0B-AF79-94F9E1CA5601}" = Microsoft Flight Simulator X Demo
    "{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management
    "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
    "{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
    "{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
    "{DD920AB6-2DB9-48B7-8052-0A4F0C4277BC}" = MarketingReg
    "{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
    "{EB310467-DE6F-4C61-8F53-B88B3C19DD05}" = Touren Wagen 2010
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
    "{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
    "{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
    "{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
    "{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
    "{FCFBA290-CB48-4AF1-A241-2685AEDEDD66}" = Windows Live Family Safety
    "{FD2E172E-1937-488C-8AA2-AC4E623689CF}" = Rescue Helicopter
    "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
    "Adobe Acrobat 4.0" = Adobe Acrobat 4.0
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "Allmyapps" = Allmyapps
    "Autobahn Raser II" = Autobahn Raser II
    "Avira AntiVir Desktop" = Avira Free Antivirus
    "Bus-Simulator 2009_is1" = Bus-Simulator 2009
    "CCleaner" = CCleaner
    "ClearProg" = ClearProg 1.6.0 Final
    "CrashTime" = Cobra 11 - Crash Time (remove only)
    "Driving Speed 2_is1" = Driving Speed 2.0
    "DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
    "Euro Truck Simulator" = Euro Truck Simulator 1.00
    "FarmingSimulator2011DE_is1" = Landwirtschafts Simulator 2011
    "Feuerwache_is1" = Feuerwache 1.16
    "Flight Simulator 98" = Microsoft Flight Simulator 98
    "FlightGear_is1" = FlightGear v2.6.0.1
    "Free YouTube Download_is1" = Free YouTube Download version 3.0.19.1206
    "GFWL_{4D5308D2-DC8E-4658-A37C-351000008100}" = Microsoft Flight
    "Google Chrome" = Google Chrome
    "HighwayNights" = Cobra 11 - Highway Nights (remove only)
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "HP Imaging Device Functions" = HP Imaging Device Functions 10.0
    "HP Photosmart Essential" = HP Photosmart Essential 3.5
    "HP Smart Web Printing" = HP Smart Web Printing
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
    "HPExtendedCapabilities" = HP Customer Participation Program 10.0
    "HPOCR" = OCR Software by I.R.I.S. 10.0
    "InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
    "InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
    "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
    "InstallShield_{4834AF50-6C57-4E7F-9BA7-39E193EA543D}" = Der Polarexpress
    "InstallShield_{CF6AE90D-05E8-4D0B-AF79-94F9E1CA5601}" = Microsoft Flight Simulator X Demo
    "LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
    "lvdrivers_11.70" = Coffret de pilotes Logitech QuickCam
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA
    "Minecraft_is1" = Minecraft version 1.2.3
    "NSS" = Norton Security Scan
    "NVIDIA Display Control Panel" = NVIDIA Display Control Panel
    "NVIDIA Drivers" = NVIDIA Drivers
    "OpenAL" = OpenAL
    "Picasa 3" = Picasa 3
    "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
    "Registry Mechanic_is1" = Registry Mechanic 10.0
    "Schiffsim" = Schiffsim 2006
    "Shop for HP Supplies" = Shop for HP Supplies
    "Simfy" = simfy
    "Spreng- und Abriss-Simulator" = Spreng- und Abriss-Simulator
    "Street Racer_is1" = Street Racer
    "Train Simulator 1.0" = Microsoft Train Simulator
    "Truck Racing" = Truck Racing by Renault Trucks
    "VLC media player" = VLC media player 1.1.11
    "WinLiveSuite" = Windows Live
    "XviD_is1" = XviD MPEG-4 Video Codec
    "Zahlenbuch 4" = Zahlenbuch 4
     
    ========== HKEY_CURRENT_USER Uninstall List ==========
     
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "UnityWebPlayer" = Unity Web Player
     
    ========== Last 20 Event Log Errors ==========
     
    [ Application Events ]
    Error - 8/09/2011 11:01:53 | Computer Name = PC-de-admin | Source = Application Hang | ID = 1002
    Description = Le programme iexplore.exe version 9.0.8112.16421 a cessé d’interagir
     avec Windows et a été fermé. Pour déterminer si des informations supplémentaires
     sont disponibles, consultez l’historique du problème dans l’application Rapports
     et solutions aux problèmes du Panneau de configuration.  ID de processus*: 874  Heure
     de début*: 01cc6e3830f96068  Heure de fin*: 62
     
    Error - 10/09/2011 10:13:42 | Computer Name = PC-de-admin | Source = Application Hang | ID = 1002
    Description = Le programme iexplore.exe version 9.0.8112.16421 a cessé d’interagir
     avec Windows et a été fermé. Pour déterminer si des informations supplémentaires
     sont disponibles, consultez l’historique du problème dans l’application Rapports
     et solutions aux problèmes du Panneau de configuration.  ID de processus*: 13fc  Heure
     de début*: 01cc6fc3c408bfd4  Heure de fin*: 56
     
    Error - 10/09/2011 10:33:45 | Computer Name = PC-de-admin | Source = VSS | ID = 8194
    Description = 
     
    Error - 11/09/2011 9:39:50 | Computer Name = PC-de-admin | Source = VSS | ID = 8194
    Description = 
     
    Error - 11/09/2011 9:52:51 | Computer Name = PC-de-admin | Source = System Restore | ID = 8193
    Description = 
     
    Error - 16/09/2011 9:27:39 | Computer Name = PC-de-admin | Source = Application Hang | ID = 1002
    Description = Le programme iexplore.exe version 9.0.8112.16421 a cessé d’interagir
     avec Windows et a été fermé. Pour déterminer si des informations supplémentaires
     sont disponibles, consultez l’historique du problème dans l’application Rapports
     et solutions aux problèmes du Panneau de configuration.  ID de processus*: f24  Heure
     de début*: 01cc747442958cf3  Heure de fin*: 8
     
    Error - 20/09/2011 11:35:53 | Computer Name = PC-de-admin | Source = Application Error | ID = 1000
    Description = Application défaillante iexplore.exe, version 9.0.8112.16421, horodatage
     0x4d76255d, module défaillant unknown, version 0.0.0.0, horodatage 0x00000000, 
    code d’exception 0xc0000005, décalage d’erreur 0x14125dd0,  ID du processus 0x114c,
     heure de début de l’application 0x01cc77a94fe5d09f.
     
    Error - 12/10/2011 9:47:45 | Computer Name = PC-de-admin | Source = Application Hang | ID = 1002
    Description = Le programme Bus2009.exe version 2.5.1.24931 a cessé d’interagir avec
     Windows et a été fermé. Pour déterminer si des informations supplémentaires sont
     disponibles, consultez l’historique du problème dans l’application Rapports et 
    solutions aux problèmes du Panneau de configuration.  ID de processus*: 15d0  Heure 
    de début*: 01cc88e00d98113a  Heure de fin*: 606
     
    Error - 12/10/2011 12:55:44 | Computer Name = PC-de-admin | Source = Application Hang | ID = 1002
    Description = Le programme Ares.exe version 2.1.7.3041 a cessé d’interagir avec 
    Windows et a été fermé. Pour déterminer si des informations supplémentaires sont
     disponibles, consultez l’historique du problème dans l’application Rapports et 
    solutions aux problèmes du Panneau de configuration.  ID de processus*: a34  Heure de
     début*: 01cc88f36002c818  Heure de fin*: 9
     
    Error - 12/10/2011 12:56:07 | Computer Name = PC-de-admin | Source = MsiInstaller | ID = 11730
    Description = 
     
    [ System Events ]
    Error - 14/08/2012 10:02:12 | Computer Name = PC-de-admin | Source = Service Control Manager | ID = 7026
    Description = 
     
    Error - 14/08/2012 10:15:13 | Computer Name = PC-de-admin | Source = Service Control Manager | ID = 7022
    Description = 
     
    Error - 14/08/2012 10:15:14 | Computer Name = PC-de-admin | Source = Service Control Manager | ID = 7026
    Description = 
     
    Error - 14/08/2012 11:11:39 | Computer Name = PC-de-admin | Source = volsnap | ID = 393252
    Description = Les clichés instantanés du volume C: ont été annulés car le stockage
     du cliché instantané n'a pas pu s'agrandir en raison d'une limite utilisateur.
     
    Error - 14/08/2012 11:18:39 | Computer Name = PC-de-admin | Source = Service Control Manager | ID = 7022
    Description = 
     
    Error - 14/08/2012 11:18:39 | Computer Name = PC-de-admin | Source = Service Control Manager | ID = 7026
    Description = 
     
    Error - 14/08/2012 11:28:41 | Computer Name = PC-de-admin | Source = Service Control Manager | ID = 7022
    Description = 
     
    Error - 14/08/2012 11:28:41 | Computer Name = PC-de-admin | Source = Service Control Manager | ID = 7026
    Description = 
     
    Error - 14/08/2012 11:58:02 | Computer Name = PC-de-admin | Source = Service Control Manager | ID = 7022
    Description = 
     
    Error - 14/08/2012 11:58:02 | Computer Name = PC-de-admin | Source = Service Control Manager | ID = 7026
    Description = 
     
     
    < End of report >
    Eine Fehlermeldung besteht aber immer noch bei jedem PCStart:

    eDSLoader.exe

    Dieses Programm kann nicht starten weil ADMIN_CLASS_LIB.dll nicht gefunden wird.

  5. #5
    Moderator (global) Team-Mitglied Avatar von kira
    Registriert seit
    28.03.2006
    Ort
    Wien/Sprachen: Deutsch-Ungarisch
    Beiträge
    29.728

    AW: Windows 7 Logfiles

    zu Ares und Uniblue RegistryBooster:
    anscheinend schon deinstalliert

    Ja, vorher hatte sie Avast, aber eine Demoversion für 30 Tagen. Und da sie damit dauernd Popup-Fenster hatte, habe ich ihr einfach anstelle Antivir installiert.
    Bitte immer aktuelle Logdateien posten!

    zu HijackThis "For some reason your system denied write access to the Hosts file.":
    immer mit Rechtsklick drauf "Als Administrator ausführen" starten!

    1.
    Benachrichtigungen poppen noch immer auf?:
    Code:
    HPPhotosmartEssential
    Code:
    eDSLoader.exe
    2.
    kann deinstalliert werden:
    Code:
    Norton Security Scan
    Zwar handelt es sich nicht um eine vollwertige Antiviren-Lösung ("Es treten keine Konflikte mit anderer installierter Sicherheitssoftware auf."), aber Jeder laufende Anwendung belastet das System und kostet Performance bzw kann zu einer erheblichen Systembelastung führen. Außerdem ich halte diese "Zusatzschutz" für den Browser für vollkommen überflüssig

    3.
    ansonsten von Norton kein Produkt mehr in Verwendung? wenn nicht, dann deinstalliere:
    Code:
    LiveUpdate 3.2 (Symantec Corporation)	Symantec Corporation	20/11/2008	8,54MB	3.2.0.68
    LiveUpdate Notice (Symantec Corporation)	Symantec Corporation	20/11/2008	7,58MB	1.4.5
    4.
    Deinstalliere - unter Systemsteuerung-> Programme und Funktionen:
    Code:
    DVDVideoSoftTB Toolbar
    Leider oft tragen sich "ungebetene Gäste (Erweiterungen wie Toolbars, Pluggins, Start- und Suchseite) direkt in die Suchleiste, Startseite und unter Erweiterungen ein" und sie können schon wirklich lästig sein... meistens aus Unwissenheit oder Ignoranz wird mitinstalliert, manche davon gehört sogar zur gefährlichsten Art der Adware , oder auch zum eine "Foistware-Gruppe".

    Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte.
    Bei Installation bitte die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen bzw gesetzten Haken belassen, weil damit stimmt man nämlich zu, dass andere "Fremdprogramm", oder sogar Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert.

    In diese Kategorie gehören noch einige, wie z.B: -> Unerwünschte Toolbars
    Daher ist es ratsam, nach jeder Installation in alle installierten Browser zu kontrollieren, ob:
    die aktuelle Webseite als Startseite unter die Lupe nehmen
    unter Extras -> Erweiterungen nach ungewollte AddOns/PlugIns, Toolbars schauen
    In der Liste Zurzeit installierte Programme (unter Systemsteuerung) nachsehen, ob sich so etwas "ungewoltes" (Programm, Toolbar etc) eingenistet hat!
    5.
    Deinstalliere - unter Systemsteuerung-> Programme und Funktionen:
    Code:
    Registry Mechanic <- Grundsätzlich unerwünscht!
    **Solchen "Registry-Bereinigern" gibt`s viele, die einige hundert oder sogar tausend Fehler in der Registrierung ständig finden, eine Vielzahl von Problemen, die eigentlich ganz harmlos sind (wenn überhaupt existieren Eventuell meldet sich regelmäßig mit einem Fenster mit der Aufforderung zur Problembehandlung, was nur beim Kauf des Programms möglich ist! Mit der Kaufversion tritt das Problem komischerweise nicht mehr auf...
    Die Windows-Registrierung ist ein zentrales Repository (Datenbank) zur Speicherung von Konfigurationsdaten, Benutzereinstellungen und-Maschine-abhängige Einstellungen und Optionen für das Betriebssystem. Ein anfälliger Subsystem, schon relativ kleine falsch vorgenommenen Handlung, Änderungen kann fatale Folgen haben, es kann zu unvorhersehbaren Ergebnissen

    Ich rate Dir also dringend davon ab solche Tools einzusetzen, da eine winzige Änderung in der Registry (z.B "falsch gelöschte" Einträge) kann fatale Folgen haben! Dann wundert man sich, dass Windows irgendwann lahmt oder Abstürze bringt!
    CCleaner verordnen wir seit Jahren...benutze ich auch selbst lange schon, bis jetzt ohne Probleme
    auch reinigen..zudem er hat ein Vorteil gegenüber anderen Programmen, dass er eher nur wenig löscht

    8.
    erneut einen Scan mit OTL: - ältere Logdateien löschen!
    • Doppelklick auf die OTL.exe
    • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
    • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
    • Unter Extra Registry, wähle bitte Use SafeList
    • Mache Häckchen bei LOP- und Purity-Prüfung.
    • Klicke nun auf Run Scan links oben
    • Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und extra.txt
    • Poste die Logfiles in Code-Tags hier in den Thread.


    ►damit ich weiß, welche Änderungen Du vorgenommen hast:
    Code:
     Berichte mir kurz über alle Umsetzungsschritte (zu jedem Punkt), die Du erledigt hast!
    Geändert von kira (15.08.2012 um 05:05 Uhr)
    Warnung!:
    Vorsicht bei Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einem Verschlüsselungs-Trojaner infiziert sein!
    Anhang nicht öffnen, in unserem Forum erst nachfragen!

    Bitte diese Warnung weitergeben, wo Du nur kannst!
    Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
    Bitte diese Warnung weitergeben, wo Du nur kannst!

  6. #6
    Einsteiger
    Registriert seit
    20.10.2009
    Beiträge
    23

    AW: Windows 7 Logfiles

    Hallo Kira,
    danke für die schnelle Hilfe.
    Hier mein Bericht.
    Grüsse,
    Thierry

    ►damit ich weiß, welche Änderungen Du vorgenommen hast:
    Code:
     Berichte mir kurz über alle Umsetzungsschritte (zu jedem Punkt), die Du erledigt hast!
    Zitat Zitat von kira Beitrag anzeigen
    1.
    Benachrichtigungen poppen noch immer auf?:
    Code:
    HPPhotosmartEssential
    Code:
    eDSLoader.exe
    Ja.
    Zumindest HPPhotosmartEssential.
    eDSLoader aber nicht mehr.

    2.
    kann deinstalliert werden:
    Code:
    Norton Security Scan
    Gemacht.

    3.
    ansonsten von Norton kein Produkt mehr in Verwendung? wenn nicht, dann deinstalliere:
    Code:
    LiveUpdate 3.2 (Symantec Corporation)	Symantec Corporation	20/11/2008	8,54MB	3.2.0.68
    LiveUpdate Notice (Symantec Corporation)	Symantec Corporation	20/11/2008	7,58MB	1.4.5
    Gemacht.

    4.
    Deinstalliere - unter Systemsteuerung-> Programme und Funktionen:
    Code:
    DVDVideoSoftTB Toolbar
    Gemacht.


    5.
    Deinstalliere - unter Systemsteuerung-> Programme und Funktionen:
    Code:
    Registry Mechanic <- Grundsätzlich unerwünscht!
    Gemacht.


    8.
    erneut einen Scan mit OTL:
    Gemacht.
    Hier die Logfiles :

    Code:
    OTL logfile created on: 15/08/2012 8:12:16 - Run 2
    OTL by OldTimer - Version 3.2.57.0     Folder = C:\Users\admin\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 0000080C | Country: Belgique | Language: FRB | Date Format: d/MM/yyyy
     
    3,00 Gb Total Physical Memory | 1,96 Gb Available Physical Memory | 65,49% Memory free
    6,22 Gb Paging File | 5,13 Gb Available in Paging File | 82,49% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 143,79 Gb Total Space | 19,65 Gb Free Space | 13,67% Space Free | Partition Type: NTFS
    Drive D: | 143,46 Gb Total Space | 116,29 Gb Free Space | 81,06% Space Free | Partition Type: NTFS
    Drive E: | 30,95 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
     
    Computer Name: PC-DE-ADMIN | User Name: admin | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Processes (SafeList) ==========
     
    PRC -  File not found
    PRC - C:\Users\admin\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
    PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
    PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
    PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
    PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)
    PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
    PRC - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
    PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
    PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
    PRC - C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)
    PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
    PRC - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe (Acer Inc.)
    PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
    PRC - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
    PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)
    PRC - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()
     
     
    ========== Modules (No Company Name) ==========
     
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8bbcd31ecc8edc7d1f9cdd83ef2bb2d3\System.ServiceProcess.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
    MOD - C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\clntutil.dll ()
    MOD - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSPS.dll ()
    MOD - C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll ()
    MOD - C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll ()
    MOD - C:\Acer\Empowering Technology\ePerformance\fr\ePerformance.Plugin.resources.dll ()
    MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Plugin.dll ()
    MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Presenter.dll ()
    MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Library.dll ()
    MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Model.dll ()
    MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Model.Interface.dll ()
    MOD - C:\Acer\Empowering Technology\MemCheck.Interface.dll ()
    MOD - C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll ()
     
     
    ========== Win32 Services (SafeList) ==========
     
    SRV - (CLTNetCnService) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon File not found
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
    SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
    SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
    SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
    SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
    SRV - (Acer HomeMedia Connect Service) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
    SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)
    SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()
     
     
    ========== Driver Services (SafeList) ==========
     
    DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
    DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
    DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
    DRV - (ewakqnan) -- C:\Windows\system32\drivers\ewakqnan.sys File not found
    DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
    DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
    DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
    DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
    DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
    DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
    DRV - (LVUVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
    DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
    DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
    DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
    DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
    DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)
    DRV - (nvrd32) -- C:\Windows\System32\drivers\nvrd32.sys (NVIDIA Corporation)
    DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
    DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
    DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys (Acer, Inc.)
    DRV - (WSVD) -- C:\Windows\System32\drivers\WSVD.sys (Wasay)
     
     
    ========== Standard Registry (SafeList) ==========
     
     
    ========== Internet Explorer ==========
     
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
     
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*http://fr.yahoo.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
    IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADSA_fr
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
     
     
    ========== FireFox ==========
     
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\admin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
     
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}: C:\Users\admin\AppData\Roaming\Mozilla\FireFox\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}
     
    [2010/02/06 15:11:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Extensions
    [2010/02/06 15:11:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
     
    ========== Chrome  ==========
     
    CHR - homepage: http://www.google.com/
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.com/
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\admin\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin:  (Enabled) = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\chromeNPAPI.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Unity Player (Enabled) = C:\Users\admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\admin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - Extension: YouTube = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Browser Companion Helper = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\
    CHR - Extension: Recherche Google = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: avast! WebRep = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
    CHR - Extension: Gmail = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
     
    O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: ::1             localhost
    O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
    O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
    O4 - HKLM..\Run: [Acer Tour]  File not found
    O4 - HKLM..\Run: [Apanel] C:\ACERSW\config\SetApanel.cmd File not found
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
    O4 - HKLM..\Run: [eRecoveryService]  File not found
    O4 - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKCU..\Run: [Acer Tour Reminder]  File not found
    O4 - HKCU..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: Free YouTube Download - C:\Users\admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
    O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
    O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{67B5A412-8B12-4D65-98E9-560BDC88673F}: DhcpNameServer = 192.168.2.1
    O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
    O24 - Desktop BackupWallPaper: C:\Users\admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{6d0e9311-e624-11e1-9608-001d927d6557}\Shell - "" = AutoRun
    O33 - MountPoints2\{6d0e9311-e624-11e1-9608-001d927d6557}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
     
    ========== Files/Folders - Created Within 30 Days ==========
     
    [2012/08/14 17:54:51 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
    [2012/08/14 17:37:44 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2012/08/14 15:57:01 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\admin\Desktop\HiJackThis204.exe
    [2012/08/11 12:18:44 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Avira
    [2012/08/11 12:13:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
    [2012/08/11 12:13:41 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
    [2012/08/11 12:13:39 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
    [2012/08/11 12:13:39 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
    [2012/08/11 12:13:39 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
    [2012/08/11 12:13:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
    [2012/08/11 12:13:32 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
    [2012/08/11 12:07:39 | 000,157,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
    [2012/08/11 12:07:39 | 000,149,296 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
    [2012/08/11 12:07:39 | 000,149,296 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
    [2012/08/11 11:16:02 | 000,000,000 | R--D | C] -- C:\Users\admin\Desktop\Thierry_11082012
    [2012/08/11 11:03:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
    [2012/08/11 11:03:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2012/08/11 11:03:03 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
    [2012/08/11 09:18:17 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Malwarebytes
    [2012/08/11 09:18:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/08/11 09:18:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/08/11 09:18:05 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/08/11 09:18:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/08/11 09:10:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClearProg
    [2012/08/11 09:10:16 | 000,000,000 | ---D | C] -- C:\Program Files\ClearProg
    [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\*.tmp files -> C:\*.tmp -> ]
     
    ========== Files - Modified Within 30 Days ==========
     
    [2012/08/15 08:06:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2261853057-928347116-1421646640-1001UA.job
    [2012/08/15 08:01:33 | 000,093,461 | ---- | M] () -- C:\ProgramData\nvModes.dat
    [2012/08/15 08:01:32 | 000,093,461 | ---- | M] () -- C:\ProgramData\nvModes.001
    [2012/08/15 08:01:23 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/08/15 07:51:53 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/08/15 07:51:52 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/08/15 07:51:48 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
    [2012/08/14 21:30:01 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/08/14 21:25:00 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/08/14 18:13:53 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
    [2012/08/14 17:36:13 | 000,679,008 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
    [2012/08/14 17:36:13 | 000,596,002 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/08/14 17:36:13 | 000,126,624 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
    [2012/08/14 17:36:13 | 000,104,076 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/08/14 17:05:59 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2261853057-928347116-1421646640-1001Core.job
    [2012/08/14 16:33:06 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2012/08/14 16:23:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2261853057-928347116-1421646640-1000UA.job
    [2012/08/14 16:23:00 | 000,001,074 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2261853057-928347116-1421646640-1000Core.job
    [2012/08/14 14:11:56 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
    [2012/08/12 21:29:35 | 000,002,687 | ---- | M] () -- C:\Users\admin\Desktop\Microsoft Office Word 2007.lnk
    [2012/08/11 12:13:50 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
    [2012/08/11 09:32:24 | 002,832,386 | ---- | M] () -- C:\Users\admin\Documents\DépannagePC11082012.rtf
    [2012/08/10 18:34:39 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\admin\Desktop\HiJackThis204.exe
    [2012/08/06 16:25:41 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
    [2012/08/06 16:25:41 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2012/07/26 15:59:45 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
    [2012/07/18 18:04:42 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
    [2012/07/18 18:04:42 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
    [2012/07/18 18:04:42 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
    [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\*.tmp files -> C:\*.tmp -> ]
     
    ========== Files Created - No Company Name ==========
     
    [2012/08/11 12:13:50 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
    [2012/08/11 09:32:24 | 002,832,386 | ---- | C] () -- C:\Users\admin\Documents\DépannagePC11082012.rtf
    [2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
    [2011/08/09 17:21:17 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
    [2011/05/21 17:52:47 | 000,000,000 | ---- | C] () -- C:\Users\admin\AppData\Roaming\FileOut.cns
    [2011/05/21 17:52:47 | 000,000,000 | ---- | C] () -- C:\Users\admin\AppData\Roaming\FileIn.cns
    [2011/05/18 18:30:04 | 000,240,640 | ---- | C] () -- C:\Windows\System32\NMOCOD.DLL
    [2011/05/18 18:30:04 | 000,035,328 | ---- | C] () -- C:\Windows\System32\INETWH32.DLL
    [2011/05/16 16:04:24 | 000,019,579 | ---- | C] () -- C:\Windows\hpqins13.dat
    [2011/05/16 12:36:32 | 000,186,990 | ---- | C] () -- C:\Windows\hpoins21.dat
    [2011/05/15 22:29:17 | 000,093,461 | ---- | C] () -- C:\ProgramData\nvModes.001
    [2011/05/15 22:29:16 | 000,093,461 | ---- | C] () -- C:\ProgramData\nvModes.dat
    [2010/11/18 23:03:47 | 000,000,680 | ---- | C] () -- C:\Users\admin\AppData\Local\d3d9caps.dat
    [2010/05/29 14:28:28 | 004,341,481 | ---- | C] () -- C:\Users\admin\copie-copie.xps
    [2008/11/21 13:37:05 | 000,000,664 | RHS- | C] () -- C:\Users\admin\ntuser.pol
    [2008/11/20 23:16:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2008/09/28 11:42:41 | 000,076,800 | ---- | C] () -- C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
     
    ========== LOP Check ==========
     
    [2012/04/24 16:57:13 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\.minecraft
    [2012/05/06 11:25:19 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Allmyapps
    [2012/08/14 15:37:51 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\BrowserCompanion
    [2011/12/18 13:57:33 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\DVDVideoSoft
    [2011/12/18 13:56:44 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\DVDVideoSoftIEHelpers
    [2008/07/28 19:32:47 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\eSobi
    [2012/05/20 19:42:13 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\flightgear.org
    [2008/11/20 20:33:47 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Leadertech
    [2011/03/10 18:29:07 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\ProtectDisc
    [2011/02/01 18:54:22 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Registry Mechanic
    [2012/05/28 18:22:15 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Rovio
    [2011/07/27 15:44:26 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Simfy
    [2012/05/20 19:39:57 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Subversion
    [2010/11/17 18:26:36 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Uniblue
    [2012/03/23 15:15:28 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\wargaming.net
    [2012/08/14 16:23:00 | 000,001,074 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2261853057-928347116-1421646640-1000Core.job
    [2012/08/14 16:23:00 | 000,001,096 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2261853057-928347116-1421646640-1000UA.job
    [2012/08/14 17:05:59 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2261853057-928347116-1421646640-1001Core.job
    [2012/08/15 08:06:00 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2261853057-928347116-1421646640-1001UA.job
    [2012/08/14 22:22:07 | 000,032,500 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
     
    ========== Purity Check ==========
     
     
     
    ========== Alternate Data Streams ==========
     
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:9F683177
    @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:A95A95AC
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:B203B914
    @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:0D31DA45
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:94188BC6
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:131C0EE9
    @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:AA9519A6
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:798A3728
    @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:B623B5B8
    @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1
    @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:0A73A758
    
    < End of report >
    Und :

    Code:
    OTL Extras logfile created on: 15/08/2012 8:12:16 - Run 2
    OTL by OldTimer - Version 3.2.57.0     Folder = C:\Users\admin\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 0000080C | Country: Belgique | Language: FRB | Date Format: d/MM/yyyy
     
    3,00 Gb Total Physical Memory | 1,96 Gb Available Physical Memory | 65,49% Memory free
    6,22 Gb Paging File | 5,13 Gb Available in Paging File | 82,49% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 143,79 Gb Total Space | 19,65 Gb Free Space | 13,67% Space Free | Partition Type: NTFS
    Drive D: | 143,46 Gb Total Space | 116,29 Gb Free Space | 81,06% Space Free | Partition Type: NTFS
    Drive E: | 30,95 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
     
    Computer Name: PC-DE-ADMIN | User Name: admin | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Extra Registry (SafeList) ==========
     
     
    ========== File Associations ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
     
    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found
     
    ========== Shell Spawning ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
     
    ========== Security Center Settings ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "UacDisableNotify" = 0
    "InternetSettingsDisableNotify" = 0
    "AutoUpdateDisableNotify" = 0
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
     
    ========== Firewall Settings ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    ========== Authorized Applications List ==========
     
     
    ========== Vista Active Open Ports Exception List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0D8FEA4E-3CDE-4667-9221-8F7977550546}" = lport=138 | protocol=17 | dir=in | app=system | 
    "{13D6C7FA-8157-4664-920B-F7AEF2301500}" = rport=139 | protocol=6 | dir=out | app=system | 
    "{1A39F7E2-6BBC-47B3-A98B-6E448890831E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
    "{1B1DEE8F-E384-4896-80C4-81D69504E3C7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
    "{22F1BF09-A05D-4831-BB21-2BE73C0E2D5D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
    "{27101933-90B5-4C9E-BFD7-3F9D2222A4F0}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
    "{3DB813D2-081F-4FA6-B9CD-E12E0842DA15}" = lport=139 | protocol=6 | dir=in | app=system | 
    "{4A63C3CF-623A-45EF-812D-2CA90B4DA257}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
    "{56D006FD-3DBB-4DA4-8173-E2AAC1089F22}" = rport=445 | protocol=6 | dir=out | app=system | 
    "{572BC408-85B1-48D1-89DF-D6522BE4D17A}" = lport=2869 | protocol=6 | dir=in | app=system | 
    "{60AE4E98-6BBD-452D-AC0F-8F5A53085CBE}" = lport=137 | protocol=17 | dir=in | app=system | 
    "{60EFD7DC-F0E4-40F7-A264-2EF988F2C765}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
    "{77EC3C13-F304-4B57-BEB8-19FD86DB5F04}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
    "{87AA5E62-FF93-41AC-9A7C-9CE912C56BBF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
    "{9041BB34-08E9-4AE2-90C4-D083C00FF681}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
    "{9351B6A8-6525-42D8-8A60-114CBBDCBF73}" = lport=445 | protocol=6 | dir=in | app=system | 
    "{9DE5FED9-3EC9-4AAC-AD73-26117BA2DF0A}" = rport=138 | protocol=17 | dir=out | app=system | 
    "{A1570310-EAE3-431F-8B12-19ABB8677285}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
    "{D140DCCE-C23C-4A8B-A3A1-B2FFE36D586A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
    "{D4C3B965-7BDC-40F5-B376-83BC142A9173}" = rport=137 | protocol=17 | dir=out | app=system | 
    "{D66DE74B-FDE0-4730-B565-6D5802128C45}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
    "{F6B6A439-FE56-4473-93AC-FB48497F1F4D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
     
    ========== Vista Active Application Exception List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{02050AE4-65DC-4D23-8D1D-96EBB79B9C65}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe | 
    "{06D480F9-4FD2-4942-A202-EE64BF734A70}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
    "{156CF632-BFAA-4684-9E9E-612A272B1FA4}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2011\game.exe | 
    "{17250F27-816F-4293-8E80-6C4A899E07AE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
    "{17A6146C-7865-4CDF-8FAE-1A9CA3CB3B47}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
    "{1D849CC6-81C3-43A3-988A-C8FFAECEF38C}" = protocol=17 | dir=in | app=c:\program files\codemasters\grid\grid.exe | 
    "{2A9B5F95-5D14-4D3A-8251-514D356AA3B6}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
    "{2C6EED45-7B25-44B1-8A9A-972EFE108A9F}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe | 
    "{2ED47240-F206-4606-8CDA-2F141807082E}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\acer homemedia connect.exe | 
    "{3165CDFE-58E4-4B2E-BEF5-05EBF0F08133}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe | 
    "{31724FA5-A704-4371-8785-95B3E4CB1173}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
    "{3B39D4DB-8743-4D78-95A1-50031116CC1E}" = dir=in | app=c:\program files\itunes\itunes.exe | 
    "{3F451A68-AEA2-4DAA-91FA-ED510599B926}" = protocol=6 | dir=in | app=c:\program files\nero\nero mediahome 4\nmmediaserverservice.exe | 
    "{458C2BA8-2326-474E-BE56-842684C31BB7}" = dir=in | app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe | 
    "{525532AE-23B8-4CB2-BECA-7C8E05C8D032}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2011\farmingsimulator2011.exe | 
    "{56EF2BE5-0B08-4C77-9955-3A604BADE2B4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
    "{57663711-7A17-46C2-A099-9395EEA04209}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
    "{5A04C65B-0E4C-4A57-815F-52A3E220EF77}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
    "{618B4CF8-A32C-4149-8BC4-A95DA6325D7E}" = protocol=17 | dir=in | app=c:\program files\nero\nero mediahome 4\nmmediaserverservice.exe | 
    "{6231FEF1-1672-46E4-9C5D-D35E19DA276A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
    "{6336D424-07D2-4C7C-A218-16AC61BE84DF}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
    "{6340EFB1-F743-49F7-8F50-0850B6686A53}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2011\farmingsimulator2011.exe | 
    "{6F3CFFA0-5213-4DA1-BB72-B3928A170C24}" = protocol=6 | dir=in | app=c:\program files\microsoft games\microsoft flight\flight.exe | 
    "{750CCA94-99EC-4D93-BDC0-C39FDC69C3AF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe | 
    "{785449E6-3709-49E8-B5B3-418E5A097602}" = protocol=17 | dir=in | app=c:\program files\microsoft games\microsoft flight\flight.exe | 
    "{7924BD4D-2BBF-4978-B786-0749480DF4A2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
    "{7C74C5B4-FA16-4F28-9ADA-0BC75A49CC01}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
    "{8365B123-45E6-4A93-80C6-059AE7F9F41D}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
    "{93FF44BB-8794-49D6-B3BA-831000AF1985}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
    "{A0C98F3C-40A7-412F-B08B-B347C494D76A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
    "{A2A9042C-682B-4FDE-82E9-09B6960701E3}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | 
    "{AA301195-B4FE-4148-8600-D16AD792EF04}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
    "{AB9FA94D-912A-49EF-8133-1658BAE7E862}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
    "{B84D5DAB-4DC0-4AF7-AC5B-637B3ACB45C9}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
    "{BA7F183C-0260-4659-8C57-3CF842FF30AA}" = dir=in | app=c:\program files\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe | 
    "{C1A94978-9C4A-44D9-85CC-976E4B256685}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
    "{C2191F0A-02E1-4345-985F-D7EB0C11AAF1}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\acer videomagician.exe | 
    "{C72C0064-7914-492D-84BC-9367CD83C255}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | 
    "{CF6BB183-55DB-4505-BB98-7B1CF40472D2}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2011\game.exe | 
    "{D161CFCE-9754-4164-811D-616BE4634E32}" = dir=in | app=c:\users\admin\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
    "{DB9E81CD-E999-4D30-9431-905A8CDF3057}" = dir=in | app=c:\program files\acer arcade live\acer dvdivine\acer dvdivine.exe | 
    "{E0B339E6-3F86-45A7-90F8-D9F567C497E7}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
    "{F61E8216-CE21-44D7-A083-8FD9EF88C629}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\acer dv magician.exe | 
    "{FDE3C5A9-20A2-4666-80CD-094CBF37C993}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\acer homemedia.exe | 
    "{FE8C5277-CD65-4EEA-9954-BC9AFC5D4DC9}" = protocol=6 | dir=in | app=c:\program files\codemasters\grid\grid.exe | 
    "TCP Query User{3463CA1B-D391-416C-BB36-E539B4491C54}C:\program files\truck_racing_by_renault_trucks\bin\rtr.exe" = protocol=6 | dir=in | app=c:\program files\truck_racing_by_renault_trucks\bin\rtr.exe | 
    "TCP Query User{4440D652-B06D-4776-B7A2-2D43534EACB2}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | 
    "TCP Query User{6CB686E9-A11B-40D5-8FF2-8AE0BA3471A1}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
    "TCP Query User{7579487F-B660-4E15-B9F3-B5D001E2B208}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
    "TCP Query User{82203925-917E-4257-AF47-5E648BB897D1}C:\program files\jowood\dvge\bin\dvge.exe" = protocol=6 | dir=in | app=c:\program files\jowood\dvge\bin\dvge.exe | 
    "TCP Query User{A3DC624D-64C8-403B-B280-C425D5E175E6}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
    "TCP Query User{A7291A2C-0A87-4060-9552-AE4E4B803BD8}C:\users\lucas\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=6 | dir=in | app=c:\users\lucas\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
    "TCP Query User{DADB00CB-0552-45C8-880B-34620068B751}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
    "TCP Query User{DAF96879-5445-4CF8-9FC1-F454BA85DDA4}C:\program files\traktor_racer\racer.dat" = protocol=6 | dir=in | app=c:\program files\traktor_racer\racer.dat | 
    "TCP Query User{E5CBF097-880D-46C4-97C1-898077ED232B}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
    "TCP Query User{F39CF675-37D5-41F3-AD13-A7E2A0F7B7CB}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe | 
    "UDP Query User{13AF11D3-CDE1-43D9-A1CF-9D24DCBB7519}C:\program files\traktor_racer\racer.dat" = protocol=17 | dir=in | app=c:\program files\traktor_racer\racer.dat | 
    "UDP Query User{2C5F8687-23C1-42CF-8452-CAB70F356115}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
    "UDP Query User{3064EAF0-9700-428C-AAE5-9E3B7411F1C1}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
    "UDP Query User{38BA1B37-ABB2-4642-9940-BD246F13C155}C:\program files\truck_racing_by_renault_trucks\bin\rtr.exe" = protocol=17 | dir=in | app=c:\program files\truck_racing_by_renault_trucks\bin\rtr.exe | 
    "UDP Query User{5F80DB44-7E41-41F8-9359-3F4ACC8E92F5}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
    "UDP Query User{768A83B9-7FD0-4AAD-B0CB-957B8B00BABD}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
    "UDP Query User{7A9CE4FE-0F81-4272-B241-2AE3B82C1F9C}C:\program files\jowood\dvge\bin\dvge.exe" = protocol=17 | dir=in | app=c:\program files\jowood\dvge\bin\dvge.exe | 
    "UDP Query User{7DDB0350-B9A5-4192-BCF5-FFBFE164F473}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
    "UDP Query User{8B0660E7-2BD5-46E3-8795-9CD747F4FBD2}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe | 
    "UDP Query User{BE603EA9-9C75-4FEA-BB10-308BC7C26904}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | 
    "UDP Query User{DA359AC2-F536-4DA1-B9E1-0B3457AD9DBF}C:\users\lucas\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=17 | dir=in | app=c:\users\lucas\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
     
    ========== HKEY_LOCAL_MACHINE Uninstall List ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01358C56-44F4-B8B3-8757-06F2A864A863}" = ATI Catalyst Install Manager
    "{09F56A49-A7B1-4AAB-95B9-D13094254AD1}" = Windows Live UX Platform Language Pack
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0D3CECCA-A589-ECCA-EC0B-2F98F2789F60}" = simfy
    "{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
    "{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack
    "{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
    "{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
    "{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
    "{137EA7E1-D30B-4373-B8B6-CB7E85107F6D}" = Angry Birds Rio
    "{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
    "{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
    "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
    "{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
    "{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{20B30DC1-E423-4939-B51D-05C58B0F9BBB}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{24ECFEDB-6CE0-48D0-8C34-EE4C5BC275BF}" = Die Völker Gold Edition
    "{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 33
    "{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
    "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
    "{32180A3A-F7F0-4BD9-924A-B3A271DD35AE}" = Caillous Vorschule
    "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
    "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
    "{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
    "{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
    "{3AF8FCCD-F51A-4014-9002-F195E1CBC876}" = Logitech QuickCam
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
    "{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
    "{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
    "{4834AF50-6C57-4E7F-9BA7-39E193EA543D}" = The Polar Express
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
    "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{4D5308D2-6B0A-4BB0-809F-AE1000028101}" = Microsoft Flight
    "{4D5308D2-DC8E-4658-A37C-351000008100}" = Microsoft Flight
    "{4DD88500-1EAB-4D87-8079-88214668B699}_is1" = Alpha Polaris German Demo Version 1.0.0
    "{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
    "{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
    "{58B25A0C-76A9-4138-B345-EC10857CEE92}_is1" = Flight
    "{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google*Earth
    "{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
    "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
    "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
    "{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
    "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
    "{64EEA791-0271-4B53-00AC-2BF05F5FBEF6}" = Die Sims™ Inselgeschichten
    "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
    "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
    "{6B1CB38D-E2E4-4a30-933D-EFDEBA76AD9C}" = Microsoft Works
    "{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
    "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
    "{7A92A322-1A10-4153-B551-D547AA9B4649}" = Traktor Racer
    "{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
    "{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
    "{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111263673}" = Treasures of the Deep
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111271497}" = Mystery Case Files - Prime Suspects
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11146090}" = Big Kahuna Reef 2
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11170417}" = Luxor 2
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112179547}" = MCF Ravenhearst
    "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
    "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
    "{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
    "{90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
    "{90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
    "{90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
    "{90120000-001F-0401-0000-0000000FF1CE}_HOMESTUDENTR_{3E8EA473-ECCE-405F-A9CA-59446AEADD3A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
    "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
    "{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
    "{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
    "{90120000-006E-040C-0000-0000000FF1CE}_HOMESTUDENTR_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007
    "{90120000-00A1-040C-0000-0000000FF1CE}_HOMESTUDENTR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
    "{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
    "{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
    "{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
    "{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
    "{AC76BA86-7AD7-1036-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Français
    "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
    "{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
    "{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
    "{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
    "{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
    "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
    "{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
    "{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
    "{b9be267c-e096-4cce-a4fd-f24eec004938}" = PS_AIO_02_ProductContext
    "{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min
    "{C708333C-B1B9-43be-B797-49FEC7A8D15B}" = C5200
    "{c762df08-e1a0-4a61-b8e6-72e105cfc28f}" = Nero MediaHome 4 Trial
    "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
    "{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
    "{cd0b9359-b716-4fd0-8e0a-09b3e312e8a4}" = PS_AIO_02_Software
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{cef78f86-19a8-4bbd-91fa-e9b6b2d37348}" = C5200_Help
    "{CF6AE90D-05E8-4D0B-AF79-94F9E1CA5601}" = Microsoft Flight Simulator X Demo
    "{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management
    "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
    "{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
    "{DD920AB6-2DB9-48B7-8052-0A4F0C4277BC}" = MarketingReg
    "{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
    "{EB310467-DE6F-4C61-8F53-B88B3C19DD05}" = Touren Wagen 2010
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
    "{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
    "{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
    "{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
    "{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
    "{FCFBA290-CB48-4AF1-A241-2685AEDEDD66}" = Windows Live Family Safety
    "{FD2E172E-1937-488C-8AA2-AC4E623689CF}" = Rescue Helicopter
    "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
    "Adobe Acrobat 4.0" = Adobe Acrobat 4.0
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "Allmyapps" = Allmyapps
    "Autobahn Raser II" = Autobahn Raser II
    "Avira AntiVir Desktop" = Avira Free Antivirus
    "Bus-Simulator 2009_is1" = Bus-Simulator 2009
    "CCleaner" = CCleaner
    "ClearProg" = ClearProg 1.6.0 Final
    "CrashTime" = Cobra 11 - Crash Time (remove only)
    "Driving Speed 2_is1" = Driving Speed 2.0
    "Euro Truck Simulator" = Euro Truck Simulator 1.00
    "FarmingSimulator2011DE_is1" = Landwirtschafts Simulator 2011
    "Feuerwache_is1" = Feuerwache 1.16
    "Flight Simulator 98" = Microsoft Flight Simulator 98
    "FlightGear_is1" = FlightGear v2.6.0.1
    "Free YouTube Download_is1" = Free YouTube Download version 3.0.19.1206
    "GFWL_{4D5308D2-DC8E-4658-A37C-351000008100}" = Microsoft Flight
    "Google Chrome" = Google Chrome
    "HighwayNights" = Cobra 11 - Highway Nights (remove only)
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "HP Imaging Device Functions" = HP Imaging Device Functions 10.0
    "HP Photosmart Essential" = HP Photosmart Essential 3.5
    "HP Smart Web Printing" = HP Smart Web Printing
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
    "HPExtendedCapabilities" = HP Customer Participation Program 10.0
    "HPOCR" = OCR Software by I.R.I.S. 10.0
    "InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
    "InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
    "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
    "InstallShield_{4834AF50-6C57-4E7F-9BA7-39E193EA543D}" = Der Polarexpress
    "InstallShield_{CF6AE90D-05E8-4D0B-AF79-94F9E1CA5601}" = Microsoft Flight Simulator X Demo
    "lvdrivers_11.70" = Coffret de pilotes Logitech QuickCam
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA
    "Minecraft_is1" = Minecraft version 1.2.3
    "NVIDIA Display Control Panel" = NVIDIA Display Control Panel
    "NVIDIA Drivers" = NVIDIA Drivers
    "OpenAL" = OpenAL
    "Picasa 3" = Picasa 3
    "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
    "Schiffsim" = Schiffsim 2006
    "Shop for HP Supplies" = Shop for HP Supplies
    "Simfy" = simfy
    "Spreng- und Abriss-Simulator" = Spreng- und Abriss-Simulator
    "Street Racer_is1" = Street Racer
    "Train Simulator 1.0" = Microsoft Train Simulator
    "Truck Racing" = Truck Racing by Renault Trucks
    "VLC media player" = VLC media player 1.1.11
    "WinLiveSuite" = Windows Live
    "XviD_is1" = XviD MPEG-4 Video Codec
    "Zahlenbuch 4" = Zahlenbuch 4
     
    ========== HKEY_CURRENT_USER Uninstall List ==========
     
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "UnityWebPlayer" = Unity Web Player
     
    ========== Last 20 Event Log Errors ==========
     
    [ Application Events ]
    Error - 6/09/2011 11:07:29 | Computer Name = PC-de-admin | Source = Application Hang | ID = 1002
    Description = Le programme iexplore.exe version 9.0.8112.16421 a cessé d’interagir
     avec Windows et a été fermé. Pour déterminer si des informations supplémentaires
     sont disponibles, consultez l’historique du problème dans l’application Rapports
     et solutions aux problèmes du Panneau de configuration.  ID de processus*: 1460  Heure
     de début*: 01cc6ca6a5556ada  Heure de fin*: 385
     
    Error - 8/09/2011 11:01:30 | Computer Name = PC-de-admin | Source = Application Hang | ID = 1002
    Description = Le programme iexplore.exe version 9.0.8112.16421 a cessé d’interagir
     avec Windows et a été fermé. Pour déterminer si des informations supplémentaires
     sont disponibles, consultez l’historique du problème dans l’application Rapports
     et solutions aux problèmes du Panneau de configuration.  ID de processus*: e64  Heure
     de début*: 01cc6e37fd38a888  Heure de fin*: 0
     
    Error - 8/09/2011 11:01:53 | Computer Name = PC-de-admin | Source = Application Hang | ID = 1002
    Description = Le programme iexplore.exe version 9.0.8112.16421 a cessé d’interagir
     avec Windows et a été fermé. Pour déterminer si des informations supplémentaires
     sont disponibles, consultez l’historique du problème dans l’application Rapports
     et solutions aux problèmes du Panneau de configuration.  ID de processus*: 874  Heure
     de début*: 01cc6e3830f96068  Heure de fin*: 62
     
    Error - 10/09/2011 10:13:42 | Computer Name = PC-de-admin | Source = Application Hang | ID = 1002
    Description = Le programme iexplore.exe version 9.0.8112.16421 a cessé d’interagir
     avec Windows et a été fermé. Pour déterminer si des informations supplémentaires
     sont disponibles, consultez l’historique du problème dans l’application Rapports
     et solutions aux problèmes du Panneau de configuration.  ID de processus*: 13fc  Heure
     de début*: 01cc6fc3c408bfd4  Heure de fin*: 56
     
    Error - 10/09/2011 10:33:45 | Computer Name = PC-de-admin | Source = VSS | ID = 8194
    Description = 
     
    Error - 11/09/2011 9:39:50 | Computer Name = PC-de-admin | Source = VSS | ID = 8194
    Description = 
     
    Error - 11/09/2011 9:52:51 | Computer Name = PC-de-admin | Source = System Restore | ID = 8193
    Description = 
     
    Error - 16/09/2011 9:27:39 | Computer Name = PC-de-admin | Source = Application Hang | ID = 1002
    Description = Le programme iexplore.exe version 9.0.8112.16421 a cessé d’interagir
     avec Windows et a été fermé. Pour déterminer si des informations supplémentaires
     sont disponibles, consultez l’historique du problème dans l’application Rapports
     et solutions aux problèmes du Panneau de configuration.  ID de processus*: f24  Heure
     de début*: 01cc747442958cf3  Heure de fin*: 8
     
    Error - 20/09/2011 11:35:53 | Computer Name = PC-de-admin | Source = Application Error | ID = 1000
    Description = Application défaillante iexplore.exe, version 9.0.8112.16421, horodatage
     0x4d76255d, module défaillant unknown, version 0.0.0.0, horodatage 0x00000000, 
    code d’exception 0xc0000005, décalage d’erreur 0x14125dd0,  ID du processus 0x114c,
     heure de début de l’application 0x01cc77a94fe5d09f.
     
    Error - 12/10/2011 9:47:45 | Computer Name = PC-de-admin | Source = Application Hang | ID = 1002
    Description = Le programme Bus2009.exe version 2.5.1.24931 a cessé d’interagir avec
     Windows et a été fermé. Pour déterminer si des informations supplémentaires sont
     disponibles, consultez l’historique du problème dans l’application Rapports et 
    solutions aux problèmes du Panneau de configuration.  ID de processus*: 15d0  Heure 
    de début*: 01cc88e00d98113a  Heure de fin*: 606
     
    [ System Events ]
    Error - 14/08/2012 11:58:02 | Computer Name = PC-de-admin | Source = Service Control Manager | ID = 7026
    Description = 
     
    Error - 14/08/2012 12:15:50 | Computer Name = PC-de-admin | Source = Service Control Manager | ID = 7022
    Description = 
     
    Error - 14/08/2012 12:15:51 | Computer Name = PC-de-admin | Source = Service Control Manager | ID = 7026
    Description = 
     
    Error - 14/08/2012 13:54:45 | Computer Name = PC-de-admin | Source = Dhcp | ID = 1002
    Description = Le bail de l'adresse IP 192.168.2.102 pour la carte réseau dont l'adresse
     réseau est 001D927D6557 a été refusé par le serveur DHCP 0.0.0.0 (celui-ci a envoyé
     un message DHCPNACK).
     
    Error - 14/08/2012 13:56:08 | Computer Name = PC-de-admin | Source = Service Control Manager | ID = 7022
    Description = 
     
    Error - 14/08/2012 13:56:08 | Computer Name = PC-de-admin | Source = Service Control Manager | ID = 7026
    Description = 
     
    Error - 14/08/2012 15:55:12 | Computer Name = PC-de-admin | Source = Service Control Manager | ID = 7022
    Description = 
     
    Error - 14/08/2012 15:55:12 | Computer Name = PC-de-admin | Source = Service Control Manager | ID = 7026
    Description = 
     
    Error - 15/08/2012 1:53:32 | Computer Name = PC-de-admin | Source = Service Control Manager | ID = 7022
    Description = 
     
    Error - 15/08/2012 1:53:33 | Computer Name = PC-de-admin | Source = Service Control Manager | ID = 7026
    Description = 
     
     
    < End of report >


    Was ich auf dem Rechner unserer Bekanntin nicht verstehe ist :

    1. Das Laufwerk C: verfügt nur noch über sehr wenig Speicherplatz, obwohl die Festplatte in zwei Partitionen geteilt ist.





    2. Es scheinen extrem viele Programme installiert zu sein. 139 Programme! Darunter welche die mehrere Gigabytes wertvoller Speicherplatz weg nehmen. Sollte ich mit ihrem Sohn die Liste der Spiele durchgehen, damit wir die Spiele deinstallieren, die er nicht mehr braucht ? Oder macht das wenig Sinn um Platz auf dem C: Laufwerk zu schaffen ?



    Nochmals Danke für Deine Hilfe !

  7. #7
    Moderator (global) Team-Mitglied Avatar von kira
    Registriert seit
    28.03.2006
    Ort
    Wien/Sprachen: Deutsch-Ungarisch
    Beiträge
    29.728

    AW: Windows 7 Logfiles

    2. Es scheinen extrem viele Programme installiert zu sein. 139 Programme! Darunter welche die mehrere Gigabytes wertvoller Speicherplatz weg nehmen. Sollte ich mit ihrem Sohn die Liste der Spiele durchgehen, damit wir die Spiele deinstallieren, die er nicht mehr braucht ? Oder macht das wenig Sinn um Platz auf dem C: Laufwerk zu schaffen ?
    ein Inventur kann nicht schaden

    abgesehen davon sind wir noch nicht fertig, weitere Prüfung und Reinigung werden noch erforderlich:

    Systemreinigung und Prüfung:
    ► Wenn Du nun alle Schritte erledigt hast, melde dich mit die gewünschten Ergebnisse zurück!
    Nur bei Probleme stoppen und nachfragen

    1.
    Datei/Ordnername sagt mir nichts? Um was handelt es sich dabei?
    Code:
    C:\Users\admin\Desktop\Thierry_11082012
    2.
    kann deinstalliert werden:
    Spybot - Search & Destroy
    - würde ich nicht mehr empfehlen, da erfüllt nicht die neue Schutzanforderungen und Lösungen Schutz vor Malware bzw gegenüber ganz neuen Herausforderungen arbeitet nicht zufriedenstellend
    meiner Meinung nach bietet nicht mehr ausreichenden Schutz gegen "moderne Malwarearten"...

    3.
    Achtung wichtig!:
    Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
    (Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)



    Fixen mit OTL
    • Starte die OTL.exe.
    • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
    • Kopiere folgendes Skript (unverändert - also beginnend :OTL bis zur letzten Zeile [emptytemp] (ohne "code"!):
    Code:
    :OTL
    DRV - (ewakqnan) -- C:\Windows\system32\drivers\ewakqnan.sys File not found
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*http://fr.yahoo.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
    IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADSA_fr
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{6d0e9311-e624-11e1-9608-001d927d6557}\Shell - "" = AutoRun
    O33 - MountPoints2\{6d0e9311-e624-11e1-9608-001d927d6557}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
    [2012/08/15 08:06:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2261853057-928347116-1421646640-1001UA.job
    [2012/08/15 08:01:23 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/08/14 21:30:01 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/08/14 18:13:53 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
    [2012/08/14 17:05:59 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2261853057-928347116-1421646640-1001Core.job
    [2012/08/14 16:23:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2261853057-928347116-1421646640-1000UA.job
    [2012/08/14 16:23:00 | 000,001,074 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2261853057-928347116-1421646640-1000Core.job
    [2012/08/14 16:23:00 | 000,001,096 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2261853057-928347116-1421646640-1000UA.job
    [2012/08/14 17:05:59 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2261853057-928347116-1421646640-1001Core.job
    [2012/08/15 08:06:00 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2261853057-928347116-1421646640-1001UA.job
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:9F683177
    @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:A95A95AC
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:B203B914
    @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:0D31DA45
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:94188BC6
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:131C0EE9
    @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:AA9519A6
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:798A3728
    @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:B623B5B8
    @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1
    @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:0A73A758
    
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{A2A9042C-682B-4FDE-82E9-09B6960701E3}" =-
    "{C72C0064-7914-492D-84BC-9367CD83C255}" =-
    "TCP Query User{4440D652-B06D-4776-B7A2-2D43534EACB2}C:\program files\emule\emule.exe" =-
    "TCP Query User{F39CF675-37D5-41F3-AD13-A7E2A0F7B7CB}C:\program files\ares\ares.exe" =-
    "UDP Query User{8B0660E7-2BD5-46E3-8795-9CD747F4FBD2}C:\program files\ares\ares.exe" =-
    "UDP Query User{BE603EA9-9C75-4FEA-BB10-308BC7C26904}C:\program files\emule\emule.exe" =-
    
    :Files
    C:\Users\admin\AppData\Roaming\Registry Mechanic
    C:\Users\admin\AppData\Roaming\Uniblue
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [emptytemp]
    • und füge es hier ein:
    • Schließe alle Programme.
    • Klicke auf den Fix Button.
    • Klick auf .
    • OTL verlangt einen Neustart. Bitte zulassen.
    • Nach dem Neustart findest Du ein Textdokument.
      Kopiere den Inhalt hier in Code-Tags in Deinen Thread.


    4.
    Java aktualisieren- über Systemsteuerung-> Nach Update suchen...
    oder:
    Downloade nun die Offline-Version von Java "Empfohlen Version Java(TM) 7 Update 5 " von Oracle und installiere sie. Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen.

    5.
    Java-Cache leeren

    Start => Systemsteuerung => Java => Allgemein => Temporäre Internet-Dateien "Einstellungen" => Dateien löschen => Haken bei "Anwendungen und Applets" sowie bei "Verfolgungs- und Protokolldateien" setzen => OK
    -> Wie leere ich den Java-Cache?
    -> Java-Cache leeren
    -> Kurze Videoanleitung wie man unter Windows 7 und XP den JAVA Cache löschen kann.

    6.
    Öffne CCleaner - Anleitung CCleaner
    • "Cleaner"->"Analysieren"->Klick auf den Button "Start CCleaner"
    • "Registry""Fehler suchen"-> "Fehler beheben"->"Alle beheben"
    • Starte dein System neu auf


    7.
    Tipps - Der Internet Explorer von Microsoft gehört zur Grundausstattung unter Windows, somit wie alle andere installierte Software muss gepflegt werden! Auch bei Nicht-Verwendung!:
    ->Tipps zu Internet Explorer
    -> Standard Suchmaschine des Explorers ändern
    -> Ändern oder Auswählen eines Suchanbieters in Internet Explorer 7/8
    -> Wie kann ich den Cache im Internet Explorer leeren?

    8.
    ♦ Schon seit langem gehört "Worm.Win32.Autorun" zu den beliebtesten Verbreitungswegen von Viren, sollte man daher, die auf dem Speichermedium gesicherten Daten (wie USB-Stick/Festplatte und andere) zeitweise prüfen lassen
    -> Ext anschließbare Geräte (um die gesicherten Daten zu prüfen) miteinbeziehen:
    ♦ Also schließe jetzt alle externe Datenträgeran Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

    9.
    Achtung!:
    Keinen andere Virenscanner auf Deinem PC installieren, sondern dein PC NUR online scannen!!!
    ♦ Prüfe Deinen Rechner jetzt, auf Viren, Trojaner, Würmer und anderen Schadcode, mit dem kostenlosen Online Virenscanner von:
    Eset/Nod32 bitte auswählen!!!-> Link und Anleitung zum ESET/NOD32 online Scanner-> Kostenlose Online Scanner
    ♦ Protokoll speichern und posten

    10.
    erneut einen Scan mit OTL: - ältere Logdateien löschen!
    • Doppelklick auf die OTL.exe
    • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
    • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
    • Unter Extra Registry, wähle bitte Use SafeList
    • Mache Häckchen bei LOP- und Purity-Prüfung.
    • Klicke nun auf Run Scan links oben
    • Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und extra.txt
    • Poste die Logfiles in Code-Tags hier in den Thread.


    ► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
    Geändert von kira (15.08.2012 um 15:03 Uhr)
    Warnung!:
    Vorsicht bei Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einem Verschlüsselungs-Trojaner infiziert sein!
    Anhang nicht öffnen, in unserem Forum erst nachfragen!

    Bitte diese Warnung weitergeben, wo Du nur kannst!
    Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
    Bitte diese Warnung weitergeben, wo Du nur kannst!

  8. #8
    Einsteiger
    Registriert seit
    20.10.2009
    Beiträge
    23

    AW: Windows 7 Logfiles

    Hallo Kira,

    ich weiss nicht, ob das ein gutes Zeichen ist, aber gestern nach den letzten Änderungen hat der Rechner nicht gestartet...
    Gestern morgen habe ich den Rechner ganz normal ausgemacht (über die Schaltfläche Start->Ausschalten). Und er hat 17 Windows-Updates installiert beim Runterfahren.
    Nachmittags, als ich ihn wieder einschalten wollte, kam zuerst ein schwarzes Bildschirm (mit vielen Command-Befehle). Ich hatte leider keine Zeit alles zu notieren, was auf dem schwarzen Bildschirm stand, aber die letzte Zeile konnte ich noch notieren:
    Code:
     8866/8866 (\Registry\Machine\Components)
    Dann hat der Rechner gar nichts mehr getan...
    Nach mehrere Minuten, wo sich nichts getan hat, musste ich ihn dann über den Reset-Button ausschalten.
    Beim Neustarten kam dann folgendes:


    Da ich sowas noch nie gesehen habe, und es ja nicht unser Rechner ist!! wollte ich kein Risiko eingehen und habe auf "Restore" geklickt.
    Anschliessend ist der Rechner wieder normal gestartet.
    Ist das ein schlechtes Zeichen? Woran könnte das liegen, dass der Rechner auf einmal solche Fehler macht?

    Zitat Zitat von kira Beitrag anzeigen
    2.
    kann deinstalliert werden:
    Spybot - Search & Destroy
    Gemacht.

    3.
    Fixen mit OTL
    Gemacht.

    Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Deinen Thread.
    Fileinhalt:

    Code:
    All processes killed
    ========== OTL ==========
    Service ewakqnan stopped successfully!
    Service ewakqnan deleted successfully!
    File  C:\Windows\system32\drivers\ewakqnan.sys File not found not found.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SEARCH PAGE| /E : value set successfully!
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultName| /E : value set successfully!
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultURL| /E : value set successfully!
    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
    C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
    File C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6d0e9311-e624-11e1-9608-001d927d6557}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6d0e9311-e624-11e1-9608-001d927d6557}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6d0e9311-e624-11e1-9608-001d927d6557}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6d0e9311-e624-11e1-9608-001d927d6557}\ not found.
    File K:\LaunchU3.exe -a not found.
    C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2261853057-928347116-1421646640-1001UA.job moved successfully.
    C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
    C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
    C:\Windows\System32\drivers\lvuvc.hs moved successfully.
    C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2261853057-928347116-1421646640-1001Core.job moved successfully.
    C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2261853057-928347116-1421646640-1000UA.job moved successfully.
    C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2261853057-928347116-1421646640-1000Core.job moved successfully.
    File C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2261853057-928347116-1421646640-1000UA.job not found.
    File C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2261853057-928347116-1421646640-1001Core.job not found.
    File C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2261853057-928347116-1421646640-1001UA.job not found.
    ADS C:\ProgramData\TEMP:9F683177 deleted successfully.
    ADS C:\ProgramData\TEMP:A95A95AC deleted successfully.
    ADS C:\ProgramData\TEMP:B203B914 deleted successfully.
    ADS C:\ProgramData\TEMP:0D31DA45 deleted successfully.
    ADS C:\ProgramData\TEMP:94188BC6 deleted successfully.
    ADS C:\ProgramData\TEMP:131C0EE9 deleted successfully.
    ADS C:\ProgramData\TEMP:AA9519A6 deleted successfully.
    ADS C:\ProgramData\TEMP:798A3728 deleted successfully.
    ADS C:\ProgramData\TEMP:B623B5B8 deleted successfully.
    ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully.
    ADS C:\ProgramData\TEMP:0A73A758 deleted successfully.
    ========== REGISTRY ==========
    Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A2A9042C-682B-4FDE-82E9-09B6960701E3} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A2A9042C-682B-4FDE-82E9-09B6960701E3}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C72C0064-7914-492D-84BC-9367CD83C255} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C72C0064-7914-492D-84BC-9367CD83C255}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{4440D652-B06D-4776-B7A2-2D43534EACB2}C:\program files\emule\emule.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{F39CF675-37D5-41F3-AD13-A7E2A0F7B7CB}C:\program files\ares\ares.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{8B0660E7-2BD5-46E3-8795-9CD747F4FBD2}C:\program files\ares\ares.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{BE603EA9-9C75-4FEA-BB10-308BC7C26904}C:\program files\emule\emule.exe deleted successfully.
    ========== FILES ==========
    C:\Users\admin\AppData\Roaming\Registry Mechanic folder moved successfully.
    C:\Users\admin\AppData\Roaming\Uniblue\RegistryBooster\_temp folder moved successfully.
    C:\Users\admin\AppData\Roaming\Uniblue\RegistryBooster\history folder moved successfully.
    C:\Users\admin\AppData\Roaming\Uniblue\RegistryBooster\backup folder moved successfully.
    C:\Users\admin\AppData\Roaming\Uniblue\RegistryBooster folder moved successfully.
    C:\Users\admin\AppData\Roaming\Uniblue folder moved successfully.
    < ipconfig /flushdns /c >
    Configuration IP de Windows
    Cache de r‚solution DNS vid‚.
    C:\Users\admin\Desktop\cmd.bat deleted successfully.
    C:\Users\admin\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========
     
    [EMPTYTEMP]
     
    User: admin
    ->Temp folder emptied: 4255622 bytes
    ->Temporary Internet Files folder emptied: 21799630 bytes
    ->Java cache emptied: 12385740 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 57026 bytes
     
    User: All Users
     
    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 56475 bytes
     
    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes
     
    User: Lucas
    ->Temp folder emptied: 261584621 bytes
    ->Temporary Internet Files folder emptied: 542190177 bytes
    ->Java cache emptied: 12114737 bytes
    ->Google Chrome cache emptied: 214796346 bytes
    ->Flash cache emptied: 90935 bytes
     
    User: NeroMediaHomeUser.4
    ->Temp folder emptied: 1519640 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 56475 bytes
     
    User: Public
     
    %systemdrive% .tmp files removed: 847872 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 1610800 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 142223 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes
     
    Total Files Cleaned = 1.024,00 mb
     
     
    OTL by OldTimer - Version 3.2.57.0 log created on 08152012_223413
    
    Files\Folders moved on Reboot...
    C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YK1OAAPS\61030-windows-7-logfiles[1].htm moved successfully.
    C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
    C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
    C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
    File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\CLDigitalHome\PCMMediaServer.log scheduled to be moved on reboot.
    
    PendingFileRenameOperations files...
    File C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YK1OAAPS\61030-windows-7-logfiles[1].htm not found!
    File C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!
    File C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT not found!
    File C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat not found!
    [2008/07/26 09:25:24 | 000,109,080 | ---- | M] (Logitech Inc.) C:\Windows\temp\logishrd\LVPrcInj01.dll : Unable to obtain MD5
    [2012/08/15 22:38:33 | 000,000,000 | ---- | M] () C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt : Unable to obtain MD5
    [2012/08/15 22:38:35 | 000,000,084 | ---- | M] () C:\Windows\temp\CLDigitalHome\PCMMediaServer.log : Unable to obtain MD5
    
    Registry entries deleted on Reboot...

    4.
    Java aktualisieren
    Gemacht.


    5.
    Java-Cache leeren
    Gemacht.


    6.
    CCleaner
    (Registry Fehler suchen und beheben)
    Gemacht.


    7.
    Bin noch dabei...

    8.
    ♦ Schon seit langem gehört "Worm.Win32.Autorun" zu den beliebtesten Verbreitungswegen von Viren, sollte man daher, die auf dem Speichermedium gesicherten Daten (wie USB-Stick/Festplatte und andere) zeitweise prüfen lassen
    -> Ext anschließbare Geräte (um die gesicherten Daten zu prüfen) miteinbeziehen:
    ♦ Also schließe jetzt alle externe Datenträgeran Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung
    Da es nicht unser Rechner ist, kann ich
    - weder die Autorun-Funktion deaktivieren ohne Einverständniss der Besitzerin
    - noch externe Datenträger nach Viren untersuchen lassen.


    9.
    Achtung!:
    Keinen andere Virenscanner auf Deinem PC installieren, sondern dein PC NUR online scannen!!!
    ♦ Prüfe Deinen Rechner jetzt, auf Viren, Trojaner, Würmer und anderen Schadcode, mit dem kostenlosen Online Virenscanner von:

    ♦ Protokoll speichern und posten
    Funktioniert nicht.
    Er zeigt mir folgendes Fenster und nichts tut sich:



    10.
    erneut einen Scan mit OTL
    Konnte ich noch nicht da Schritt 9 noch nicht ging...

    1.
    Datei/Ordnername sagt mir nichts? Um was handelt es sich dabei?
    Code:
    C:\Users\admin\Desktop\Thierry_11082012
    Das einfach ein temporärer Ordner, den ich für diese Aktion erstellt habe (und wo ich alle benutzen Dateien, Programme, Notizen, usw. speichere) da es nicht unser Rechner ist.

    Grüsse,
    Thierry
    Geändert von Thierry (16.08.2012 um 07:47 Uhr)

  9. #9
    Moderator (global) Team-Mitglied Avatar von kira
    Registriert seit
    28.03.2006
    Ort
    Wien/Sprachen: Deutsch-Ungarisch
    Beiträge
    29.728

    AW: Windows 7 Logfiles

    Zitat Zitat von Thierry Beitrag anzeigen
    ich weiss nicht, ob das ein gutes Zeichen ist, aber gestern nach den letzten Änderungen hat der Rechner nicht gestartet...
    wann genau "nach den letzten Änderungen"? was war der letzte Schritt den Du gemacht hast?

    Zitat Zitat von Thierry Beitrag anzeigen
    Gestern morgen habe ich den Rechner ganz normal ausgemacht (über die Schaltfläche Start->Ausschalten). Und er hat 17 Windows-Updates installiert beim Runterfahren.
    von Microsoft?
    Geändert von kira (16.08.2012 um 09:17 Uhr)
    Warnung!:
    Vorsicht bei Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einem Verschlüsselungs-Trojaner infiziert sein!
    Anhang nicht öffnen, in unserem Forum erst nachfragen!

    Bitte diese Warnung weitergeben, wo Du nur kannst!
    Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
    Bitte diese Warnung weitergeben, wo Du nur kannst!

  10. #10
    Einsteiger
    Registriert seit
    20.10.2009
    Beiträge
    23

    AW: Windows 7 Logfiles

    Zitat Zitat von kira Beitrag anzeigen
    wann genau "nach den letzten Änderungen"?
    Gestern Nachmittag.

    Zitat Zitat von kira Beitrag anzeigen
    was war der letzte Schritt den Du gemacht hast?
    Der Scan mit OTL (15/08/2012 8:12:16), d.h. Schritt Nr. 8 in diesem Beitrag: http://www.hijackthis-forum.de/hijac...tml#post398071

    Zitat Zitat von kira Beitrag anzeigen
    von Microsoft?
    Ja.
    Geändert von Thierry (16.08.2012 um 10:32 Uhr)

Seite 1 von 3 123 LetzteLetzte

Aktive Benutzer

Aktive Benutzer

Aktive Benutzer in diesem Thema: 1 (Registrierte Benutzer: 0, Gäste: 1)

Ähnliche Themen

  1. Antworten: 9
    Letzter Beitrag: 04.03.2012, 12:40
  2. Windows 7 Logfiles
    Von fipsi1 im Forum Archiv
    Antworten: 4
    Letzter Beitrag: 11.01.2009, 18:48
  3. help logfiles
    Von liebchen im Forum Archiv
    Antworten: 97
    Letzter Beitrag: 17.05.2008, 20:29
  4. Logfiles
    Von thommy26 im Forum Archiv
    Antworten: 35
    Letzter Beitrag: 18.01.2007, 15:50
  5. Logfiles
    Von Montana im Forum Archiv
    Antworten: 4
    Letzter Beitrag: 25.11.2006, 10:27

Berechtigungen

  • Neue Themen erstellen: Nein
  • Themen beantworten: Nein
  • Anhänge hochladen: Nein
  • Beiträge bearbeiten: Nein
  •