W32/virut.w C'EST GRAVE ? aidez moi SVP !!!

Utilisateur anonyme -  
Valuu Messages postés 2258 Statut Contributeur -
Bonjour a tous,

Aujourd'hui, mon antivirus (Avira) me signale qu'il a trouvé un virus dans mon pc.... jusque la, pas de probleme et je clique sur "supprimer", Avira exécute sauf que quelque secondes plus tard le meme message reapparait et il me faut a chaque fois resupprimer le virus...ce qui, pour tout dire, ne sert a rien du tout...

donc moi je n'y comprend plus rien... pourquoi m'annonce t'il un virus toute les dix secondes alors qu'il ne le trouve pas lors d'un scan complet ?

mon ordi fonctionne (encore) parfaitement bien mais ca me fait flipper quand meme a chaque fois que le "BLIPBLIPBLIP" typique retentit...

Voici ce qui est ecrit :

dans le registre C:/Windows/System32/config/Reg Back/SOFTWARE a été trouvé un virus ou un programme non souhaité.

w32/virut.w

je m'en remet donc a vous pour essayer de me rassurer et remettre mon pc en bon état.

merci d'avance. :)

32 réponses

  • 1
  • 2
  1. Valuu Messages postés 2258 Statut Contributeur 201
     
    Hello,

    Si c'est Virut c'est pas cool. C'est pas forcément possible de désinfecter, suivant comment l'infection s'ets propagée dans ton système. Je t'expliquerais quoi sauvegarder et comment, si tel est le cas.

    --------------------------------------------------------------------------------------
    Utilise ce logiciel de diagnostic :

    * Télécharge ZHPDiag (de Nicolas Coolman)
    * Laisse toi guider lors de l'installation, il se lancera automatiquement à la fin.
    * Sous Vista/Seven, si ça ne se lance pas --> Clic droit/Exécuter en tant qu'administrateur
    * Clique sur l'icône représentant une loupe (« Lancer le diagnostic »)
    * Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
    * Héberge le rapport ZHPDiag.txt sur ce site, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum.
    0
  2. Utilisateur anonyme
     
    Salut Valuu, Merci d'avoir été si rapide a me répondre : )

    voila, j'espere que c'est ca :

    Rapport de ZHPScan v1.27 par Nicolas Coolman, Update du 10/06/2011
    Run by jean gamin at 11.06.2011 17:37:52
    Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html

    ---\\ Clés de Registre trouvées (Registry Keys found)
    [HKLM\Software\Classes\AppID\WMHelper.DLL] =>Toolbar.BearShare
    [HKLM\Software\Classes\imside1egate.application.1] =>Adware.BHO
    [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}] =>Adware.AskTBar
    [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{474597C5-AB09-49d6-A4D5-2E8D7341384E}] =>PUP.iMesh
    [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{474597C5-AB09-49d6-A4D5-2E8D7341384E}] =>PUP.iMesh
    [HKLM\Software\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}] =>Toolbar.Facemood
    [HKLM\Software\Classes\CLSID\{761f6a83-f007-49e4-8eac-cdb6808ef06f}] =>PUP.Eorezo
    [HKLM\Software\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}] =>Toolbar.SweetIM
    [HKLM\Software\Classes\CLSID\{97d69524-bb57-4185-9c7f-5f05593b771a}] =>PUP.Eorezo
    [HKLM\Software\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4}] =>PUP.iMesh
    [HKLM\Software\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}] =>Toolbar.Facemood
    [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{eee6c35b-6118-11dc-9c72-001320c79847}] =>Toolbar.SweetIM
    [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{eee6c35b-6118-11dc-9c72-001320c79847}] =>Toolbar.SweetIM
    [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}] =>Adware.AskBar
    [HKLM\Software\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}] =>Toolbar.Facemood
    [HKCU\Software\cacaoweb] =>PUP.CacaoWeb
    [HKLM\Software\CrazyLoader] =>Adware.SPointer
    [HKCU\Software\AppDataLow\Software\iMeshMediabarTB] =>PUP.iMesh

    ---\\ Valeurs de clé de Registre trouvées (Registry Values found)

    ---\\ Dossiers trouvés (Directories found)
    C:\Users\jean gamin\AppData\Roaming\cacaoweb =>PUP.CacaoWeb
    C:\Users\jean gamin\AppData\Roaming\Crazyloader =>Adware.SPointer
    C:\Users\jean gamin\Appdata\Local\Crazyloader Air =>Adware.SPointer

    ---\\ Fichiers Firefox trouvés (Files found)
    *** None ***

    ---\\ Fichiers trouvés (Files found)
    *** None ***

    ---\\ Bilan de la recherche (Scan Result)
    Database Version : 8334 - (10/06/2011)
    Clés trouvées (Keys found) : 18
    Valeurs de clé trouvées (Values found) : 0
    Dossiers trouvés (Folders found) : 3
    Fichiers trouvés (Files found) : 0

    End of the scan in 00mn 09s
    0
  3. Utilisateur anonyme
     
    Bonjour
    Lorsqu'il y a suspicion de virut, il faut éviter de faire lancer des exécutables, car
    on réveille la bête qui se propage encore plus, une recherche avec Dr Web s'impose
    Bonne suite
    0
    1. Valuu Messages postés 2258 Statut Contributeur 201
       
      Merci du conseil, c'est mon premier virut *émotif*
      Tu peux suivre au cas où ?

      Merci =)
      0
    2. Utilisateur anonyme
       
      je vais suivre
      0
  4. Valuu Messages postés 2258 Statut Contributeur 201
     
    Okay, Si tu as un deuxième ordinateur, il serait bien de l'utiliser pour télécharger les logiciel, afin d'éviter de te connecter au net pendant la présence de l'infection.
    Si tu n'en a pas d'autre, fais avec mais ne te connectes pas sur des sites "confidentiels" (banque par exemple)

    Sur la machine infectée, vous devez éviter toutes connexions au Net, mais si vous n'avez qu'un PC, vous n'aurez pas le choix.

    Téléchargez Dr.Web CureIt! sur votre Bureau.
    Double-cliquez sur drweb-cureit.exe et cliquez sur Commencer le scan.
    Ce scan rapide permet l'analyse des processus chargés en mémoire; s'il trouve des processus infectés, cliquez sur le bouton Oui pour Tout à l'invite.
    Lorsque le scan rapide est terminé, cliquez sur Options > Changer la configuration.
    Choisissez l'onglet Scanner, et décochez Analyse heuristique.
    De retour à la fenêtre principale : choisissez Analyse complète.
    Cliquez la flèche verte sur la droite et le scan débutera. Une publicité apparaît quelquefois, fermez-la.
    Cliquez Oui pour Tout si un fichier est détecté.
    A la fin du scan, si des infections sont trouvées, cliquez sur Tout sélectionner, puis sur Désinfecter. Si la désinfection est impossible, cliquez sur Quarantaine.
    Au menu principal de l'outil, en haut à gauche, cliquez sur le menu Fichier et choisissez Enregistrer le rapport.
    Sauvegardez le rapport sur votre Bureau. Ce dernier se nommera DrWeb.csv.
    Fermez Dr.Web CureIt!
    Redémarrez votre ordinateur (très important) car certains fichiers peuvent être déplacés/réparés au redémarrage.
    Suite au redémarrage, postez (Copiez/Collez) le contenu du rapport de l'outil Dr.Web dans votre prochaine réponse.
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Utilisateur anonyme
     
    Resalut,

    apres un scan rapide d'1h30 ;) me revoila...

    dr Web a trouvé un truc bizarre qui s'appelait : antistress .exe que je me suis empréssé d'effacer. Avira a l'air de s'etre calmé, pas de message d'alerte au redémarrage. dois-je maintenant faire un scan complet (qui doit durer 1 an minimum... ) juste pour le fun ? ;)

    par contre, je ne sais pas ou trouver le rapport demandé...j'ai du faire une fausse manip'.
    0
  7. Valuu Messages postés 2258 Statut Contributeur 201
     
    Il aurait fallu le lancer en mode complet oui... ça aurait été plus long mais plus complet.

    Mais avant de faire ça on va vérifier un truc...

    --------------------------------------------------------------------------------------
    * Rends-toi sur VirusTotal
    * Clique sur Parcourir, et va chercher le(s) fichier(s) en gras ci dessous :

    C:\Windows\explorer.exe

    *Si tu ne le trouves pas, affiche les fichiers cachés
    * Clique sur Send File, si cela t'es demandé, clique sur Reanalyse.
    * Colle-moi l'adresse internet dans ta prochaine réponse

    Fais de même pour :
    C:\Windows\system32\winlogon.exe
    0
  8. Utilisateur anonyme
     
    J'ai un petit probleme a trouvé les fichiers demandé...

    j'ai suivi les instructions de ton lien, j'ai coché "afficher les fichiers cachés" dans le menu prévu a cet effet mais lorsque je vais sur virus total il m'est impossible a partir de l'option "organiser" d'y accéder...

    j'ai oublié de préciser que je suis une vraie bille ou noob, comme vous voudrez, en informatique... ; )
    0
  9. Valuu Messages postés 2258 Statut Contributeur 201
     
    A partir de l'option "Organiser" ? o_O

    Tu vas sur : https://www.virustotal.com/gui/
    Tu clique sur "Parcourir"
    Tu vas jusqu'au fichier que tu souhaites analyser.
    Tu fais Ok, puis Send File.
    0
  10. Utilisateur anonyme
     
    je suis vraiment pas sur que c'est ce que tu voulais...

    File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:

    MD5: d07d4c3038f3578ffce1c0237f2a1253
    Date first seen: 2009-05-24 18:27:11 (UTC)
    Date last seen: 2011-06-11 14:02:07 (UTC)
    Detection ratio: 0/42
    What do you wish to do?

    File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:

    MD5: 898e7c06a350d4a1a64a9ea264d55452
    Date first seen: 2009-05-19 22:29:40 (UTC)
    Date last seen: 2011-06-11 15:25:41 (UTC)
    Detection ratio: 1/42
    What do you wish to do?
    0
  11. Valuu Messages postés 2258 Statut Contributeur 201
     
    Apparemment c'est clean...
    Ça doit pas être notre cher Virut alors.

    On va reprendre au début alors.
    Le rapport de ZHPDiag que tu m'as posté n'étais pas le bon.
    Il faut lancer le diagnostique en cliquant sur la loupe en haut à gauche.
    Le rapport se trouvera sur ton bureau et s'appellera ZHPDaig.txt
    Héberge le sur http://pjjoint.malekal.com/ et poste moi le lien ensuite.
    0
  12. Utilisateur anonyme
     
    voila, je pense que tu sauras déchiffrer tout ca, moi je n'y comprend rien...

    Rapport de ZHPDiag v1.27.2291 par Nicolas Coolman, Update du 10/06/2011
    Run by jean gamin at 11.06.2011 21:38:04
    Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html

    ---\\ Web Browser
    MSIE: Internet Explorer v8.0.6001.19048
    GCIE: Google Chrome v12.0.742.91 (Defaut)

    ---\\ System Information
    Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002)
    Processor: x86 Family 17 Model 3 Stepping 1, AuthenticAMD
    Operating System: 32 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 2813 MB (58% free)
    System Restore: Activé (Enable)
    System drive C: has 154 GB (69%) free of 222 GB

    ---\\ Logged in mode
    Computer Name: MONZOB
    User Name: jean gamin
    All Users Names: jean gamin, Gast, Administrator,
    Unselected Option: O45,O61,O62,O65,O66,O82
    Logged in as Administrator

    ---\\ Environnement Variables
    %AppData%=C:\Users\jean gamin\AppData\Roaming
    %LocalAppData%=C:\Users\jean gamin\AppData\Local
    %StartMenu%=C:\Users\jean gamin\AppData\Roaming\Microsoft\Windows\Start Menu

    ---\\ DOS/Devices
    C:\ Hard drive, Flash drive, Thumb drive (Free 154 Go of 222 Go)
    D:\ Hard drive, Flash drive, Thumb drive (Free 2 Go of 11 Go)
    E:\ CD-ROM drive (Free 0 Go of 1 Go)

    ---\\ Security Center & Tools Informations
    [HKLM\SOFTWARE\Microsoft\Security Center] AntiSpywareOverride: OK
    [HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
    [HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
    [HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
    [HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
    [HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
    [HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK
    [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
    [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
    [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK
    [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK
    [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
    [HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK
    [HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK
    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoActiveDesktopChanges: OK
    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: OK
    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoDesktop: OK
    [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoFolderOptions: OK
    [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoDesktop: OK
    [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoStartMenuSubFolder: OK
    [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoResolveSearch: OK
    [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoClose: OK
    [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] DisableTaskMgr: OK
    [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] DisableRegistryTools: OK
    [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] NoDispScrSavPage: OK
    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
    [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK
    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK

    ---\\ Search Generic System Files
    [MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Windows-Explorer.) (.11.04.2009 07:27:36.) -- C:\Windows\Explorer.exe [2926592]
    [MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Windows-Startanwendung.) (.21.01.2008 03:23:42.) -- C:\Windows\system32\Wininit.exe [96768]
    [MD5.047CDEFF94B63F0A4791372B47427B60] - (.Microsoft Corporation - Interneterweiterungen für Win32.) (.22.02.2011 07:21:28.) -- C:\Windows\system32\wininet.dll [916480]
    [MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Windows-Anmeldeanwendung.) (.11.04.2009 07:28:13.) -- C:\Windows\system32\Winlogon.exe [314368]
    [MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11.04.2009 07:32:26.) -- C:\Windows\system32\drivers\atapi.sys [19944]
    [MD5.6A4A98CEE84CF9E99564510DDA4BAA47] - (.Microsoft Corporation - NT-Dateisystemtreiber.) (.11.04.2009 07:32:49.) -- C:\Windows\system32\drivers\ntfs.sys [1083880]

    ---\\ Running Processes
    [MD5.794EBD358FDF1F4978A81A30E43F5E70] - (.IObit - Advanced SystemCare Performance Monitor.) -- C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe [803728]
    [MD5.AE567D261D281B51BE55E53A786E8574] - (.Synaptics, Inc. - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896]
    [MD5.0D392EDE3B97E0B3131B2F63EF1DB94E] - (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe [1008184]
    [MD5.F7CF218E5CAA6FC0BB55791AD31E2B3F] - (. Hewlett-Packard Development Company, L.P. - Quick Launch Buttons.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe [202032]
    [MD5.8CB896C573FD15AE8B13180DA53E93D2] - (.Hewlett-Packard Development Company, L.P. - HPWAMain Module.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752]
    [MD5.61941D4566C3B09F377E0E1A97BD0D9A] - (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [281768]
    [MD5.F80FFD4517C0B8025ECC54FBB30F88C4] - (.SEIKO EPSON CORPORATION - FAX Status Monitor.) -- C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe [847872]
    [MD5.813F9EA38AEB2AD4D9BD689388DDD93A] - (.Huawei Technologies Co., Ltd. - DataCardMonitor MFC Application.) -- C:\Program Files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe [253952]
    [MD5.2E5212A0BFB98FE0167C92C76C87AFE3] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [249064]
    [MD5.4A9295C9BE22739D030AB072E9A0B169] - (.Hewlett-Packard Company - No comment.) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392]
    [MD5.7DFCCC67990B6DE7F30F553A4E4612A4] - (...) -- C:\Program Files\RocketDock\RocketDock.exe [495616]
    [MD5.280D379414BA2EEF6AAA28136D10641A] - (.Conexant - SmartAudio.) -- C:\Program Files\CONEXANT\SmartAudio\SmAudio.exe [2685496]
    [MD5.AAAACBE10F58E92C0C3432BC901B2844] - (.IObit - Advanced SystemCare 4 Tray.) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe [412560]
    [MD5.BF08674925F151BD4537B89A493E3E0C] - (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehtray.exe [125952]
    [MD5.569E547273C25B019054A12A40400ECE] - (.OpenOffice.org - OpenOffice.org 3.2.) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe [11318784]
    [MD5.0F4195B9B348DE5CF9B822F81704B20E] - (.Microsoft Corporation - Media Center Media Status Aggregator Servic.) -- C:\Windows\ehome\ehmsas.exe [37376]
    [MD5.4B723F33D7331F20E06F3A2FD76EC1D5] - (.OpenOffice.org - OpenOffice.org 3.2.) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin [11312128]
    [MD5.B1AC0A6D303871BD2CD2332AE932F75F] - (.Huawei Technologies Co., Ltd. - Online Update Clinet.) -- C:\Users\jean gamin\AppData\Roaming\T-Mobile Internet Manager\ouc.exe [110592]
    [MD5.8D07F0687318214A3CEF62EA1048D101] - (.Hewlett-Packard Development Company, L.P. - Module to process WiFi messages..) -- C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE [316720]
    [MD5.1EDC4865C8003A0251956835273904B1] - (.Unknown owner - HpqToaster Module.) -- C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe [685360]
    [MD5.A8AD97956A0F4408CB3AA03EDD2B8BC1] - (.Synaptics, Inc. - Synaptics Pointing Device Helper.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe [103720]
    [MD5.9AFF7539C716A9B24BCD03C8C0922013] - (.Google Inc. - Google Chrome.) -- C:\Users\jean gamin\AppData\Local\Google\Chrome\Application\chrome.exe [1011768]
    [MD5.62BB79160F86CD962F312C68C6239BFD] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53472]
    [MD5.4B555106290BD117334E9A08761C035A] - (...) -- C:\Windows\system32\rundll32.exe [44544]
    [MD5.84CA41DCCC78870E086CD2BF157367D6] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [658944]

    ---\\ Mozilla Firefox, Plugins,Startseite,Seiten of search,Ausdehnung (P2,M0,M1,M2,M3)
    C:\Users\jean gamin\AppData\Roaming\Mozilla\Firefox\Profiles\vxbxnz2e.default\prefs.js
    M3 - MFPP: Plugins - [jean gamin] -- C:\Users\jean gamin\AppData\Roaming\Mozilla\Firefox\Profiles\vxbxnz2e.default\searchplugins\bing.xml
    M3 - MFPP: Plugins - [jean gamin] -- C:\Users\jean gamin\AppData\Roaming\Mozilla\Firefox\Profiles\vxbxnz2e.default\searchplugins\Schnell Sucher.xml
    P2 - FPN: [HKLM] [@adobe.com/ShockwavePlayer] - (.Adobe Systems, Inc. - Adobe Shockwave for Director Netscape plug-in, version 11.0.) -- C:\Windows\system32\Adobe\Director\np32dsw.dll
    P2 - FPN: [HKLM] [@divx.com/DivX Browser Plugin,version=1.0.0] - (.DivX, LLC - DivX Web Player version 2.1.1.94.) -- C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    P2 - FPN: [HKLM] [@divx.com/DivX Player Plugin,version=1.0.0] - (.Unknown owner - No comment.) -- C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (.not file.)
    P2 - FPN: [HKLM] [@divx.com/DivX VOD Helper,version=1.0.0] - (.DivX, LLC. - DivX VOD Helper Plug-in.) -- C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
    P2 - FPN: [HKLM] [@java.com/JavaPlugin] - (.Sun Microsystems, Inc. - Next Generation Java Plug-in 1.6.0_24 for Mozilla browsers.) -- C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.0.60310.0.) -- c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
    P2 - FPN: [HKLM] [@microsoft.com/OfficeLive,version=1.3] - (.Unknown owner - No comment.) -- C:\Program Files\Microsoft\Office Live\npOLW.dll (.not file.)
    P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=14.0.8081.0709] - (.Microsoft Corporation - NPWLPG.) -- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
    P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
    P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
    P2 - FPN: [HKLM] [@zylom.com/ZylomGamesPlayer] - (.Zylom - Zylom Plugin.) -- C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
    P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Users\jean gamin\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll
    P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Users\jean gamin\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll
    M0 - MFSP: prefs.js [jean gamin - vxbxnz2e.default] https://start.mozilla.org/fr/
    M2 - MFEP: prefs.js [jean gamin - vxbxnz2e.default\cacaoweb@cacaoweb.org] [] cacaoweb v1.0.13 (.http://www.cacaoweb.org/
    M2 - MFEP: prefs.js [jean gamin - vxbxnz2e.default\foxyproxy@eric.h.jung] [] FoxyProxy Basic v1.8.1 (.LeahScape, Inc..)
    M2 - MFEP: prefs.js [jean gamin - vxbxnz2e.default\nasanightlaunch@example.com] [] NASA Night Launch v0.6.20101009 (.The Night Launch Team.)
    M2 - MFEP: prefs.js [jean gamin - vxbxnz2e.default\piclens@cooliris(26).com] [] Cooliris v1.11 (.Cooliris Inc..)
    M2 - MFEP: prefs.js [jean gamin - vxbxnz2e.default\piclens@cooliris.com] [] Cooliris v1.12.0.36949 (.Cooliris Inc..)
    M2 - MFEP: prefs.js [jean gamin - vxbxnz2e.default\searchrecs@veoh.com] [] Veoh Video Compass v1.5.1 (.Veoh Networks, Inc..)
    M2 - MFEP: prefs.js [jean gamin - vxbxnz2e.default\yetanothersmoothscrolling@kataho] [] Yet Another Smooth Scrolling v3.0.15 (.kataho.)
    M2 - MFEP: prefs.js [jean gamin - vxbxnz2e.default\{20a82645-c095-46ed-80e3-08825760534b}] [MicrosoftCG] Microsoft .NET Framework Assistant v1.2.1 (.Microsoft.)
    M2 - MFEP: prefs.js [jean gamin - vxbxnz2e.default\{239c61a8-e55f-11db-8314-0800200c9a66}] [] BlackX v2.1.4 (.xXSonyBoy4lfeXx / Andrew Shay.)
    M2 - MFEP: prefs.js [jean gamin - vxbxnz2e.default\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}] [] SmoothWheel (AMO) v0.45.6.20100202.1 (.Avi Halachmi.)
    M2 - MFEP: prefs.js [jean gamin - vxbxnz2e.default\{635abd67-4fe9-1b23-4f01-e679fa7484c1}] [yahoo.ytff] Yahoo! Toolbar v2.1.1.20091029021655 (.Yahoo!.)
    M2 - MFEP: prefs.js [jean gamin - vxbxnz2e.default\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}] [adblockplus] Adblock Plus v1.3.1 (.Wladimir Palant.)

    ---\\ Google Chrome, Startseite,Seiten of search,Ausdehnung, (G0,G1,G2)
    C:\Users\jean gamin\AppData\Local\Google\Chrome\User Data\Default\Preferences
    G1 - GCS: Preference [User Data\Default] None
    G0 - GCSP: Preference [User Data\Default][HomePage] https://home.sweetim.com/
    G2 - GCE: Preference [User Data\Default] [bfbmjmiodbnnpllbbbfblcplfjjepjdn] Turn Off the Lights v.2.0.0.7 (Activé)
    G2 - GCE: Preference [User Data\Default] [cccpiddacjljmfbbgeimpelpndgpoknn] SmoothScroll v.1.0.1 (Activé)
    G2 - GCE: Preference [User Data\Default] [chiikmhgllekggjhdfjhajkfdkcngplp] Scroll To Top Button v.6.1.1 (Activé)
    G2 - GCE: Preference [User Data\Default] [dbpojpfdiliekbbiplijcphappgcgjfn] Ultimate Chrome Flag v.0.3.7 (Activé)
    G2 - GCE: Preference [User Data\Default] [dckheglehcdhpjkdmmmghbgkcdebhhae] SiteAdvisor for Chrome v.1.0.2 (Activé)
    G2 - GCE: Preference [User Data\Default] [fnjbmmemklcjgepojigaapkoodmkgbae] DivX HiQ v.2.1.1.94 (Activé)
    G2 - GCE: Preference [User Data\Default] [lambangeielkjcnmioccboaphdfcffib] Chrome TV v.2.0.5 (Activé)
    G2 - GCE: Preference [User Data\Default] [mihcahmgecmbnbcchbopgniflfhgnkff] Vérificateur de messages Google v.3.1 (Activé)
    G2 - GCE: Preference [User Data\Default] [noocneohefmdhonidldnlhaainpiomkp] Cooliris v.1.12.0.34194 (Désactivé)
    G2 - GCE: Preference [User Data\Default] [oekemfmehiakocmomemagciajlikigkl] Fade to White Aero Skin (by Skarv) v.0.7.8 (Activé)

    ---\\ Internet Explorer, Startseite,Seiten of search,Ausdehnung (R0,R1,R3,R4)
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R0 - HKUS\S-1-5-21-1755147125-4231826600-4257628715-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.microsoft.com/fr-fr/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.microsoft.com/fr-fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.microsoft.com/fr-fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.microsoft.com/fr-fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.microsoft.com/fr-fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
    R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)) -- C:\Windows\system32\ieframe.dll

    ---\\ Internet Explorer, Proxy Management (R5)
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

    ---\\ ---\\ Changed inifile Value, Mapped to Registry (F2)
    F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,
    F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"

    ---\\ Browser Helper Objects (O2)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} . (.DivX, LLC - DivX Web Player version 2.1.1.94.) -- C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} . (.DivX, LLC - DivX Web Player version 2.1.1.94.) -- C:\Program Files\DivX\DivX Plus Web
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} Orphean Key
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} . (.Microsoft Corporation - Search Helper for Internet Explorer.) -- C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} . (.SEIKO EPSON CORPORATION / CyCom Technology - Epson Easy Photo Print (TBL).) -- C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} Orphean Key

    ---\\ Internet Explorer toolbars (O3)
    O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} . (.SEIKO EPSON CORPORATION / CyCom Technology - Epson Easy Photo Print (TBL).) -- C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll

    ---\\ ---\\ Auto loading programs from Registry and folders (O4)
    O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics, Inc. - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe
    O4 - HKLM\..\Run: [QlbCtrl.exe] . (. Hewlett-Packard Development Company, L.P. - Quick Launch Buttons.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    O4 - HKLM\..\Run: [HP Health Check Scheduler] . (.Hewlett-Packard - HP Health Check Scheduler.) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] . (.Hewlett-Packard Development Company, L.P. - HPWAMain Module.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [avgnt] . (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    O4 - HKLM\..\Run: [FUFAXSTM] . (.SEIKO EPSON CORPORATION - FAX Status Monitor.) -- C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
    O4 - HKLM\..\Run: [DataCardMonitor] . (.Huawei Technologies Co., Ltd. - DataCardMonitor MFC Application.) -- C:\Program Files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe
    O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    O4 - HKCU\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - No comment.) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    O4 - HKCU\..\Run: [RocketDock] . (...) -- C:\Program Files\RocketDock\RocketDock.exe
    O4 - HKCU\..\Run: [SmAudio] . (.Conexant - SmartAudio.) -- C:\Program Files\Conexant\SmartAudio\SmAudio.exe
    O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\jean gamin\AppData\Local\Google\Update\GoogleUpdate.exe
    O4 - HKCU\..\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] . (.Huawei Technologies Co., Ltd. - Online Update Clinet.) -- C:\Program Files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe
    O4 - HKCU\..\Run: [Advanced SystemCare 4] . (.IObit - Advanced SystemCare 4 Tray.) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
    O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [cacaoweb] . (...) -- C:\Users\jean gamin\AppData\Roaming\cacaoweb\cacaoweb.exe
    O4 - HKCU\..\Run: [Mobile Partner] . (...) -- C:\Program Files\T-Mobile\T-Mobile Internet Manager\T-Mobile Internet Manager.exe
    O4 - HKCU\..\Run: [T3Desk] . (.Tehnif Software SRL - T3Desk Application.) -- C:\Program Files\T3Desk\T3Desk.exe
    O4 - HKCU\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Windows Media Player Network Sharing Servic.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows-Sidebar.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] oobefldr.dll
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows-Sidebar.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
    O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] oobefldr.dll
    O4 - HKUS\S-1-5-21-1755147125-4231826600-4257628715-1000\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - No comment.) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    O4 - HKUS\S-1-5-21-1755147125-4231826600-4257628715-1000\..\Run: [RocketDock] . (...) -- C:\Program Files\RocketDock\RocketDock.exe
    O4 - HKUS\S-1-5-21-1755147125-4231826600-4257628715-1000\..\Run: [SmAudio] . (.Conexant - SmartAudio.) -- C:\Program Files\Conexant\SmartAudio\SmAudio.exe
    O4 - HKUS\S-1-5-21-1755147125-4231826600-4257628715-1000\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\jean gamin\AppData\Local\Google\Update\GoogleUpdate.exe
    O4 - HKUS\S-1-5-21-1755147125-4231826600-4257628715-1000\..\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] . (.Huawei Technologies Co., Ltd. - Online Update Clinet.) -- C:\Program Files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe
    O4 - HKUS\S-1-5-21-1755147125-4231826600-4257628715-1000\..\Run: [Advanced SystemCare 4] . (.IObit - Advanced SystemCare 4 Tray.) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
    O4 - HKUS\S-1-5-21-1755147125-4231826600-4257628715-1000\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
    O4 - HKUS\S-1-5-21-1755147125-4231826600-4257628715-1000\..\Run: [cacaoweb] . (...) -- C:\Users\jean gamin\AppData\Roaming\cacaoweb\cacaoweb.exe
    O4 - HKUS\S-1-5-21-1755147125-4231826600-4257628715-1000\..\Run: [Mobile Partner] . (...) -- C:\Program Files\T-Mobile\T-Mobile Internet Manager\T-Mobile Internet Manager.exe
    O4 - HKUS\S-1-5-21-1755147125-4231826600-4257628715-1000\..\Run: [T3Desk] . (.Tehnif Software SRL - T3Desk Application.) -- C:\Program Files\T3Desk\T3Desk.exe
    O4 - HKUS\S-1-5-21-1755147125-4231826600-4257628715-1000\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Windows Media Player Network Sharing Servic.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Global Startup: C:\Users\jean gamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk . (...) -- C:\Program Files\OpenOffice.org 3\program\quickstart.exe

    ---\\ ---\\ Other User Links (O4)
    O4 - Global Startup: C:\Users\jean gamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
    O4 - Global Startup: C:\Users\jean gamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Mail\WinMail.exe
    O4 - Global Startup: C:\Users\jean gamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe
    O4 - Global Startup: C:\Users\jean gamin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare 4.lnk . (.IObit.) -- C:\Program Files\IObit\Advanced SystemCare 4\ASC.exe
    O4 - Global Startup: C:\Users\jean gamin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Snipping Tool.lnk . (.Microsoft Corporation.) -- C:\Windows\System32\SnippingTool.exe

    ---\\ Extra items in the IE right-click menu (O8)
    O8 - Extra context menu item: Nach Microsoft E&xel exportieren - (.not file.) - C:\PROGRA~1\MICROS~3\Office12\EXCEL.exe

    ---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
    O9 - Extra button: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: &Ajout Direct dans Windows Live Writer - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: &Ajout Direct dans Windows Live Writer - {925DAB62-F9AC-4221-806A-057BFB1014AA} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

    ---\\ Winsock hijacker (Layered Service Provider) (O10)
    O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll
    O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - E-Mail-Namenshimanbieter.) -- C:\Windows\system32\napinsp.dll
    O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - PNRP-Namespaceanbieter.) -- C:\Windows\system32\pnrpnsp.dll
    O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - PNRP-Namespaceanbieter.) -- C:\Windows\system32\pnrpnsp.dll
    O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Microsoft Windows Sockets 2.0-Dienstanbieter.) -- C:\Windows\system32\mswsock.dll
    O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll

    ---\\ Lop.com/Domain Hijackers (O17)
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5E828696-36A3-4717-AC76-B7E639DCE405}: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CS1\Services\Tcpip\..\{5E828696-36A3-4717-AC76-B7E639DCE405}: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CS2\Services\Tcpip\..\{5E828696-36A3-4717-AC76-B7E639DCE405}: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5E828696-36A3-4717-AC76-B7E639DCE405}: DhcpDomain = Speedport_W_503V_Typ_C
    O17 - HKLM\System\CS1\Services\Tcpip\..\{5E828696-36A3-4717-AC76-B7E639DCE405}: DhcpDomain = Speedport_W_503V_Typ_C
    O17 - HKLM\System\CS2\Services\Tcpip\..\{5E828696-36A3-4717-AC76-B7E639DCE405}: DhcpDomain = Speedport_W_503V_Typ_C
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

    ---\\ ShellServiceObjectDelayLoad (O21)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Websiteüberwachung.) -- C:\Windows\System32\webcheck.dll

    ---\\ SharedTaskScheduler (O22)
    O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Shellbrowser-UI-Bibliothek.) -- C:\Windows\system32\browseui.dll
    O22 - SharedTaskScheduler: (no name) - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} . (.Microsoft Corporation - Shellbrowser-UI-Bibliothek.) -- C:\Windows\system32\browseui.dll

    ---\\ non Microsoft non disabled Windows XP/NT/2000 Services (O23)
    O23 - Service: (AdvancedSystemCareService) . (.IObit - Advanced SystemCare Service.) - C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
    O23 - Service: (AntiVirSchedulerService) . (.Avira GmbH - Antivirus Scheduler.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: (AntiVirService) . (.Avira GmbH - Antivirus On-Access Service.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: (Com4QLBEx) . (.Hewlett-Packard Development Company, L.P. - Com for QLB application.) - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    O23 - Service: (gupdate1c9e6d2a267862a) . (.Google Inc. - Google Installer.) - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: (gupdatem) . (.Google Inc. - Google Installer.) - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: (HP Health Check Service) . (.Hewlett-Packard - HP Health Check Service.) - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: (hpqwmiex) . (.Hewlett-Packard Development Company, L.P. - hpqwmiex Module.) - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: (IDriverT) . (.Macrovision Corporation - IDriverT Module.) - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: (LightScribeService) . (.Hewlett-Packard Company - LightScribe Service.) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: (lxce_device) . (.Unknown owner - Printer Communication System.) - C:\Windows\system32\lxcecoms.exe
    O23 - Service: (MBAMService) . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: (nvsvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 186.4.) - C:\Windows\system32\nvvsvc.exe
    O23 - Service: (Recovery Service for Windows) . (.Unknown owner - STServices.) - C:\Program Files\SMINST\BLService.exe
    O23 - Service: (VideoAcceleratorService) . (.Speedbit Ltd. - VideoAcceleratorEngine.) - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
    O23 - Service: (XAudioService) . (.Conexant Systems, Inc. - Modem Audio Service.) - C:\Windows\system32\DRIVERS\xaudio.exe

    ---\\ Windows Active Desktop Components & MHTML Editor (O24)
    O24 - Default MHTML Editor: Last - .(...) - (.not file.)

    ---\\ Einträge in Windows' Aufgabenplaner(039)
    O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1755147125-4231826600-4257628715-1000Core.job
    O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1755147125-4231826600-4257628715-1000UA.job
    O39 - APT:Automatic Planified Task - C:\Windows\Tasks\HPCeeScheduleForjean gamin.job
    O39 - APT:Automatic Planified Task - C:\Windows\Tasks\PCConfidential.job
    O39 - APT:Automatic Planified Task - C:\Windows\Tasks\SmartDefrag.job
    O39 - APT:Automatic Planified Task - C:\Windows\Tasks\User_Feed_Synchronization-{77F86249-D5C9-41DE-A694-354D9A1847BD}.job
    [MD5.794EBD358FDF1F4978A81A30E43F5E70] [APT] [ASC4_PerformanceMonitor] (.IObit.) -- C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe
    [MD5.626A24ED1228580B9518C01930936DF9] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe
    [MD5.626A24ED1228580B9518C01930936DF9] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe
    [MD5.8F0DE4FEF8201E306F9938B0905AC96A] [APT] [GoogleUpdateTaskUserS-1-5-21-1755147125-4231826600-4257628715-1000Core] (.Google Inc..) -- C:\Users\jean gamin\AppData\Local\Google\Update\GoogleUpdate.exe
    [MD5.8F0DE4FEF8201E306F9938B0905AC96A] [APT] [GoogleUpdateTaskUserS-1-5-21-1755147125-4231826600-4257628715-1000UA] (.Google Inc..) -- C:\Users\jean gamin\AppData\Local\Google\Update\GoogleUpdate.exe
    [MD5.AE37F6508716D2DD6122744C46686BEC] [APT] [HP Health Check] (.Hewlett-Packard.) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    [MD5.E7E91EBF735D68C4BA1B8367D3121E0C] [APT] [HPCeeScheduleForjean gamin] (.Hewlett-Packard.) -- C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe
    [MD5.00000000000000000000000000000000] [APT] [PCConfidential] (.Unknown owner.) -- C:\Program Files\Winferno\PC Confidential\PCConfidential.exe (.not file.)
    [MD5.00000000000000000000000000000000] [APT] [RunAsStdUser Task for VeohWebPlayer] (.Unknown owner.) -- C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (.not file.)
    [MD5.00000000000000000000000000000000] [APT] [SmartDefrag] (.Unknown owner.) -- C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe (.not file.)
    [MD5.973567B98CDFC147DF4E60471D9DF072] [APT] [{8FC0307F-B99E-4E5A-BF0F-7F1DF7FA2DEE}] (.Unknown owner.) -- C:\PROGRA~1\SPEEDB~1\UNWISE.exe

    ---\\ Automatisch gestartete Treiber und Dienste (O41)
    O41 - Driver: (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys
    O41 - Driver: (avgio) . (.Avira GmbH - Avira AntiVir Support for Minifilter.) - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
    O41 - Driver: (avipbb) . (.Avira GmbH - Avira Driver for Security Enhancement.) - C:\Windows\System32\DRIVERS\avipbb.sys
    O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys
    O41 - Driver: C:\Windows\system32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys
    O41 - Driver: (i8042prt) . (.Microsoft Corporation - i8042-Anschlusstreiber.) - C:\Windows\System32\DRIVERS\i8042prt.sys
    O41 - Driver: (kbdclass) . (.Microsoft Corporation - Tastaturklassentreiber.) - C:\Windows\System32\DRIVERS\kbdclass.sys
    O41 - Driver: (kbdhid) . (.Microsoft Corporation - HID-Tastaturfiltertreiber.) - C:\Windows\System32\DRIVERS\kbdhid.sys
    O41 - Driver: (mouclass) . (.Microsoft Corporation - Mausklassentreiber.) - C:\Windows\System32\DRIVERS\mouclass.sys
    O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys
    O41 - Driver: (netbt) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys
    O41 - Driver: (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys
    O41 - Driver: C:\Windows\system32\drivers\pacer.sys (PSched) . (.Microsoft Corporation - QoS-Paketplaner.) - C:\Windows\System32\DRIVERS\pacer.sys
    O41 - Driver: (RasAcd) . (.Microsoft Corporation - RAS Automatic Connection Driver.) - C:\Windows\System32\DRIVERS\rasacd.sys
    O41 - Driver: (rdbss) . (.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - C:\Windows\System32\DRIVERS\rdbss.sys
    O41 - Driver: (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys
    O41 - Driver: (RDPENCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\drivers\rdpencdd.sys
    O41 - Driver: C:\Windows\system32\tcpipcfg.dll (Smb) . (.Microsoft Corporation - SMB Transport driver.) - C:\Windows\System32\DRIVERS\smb.sys
    O41 - Driver: (ssmdrv) . (.Avira GmbH - AVIRA SnapShot Driver.) - C:\Windows\System32\DRIVERS\ssmdrv.sys
    O41 - Driver: C:\Windows\system32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\System32\DRIVERS\tdx.sys
    O41 - Driver: (TermDD) . (.Microsoft Corporation - Terminal Server Driver.) - C:\Windows\System32\DRIVERS\termdd.sys
    O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys
    O41 - Driver: (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\System32\DRIVERS\wanarp.sys

    ---\\ Installierte Programme (O42)
    O42 - Logiciel: ActiveCheck component for HP Active Support Library - (.Hewlett-Packard.) [HKLM] -- {254C37AA-6B72-4300-84F6-98A82419187E}
    O42 - Logiciel: Adobe Reader X (10.0.1) - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-AA0000000001}
    O42 - Logiciel: Adobe Shockwave Player - (.Adobe Systems, Inc..) [HKLM] -- {AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}
    O42 - Logiciel: Advanced SystemCare 4 - (.IObit.) [HKLM] -- Advanced SystemCare 4_is1
    O42 - Logiciel: Atheros Driver Installation Program - (.Atheros.) [HKLM] -- {C3A32068-8AB1-4327-BB16-BED9C6219DC7}
    O42 - Logiciel: Avira AntiVir Personal - Free Antivirus - (.Avira GmbH.) [HKLM] -- Avira AntiVir Desktop
    O42 - Logiciel: Conexant HD Audio - (.Conexant.) [HKLM] -- CNXT_AUDIO_HDA
    O42 - Logiciel: DivX-Setup - (.DivX, LLC.) [HKLM] -- DivX Setup.divx.com
    O42 - Logiciel: EPSON BX305 Series Printer Uninstall - (.SEIKO EPSON Corporation.) [HKLM] -- EPSON BX305 Series
    O42 - Logiciel: EPSON Scan - (.Seiko Epson Corporation.) [HKLM] -- EPSON Scanner
    O42 - Logiciel: ESU for Microsoft Vista - (.Hewlett-Packard.) [HKLM] -- {3877C901-7B90-4727-A639-B6ED2DD59D43}
    O42 - Logiciel: Epson Easy Photo Print 2 - (.SEIKO EPSON CORPORATION.) [HKLM] -- {39F58DDB-B2B8-4B86-AF20-4706A80EB30D}
    O42 - Logiciel: Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) - (.SEIKO EPSON CORPORATION.) [HKLM] -- {B2D55EB8-32C5-4B43-9006-9E97DECBA178}
    O42 - Logiciel: Epson FAX Utility - (.SEIKO EPSON CORPORATION.) [HKLM] -- {0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}
    O42 - Logiciel: Epson PC-FAX Driver - (.Unknown owner.) [HKLM] -- EPSON PC-FAX Driver 2
    O42 - Logiciel: Galerie de photos Windows Live - (.Microsoft Corporation.) [HKLM] -- {B131E59D-202C-43C6-84C9-68F0C37541F1}
    O42 - Logiciel: Google Chrome - (.Google Inc..) [HKCU] -- Google Chrome
    O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
    O42 - Logiciel: HDAUDIO Soft Data Fax Modem with SmartCP - (.Unknown owner.) [HKLM] -- CNXT_MODEM_HDAUDIO_HERMOSA_HSF
    O42 - Logiciel: HP Active Support Library - (.Hewlett-Packard.) [HKLM] -- {CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}
    O42 - Logiciel: HP Customer Experience Enhancements - (.Hewlett-Packard.) [HKLM] -- {57A5AEC1-97FC-474D-92C4-908FCC2253D4}
    O42 - Logiciel: HP DVD Play 3.7 - (.Hewlett-Packard.) [HKLM] -- {45D707E9-F3C4-11D9-A373-0050BAE317E1}
    O42 - Logiciel: HP Doc Viewer - (.Hewlett-Packard.) [HKLM] -- {082702D5-5DD8-4600-BCE5-48B15174687F}
    O42 - Logiciel: HP Help and Support - (.Hewlett-Packard Company.) [HKLM] -- {0054A0F6-00C9-4498-B821-B5C9578F433E}
    O42 - Logiciel: HP Quick Launch Buttons 6.40 H2 - (.Hewlett-Packard.) [HKLM] -- {34D2AB40-150D-475D-AE32-BD23FB5EE355}
    O42 - Logiciel: HP Total Care Advisor - (.Hewlett-Packard.) [HKLM] -- {154A4184-1A3D-4BF9-A5AE-4FA1660445F3}
    O42 - Logiciel: HP Update - (.Hewlett-Packard.) [HKLM] -- {C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
    O42 - Logiciel: HP User Guides 0118 - (.Hewlett-Packard.) [HKLM] -- {B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}
    O42 - Logiciel: HP Wireless Assistant - (.Hewlett-Packard.) [HKLM] -- {9ADABDDE-9644-461B-9E73-83FA3EFCAB50}
    O42 - Logiciel: HPAsset component for HP Active Support Library - (.Hewlett-Packard.) [HKLM] -- {669D4A35-146B-4314-89F1-1AC3D7B88367}
    O42 - Logiciel: HPNetworkAssistant - (.Hewlett-Packard..) [HKLM] -- {228C6B46-64E2-404E-898A-EF0830603EF4}
    O42 - Logiciel: HPTCSSetup - (.Hewlett-Packard Company.) [HKLM] -- {846DDADA-0239-4B67-A6B1-33658863793B}
    O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595
    O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484
    O42 - Logiciel: IObit Toolbar v4.1 - (.Spigot, Inc..) [HKLM] -- {7B8BA496-E201-4246-9A8B-687B49145F53}
    O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- WinLiveSuite_Wave3
    O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- {46ABBC54-1872-4AA3-95E2-F2C063A63F31}
    O42 - Logiciel: Java(TM) 6 Update 24 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216024FF}
    O42 - Logiciel: Junk Mail filter update - (.Microsoft Corporation.) [HKLM] -- {E2DFE069-083E-4631-9B6C-43C48E991DE5}
    O42 - Logiciel: LightScribe System Software 1.14.17.1 - (.LightScribe.) [HKLM] -- {0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}
    O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] -- {22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
    O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
    O42 - Logiciel: Malwarebytes' Anti-Malware version 1.51.0.1200 - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1
    O42 - Logiciel: Microsoft .NET Framework 3.5 Language Pack SP1 - DEU - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 Language Pack SP1 - deu
    O42 - Logiciel: Microsoft .NET Framework 3.5 Language Pack SP1 - deu - (.Microsoft Corporation.) [HKLM] -- {052FDD78-A6EA-3187-8386-C82F4CA3A929}
    O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 SP1
    O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
    O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile
    O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}
    O42 - Logiciel: Microsoft .NET Framework 4 Client Profile DEU Language Pack - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile DEU Language Pack
    O42 - Logiciel: Microsoft .NET Framework 4 Client Profile DEU Language Pack - (.Microsoft Corporation.) [HKLM] -- {F750C986-5310-3A5A-95F8-4EC71C8AC01C}
    O42 - Logiciel: Microsoft Choice Guard - (.Microsoft Corporation.) [HKLM] -- {F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
    O42 - Logiciel: Microsoft Office PowerPoint Viewer 2007 (German) - (.Microsoft Corporation.) [HKLM] -- {95120000-00AF-0407-0000-0000000FF1CE}
    O42 - Logiciel: Microsoft SQL Server 2005 Compact Edition [ENU] - (.Microsoft Corporation.) [HKLM] -- {F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
    O42 - Logiciel: Microsoft Search Enhancement Pack - (.Microsoft Corporation.) [HKLM] -- {4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
    O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
    O42 - Logiciel: Microsoft Sync Framework Runtime Native v1.0 (x86) - (.Microsoft Corporation.) [HKLM] -- {8A74E887-8F0F-4017-AF53-CBA42211AAA5}
    O42 - Logiciel: Microsoft Sync Framework Services Native v1.0 (x86) - (.Microsoft Corporation.) [HKLM] -- {BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
    O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 - (.Microsoft Corporation.) [HKLM] -- {770657D0-A123-3C07-8E44-1C83EC895118}
    O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {837b34e3-7c30-493c-8f6a-2b0f04e2912c}
    O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - KB2467175 - (.Microsoft Corporation.) [HKLM] -- {a0fe116e-9a8a-466f-aee0-625cb7c207e3}
    O42 - Logiciel: Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
    O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 - (.Microsoft Corporation.) [HKLM] -- {86CE85E6-DBAC-3FFD-B977-E4B79F83C909}
    O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 - (.Microsoft Corporation.) [HKLM] -- {9A25302D-30C0-39D9-BD6F-21E6EC160475}
    O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
    O42 - Logiciel: Microsoft Works - (.Microsoft Corporation.) [HKLM] -- {39D0E034-1042-4905-BECB-5502909FCB7C}
    O42 - Logiciel: NVIDIA Drivers - (.NVIDIA Corporation.) [HKLM] -- NVIDIA Drivers
    O42 - Logiciel: NVIDIA PhysX v8.04.25 - (.NVIDIA Corporation.) [HKLM] -- {74224F8D-4A17-4816-9EDB-7BB854DE532C}
    O42 - Logiciel: Next Generation Visualisations - (. Microsoft.) [HKLM] -- {2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}
    O42 - Logiciel: OpenOffice.org 3.2 - (.OpenOffice.org.) [HKLM] -- {266517E6-D866-439D-919C-B8B1A52E6080}
    O42 - Logiciel: PVSonyDll - (.NVIDIA Corporation.) [HKLM] -- {3D3E663D-4E7E-4577-A560-7ECDDD45548A}
    O42 - Logiciel: PixiePack Codec Pack - (.None.) [HKLM] -- {9C450606-ED24-4958-92BA-B8940C99D441}
    O42 - Logiciel: Realtek USB 2.0 Card Reader - (.Realtek Semiconductor Corp..) [HKLM] -- {DC24971E-1946-445D-8A82-CE685433FA7D}
    O42 - Logiciel: RocketDock 1.3.5 - (.Punk Software.) [HKLM] -- RocketDock_is1
    O42 - Logiciel: Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB2416473
    O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2446708
    O42 - Logiciel: Synaptics Pointing Device Driver - (.Synaptics.) [HKLM] -- SynTPDeinstKey
    O42 - Logiciel: T-Mobile Internet Manager - (.T-Mobile D.) [HKLM] -- T-Mobile Internet Manager
    O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707
    O42 - Logiciel: VC80CRTRedist - 8.0.50727.4053 - (.DivX, Inc.) [HKLM] -- {5EE7D259-D137-4438-9A5F-42F432EC0421}
    O42 - Logiciel: VLC media player 1.1.5 - (.VideoLAN.) [HKLM] -- VLC media player
    O42 - Logiciel: WhiteCap - (.SoundSpectrum.) [HKLM] -- WhiteCap
    O42 - Logiciel: Windows Live Call - (.Microsoft Corporation.) [HKLM] -- {82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
    O42 - Logiciel: Windows Live Contrôle parental - (.Microsoft Corporation.) [HKLM] -- {D5D81435-B8DE-4CAF-867F-7998F2B92CFC}
    O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {770F1BEC-2871-4E70-B837-FB8525FFA3B1}
    O42 - Logiciel: Windows Live Movie Maker - (.Microsoft Corporation.) [HKLM] -- {53B20C18-D8D4-4588-8737-9BBFE303C354}
    O42 - Logiciel: Windows Live Toolbar - (.Microsoft Corporation.) [HKLM] -- {F7D27C70-90F5-49B9-B188-0A133C0CE353}
    O42 - Logiciel: Windows Live Writer - (.Microsoft Corporation.) [HKLM] -- {4634B21A-CC07-4396-890C-2B8168661FEA}
    O42 - Logiciel: Zylom Games Player Plugin - (.Zylom Games.) [HKLM] -- Zylom Games Player Plugin
    O42 - Logiciel: eMule - (.Unknown owner.) [HKLM] -- eMule

    ---\\ HKCU & HKLM Software Keys
    [HKCU\Software\Adobe]
    [HKCU\Software\AppDataLow\Aurigma]
    [HKCU\Software\AppDataLow\Software\DivX]
    [HKCU\Software\AppDataLow\Software\IObit]
    [HKCU\Software\AppDataLow\Software\Microsoft]
    [HKCU\Software\AppDataLow\Software\imeshmediabartb]
    [HKCU\Software\AppDataLow\Software]
    [HKCU\Software\AppDataLow]
    [HKCU\Software\Audacity]
    [HKCU\Software\Avira]
    [HKCU\Software\Borland]
    [HKCU\Software\Bugsplat]
    [HKCU\Software\Classes]
    [HKCU\Software\Clients]
    [HKCU\Software\CodeGear]
    [HKCU\Software\Conexant]
    [HKCU\Software\CyberLink]
    [HKCU\Software\Dexclock]
    [HKCU\Software\DivXNetworks]
    [HKCU\Software\DivX]
    [HKCU\Software\EPSON]
    [HKCU\Software\EarthClock]
    [HKCU\Software\EasyBits]
    [HKCU\Software\Enkord]
    [HKCU\Software\GNU]
    [HKCU\Software\Google]
    [HKCU\Software\Headlight]
    [HKCU\Software\Hewlett-Packard]
    [HKCU\Software\IDAVLab]
    [HKCU\Software\IM Providers]
    [HKCU\Software\IObit]
    [HKCU\Software\JavaSoft]
    [HKCU\Software\LightScribe]
    [HKCU\Software\Macromedia]
    [HKCU\Software\Magnet]
    [HKCU\Software\MainConcept (Muvee)]
    [HKCU\Software\Malwarebytes' Anti-Malware]
    [HKCU\Software\MimarSinan]
    [HKCU\Software\MozillaPlugins]
    [HKCU\Software\Mozilla]
    [HKCU\Software\NVIDIA Corporation]
    [HKCU\Software\Netscape]
    [HKCU\Software\ODBC]
    [HKCU\Software\OpenOffice.org]
    [HKCU\Software\Policies]
    [HKCU\Software\RapidSolution]
    [HKCU\Software\Reality Pump]
    [HKCU\Software\RocketDock]
    [HKCU\Software\Speed-Downloading]
    [HKCU\Software\SpeedBit]
    [HKCU\Software\Stardock]
    [HKCU\Software\Symantec]
    [HKCU\Software\Synaptics]
    [HKCU\Software\Tehnif Software]
    [HKCU\Software\Trolltech]
    [HKCU\Software\Veoh]
    [HKCU\Software\WebToGo]
    [HKCU\Software\YahooPartnerToolbar]
    [HKCU\Software\Zylom]
    [HKCU\Software\cacaoweb]
    [HKCU\Software\cooliris]
    [HKCU\Software\eMule]
    [HKCU\Software\keyhole.com]
    [HKLM\Software\AGEIA Technologies]
    [HKLM\Software\Adobe]
    [HKLM\Software\Atheros]
    [HKLM\Software\Avira]
    [HKLM\Software\Bytemobile]
    [HKLM\Software\CXT]
    [HKLM\Software\Classes]
    [HKLM\Software\Clients]
    [HKLM\Software\Conexant Systems Inc ]
    [HKLM\Software\Conexant]
    [HKLM\Software\CrazyLoader]
    [HKLM\Software\Cyberlink]
    [HKLM\Software\Debug]
    [HKLM\Software\DivXNetworks]
    [HKLM\Software\DivX]
    [HKLM\Software\EPSON]
    [HKLM\Software\EasyBits]
    [HKLM\Software\Elf_1.13]
    [HKLM\Software\Google]
    [HKLM\Software\HPQ]
    [HKLM\Software\HP]
    [HKLM\Software\Hewlett-Packard Company]
    [HKLM\Software\Hewlett-Packard]
    [HKLM\Software\IDAVLab]
    [HKLM\Software\IObit]
    [HKLM\Software\InstallShield]
    [HKLM\Software\InstalledOptions]
    [HKLM\Software\Intel]
    [HKLM\Software\JavaSoft]
    [HKLM\Software\JreMetrics]
    [HKLM\Software\LexmarkInkjet]
    [HKLM\Software\Licenses]
    [HKLM\Software\LightScribe]
    [HKLM\Software\Macromedia]
    [HKLM\Software\Malwarebytes' Anti-Malware]
    [HKLM\Software\MimarSinan]
    [HKLM\Software\MozillaPlugins]
    [HKLM\Software\Mozilla]
    [HKLM\Software\MusicNet]
    [HKLM\Software\NVIDIA Corporation]
    [HKLM\Software\ODBC]
    [HKLM\Software\OpenOffice.org]
    [HKLM\Software\Policies]
    [HKLM\Software\RapidSolution]
    [HKLM\Software\Realtek Semiconductor Corp.]
    [HKLM\Software\Realtek USB 2.0 Card Reader]
    [HKLM\Software\RegisteredApplications]
    [HKLM\Software\SEIKO EPSON CORPORATION]
    [HKLM\Software\Safer Networking Limited]
    [HKLM\Software\Sonic]
    [HKLM\Software\Sony Corporation]
    [HKLM\Software\Speed-Downloading]
    [HKLM\Software\SpeedBit]
    [HKLM\Software\Stardock]
    [HKLM\Software\Sun Microsystems]
    [HKLM\Software\Symantec]
    [HKLM\Software\Synaptics]
    [HKLM\Software\T-Mobile]
    [HKLM\Software\UBISOFT]
    [HKLM\Software\Uniblue]
    [HKLM\Software\VideoLAN]
    [HKLM\Software\W3i]
    [HKLM\Software\WOW6432Node]
    [HKLM\Software\WebToGo]
    [HKLM\Software\WildTangent]
    [HKLM\Software\Windows]
    [HKLM\Software\Winferno]
    [HKLM\Software\X-AVCSD]
    [HKLM\Software\mozilla.org]

    ---\\ Inhalte der gemeinsamen Dateien (O43)
    O43 - CFD: 26.10.2008 - 16:39:04 - [12683094] ----D- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
    O43 - CFD: 13.03.2011 - 19:12:02 - [114154297] ----D- C:\Program Files\Adobe
    O43 - CFD: 25.01.2011 - 22:35:58 - [111389942] ----D- C:\Program Files\AGEIA Technologies
    O43 - CFD: 05.01.2011 - 14:33:08 - [11287529] ----D- C:\Program Files\Atheros
    O43 - CFD: 10.08.2009 - 23:08:02 - [173536180] ----D- C:\Program Files\Avira
    O43 - CFD: 26.03.2009 - 09:38:30 - [820736] ----D- C:\Program Files\Cisco
    O43 - CFD: 13.03.2011 - 19:12:02 - [584976355] ----D- C:\Program Files\Common Files
    O43 - CFD: 04.06.2010 - 09:39:12 - [7451462] ----D- C:\Program Files\CONEXANT
    O43 - CFD: 13.03.2011 - 11:41:58 - [425472] ----D- C:\Program Files\Dexclock
    O43 - CFD: 07.05.2011 - 01:27:14 - [101671636] ----D- C:\Program Files\DivX
    O43 - CFD: 14.06.2010 - 13:34:20 - [13118895] ----D- C:\Program Files\EarthClock
    O43 - CFD: 05.01.2011 - 13:29:38 - [10906334] ----D- C:\Program Files\eMule
    O43 - CFD: 12.03.2011 - 15:57:28 - [8339922] ----D- C:\Program Files\epson
    O43 - CFD: 25.01.2011 - 18:21:26 - [156349283] ----D- C:\Program Files\Epson Software
    O43 - CFD: 17.08.2009 - 23:01:40 - [53760] ----D- C:\Program Files\Free Download Manager
    O43 - CFD: 24.01.2010 - 04:35:12 - [410112] ----D- C:\Program Files\Free Internet TV Player lite
    O43 - CFD: 05.01.2011 - 14:16:22 - [8266] ----D- C:\Program Files\Free Offers from Freeze.com
    O43 - CFD: 05.01.2011 - 14:40:24 - [814496] ----D- C:\Program Files\FreeApps
    O43 - CFD: 14.02.2011 - 03:00:54 - [421376] ----D- C:\Program Files\fxc
    O43 - CFD: 06.06.2009 - 11:48:42 - [0] -SH-D- C:\Program Files\Gemeinsame Dateien
    O43 - CFD: 10.06.2011 - 22:58:02 - [6220735] ----D- C:\Program Files\Google
    O43 - CFD: 07.05.2011 - 01:27:14 - [324212023] ----D- C:\Program Files\Hewlett-Packard
    O43 - CFD: 26.03.2009 - 10:18:48 - [95002777] ----D- C:\Program Files\HP
    O43 - CFD: 25.01.2011 - 18:21:22 - [123251683] --H-D- C:\Program Files\InstallShield Installation Information
    O43 - CFD: 14.04.2011 - 03:30:56 - [4565795] ----D- C:\Program Files\Internet Explorer
    O43 - CFD: 07.05.2011 - 00:12:30 - [74771650] ----D- C:\Program Files\IObit
    O43 - CFD: 12.03.2011 - 01:10:32 - [88508087] ----D- C:\Program Files\Java
    O43 - CFD: 08.01.2011 - 17:45:06 - [16295712] ----D- C:\Program Files\JRE
    O43 - CFD: 08.01.2011 - 17:30:32 - [20299689] ----D- C:\Program Files\Lexmark 4300 Series
    O43 - CFD: 11.06.2011 - 09:01:00 - [7580882] ----D- C:\Program Files\Malwarebytes' Anti-Malware
    O43 - CFD: 05.05.2010 - 23:58:10 - [1041880] ----D- C:\Program Files\Microsoft
    O43 - CFD: 02.11.2006 - 14:37:36 - [92183479] ----D- C:\Program Files\Microsoft Games
    O43 - CFD: 15.06.2010 - 08:23:52 - [30362222] ----D- C:\Program Files\Microsoft Office
    O43 - CFD: 24.04.2011 - 08:28:18 - [38388859] ----D- C:\Program Files\Microsoft Silverlight
    O43 - CFD: 24.08.2009 - 22:27:50 - [1829877] ----D- C:\Program Files\Microsoft SQL Server Compact Edition
    O43 - CFD: 24.08.2009 - 22:30:06 - [2188837] ----D- C:\Program Files\Microsoft Sync Framework
    O43 - CFD: 03.01.2011 - 04:07:24 - [139242201] ----D- C:\Program Files\Microsoft Works
    O43 - CFD: 27.06.2010 - 14:25:30 - [15715] ----D- C:\Program Files\Microsoft.NET
    O43 - CFD: 10.09.2010 - 00:19:44 - [99354222] ----D- C:\Program Files\Movie Maker
    O43 - CFD: 05.01.2011 - 18:19:56 - [2716] ----D- C:\Program Files\Mozilla Firefox
    O43 - CFD: 02.11.2006 - 14:37:36 - [25757] ----D- C:\Program Files\MSBuild
    O43 - CFD: 06.06.2009 - 11:51:50 - [18764189] R---D- C:\Program Files\Online Services
    O43 - CFD: 08.01.2011 - 17:45:04 - [386500926] ----D- C:\Program Files\OpenOffice.org 3
    O43 - CFD: 19.06.2009 - 01:51:46 - [16979540] ----D- C:\Program Files\PixiePack Codec Pack
    O43 - CFD: 02.11.2006 - 14:37:36 - [38643969] ----D- C:\Program Files\Reference Assemblies
    O43 - CFD: 06.06.2009 - 14:15:10 - [11477544] ----D- C:\Program Files\RocketDock
    O43 - CFD: 10.06.2011 - 20:14:58 - [0] ----D- C:\Program Files\S.A.D
    O43 - CFD: 07.05.2011 - 01:27:14 - [1224584] ----D- C:\Program Files\Shareaza
    O43 - CFD: 04.06.2010 - 09:39:12 - [28344212] ----D- C:\Program Files\SMINST
    O43 - CFD: 25.11.2009 - 00:16:18 - [18087465] ----D- C:\Program Files\SoundSpectrum
    O43 - CFD: 11.06.2011 - 19:52:42 - [73064567] ----D- C:\Program Files\SpeedBit Video Accelerator
    O43 - CFD: 13.03.2011 - 19:05:08 - [1168216] ----D- C:\Program Files\Spybot - Search & Destroy
    O43 - CFD: 26.03.2009 - 09:42:22 - [10013155] ----D- C:\Program Files\Synaptics
    O43 - CFD: 28.02.2011 - 07:40:10 - [63601482] ----D- C:\Program Files\T-Mobile
    O43 - CFD: 10.06.2011 - 22:39:36 - [1111040] ----D- C:\Program Files\T3Desk
    O43 - CFD: 02.11.2006 - 15:01:56 - [0] --H-D- C:\Program Files\Uninstall Information
    O43 - CFD: 07.05.2010 - 20:38:50 - [80529230] ----D- C:\Program Files\VideoLAN
    O43 - CFD: 17.10.2009 - 19:05:34 - [1012736] ----D- C:\Program Files\Windows Calendar
    O43 - CFD: 17.10.2009 - 19:05:32 - [2737152] ----D- C:\Program Files\Windows Collaboration
    O43 - CFD: 17.10.2009 - 19:05:26 - [4488064] ----D- C:\Program Files\Windows Defender
    O43 - CFD: 17.10.2009 - 19:05:32 - [7084664] ----D- C:\Program Files\Windows Journal
    O43 - CFD: 07.05.2011 - 00:39:06 - [117886024] ----D- C:\Program Files\Windows Live
    O43 - CFD: 24.08.2009 - 22:24:32 - [245112] ----D- C:\Program Files\Windows Live SkyDrive
    O43 - CFD: 12.05.2011 - 17:50:46 - [9108152] ----D- C:\Program Files\Windows Mail
    O43 - CFD: 17.10.2010 - 03:21:04 - [24834017] ----D- C:\Program Files\Windows Media Player
    O43 - CFD: 06.06.2009 - 11:48:42 - [7957544] ----D- C:\Program Files\Windows NT
    O43 - CFD: 17.10.2009 - 19:05:30 - [13528226] ----D- C:\Program Files\Windows Photo Gallery
    O43 - CFD: 21.11.2009 - 19:01:54 - [134144] ----D- C:\Program Files\Windows Portable Devices
    O43 - CFD: 07.05.2011 - 01:27:14 - [6528423] ----D- C:\Program Files\Windows Sidebar
    O43 - CFD: 11.06.2011 - 21:38:14 - [4012370] ----D- C:\Program Files\ZHPDiag
    O43 - CFD: 15.05.2011 - 13:17:20 - [511520] ----D- C:\Program Files\Zylom Games
    O43 - CFD: 13.03.2011 - 19:12:34 - [3515885] ----D- C:\Program Files\Common Files\Adobe
    O43 - CFD: 09.04.2011 - 17:17:16 - [24006656] ----D- C:\Program Files\Common Files\DivX Shared
    O43 - CFD: 25.01.2011 - 18:24:52 - [275456] ----D- C:\Program Files\Common Files\EPSON
    O43 - CFD: 26.03.2009 - 10:18:44 - [8142896] ----D- C:\Program Files\Common Files\InstallShield
    O43 - CFD: 12.03.2011 - 17:27:58 - [1247175] ----D- C:\Program Files\Common Files\Java
    O43 - CFD: 26.03.2009 - 10:18:34 - [29201102] ----D- C:\Program Files\Common Files\LightScribe
    O43 - CFD: 07.05.2011 - 01:27:14 - [305846927] ----D- C:\Program Files\Common Files\microsoft shared
    O43 - CFD: 06.06.2009 - 19:52:02 - [4740928] ----D- C:\Program Files\Common Files\PX Storage Engine
    O43 - CFD: 06.06.2009 - 21:37:40 - [164864] ----D- C:\Program Files\Common Files\Real
    O43 - CFD: 11.01.2010 - 11:58:28 - [812296] ----D- C:\Program Files\Common Files\Scanner
    O43 - CFD: 02.11.2006 - 13:18:34 - [2702] ----D- C:\Program Files\Common Files\Services
    O43 - CFD: 02.11.2006 - 13:18:34 - [41101735] ----D- C:\Program Files\Common Files\SpeechEngines
    O43 - CFD: 17.10.2009 - 19:05:30 - [15064962] ----D- C:\Program Files\Common Files\System
    O43 - CFD: 24.08.2009 - 21:12:06 - [108107939] ----D- C:\Program Files\Common Files\Windows Live
    O43 - CFD: 25.01.2011 - 22:35:38 - [42744832] ----D- C:\Program Files\Common Files\Wise Installation Wizard
    O43 - CFD: 22.04.2011 - 11:08:12 - [136894119] ----D- C:\ProgramData\Adobe
    O43 - CFD: 06.06.2009 - 11:48:42 - [0] -SH-D- C:\ProgramData\Anwendungsdaten
    O43 - CFD: 02.11.2006 - 15:02:04 - [0] -SH-D- C:\ProgramData\Application Data
    O43 - CFD: 05.01.2011 - 14:31:22 - [11880] ----D- C:\ProgramData\Atheros
    O43 - CFD: 10.08.2009 - 23:08:02 - [4541327] ----D- C:\ProgramData\Avira
    O43 - CFD: 25.08.2009 - 12:33:40 - [257585] ----D- C:\ProgramData\AWEM
    O43 - CFD: 02.01.2011 - 16:59:32 - [8010] ----D- C:\ProgramData\CyberLink
    O43 - CFD: 02.11.2006 - 15:02:04 - [0] -SH-D- C:\ProgramData\Desktop
    O43 - CFD: 09.04.2011 - 17:17:16 - [5849597] ----D- C:\ProgramData\DivX
    O43 - CFD: 02.11.2006 - 15:02:04 - [0] -SH-D- C:\ProgramData\Documents
    O43 - CFD: 06.06.2009 - 11:48:42 - [0] -SH-D- C:\ProgramData\Dokumente
    O43 - CFD: 24.11.2009 - 00:27:22 - [197380] ----D- C:\ProgramData\eMule
    O43 - CFD: 21.06.2010 - 09:30:28 - [42125] ----D- C:\ProgramData\Enkord
    O43 - CFD: 25.01.2011 - 18:24:52 - [8278385] ----D- C:\ProgramData\EPSON
    O43 - CFD: 16.06.2009 - 00:20:24 - [11271] ----D- C:\ProgramData\EscapeTheMuseum
    O43 - CFD: 06.06.2009 - 11:48:42 - [0] -SH-D- C:\ProgramData\Favoriten
    0
  13. Utilisateur anonyme
     
    regarde tes mp. tu y trouveras le rapport ; )
    0
  14. Valuu Messages postés 2258 Statut Contributeur 201
     
    Refait mais sans mot de pass x) J'arrive pas à le voir ^^
    0
  15. Valuu Messages postés 2258 Statut Contributeur 201
     
    Voila le lien (pour le gens qui suivent le sujet : https://pjjoint.malekal.com/files.php?read=74e3ad985d14513

    En effet tu n'as pas Virut x)

    --------------------------------------------------------------------------------------
    * Double-clique sur l'icône AD-Remover
    Déconnecte toi et ferme toutes les applications en cours
    * Au menu principal, clique sur Nettoyer
    * Confirme le lancement de l'analyse et laisse l'outil travailler
    * Poste le rapport qui apparait à la fin (il est aussi sauvegardé sous C:\Ad-report-CLEAN.txt )
    0
  16. Utilisateur anonyme
     
    j'ai quand meme eu la bonne idée d'aller télécharger ce logiciel sur google... ;)

    Voici le rapport :

    ======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 =======

    Updated by TeamXscript on 12/04/11
    Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
    website: http://www.teamxscript.org

    C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Launched at 23:04:06 on 11/06/2011, Normal boot

    Microsoft® Windows Vista(TM) Home Premium Service Pack 2 (X86)
    jean gamin@MONZOB (Hewlett-Packard Compaq Presario CQ60 Notebook PC)

    ============== SEARCH ==============

    ============== ADDITIONNAL SCAN ==============

    -- C:\Users\jean gamin\AppData\Roaming\Mozilla\FireFox\Profiles\vxbxnz2e.default --
    Extensions\cacaoweb@cacaoweb.org (cacaoweb)
    Extensions\foxyproxy@eric.h.jung (FoxyProxy Standard)
    Extensions\nasanightlaunch@example.com (NASA Night Launch)
    Extensions\piclens@cooliris(26).com (Cooliris)
    Extensions\piclens@cooliris.com (Cooliris)
    Extensions\yetanothersmoothscrolling@kataho (Yet Another Smooth Scrolling)
    Extensions\{239c61a8-e55f-11db-8314-0800200c9a66} (BlackX)
    Extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC} (<!--SmoothWheel (mozdev.org)-->)
    Searchplugins\Schnell Sucher.xml (hxxp://www.schnellsucher.com/)
    Prefs.js - browser.download.dir, C:\\Users\\jean gamin\\Downloads
    Prefs.js - browser.search.defaultenginename, iMesh Web Search
    Prefs.js - browser.search.defaulturl, hxxp://www.bing.com/search?FORM=IEFM1&q=
    Prefs.js - browser.search.selectedEngine, iMesh Web Search
    Prefs.js - browser.startup.homepage, hxxp://fr.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
    Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.3
    Prefs.js - keyword.URL, hxxp://search.imesh.com/webResults.html?src=ffb&q=
    Prefs.js - privacy.popups.showBrowserMessage, false
    Prefs.js - browser.search.defaultenginename, Yahoo
    Prefs.js - browser.search.selectedEngine, Yahoo
    Prefs.js - keyword.URL, hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=685749&p=

    ========================================

    **** Google Chrome Version [12.0.742.91] ****

    Extension\fnjbmmemklcjgepojigaapkoodmkgbae (C:\Program Files\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx) (?)
    Extension\ihflimipbcaljfnojhhknppphnnciiif (C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoods.crx) (x)
    Extension\nneajnkjbffgblleaoojgaacokifdkhm (C:\Program Files\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx) (?)

    -- C:\Users\jean gamin\AppData\Local\Google\Chrome\User Data\Default --
    Preferences - default_search_provider: "Google" (Enabled: true) (?)
    Preferences - homepage: hxxp://home.sweetim.com/?barid={3F4AE75B-3A90-11E0-967F-001F167692B5}
    Preferences - homepage_is_newtabpage: true
    Plugin - Interest Recognizer for Crazyloader (Enabled: true) (C:\Users\jean gamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fikmanfpkongnopggnndbikhhicdpfka\3.4.1545.153_0\crazyloader_air_chrome.dll) (x)
    Plugin - "Interest Recognizer for Crazyloader" (Enabled: true)
    Plugin - "DivX Player" (Enabled: true)
    Plugin - "DivX Player Netscape Plugin" (Enabled: true)
    Plugin - "Picasa" (Enabled: true)

    ========================================

    **** Internet Explorer Version [8.0.6001.19048] ****

    HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
    HKCU_Main|Start Page - hxxp://fr.msn.com/
    HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
    HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
    HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKLM_Main|Start Page - hxxp://fr.msn.com/
    HKCU_SearchScopes\{0F36E18A-6296-4333-9D99-269AAFE3D111}_Schnell Sucher - "Schnell Sucher" (hxxp://www.schnellsucher.com/?t=Q0908171928&s=b&keywords={searchTerms})
    HKCU_SearchScopes\{A24AEAB3-F669-440B-BDEC-A7300C5B0C61} - "Yahoo Shopping" (hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromfor...)
    HKLM_SearchScopes\{A24AEAB3-F669-440B-BDEC-A7300C5B0C61} - "Yahoo Shopping" (hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromfor...)
    HKCU_Toolbar\WebBrowser|{EEE6C35B-6118-11DC-9C72-001320C79847} (x)
    HKLM_Toolbar|{9421DD08-935F-4701-A9CA-22DF90AC4EA6} (C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll)
    HKLM_ElevationPolicy\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\WidgiHelper.exe (x)
    HKLM_ElevationPolicy\{2A9467B4-C085-11DD-BC92-869555D89593} - C:\Program Files\iMeshMediabarTb\uninstall.exe (x)
    HKLM_ElevationPolicy\{5F17E524-3447-4c7d-8E5F-4EFF31CDE3B7} - C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe (DivX, LLC)
    HKLM_ElevationPolicy\{64903E32-AE0B-408D-909C-09A08791F28D} - C:\Program Files\DivX\DivX Plus Web Player\dwpBroker.exe (?)
    HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)
    HKLM_ElevationPolicy\{A2C4A926-ABA8-4983-817F-4EB832F995DA} - C:\Program Files\Windows Live\Toolbar\wltuser.exe (x)
    HKLM_ElevationPolicy\{D802E3EF-2513-4661-972E-BAD737EFBA88} - C:\Program Files\DivX\DivX OVS Helper\OVSHelperBroker.exe (DivX, LLC.)
    HKLM_ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32} - C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe (x)
    HKLM_Extensions\{53F6FCCD-9E22-4d71-86EA-6E43136192AB} - "?" (?)
    HKLM_Extensions\{925DAB62-F9AC-4221-806A-057BFB1014AA} - "?" (?)
    BHO\{326E768D-4182-46FD-9C16-1449A49795F4} - "DivX Plus Web Player HTML5 <video>" (C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll)
    BHO\{593DDEC6-7468-4cdd-90E1-42DADAA222E9} - "DivX HiQ" (C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll)
    BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
    BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)
    BHO\{9421DD08-935F-4701-A9CA-22DF90AC4EA6} - "Easy Photo Print" (C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll)

    ========================================

    C:\Program Files\Ad-Remover\Quarantine: 5 File(s)
    C:\Program Files\Ad-Remover\Backup: 16 File(s)

    C:\Ad-Report-CLEAN[1].txt - 11/06/2011 22:57:31 (6597 Byte(s))
    C:\Ad-Report-SCAN[1].txt - 11/06/2011 23:04:12 (6417 Byte(s))

    End at: 23:04:52, 11/06/2011

    ============== E.O.F ==============
    0
  17. Valuu Messages postés 2258 Statut Contributeur 201
     
    --------------------------------------------------------------------------------------
    MBAM
    * Télécharge Malwarebytes' Anti-Malware
    * Fais la mise à jour du logiciel (elle se fait normalement à l'installation)
    * Lance une analyse complète en cliquant sur "Exécuter un examen complet"
    * Sélectionne les disques que tu veux analyser et clique sur "Lancer l'examen"
    * L'analyse peut durer un bon moment.....
    * Une fois l'analyse terminée, clique sur "OK" puis sur "Afficher les résultats"
    * Vérifie que tout est bien coché et clique sur "Supprimer la sélection" => et ensuite sur "OK"
    * Il se pourrait que certains fichiers devront être supprimés au redémarrage du PC... Fais le en cliquant sur "oui" à la question posée
    * Un rapport va s'ouvrir dans le bloc note... Fais un copié/collé du rapport dans ta prochaine réponse sur le forum
    0
  18. Utilisateur anonyme
     
    L'analyse est lancée depuis 45mn et je commence a fatiguer...

    je laisse tourner jusqu'a demain et poste le rapport apres.

    merci d'avoir fait preuve de patience avec moi ;)

    @+
    0
  19. Valuu Messages postés 2258 Statut Contributeur 201
     
    Okay ;)

    Mais de rien, en plus on a perdu du temps car fausse piste... :/

    Et au passage, tu pourras poster le rapport Clean1 d'Ad-Remover aussi stp ? Que je vois ce qui a été supprimé ?
    0
  20. Utilisateur anonyme
     
    Bonjour Valuu et aux autres aussi,

    Me revoila, ayant repris quelques forces pour repartir au combat contre cette créature qui, si j'ai bien compris, se fait passer pour une autre...
    quel suspens....! : )

    Je signale au passage que Avira ne se manifeste plus. le rapport d'ad-remover se trouve deux posts plus haut, a moins que ca ne soit pas ce que tu me demande...

    voici celui d'anti- Malware :

    Malwarebytes' Anti-Malware 1.51.0.1200
    www.malwarebytes.org

    Version de la base de données: 6835

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.19048

    12.06.2011 00:55:48
    mbam-log-2011-06-12 (00-55-48).txt

    Type d'examen: Examen complet (C:\|D:\|)
    Elément(s) analysé(s): 321773
    Temps écoulé: 1 heure(s), 13 minute(s), 57 seconde(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Et un rapport obtenu en appuyant sur "clean" dans ad-remover :

    ====== REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 =======

    Updated by TeamXscript on 12/04/11
    Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
    website: http://www.teamxscript.org

    C:\Program Files\Ad-Remover\main.exe (CLEAN [2]) -> Launched at 10:24:05 on 12/06/2011, Normal boot

    Microsoft® Windows Vista(TM) Home Premium Service Pack 2 (X86)
    jean gamin@MONZOB (Hewlett-Packard Compaq Presario CQ60 Notebook PC)

    ============== ACTION(S) ==============

    (!) -- Temporary files deleted.

    ============== ADDITIONNAL SCAN ==============

    -- C:\Users\jean gamin\AppData\Roaming\Mozilla\FireFox\Profiles\vxbxnz2e.default --
    Extensions\cacaoweb@cacaoweb.org (cacaoweb)
    Extensions\foxyproxy@eric.h.jung (FoxyProxy Standard)
    Extensions\nasanightlaunch@example.com (NASA Night Launch)
    Extensions\piclens@cooliris(26).com (Cooliris)
    Extensions\piclens@cooliris.com (Cooliris)
    Extensions\yetanothersmoothscrolling@kataho (Yet Another Smooth Scrolling)
    Extensions\{239c61a8-e55f-11db-8314-0800200c9a66} (BlackX)
    Extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC} (<!--SmoothWheel (mozdev.org)-->)
    Searchplugins\Schnell Sucher.xml (hxxp://www.schnellsucher.com/)
    Prefs.js - browser.download.dir, C:\\Users\\jean gamin\\Downloads
    Prefs.js - browser.search.defaultenginename, iMesh Web Search
    Prefs.js - browser.search.defaulturl, hxxp://www.bing.com/search?FORM=IEFM1&q=
    Prefs.js - browser.search.selectedEngine, iMesh Web Search
    Prefs.js - browser.startup.homepage, hxxp://fr.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
    Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.3
    Prefs.js - keyword.URL, hxxp://search.imesh.com/webResults.html?src=ffb&q=
    Prefs.js - privacy.popups.showBrowserMessage, false
    Prefs.js - browser.search.defaultenginename, Yahoo
    Prefs.js - browser.search.selectedEngine, Yahoo
    Prefs.js - keyword.URL, hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=685749&p=

    ========================================

    **** Google Chrome Version [12.0.742.91] ****

    Extension\fnjbmmemklcjgepojigaapkoodmkgbae (C:\Program Files\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx) (?)
    Extension\ihflimipbcaljfnojhhknppphnnciiif (C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoods.crx) (x)
    Extension\nneajnkjbffgblleaoojgaacokifdkhm (C:\Program Files\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx) (?)

    -- C:\Users\jean gamin\AppData\Local\Google\Chrome\User Data\Default --
    Preferences - default_search_provider: "Google" (Enabled: true) (?)
    Preferences - homepage: hxxp://home.sweetim.com/?barid={3F4AE75B-3A90-11E0-967F-001F167692B5}
    Preferences - homepage_is_newtabpage: true
    Plugin - Interest Recognizer for Crazyloader (Enabled: true) (C:\Users\jean gamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fikmanfpkongnopggnndbikhhicdpfka\3.4.1545.153_0\crazyloader_air_chrome.dll) (x)
    Plugin - "Interest Recognizer for Crazyloader" (Enabled: true)
    Plugin - "DivX Player" (Enabled: true)
    Plugin - "DivX Player Netscape Plugin" (Enabled: true)
    Plugin - "Picasa" (Enabled: true)

    ========================================

    **** Internet Explorer Version [8.0.6001.19048] ****

    HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
    HKCU_Main|Start Page - hxxp://fr.msn.com/
    HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
    HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
    HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKLM_Main|Start Page - hxxp://fr.msn.com/
    HKCU_SearchScopes\{0F36E18A-6296-4333-9D99-269AAFE3D111}_Schnell Sucher - "Schnell Sucher" (hxxp://www.schnellsucher.com/?t=Q0908171928&s=b&keywords={searchTerms})
    HKCU_SearchScopes\{A24AEAB3-F669-440B-BDEC-A7300C5B0C61} - "Yahoo Shopping" (hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromfor...)
    HKLM_SearchScopes\{A24AEAB3-F669-440B-BDEC-A7300C5B0C61} - "Yahoo Shopping" (hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromfor...)
    HKCU_Toolbar\WebBrowser|{EEE6C35B-6118-11DC-9C72-001320C79847} (x)
    HKLM_Toolbar|{9421DD08-935F-4701-A9CA-22DF90AC4EA6} (C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll)
    HKLM_ElevationPolicy\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\WidgiHelper.exe (x)
    HKLM_ElevationPolicy\{2A9467B4-C085-11DD-BC92-869555D89593} - C:\Program Files\iMeshMediabarTb\uninstall.exe (x)
    HKLM_ElevationPolicy\{5F17E524-3447-4c7d-8E5F-4EFF31CDE3B7} - C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe (DivX, LLC)
    HKLM_ElevationPolicy\{64903E32-AE0B-408D-909C-09A08791F28D} - C:\Program Files\DivX\DivX Plus Web Player\dwpBroker.exe (?)
    HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)
    HKLM_ElevationPolicy\{A2C4A926-ABA8-4983-817F-4EB832F995DA} - C:\Program Files\Windows Live\Toolbar\wltuser.exe (x)
    HKLM_ElevationPolicy\{D802E3EF-2513-4661-972E-BAD737EFBA88} - C:\Program Files\DivX\DivX OVS Helper\OVSHelperBroker.exe (DivX, LLC.)
    HKLM_ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32} - C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe (x)
    HKLM_Extensions\{53F6FCCD-9E22-4d71-86EA-6E43136192AB} - "?" (?)
    HKLM_Extensions\{925DAB62-F9AC-4221-806A-057BFB1014AA} - "?" (?)
    BHO\{326E768D-4182-46FD-9C16-1449A49795F4} - "DivX Plus Web Player HTML5 <video>" (C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll)
    BHO\{593DDEC6-7468-4cdd-90E1-42DADAA222E9} - "DivX HiQ" (C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll)
    BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
    BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)
    BHO\{9421DD08-935F-4701-A9CA-22DF90AC4EA6} - "Easy Photo Print" (C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll)

    ========================================

    C:\Program Files\Ad-Remover\Quarantine: 5 File(s)
    C:\Program Files\Ad-Remover\Backup: 30 File(s)

    C:\Ad-Report-CLEAN[1].txt - 11/06/2011 22:57:31 (6597 Byte(s))
    C:\Ad-Report-CLEAN[2].txt - 12/06/2011 10:24:22 (6458 Byte(s))
    C:\Ad-Report-SCAN[1].txt - 11/06/2011 23:04:12 (6555 Byte(s))

    End at: 10:25:13, 12/06/2011

    ============== E.O.F ==============
    0
  • 1
  • 2